GNU bug report logs - #49369
Duplicated SSL_CERT_DIR value, and the cuirass service

Previous Next

Package: guix;

Reported by: Vivien Kraus <vivien <at> planete-kraus.eu>

Date: Sat, 3 Jul 2021 22:36:02 UTC

Severity: normal

Full log

View this message in rfc822 format

From: Vivien Kraus <vivien <at> planete-kraus.eu>
To: 49369 <at> debbugs.gnu.org
Subject: bug#49369: Duplicated SSL_CERT_DIR value, and the cuirass service
Date: Sun, 04 Jul 2021 00:35:35 +0200

Dear guix,

When I set up the cuirass service, my /run/current-
system/profile/etc/profile file goes from:

export SSL_CERT_DIR="${GUIX_PROFILE:-
/gnu/store/v7yks560hnm9zkjw1ynsavfdgwbvkq9w-
profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"

to:

export SSL_CERT_DIR="${GUIX_PROFILE:-
/gnu/store/4zby6gn6kv92mn4mck4jw3jxcs82821p-profile}/etc/ssl/certs"

Notice how with cuirass, the variable is expanded to potentially
multiple values.

As a result (I don’t fully understand why), with the cuirass service in
place, my $SSL_CERT_DIR is set to:

/run/current-system/profile/etc/ssl/certs:/run/current-
system/profile/etc/ssl/certs

(notice the duplicated entry)

Due to that, the guile web client is broken because guile does not
support a colon-separated path in SSL_CERT_DIR.

Attributing the blame to this breakage is tricky, because guile is not
100% clean (it should support a path), it’s not clear to me why cuirass
needs to re-define SSL_CERT_DIR, but maybe guix should not consider
that cuirass is installed when it is used as a service.

Best regards,

Vivien
This bug report was last modified 3 years and 345 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.