From unknown Fri Jun 13 06:10:39 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#49508 <49508@debbugs.gnu.org> To: bug#49508 <49508@debbugs.gnu.org> Subject: Status: Implement --allow-insecure-transport for `guix pull` Reply-To: bug#49508 <49508@debbugs.gnu.org> Date: Fri, 13 Jun 2025 13:10:39 +0000 retitle 49508 Implement --allow-insecure-transport for `guix pull` reassign 49508 guix submitter 49508 Leo Famulari severity 49508 important thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Jul 10 13:28:18 2021 Received: (at submit) by debbugs.gnu.org; 10 Jul 2021 17:28:18 +0000 Received: from localhost ([127.0.0.1]:33406 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m2Gm2-0007Al-DU for submit@debbugs.gnu.org; Sat, 10 Jul 2021 13:28:18 -0400 Received: from lists.gnu.org ([209.51.188.17]:50526) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m2Gm1-0007Ae-9b for submit@debbugs.gnu.org; Sat, 10 Jul 2021 13:28:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43500) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m2Gm0-0006HS-Vz for bug-guix@gnu.org; Sat, 10 Jul 2021 13:28:17 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:33635) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m2Glz-0003AW-8F for bug-guix@gnu.org; Sat, 10 Jul 2021 13:28:16 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id EAA815C00C3; Sat, 10 Jul 2021 13:28:12 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sat, 10 Jul 2021 13:28:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:subject:message-id:mime-version:content-type; s= mesmtp; bh=7p1O3WUUNdMmXOwOTsqwVo7v/C+wKaEcfn/F4u4NI+4=; b=duE74 YLksgFr4I+RCTMVzM107Y8B1HfpwxTZPXrvrScuBlmYl3VrGeYgPfpSnc3J0R4ft gGFgcC7h9HtPl2joNEguzlsxr0jdnbbAer6ZsLuVKE5aF9X7QuOS5aPRVjD8yQmh L/seumd/XzjecQxo+q5PKJWWSvCR5qmJwBTJ+A= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=7p1O3WUUNdMmXOwOTsqwVo7v/C+wK aEcfn/F4u4NI+4=; b=OjobQDANm9U/hXBCIEZHZvj7ko614GUonpPIa+TGrqzth wp6fYhMo/TcPe9SpuL8zAPS3DS+wijRfJk8Agpc+SEXPKiko6IdZRWsrCHpkv7IH X4cWnislkShPYz8owpFptQDSaODZU4bTpAetj9rAbNLvP4pGnUPFPSGCmBRHG8gN IdsYJ256FHr1kfnEdDT3KkuqiJC7QvftUsSSBsK3vbkxdMUrNOd6rNHgNPhfZD4R Br6m+eNZa5fQuGgOTPN/TZ1sLY/GsYVCvvXcG+Li9KWx9fb4kMWWKcshIUcTxvdd y/2HYwcpv5KEHJCvQrg6tJDxSrOvzu+BzZgfFFfTQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrtdekgdduuddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesthdtredttd dtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhi rdhnrghmvgeqnecuggftrfgrthhtvghrnhepueeiudeijeduffdvhfejvdegvdehgffgje dvveekfeefleefkeeuieejudevtedunecuffhomhgrihhnpehgnhhurdhorhhgnecuvehl uhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmh hulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sat, 10 Jul 2021 13:28:12 -0400 (EDT) Date: Sat, 10 Jul 2021 13:28:10 -0400 From: Leo Famulari To: bug-guix@gnu.org Subject: Implement --allow-insecure-transport for `guix pull` Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Received-SPF: pass client-ip=66.111.4.28; envelope-from=leo@famulari.name; helo=out4-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) As discussed in #46829, `guix pull` needs an option like --allow-insecure-transport so that users can continue to pull from the same channel even when their local certificate store has expired or is otherwise invalid. [0] From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 03 12:44:38 2022 Received: (at control) by debbugs.gnu.org; 3 Feb 2022 17:44:38 +0000 Received: from localhost ([127.0.0.1]:57655 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nFg9u-0004rO-7O for submit@debbugs.gnu.org; Thu, 03 Feb 2022 12:44:38 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:54095) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nFg9s-0004r8-FR for control@debbugs.gnu.org; Thu, 03 Feb 2022 12:44:37 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2E6A05C01C0; Thu, 3 Feb 2022 12:44:31 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Thu, 03 Feb 2022 12:44:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:to:to; s=mesmtp; bh=/qMy5X wy5WBg4vgMddJD6mOlvhgF+4USvsuQC2pFni0=; b=kztruVQkpceR24+DPLN/rX wi4XQn3LaH8EuxnvR8z/CK/H7ElwwHD1UxnougDbCfNAf+wqogFJyBXd9DaRJnDZ rOV57cZFOUI6pQFDjBcsVH9SnBOFRKVMP9U1dPuu8xufIddnAQvbi2YFpoEUvGpV rjsU5Hd79bHrequFUNghE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=/qMy5Xwy5WBg4vgMddJD6mOlvhgF+4USvsuQC2pFni0=; b=TbNYuvMg t/UWN9X81LScRiUtvs4JNKja1r4eA+QngjdYfsa/uIlVq3T9xycnPfrSyVADj9hN oJa1b2J0KwKtCZyM/TWf5A8T1jivrqDC1JUSzaywzq2UUEKMgo0/qZAaSQpiMSXi wW0ptML9Y2nluIUAX+NZtZbyeFyPRSsqtwai7xpHqWGnmPeJKrENn67IL2PtkJzF 9MMUdtD2uDlM65d68nf++YOyJN2SySW7+wCh29qk4v7XXJa8rpiWcrn8Kuz/YyvD vYA8iUwTbBmQgFuUstrLFVhh5cIc1a1/ZBaLmkNZT/Ksp334rnTBgUA7nGVrrDwD PNeREne6a2c9cA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrgeejgddutdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfgmhhpthihuchsuhgsjhgvtghtucdluddtmdenuc fjughrpeffhffvkfggtggusehttdertddttddvnecuhfhrohhmpefnvghoucfhrghmuhhl rghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpe fhjeeigfefvedvfeetheegledtkeevuddtgedtudeiteehteegvdefffduffefffenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrg hmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Thu, 3 Feb 2022 12:44:30 -0500 (EST) Date: Thu, 3 Feb 2022 12:44:29 -0500 From: Leo Famulari To: control@debbugs.gnu.org Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: 3.0 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: block 53214 with 49508 Content analysis details: (3.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.27 listed in list.dnswl.org] 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject -0.0 T_SCC_BODY_TEXT_LINE No description available. 1.7 BODY_EMPTY No body text in message X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: block 53214 with 49508 Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.27 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject -0.0 T_SCC_BODY_TEXT_LINE No description available. -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager 1.7 BODY_EMPTY No body text in message block 53214 with 49508 From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 08 05:18:19 2022 Received: (at 49508) by debbugs.gnu.org; 8 Feb 2022 10:18:19 +0000 Received: from localhost ([127.0.0.1]:45435 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHNZi-00088T-TW for submit@debbugs.gnu.org; Tue, 08 Feb 2022 05:18:19 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:36898) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHNZg-00088A-UJ for 49508@debbugs.gnu.org; Tue, 08 Feb 2022 05:18:17 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 7CEEB193; Tue, 8 Feb 2022 11:18:10 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZlDrSf1e8p1; Tue, 8 Feb 2022 11:18:10 +0100 (CET) Received: from ribbon (unknown [IPv6:2001:660:6102:320:e120:2c8f:8909:cdfe]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 7CBC916C; Tue, 8 Feb 2022 11:18:09 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Leo Famulari Subject: Re: bug#49508: Implement --allow-insecure-transport for `guix pull` References: Date: Tue, 08 Feb 2022 11:18:08 +0100 In-Reply-To: (Leo Famulari's message of "Sat, 10 Jul 2021 13:28:10 -0400") Message-ID: <875yppbr1b.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 7CEEB193 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 49508 Cc: 49508@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi, Leo Famulari skribis: > As discussed in #46829, `guix pull` needs an option like > --allow-insecure-transport so that users can continue to pull from the > same channel even when their local certificate store has expired or is > otherwise invalid. Agreed. Unfortunately it seems that libgit2 doesn=E2=80=99t let us turn off certifi= cate verification: https://libgit2.org/libgit2/#HEAD/group/libgit2 =E2=80=98verify_server_cert=E2=80=99 in src/streams/openssl.c is called unconditionally. So it seems that the first thing to do would be to submit a patch upstream that would allow users to disable certificate checks via =E2=80=98git_libgit2_opts=E2=80=99. Now, by default, =E2=80=98guix pull=E2=80=99 honors /etc/ssl/certs. Assumi= ng those are up-to-date, it should be fine, right? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 08 05:18:27 2022 Received: (at control) by debbugs.gnu.org; 8 Feb 2022 10:18:27 +0000 Received: from localhost ([127.0.0.1]:45438 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHNZr-00088s-4c for submit@debbugs.gnu.org; Tue, 08 Feb 2022 05:18:27 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:36916) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHNZp-00088b-9j for control@debbugs.gnu.org; Tue, 08 Feb 2022 05:18:25 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id F088D193 for ; Tue, 8 Feb 2022 11:18:19 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qx3PEqJALSnE for ; Tue, 8 Feb 2022 11:18:19 +0100 (CET) Received: from ribbon (unknown [IPv6:2001:660:6102:320:e120:2c8f:8909:cdfe]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 871B916C for ; Tue, 8 Feb 2022 11:18:19 +0100 (CET) Date: Tue, 08 Feb 2022 11:18:18 +0100 Message-Id: <874k59br11.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #49508 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: F088D193 X-Spamd-Result: default: False [0.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[control@debbugs.gnu.org]; RCPT_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_MIXED_CHARSET(0.71)[subject]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) severity 49508 important quit From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 08 12:11:41 2022 Received: (at 49508) by debbugs.gnu.org; 8 Feb 2022 17:11:41 +0000 Received: from localhost ([127.0.0.1]:48484 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHU1l-0003aV-2B for submit@debbugs.gnu.org; Tue, 08 Feb 2022 12:11:41 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:58869) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHU1i-0003aJ-TX for 49508@debbugs.gnu.org; Tue, 08 Feb 2022 12:11:39 -0500 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id DDCC85C009F; Tue, 8 Feb 2022 12:11:33 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 08 Feb 2022 12:11:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:cc:content-transfer-encoding:content-type:date:date:from :from:in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=mesmtp; bh=lMbqFmGqohB pltNdW7UpcQYNgWGaJc8RnZlKT7f/CrU=; b=X8+c3TM4QGREkj1H9sMlgS1Njn9 DXTe+qMVI0YVX1HJuUVnKLbHx694eyfrC8XCkiq10gC3HiySFqOnAH2fGRK3T+Et G0KTEAZB9Q0B3gT0e5iI8eJjvNgtyPkgB9KAklWC+KbvCDir1cbgX6uEXoEIXmHF +gjecd2X8N8dmGPU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=lMbqFmGqohBpltNdW7UpcQYNgWGaJc8RnZlKT7f/C rU=; b=aSgZDinHoaEvsWZbRNXOfu2y5p9hMKJqKG6BGjqxKcfC6x5nTq0hA2MZT b+dhaxwQNx6EEvdpN9R8OL5P1QMOdortyEIV48/rYKAscxjJtWoJJ4nZPXKU709P f8rtokW4z5RjOor/SGQnWcEgRAt4Ib3EB1a72CC4dkXRKHQkHL26NPurxLZH/13+ ZehPX9HAi5BPGESBb5czfIR3ur9QU2lyjgNepasmFb7pWgwlVNKZfkw5AXj8P00g 07j4+DD+U8Ydo3uvwm1YQL1zkaVYNiQidZHjN0A3LlK3RsLaOObkkidCjtQp6jZP DODDsOM+DjdwuAIGuJCodNqPORpig== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrheejgdelgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggugfgjsehtkeertddttdejnecuhfhrohhmpefnvghoucfh rghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtth gvrhhnpeeihedtheetgfevveffieeiieffhfekgfehueduueduhfdttddvjeetteejueef tdenucffohhmrghinheplhhisghgihhtvddrohhrghenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 8 Feb 2022 12:11:33 -0500 (EST) Date: Tue, 8 Feb 2022 12:11:32 -0500 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: bug#49508: Implement --allow-insecure-transport for `guix pull` Message-ID: References: <875yppbr1b.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <875yppbr1b.fsf@gnu.org> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 49508 Cc: 49508@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Tue, Feb 08, 2022 at 11:18:08AM +0100, Ludovic Courtès wrote: > Unfortunately it seems that libgit2 doesn’t let us turn off certificate > verification: > > https://libgit2.org/libgit2/#HEAD/group/libgit2 > > ‘verify_server_cert’ in src/streams/openssl.c is called > unconditionally. Ah, that's not surprising. > So it seems that the first thing to do would be to > submit a patch upstream that would allow users to disable certificate > checks via ‘git_libgit2_opts’. Right, but it might not be accepted. > Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are > up-to-date, it should be fine, right? Yeah, I think so. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 01 13:31:09 2022 Received: (at 49508) by debbugs.gnu.org; 1 Nov 2022 17:31:09 +0000 Received: from localhost ([127.0.0.1]:44144 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1opv6T-0002Lh-Bi for submit@debbugs.gnu.org; Tue, 01 Nov 2022 13:31:09 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45166) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1opv6O-0002L7-Ef for 49508@debbugs.gnu.org; Tue, 01 Nov 2022 13:31:08 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opv6I-0005pB-E4; Tue, 01 Nov 2022 13:30:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=u22izXh0Cg6oxjt2WBoXNiEcO76vq7FR5cRldSdSaMw=; b=Vv9+7yJcvyhyG/drGj7P 3paRDCw73a9PI+TPRwXWmDyoBlQPRnsghK5p0zCPagP43j0ygUJ3MgeDn9VEc8Dof2Rv6IyJKbREh flBE0gjK+rUoEhvTjPwMVWUtvCFk15AinOuO7zSJGZ1E5zDSwjF0JgpN3RvKu8L2QfaAz2jR967V8 e1qdCN2S8MXzsitQKat6V+y0wIvoAq99+1V+aWJAmnm2mfj3gZcDzEJ03IrwlTdb8hevzAM69BWJd 1uwaXglslpNo9fx1+BBQJflUlsvrTjDjTNmC3rdZ26XT9YjyOm7KeguvnjpBrSIhIWBeBhjHDXdzI 8cye4ZgjNwiXoA==; Received: from 2a02-8429-81d2-3d01-94c9-8097-ea5c-2774.rev.sfr.net ([2a02:8429:81d2:3d01:94c9:8097:ea5c:2774] helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opv6G-0003lc-Bz; Tue, 01 Nov 2022 13:30:58 -0400 From: Mathieu Othacehe To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#49508: Implement --allow-insecure-transport for `guix pull` References: <875yppbr1b.fsf@gnu.org> Date: Tue, 01 Nov 2022 18:30:52 +0100 In-Reply-To: <875yppbr1b.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Tue, 08 Feb 2022 11:18:08 +0100") Message-ID: <871qqmmvjn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 49508 Cc: 49508@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, > =E2=80=98verify_server_cert=E2=80=99 in src/streams/openssl.c is called > unconditionally. So it seems that the first thing to do would be to > submit a patch upstream that would allow users to disable certificate > checks via =E2=80=98git_libgit2_opts=E2=80=99. While this seems like something that we definitely want, I think we shouldn't block the release with a contribution that can take time to be upstreamed in libgit2. Unblocking #53214. Mathieu From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 01 13:32:27 2022 Received: (at control) by debbugs.gnu.org; 1 Nov 2022 17:32:27 +0000 Received: from localhost ([127.0.0.1]:44148 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1opv7i-0002Nk-Qz for submit@debbugs.gnu.org; Tue, 01 Nov 2022 13:32:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42476) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1opv7h-0002NS-GL for control@debbugs.gnu.org; Tue, 01 Nov 2022 13:32:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opv7c-0006HQ-B1 for control@debbugs.gnu.org; Tue, 01 Nov 2022 13:32:20 -0400 Received: from 2a02-8429-81d2-3d01-94c9-8097-ea5c-2774.rev.sfr.net ([2a02:8429:81d2:3d01:94c9:8097:ea5c:2774] helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1opv7b-0007m1-1H for control@debbugs.gnu.org; Tue, 01 Nov 2022 13:32:20 -0400 Date: Tue, 01 Nov 2022 18:32:16 +0100 Message-Id: <87zgdalgwv.fsf@meije.mail-host-address-is-not-set> To: control@debbugs.gnu.org From: Mathieu Othacehe Subject: control message for bug #53214 X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.9 (--) unblock 53214 by 49508 quit