From unknown Wed Aug 20 06:39:39 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#49957] [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
Resent-From: Andrew Whatson <whatson@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 09 Aug 2021 14:15:02 +0000
Resent-Message-ID: <handler.49957.B.16285184903700@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 49957
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 49957@debbugs.gnu.org
Cc: Andrew Whatson <whatson@gmail.com>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16285184903700
          (code B ref -1); Mon, 09 Aug 2021 14:15:02 +0000
Received: (at submit) by debbugs.gnu.org; 9 Aug 2021 14:14:50 +0000
Received: from localhost ([127.0.0.1]:57431 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mD63G-0000xc-HP
	for submit@debbugs.gnu.org; Mon, 09 Aug 2021 10:14:50 -0400
Received: from lists.gnu.org ([209.51.188.17]:34956)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <whatson@gmail.com>) id 1mD63B-0000xP-MT
 for submit@debbugs.gnu.org; Mon, 09 Aug 2021 10:14:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39590)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <whatson@gmail.com>) id 1mD63B-0002uz-FG
 for guix-patches@gnu.org; Mon, 09 Aug 2021 10:14:45 -0400
Received: from mail-pj1-x1033.google.com ([2607:f8b0:4864:20::1033]:52976)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <whatson@gmail.com>) id 1mD639-0004I1-Ld
 for guix-patches@gnu.org; Mon, 09 Aug 2021 10:14:45 -0400
Received: by mail-pj1-x1033.google.com with SMTP id nt11so4994982pjb.2
 for <guix-patches@gnu.org>; Mon, 09 Aug 2021 07:14:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=rawfp61z2Z5bE8NEEluq1TIAaPKuZXK7YkAId8IFbkY=;
 b=Tha4joho4Co8HgCIh4RQ6tQSo21KqKKCegg20u64jWgOehptTnTa2niNSVPqPddq9h
 VgF8mLAwJtfo8SM/V3GdEqSuu25Vg+TDUlJSa4/h1xD8vg7cnHhTeevxb2rHH9lZ6P5L
 OnI1Q8zU972zxRrV+aKF7v/HC1dpZv4HIOSVtFfH1Dq4jTP7embUd/u4t/v9MKwkYwmP
 31XNbTTqLmXcN8rRLriNDVwrDtuF2ynfKvWljhqazqOrFc/YWgoBN38uIWRNxTK2O/4e
 uIHl0FNf9lyMDEE5UtVKguftFQVrhia9aDMDSgmnlQpilHwTWIP6I2Q5f8HJVcUOBvu8
 RdLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=rawfp61z2Z5bE8NEEluq1TIAaPKuZXK7YkAId8IFbkY=;
 b=XS1uE9D/wiuqfcA5eWYVqEZbX0Dj0bkqSdZ+u2FKZM0Jfjv0SVglak/o2lQiOBOvBk
 HRoY8fVh3qMvsFoqF63pQM9sYwLrmIGHk+GiVhWo0e50EtMBVeJPMcXtxvfTgJHb3W+G
 aHRyQ7l4z0qKSu1XJQ+VV1UOM47Trj5KQ5X4I6iETt0vS8dr6hXgARIMNI9yGeEgZpEm
 S2O7s8CslzVNfFQYTZPz6T10aPEL5RPEZUwvxnpQBrSMS1TE53e9mUHUMwIGUyAtyFwX
 kOhHC5OG/X0zUldNGmT0gF+oIrTvC1rWuv+9IHTc1xIPKtH6sPpRov1CXSDCjB931TNv
 E4qg==
X-Gm-Message-State: AOAM531MYJS0SeIQmugXoiL7i0DvkhtD20d3gMZgnG3FjWkGLDt38LuC
 6kf5emZs+12gC7sYFdRgRUH+qjvZZLM=
X-Google-Smtp-Source: ABdhPJwd70Ei05kHmaaCX0QLL78kMwUp/juJRpCsX+3aX43hESX4SOLRUGh/kry5yyzEgBtoAu2bKQ==
X-Received: by 2002:a17:90b:3802:: with SMTP id
 mq2mr10093338pjb.19.1628518480944; 
 Mon, 09 Aug 2021 07:14:40 -0700 (PDT)
Received: from muon.fritz.box (220-235-208-141.tpgi.com.au. [220.235.208.141])
 by smtp.gmail.com with ESMTPSA id
 bk24sm21792752pjb.26.2021.08.09.07.14.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 09 Aug 2021 07:14:40 -0700 (PDT)
From: Andrew Whatson <whatson@gmail.com>
Date: Tue, 10 Aug 2021 00:14:31 +1000
Message-Id: <20210809141431.3889892-1-whatson@gmail.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::1033;
 envelope-from=whatson@gmail.com; helo=mail-pj1-x1033.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Flatpak has a soft dependency on p11-kit, which was configured without
knowledge of the system-wide CA certificate store.  This caused some
flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.

* gnu/packages/tls.scm (p11-kit): Configure with
/etc/ssl/certs/ca-certificates.crt as a trusted path.
---
 gnu/packages/tls.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d98a724b5f..4af95e2798 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -143,7 +143,7 @@ in intelligent transportation networks.")
      `(("libffi" ,libffi)
        ("libtasn1" ,libtasn1)))
     (arguments
-     `(#:configure-flags '("--without-trust-paths")
+     `(#:configure-flags '("--with-trust-paths=/etc/ssl/certs/ca-certificates.crt")
        #:phases (modify-phases %standard-phases
                   (add-before 'check 'prepare-tests
                     (lambda _
-- 
2.32.0





From unknown Wed Aug 20 06:39:39 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#49957] [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
References: <20210809141431.3889892-1-whatson@gmail.com>
In-Reply-To: <20210809141431.3889892-1-whatson@gmail.com>
Resent-From: John Kehayias <john.kehayias@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 28 Sep 2021 02:27:02 +0000
Resent-Message-ID: <handler.49957.B49957.163279599632103@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 49957
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: "49957@debbugs.gnu.org" <49957@debbugs.gnu.org>
Reply-To: John Kehayias <john.kehayias@protonmail.com>
Received: via spool by 49957-submit@debbugs.gnu.org id=B49957.163279599632103
          (code B ref 49957); Tue, 28 Sep 2021 02:27:02 +0000
Received: (at 49957) by debbugs.gnu.org; 28 Sep 2021 02:26:36 +0000
Received: from localhost ([127.0.0.1]:43283 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mV2pH-0008Lj-Ms
	for submit@debbugs.gnu.org; Mon, 27 Sep 2021 22:26:35 -0400
Received: from mail-40131.protonmail.ch ([185.70.40.131]:24757)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <john.kehayias@protonmail.com>) id 1mV2pG-0008LX-4N
 for 49957@debbugs.gnu.org; Mon, 27 Sep 2021 22:26:35 -0400
Date: Tue, 28 Sep 2021 02:26:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1632795983;
 bh=uw6G8SEq3JaEKrUWZDzXivmUiMqQNh8bvIkfLoPmqs0=;
 h=Date:To:From:Reply-To:Subject:From;
 b=uZlZJOkd8N4HyR6o6Ust4c/16n11cvhmU59vZLdGN4OnzXh9T0j1ifavLowzYhxUg
 jDFOPAZWVbaZ1WQ/EG68/K+EPsoB2Izcw82mcHXJ2mYQyfpNVKCz1bhoS+y1rVBHgz
 GxBwst7RLxmTFYR4sMcFE6K97fQxmWGAbEhy670E=
From: John Kehayias <john.kehayias@protonmail.com>
Message-ID: <VlzZOd8ZedUysvC5Qfuhk1TJpPygT_P7tInaIkOuWqInX9Rw0MV9Z4UkML4_Ax8WCpaPzaC_d59tn4z0FdwPxwUhtkWyma9OJUP8WWRgZ6g=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Interestingly, I just hit this issue after moving to core-updates-frozen. N=
ot sure what caused it now, p11-kit nor flatpak has changed, but must be so=
mething between them.

Unfortunately, this would cause a huge rebuild from what I can tell, so I t=
ried --with-graft and it didn't seem to make a difference. Also, p11-kit is=
 now out of date, with the latest version being 0.24.0.

So, perhaps this could make its way into core-updates-frozen with the upcom=
ing world rebuild coming? https://bugs.gnu.org/50860 Also wanted to note th=
at this change would match what nix does with p11-kit for the same reason.

Open to other suggestions, hoping to not break flatpak in core-updates-froz=
en.




From unknown Wed Aug 20 06:39:39 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#49957] [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
Resent-From: John Kehayias <john.kehayias@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 28 Sep 2021 05:09:02 +0000
Resent-Message-ID: <handler.49957.B49957.163280569215705@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 49957
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: "49957@debbugs.gnu.org" <49957@debbugs.gnu.org>
Cc: Andrew Whatson <whatson@gmail.com>
Reply-To: John Kehayias <john.kehayias@protonmail.com>
Received: via spool by 49957-submit@debbugs.gnu.org id=B49957.163280569215705
          (code B ref 49957); Tue, 28 Sep 2021 05:09:02 +0000
Received: (at 49957) by debbugs.gnu.org; 28 Sep 2021 05:08:12 +0000
Received: from localhost ([127.0.0.1]:43423 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mV5Lc-00045B-SV
	for submit@debbugs.gnu.org; Tue, 28 Sep 2021 01:08:12 -0400
Received: from mail-40133.protonmail.ch ([185.70.40.133]:58074)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <john.kehayias@protonmail.com>) id 1mV5LZ-00044f-OQ
 for 49957@debbugs.gnu.org; Tue, 28 Sep 2021 01:08:06 -0400
Date: Tue, 28 Sep 2021 05:07:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1632805675;
 bh=Rr2gz3bxcXS9EpklfNJzqVS03eZ7WP92z7JPHxASJEk=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=KwMO8aRSZ5mrtuZ4PSKoWX8271arModehg5CXtD4SzRE1NHl4RLKqsw2U40uHcRaV
 nsOP/H84yEorAfoizxWcjfZSeDGq/n5W4fN3J3DPC6DGduh7dLXLApdgmKgsHJ3SU/
 +3Rq/MCXJozxYKVQin+MZ2ZuhIsxlhnglvUdONGk=
From: John Kehayias <john.kehayias@protonmail.com>
Message-ID: <nBwW7sAMBJXkPw2BGM94-IoOV7pUOtDZyrEVlYVEGMwgwf-Mj3-hLZlVhZxRuee8qQoIf28eWbbfrUpluZUONUbyS--VFJtQPuBpASHpemo=@protonmail.com>
In-Reply-To: <VlzZOd8ZedUysvC5Qfuhk1TJpPygT_P7tInaIkOuWqInX9Rw0MV9Z4UkML4_Ax8WCpaPzaC_d59tn4z0FdwPxwUhtkWyma9OJUP8WWRgZ6g=@protonmail.com>
References: <VlzZOd8ZedUysvC5Qfuhk1TJpPygT_P7tInaIkOuWqInX9Rw0MV9Z4UkML4_Ax8WCpaPzaC_d59tn4z0FdwPxwUhtkWyma9OJUP8WWRgZ6g=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

For the record, I'm using the beta of Flatpak (installs fine with --with-so=
urce transformation), version 1.11.3.

Also, I found a workaround by manually killing the p11-kit server and runni=
ng a new one that I built with this patch and updated to the latest version=
. In case this helps anyone, I ran with the parameters Flatpak tries to lau=
nch:

p11-kit server --sh -n /run/user/1000/.flatpak-helper/pkcs11-flatpak-#### -=
-provider p11-kit-trust.so "pkcs11:model=3Dp11-kit-trust?write-protected=3D=
yes"

where the -n argument #### came from trying to run a Flatpak app and seeing=
 it fail not finding the p11-kit server at that socket. Probably you can do=
 this more easily by forcing Flatpak when it first runs to use the fixed p1=
1-kit version (through a patch in Flatpak or some environment setting? or w=
hat the system starts?). But with p11-kit server already running for me, th=
is did the trick for testing.




From unknown Wed Aug 20 06:39:39 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Andrew Whatson <whatson@gmail.com>
Subject: bug#49957: closed (Re: bug#49957: [PATCH] gnu: p11-kit: Fix
 certificate errors from flatpak apps)
Message-ID: <handler.49957.D49957.163518923431224.notifdone@debbugs.gnu.org>
References: <87h7d4kjdl.fsf@gnu.org>
 <20210809141431.3889892-1-whatson@gmail.com>
X-Gnu-PR-Message: they-closed 49957
X-Gnu-PR-Package: guix-patches
X-Gnu-PR-Keywords: patch
Reply-To: 49957@debbugs.gnu.org
Date: Mon, 25 Oct 2021 19:14:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1635189242-31248-1"

This is a multi-part message in MIME format...

------------=_1635189242-31248-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#49957: [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 49957@debbugs.gnu.org.

--=20
49957: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D49957
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1635189242-31248-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 49957-done) by debbugs.gnu.org; 25 Oct 2021 19:13:54 +0000
Received: from localhost ([127.0.0.1]:44310 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mf5Pt-00087X-Ux
	for submit@debbugs.gnu.org; Mon, 25 Oct 2021 15:13:54 -0400
Received: from eggs.gnu.org ([209.51.188.92]:44606)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1mf5Pr-00087K-4J
 for 49957-done@debbugs.gnu.org; Mon, 25 Oct 2021 15:13:52 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:53472)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1mf5Pl-0000KL-Uf; Mon, 25 Oct 2021 15:13:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=53glmxrlvx6HKGHWW7e1uuQ5sbPPaFm5rjOamrj/C2E=; b=JbLvASCrY2hX58mPfCkE
 hCAyhgriJ4NMGF37iZd3o+gnhZt5cLQVeLIsnDUHKO4MlVgadiWDntZPIr3/cQxQ4CMz+rmrDMR0r
 HfyDiH7i8YsZlq/mtkX2TNBAzbcI4qhQZTOuHY56mE8lyJ1TejmcWue3i3IQ2J974u4GEmZbPI+JY
 zJ25GcSmQgLXd6pnp9DGSTzyAZYLPksDmR6Ky91lj/7Y7nbZbMrhlJZbs2H3X2D8noYCNB4eJj+tb
 3eGeJOTRUbvuPrtfOSrTPt1x4BDapVfkCxSsIDJh1bPKhu/g+idYS1GtNCtNmILmYp62Aby9hbIIz
 mxW3vLSTxDWayw==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:54218
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1mf5Pl-0002q6-Gx; Mon, 25 Oct 2021 15:13:45 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Andrew Whatson <whatson@gmail.com>
Subject: Re: bug#49957: [PATCH] gnu: p11-kit: Fix certificate errors from
 flatpak apps
References: <20210809141431.3889892-1-whatson@gmail.com>
Date: Mon, 25 Oct 2021 21:13:42 +0200
In-Reply-To: <20210809141431.3889892-1-whatson@gmail.com> (Andrew Whatson's
 message of "Tue, 10 Aug 2021 00:14:31 +1000")
Message-ID: <87h7d4kjdl.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 49957-done
Cc: John Kehayias <john.kehayias@protonmail.com>, 49957-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Andrew Whatson <whatson@gmail.com> skribis:

> Flatpak has a soft dependency on p11-kit, which was configured without
> knowledge of the system-wide CA certificate store.  This caused some
> flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.
>
> * gnu/packages/tls.scm (p11-kit): Configure with
> /etc/ssl/certs/ca-certificates.crt as a trusted path.

I pushed a similar fix on =E2=80=98master=E2=80=99 based on John=E2=80=99s =
patch as
b4d29851e412c6f4fea5b2d98160258b9768dee3.

We might as well update the default p11-kit though?  (Somehow I was
assuming it had many dependents, but it only has 80+.)

Thanks,
Ludo=E2=80=99.


------------=_1635189242-31248-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 9 Aug 2021 14:14:50 +0000
Received: from localhost ([127.0.0.1]:57431 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mD63G-0000xc-HP
	for submit@debbugs.gnu.org; Mon, 09 Aug 2021 10:14:50 -0400
Received: from lists.gnu.org ([209.51.188.17]:34956)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <whatson@gmail.com>) id 1mD63B-0000xP-MT
 for submit@debbugs.gnu.org; Mon, 09 Aug 2021 10:14:49 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39590)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <whatson@gmail.com>) id 1mD63B-0002uz-FG
 for guix-patches@gnu.org; Mon, 09 Aug 2021 10:14:45 -0400
Received: from mail-pj1-x1033.google.com ([2607:f8b0:4864:20::1033]:52976)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <whatson@gmail.com>) id 1mD639-0004I1-Ld
 for guix-patches@gnu.org; Mon, 09 Aug 2021 10:14:45 -0400
Received: by mail-pj1-x1033.google.com with SMTP id nt11so4994982pjb.2
 for <guix-patches@gnu.org>; Mon, 09 Aug 2021 07:14:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=rawfp61z2Z5bE8NEEluq1TIAaPKuZXK7YkAId8IFbkY=;
 b=Tha4joho4Co8HgCIh4RQ6tQSo21KqKKCegg20u64jWgOehptTnTa2niNSVPqPddq9h
 VgF8mLAwJtfo8SM/V3GdEqSuu25Vg+TDUlJSa4/h1xD8vg7cnHhTeevxb2rHH9lZ6P5L
 OnI1Q8zU972zxRrV+aKF7v/HC1dpZv4HIOSVtFfH1Dq4jTP7embUd/u4t/v9MKwkYwmP
 31XNbTTqLmXcN8rRLriNDVwrDtuF2ynfKvWljhqazqOrFc/YWgoBN38uIWRNxTK2O/4e
 uIHl0FNf9lyMDEE5UtVKguftFQVrhia9aDMDSgmnlQpilHwTWIP6I2Q5f8HJVcUOBvu8
 RdLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=rawfp61z2Z5bE8NEEluq1TIAaPKuZXK7YkAId8IFbkY=;
 b=XS1uE9D/wiuqfcA5eWYVqEZbX0Dj0bkqSdZ+u2FKZM0Jfjv0SVglak/o2lQiOBOvBk
 HRoY8fVh3qMvsFoqF63pQM9sYwLrmIGHk+GiVhWo0e50EtMBVeJPMcXtxvfTgJHb3W+G
 aHRyQ7l4z0qKSu1XJQ+VV1UOM47Trj5KQ5X4I6iETt0vS8dr6hXgARIMNI9yGeEgZpEm
 S2O7s8CslzVNfFQYTZPz6T10aPEL5RPEZUwvxnpQBrSMS1TE53e9mUHUMwIGUyAtyFwX
 kOhHC5OG/X0zUldNGmT0gF+oIrTvC1rWuv+9IHTc1xIPKtH6sPpRov1CXSDCjB931TNv
 E4qg==
X-Gm-Message-State: AOAM531MYJS0SeIQmugXoiL7i0DvkhtD20d3gMZgnG3FjWkGLDt38LuC
 6kf5emZs+12gC7sYFdRgRUH+qjvZZLM=
X-Google-Smtp-Source: ABdhPJwd70Ei05kHmaaCX0QLL78kMwUp/juJRpCsX+3aX43hESX4SOLRUGh/kry5yyzEgBtoAu2bKQ==
X-Received: by 2002:a17:90b:3802:: with SMTP id
 mq2mr10093338pjb.19.1628518480944; 
 Mon, 09 Aug 2021 07:14:40 -0700 (PDT)
Received: from muon.fritz.box (220-235-208-141.tpgi.com.au. [220.235.208.141])
 by smtp.gmail.com with ESMTPSA id
 bk24sm21792752pjb.26.2021.08.09.07.14.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 09 Aug 2021 07:14:40 -0700 (PDT)
From: Andrew Whatson <whatson@gmail.com>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
Date: Tue, 10 Aug 2021 00:14:31 +1000
Message-Id: <20210809141431.3889892-1-whatson@gmail.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::1033;
 envelope-from=whatson@gmail.com; helo=mail-pj1-x1033.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: Andrew Whatson <whatson@gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Flatpak has a soft dependency on p11-kit, which was configured without
knowledge of the system-wide CA certificate store.  This caused some
flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.

* gnu/packages/tls.scm (p11-kit): Configure with
/etc/ssl/certs/ca-certificates.crt as a trusted path.
---
 gnu/packages/tls.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d98a724b5f..4af95e2798 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -143,7 +143,7 @@ in intelligent transportation networks.")
      `(("libffi" ,libffi)
        ("libtasn1" ,libtasn1)))
     (arguments
-     `(#:configure-flags '("--without-trust-paths")
+     `(#:configure-flags '("--with-trust-paths=/etc/ssl/certs/ca-certificates.crt")
        #:phases (modify-phases %standard-phases
                   (add-before 'check 'prepare-tests
                     (lambda _
-- 
2.32.0




------------=_1635189242-31248-1--


From unknown Wed Aug 20 06:39:39 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#49957] [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
Resent-From: John Kehayias <john.kehayias@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 25 Oct 2021 19:34:02 +0000
Resent-Message-ID: <handler.49957.D49957.1635190439809@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 49957
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: Andrew Whatson <whatson@gmail.com>, 49957-done@debbugs.gnu.org
Reply-To: John Kehayias <john.kehayias@protonmail.com>
Received: via spool by 49957-done@debbugs.gnu.org id=D49957.1635190439809
          (code D ref 49957); Mon, 25 Oct 2021 19:34:02 +0000
Received: (at 49957-done) by debbugs.gnu.org; 25 Oct 2021 19:33:59 +0000
Received: from localhost ([127.0.0.1]:44334 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mf5jK-0000Cy-NC
	for submit@debbugs.gnu.org; Mon, 25 Oct 2021 15:33:58 -0400
Received: from mail-4316.protonmail.ch ([185.70.43.16]:40409)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <john.kehayias@protonmail.com>) id 1mf5jJ-0000Cl-1f
 for 49957-done@debbugs.gnu.org; Mon, 25 Oct 2021 15:33:57 -0400
Date: Mon, 25 Oct 2021 19:33:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1635190430;
 bh=ek0Ab8JtGldJPmLOvnP/8qBHlN33wumuFPxyYs1iCuo=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=GMNkVMIEJ7S3Qnl+GYR3iCOy52A88gjXnHcbTQXDWU9ye3RfoESojMZwpGQcjMn4A
 2obT0ir29hCAyiznY0ETUL1N/mJ3w79k93CbE4AYqACLAbWeGENlrniJHwLCgc5GPU
 8uBwIny6w6wO4BkGhjp3oM5UJW8RF+UI7HrJuxrE=
From: John Kehayias <john.kehayias@protonmail.com>
Message-ID: <Br6tZRqMBEAbSgh7nqcJkIgiin-ogy54r81SQ1EaTl5sO4xycbqNWVb46anlntbNcswp7lvUq9k0brr-tRdEkstvAdKRzO8sjw6dUSIsW4I=@protonmail.com>
In-Reply-To: <87h7d4kjdl.fsf@gnu.org>
References: <20210809141431.3889892-1-whatson@gmail.com>
 <87h7d4kjdl.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM shortcircuit=no
 autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 mailout.protonmail.ch
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Ludo=E2=80=99 and Andrew,

=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me=
ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90

On Monday, October 25th, 2021 at 3:13 PM, Ludovic Court=C3=A8s <ludo@gnu.or=
g> wrote:

> Hi,
>
> Andrew Whatson whatson@gmail.com skribis:
>
> > Flatpak has a soft dependency on p11-kit, which was configured without
> > knowledge of the system-wide CA certificate store. This caused some
> > flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.
> >
> > -   gnu/packages/tls.scm (p11-kit): Configure with
> >     /etc/ssl/certs/ca-certificates.crt as a trusted path.
>
> I pushed a similar fix on =E2=80=98master=E2=80=99 based on John=E2=80=
=99s patch as
> b4d29851e412c6f4fea5b2d98160258b9768dee3.
>
> We might as well update the default p11-kit though? (Somehow I was
> assuming it had many dependents, but it only has 80+.)
>

Flatpak's dependency doesn't show up on a guix refresh --list-dependents p1=
1-kit, as it comes through some other package somehow (I never looked how e=
xactly). But I guess that is more "using" than needing to build against? Wo=
ndering if there are some hidden runtime cases to look out for. (Probably m=
ore relevant when thinking of changing that configure flag?)

For this bug, the fixes that I wrote did need a cleaning out of previous Fl=
atpaks (checking how you launch Flatpak apps as our previous version put th=
e full store path in .desktop files) as p11-kit gets started in some indire=
ct way. I think via D-Bus and its portal, but the system p11-kit could be u=
sed instead of the fixed version. I made sure to remove previous Flatpak in=
stalls from my profile and did a restart to be sure. Noting here for comple=
teness.

John




From unknown Wed Aug 20 06:39:39 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#49957] [PATCH] gnu: p11-kit: Fix certificate errors from flatpak apps
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 27 Oct 2021 14:28:02 +0000
Resent-Message-ID: <handler.49957.D49957.163534487712476@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 49957
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: John Kehayias <john.kehayias@protonmail.com>
Cc: Andrew Whatson <whatson@gmail.com>, 49957-done@debbugs.gnu.org
Received: via spool by 49957-done@debbugs.gnu.org id=D49957.163534487712476
          (code D ref 49957); Wed, 27 Oct 2021 14:28:02 +0000
Received: (at 49957-done) by debbugs.gnu.org; 27 Oct 2021 14:27:57 +0000
Received: from localhost ([127.0.0.1]:50126 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1mfjuG-0003F9-Vy
	for submit@debbugs.gnu.org; Wed, 27 Oct 2021 10:27:57 -0400
Received: from eggs.gnu.org ([209.51.188.92]:50792)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1mfjuB-0003Ep-MV
 for 49957-done@debbugs.gnu.org; Wed, 27 Oct 2021 10:27:55 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:38440)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1mfju6-0000QS-Cp; Wed, 27 Oct 2021 10:27:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=BgpgG4jmelzcoPJa6re66xQg63dhdb2InFNl4NN+iEE=; b=SPbWtgP9vAmJgeN0NL3f
 JBj4AfazITJazvkBFOIZU0n0IPhd9VIstFDSlQY5f0fih6UXHJjIaVg6zS2NVv1bJLPiuVNKC8upx
 W6OJLb+YO49H/sFc7FXJmChdYatQurPRqfqjpHBZUrB+7BV8pBRjwygUDhK31gIcwxDneTDu+wgvg
 SKGBOeiU6rUZdOYLOdL8IlLkhKHvVh0hZ+GuhIMo1E5g//rWWM/dsB4cAGT5pWXtvtE9bsabZMkoI
 QX8sOO2jeUPfgzLIo3UlTcbfnbfbejik3iIJGTXQ3wHswxUEhaLzTbECw8porXByOfc4YGZSIWpyi
 /YpHw7Kl7RkuAQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:54238
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1mfju5-00057w-Q1; Wed, 27 Oct 2021 10:27:46 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <20210809141431.3889892-1-whatson@gmail.com>
 <87h7d4kjdl.fsf@gnu.org>
 <Br6tZRqMBEAbSgh7nqcJkIgiin-ogy54r81SQ1EaTl5sO4xycbqNWVb46anlntbNcswp7lvUq9k0brr-tRdEkstvAdKRzO8sjw6dUSIsW4I=@protonmail.com>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Brumaire an 230 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Wed, 27 Oct 2021 16:27:43 +0200
In-Reply-To: <Br6tZRqMBEAbSgh7nqcJkIgiin-ogy54r81SQ1EaTl5sO4xycbqNWVb46anlntbNcswp7lvUq9k0brr-tRdEkstvAdKRzO8sjw6dUSIsW4I=@protonmail.com>
 (John Kehayias's message of "Mon, 25 Oct 2021 19:33:49 +0000")
Message-ID: <87wnlyfsps.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

John Kehayias <john.kehayias@protonmail.com> skribis:

> Flatpak's dependency doesn't show up on a guix refresh
> --list-dependents p11-kit, as it comes through some other package
> somehow (I never looked how exactly). But I guess that is more "using"
> than needing to build against? Wondering if there are some hidden
> runtime cases to look out for. (Probably more relevant when thinking
> of changing that configure flag?)

=E2=80=98guix refresh -l=E2=80=99 doesn=E2=80=99t list all the dependents, =
only the =E2=80=9Ccontour=E2=80=9D:

--8<---------------cut here---------------start------------->8---
$ guix refresh -l p11-kit@0.23
Building the following 40 packages would ensure 81 dependent packages are r=
ebuilt: inxi@3.3.07-1 autofs@5.1.8 network-manager-openvpn@1.8.12 network-m=
anager-vpnc@1.2.6 eolie@0.9.101 gramps@5.1.4 glimpse@0.2.0 openttd@1.11.2 g=
imp-fourier@0.4.3-2 gimp-resynthesizer@2.0.3 gmic-qt-gimp@2.9.7 rapid-photo=
-downloader@0.9.18 entangle@3.0 gnome-todo@3.28.1 geary@3.34.1 chatty@0.1.1=
7 shotwell@0.30.12 rhythmbox@3.4.4 gnome-photos@3.34.2 claws-mail@4.0.0 sea=
horse@3.36.2 network-manager-openconnect@1.2.6 evolution@3.34.2 gnome-music=
@3.34.5 gnome-tweaks@3.34.1 lxde@0.99.2 caja-extensions@1.24.1 spacefm@1.0.=
6 xfce@4.16.0 vinagre@3.22.0 liferea@1.13.4 remmina@1.4.20 arc-theme@202010=
13 gnome-shell-extension-gsconnect@33 numix-gtk-theme@2.6.7 gnome@3.34.5 ma=
te@1.24.1 surf@2.1 midori@9.0 eid-mw@5.0.28
--8<---------------cut here---------------end--------------->8---

To see them all, try this:

  guix graph -t reverse-package p11-kit@0.23 | xdot -

HTH,
Ludo=E2=80=99.