GNU bug report logs -
#50697
[core-updates-frozen] ca-certificate-bundle generation is broken.
Previous Next
Reported by: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 20 Sep 2021 10:34:01 UTC
Severity: normal
Done: Mathieu Othacehe <othacehe <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50697 in the body.
You can then email your comments to 50697 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#50697; Package
guix.
(Mon, 20 Sep 2021 10:34:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Mathieu Othacehe <othacehe <at> gnu.org>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Mon, 20 Sep 2021 10:34:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello,
On core-updates-frozen, the ca-certificate-bundle derivation produces an
empty output. That's because nss-certs only contains .crt files that are
ignored by ca-certificate-bundle procedure.
The following patches should fix the situation.
Thanks,
Mathieu
[0001-gnu-certdata2pem-Produce-pem-files.patch (text/x-patch, inline)]
From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 20 Sep 2021 10:26:30 +0000
Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files.
Create files with pem extension instead of crt.
* gnu/packages/certs.scm (certdata2pem)[arguments]<#:phases>{fix-extension}:
New phase.
---
gnu/packages/certs.scm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 37e3fa6786..c9d8e7b76c 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -104,6 +104,11 @@ port forwarding to your local machine.")
(arguments
`(#:phases (modify-phases %standard-phases
(delete 'configure)
+ (add-before 'build 'fix-extension
+ (lambda _
+ (substitute* "certdata2pem.c"
+ (("\\.crt")
+ ".pem"))))
(replace 'build
(lambda _
(invoke ,(cc-for-target) "certdata2pem.c"
--
2.33.0
[0002-gnu-nss-certs-Copy-pem-files.patch (text/x-patch, inline)]
From 751a89919aa7a7bdf963a85112346153bfd03407 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 20 Sep 2021 10:27:55 +0000
Subject: [PATCH 2/2] gnu: nss-certs: Copy pem files.
* gnu/packages/certs.scm (nss-certs)[arguments]<#:phases>{install}: Copy pem
files instead of crt files.
---
gnu/packages/certs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index c9d8e7b76c..39c3ebd128 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -164,9 +164,9 @@ that was originally contributed to Debian.")
(call-with-output-file "blacklist.txt" (const #t)))
;; Extract selected single certificates from blob.
(invoke "certdata2pem")
- ;; Copy .crt files into the output.
+ ;; Copy .pem files into the output.
(for-each (cut install-file <> certsdir)
- (find-files "." ".*\\.crt$")))
+ (find-files "." ".*\\.pem$")))
(invoke "openssl" "rehash" certsdir)))))))
(synopsis "CA certificates from Mozilla")
(description
--
2.33.0
Information forwarded
to
bug-guix <at> gnu.org:
bug#50697; Package
guix.
(Mon, 20 Sep 2021 12:42:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 50697 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Mathieu Othacehe <othacehe <at> gnu.org> skribis:
> Hello,
>
> On core-updates-frozen, the ca-certificate-bundle derivation produces an
> empty output. That's because nss-certs only contains .crt files that are
> ignored by ca-certificate-bundle procedure.
>
> The following patches should fix the situation.
>
> Thanks,
>
> Mathieu
>
> From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe <at> gnu.org>
> Date: Mon, 20 Sep 2021 10:26:30 +0000
> Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files.
>
> Create files with pem extension instead of crt.
>
> [...]
Hi,
With this patch I think the 'install-keystore' phase of icedtea-7 will
also have to be updated to search for the ".pem" files instead of the
".crt" ones.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Mathieu Othacehe <othacehe <at> gnu.org>:
You have taken responsibility.
(Tue, 21 Sep 2021 07:45:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Mathieu Othacehe <othacehe <at> gnu.org>:
bug acknowledged by developer.
(Tue, 21 Sep 2021 07:45:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 50697-done <at> debbugs.gnu.org (full text, mbox):
Hey,
> With this patch I think the 'install-keystore' phase of icedtea-7 will
> also have to be updated to search for the ".pem" files instead of the
> ".crt" ones.
Right, thanks for the heads up. I pushed the original two patches plus a
new one to fix icedtea-7.
Thanks,
Mathieu
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 19 Oct 2021 11:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 240 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.