From unknown Sat Jun 21 05:14:28 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50697: [core-updates-frozen] ca-certificate-bundle generation is broken. Resent-From: Mathieu Othacehe Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 20 Sep 2021 10:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 50697 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 50697@debbugs.gnu.org Cc: maxim.cournoyer@gmail.com X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.163213398829791 (code B ref -1); Mon, 20 Sep 2021 10:34:01 +0000 Received: (at submit) by debbugs.gnu.org; 20 Sep 2021 10:33:08 +0000 Received: from localhost ([127.0.0.1]:41051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSGbj-0007kR-TY for submit@debbugs.gnu.org; Mon, 20 Sep 2021 06:33:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:59350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSGbe-0007kE-3t for submit@debbugs.gnu.org; Mon, 20 Sep 2021 06:33:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45360) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSGbd-0004jP-Dl for bug-guix@gnu.org; Mon, 20 Sep 2021 06:33:01 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55422) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mSGbc-0007aF-HS; Mon, 20 Sep 2021 06:33:01 -0400 Received: from [195.122.1.73] (port=42626 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSGbb-0005gR-87; Mon, 20 Sep 2021 06:32:59 -0400 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:32:56 +0000 Message-ID: <87pmt3sfjb.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hello, On core-updates-frozen, the ca-certificate-bundle derivation produces an empty output. That's because nss-certs only contains .crt files that are ignored by ca-certificate-bundle procedure. The following patches should fix the situation. Thanks, Mathieu --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-certdata2pem-Produce-pem-files.patch >From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:26:30 +0000 Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files. Create files with pem extension instead of crt. * gnu/packages/certs.scm (certdata2pem)[arguments]<#:phases>{fix-extension}: New phase. --- gnu/packages/certs.scm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 37e3fa6786..c9d8e7b76c 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -104,6 +104,11 @@ port forwarding to your local machine.") (arguments `(#:phases (modify-phases %standard-phases (delete 'configure) + (add-before 'build 'fix-extension + (lambda _ + (substitute* "certdata2pem.c" + (("\\.crt") + ".pem")))) (replace 'build (lambda _ (invoke ,(cc-for-target) "certdata2pem.c" -- 2.33.0 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0002-gnu-nss-certs-Copy-pem-files.patch >From 751a89919aa7a7bdf963a85112346153bfd03407 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:27:55 +0000 Subject: [PATCH 2/2] gnu: nss-certs: Copy pem files. * gnu/packages/certs.scm (nss-certs)[arguments]<#:phases>{install}: Copy pem files instead of crt files. --- gnu/packages/certs.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index c9d8e7b76c..39c3ebd128 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -164,9 +164,9 @@ that was originally contributed to Debian.") (call-with-output-file "blacklist.txt" (const #t))) ;; Extract selected single certificates from blob. (invoke "certdata2pem") - ;; Copy .crt files into the output. + ;; Copy .pem files into the output. (for-each (cut install-file <> certsdir) - (find-files "." ".*\\.crt$"))) + (find-files "." ".*\\.pem$"))) (invoke "openssl" "rehash" certsdir))))))) (synopsis "CA certificates from Mozilla") (description -- 2.33.0 --=-=-=-- From unknown Sat Jun 21 05:14:28 2025 X-Loop: help-debbugs@gnu.org Subject: bug#50697: [core-updates-frozen] ca-certificate-bundle generation is broken. Resent-From: Guillaume Le Vaillant Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 20 Sep 2021 12:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50697 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mathieu Othacehe Cc: 50697@debbugs.gnu.org, maxim.cournoyer@gmail.com Received: via spool by 50697-submit@debbugs.gnu.org id=B50697.163214172026158 (code B ref 50697); Mon, 20 Sep 2021 12:42:01 +0000 Received: (at 50697) by debbugs.gnu.org; 20 Sep 2021 12:42:00 +0000 Received: from localhost ([127.0.0.1]:41203 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSIcS-0006nq-HV for submit@debbugs.gnu.org; Mon, 20 Sep 2021 08:42:00 -0400 Received: from mout02.posteo.de ([185.67.36.66]:44211) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSIcP-0006nc-TW for 50697@debbugs.gnu.org; Mon, 20 Sep 2021 08:41:58 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id C4C60240101 for <50697@debbugs.gnu.org>; Mon, 20 Sep 2021 14:41:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1632141711; bh=FnMFdZ2nReWCleHeRwNgxUGnGmuDyaUXvKc1knx6rzc=; h=From:To:Cc:Subject:Date:From; b=RYrDvbU24CN8oKsOHMSwcrtYUQhsyvUAavw+nPRDs/1n87h17Zu3Pg1GUy0cCwKMS QER/dzXCM84zCsRodJhoDgNqAL/MLUzK/uZpfq5jKxMbqAoz6+NfGbGD46rDRZ3i4d V95yv41eOP+qHmfn2ljKAwV0qZJ6c26P+gGPtqHyGPiStILqNnoaYyq+Ega5WK9Fkv DE/Mh1Vh5AHIWz6d2MoaVYLf3/PsCG5EWWvRZefg/ZYZZCRrXvvtnwWmmh8bihVZ05 R3LJ0/k4Z9h5rEhXDz0i0AVd0N7EvJh6aWe8kXPJ4MmeelRKSu9NXoB2o4opNuUFUp h/r78gCFIsyBw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4HCkhY5wlpz9rxH; Mon, 20 Sep 2021 14:41:49 +0200 (CEST) References: <87pmt3sfjb.fsf@gnu.org> From: Guillaume Le Vaillant Date: Mon, 20 Sep 2021 12:36:52 +0000 In-reply-to: <87pmt3sfjb.fsf@gnu.org> Message-ID: <87lf3r2zcj.fsf@kitej> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Mathieu Othacehe skribis: > Hello, > > On core-updates-frozen, the ca-certificate-bundle derivation produces an > empty output. That's because nss-certs only contains .crt files that are > ignored by ca-certificate-bundle procedure. > > The following patches should fix the situation. > > Thanks, > > Mathieu > > From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001 > From: Mathieu Othacehe > Date: Mon, 20 Sep 2021 10:26:30 +0000 > Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files. > > Create files with pem extension instead of crt. > > [...] Hi, With this patch I think the 'install-keystore' phase of icedtea-7 will also have to be updated to search for the ".pem" files instead of the ".crt" ones. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIUEAREKAC0WIQTLxZxm7Ce5cXlAaz5r6CCK3yH+PwUCYUiBjA8cZ2x2QHBvc3Rl by5uZXQACgkQa+ggit8h/j8xuwEAi0tfhxPLWttftWBCdgbeuzWC2Ra7zPvRjzA7 4h3oK4gBAJqgFdMIwuUtXCRmswycoh1P3jUjfSeIlwo9zST3xcSM =s+yI -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Jun 21 05:14:28 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Mathieu Othacehe Subject: bug#50697: closed (Re: bug#50697: [core-updates-frozen] ca-certificate-bundle generation is broken.) Message-ID: References: <87tuie5q5w.fsf@gnu.org> <87pmt3sfjb.fsf@gnu.org> X-Gnu-PR-Message: they-closed 50697 X-Gnu-PR-Package: guix Reply-To: 50697@debbugs.gnu.org Date: Tue, 21 Sep 2021 07:45:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1632210301-21404-1" This is a multi-part message in MIME format... ------------=_1632210301-21404-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #50697: [core-updates-frozen] ca-certificate-bundle generation is broken. which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 50697@debbugs.gnu.org. --=20 50697: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D50697 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1632210301-21404-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 50697-done) by debbugs.gnu.org; 21 Sep 2021 07:44:34 +0000 Received: from localhost ([127.0.0.1]:44761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSaS7-0005YL-Hu for submit@debbugs.gnu.org; Tue, 21 Sep 2021 03:44:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43930) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSaRy-0005Xe-JP for 50697-done@debbugs.gnu.org; Tue, 21 Sep 2021 03:44:29 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60954) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mSaRr-00034t-5n; Tue, 21 Sep 2021 03:44:15 -0400 Received: from [109.110.20.156] (port=47472 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSaRq-0004JO-Ld; Tue, 21 Sep 2021 03:44:15 -0400 From: Mathieu Othacehe To: Guillaume Le Vaillant Subject: Re: bug#50697: [core-updates-frozen] ca-certificate-bundle generation is broken. References: <87pmt3sfjb.fsf@gnu.org> <87lf3r2zcj.fsf@kitej> Date: Tue, 21 Sep 2021 07:44:11 +0000 In-Reply-To: <87lf3r2zcj.fsf@kitej> (Guillaume Le Vaillant's message of "Mon, 20 Sep 2021 12:36:52 +0000") Message-ID: <87tuie5q5w.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 50697-done Cc: 50697-done@debbugs.gnu.org, maxim.cournoyer@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hey, > With this patch I think the 'install-keystore' phase of icedtea-7 will > also have to be updated to search for the ".pem" files instead of the > ".crt" ones. Right, thanks for the heads up. I pushed the original two patches plus a new one to fix icedtea-7. Thanks, Mathieu ------------=_1632210301-21404-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 20 Sep 2021 10:33:08 +0000 Received: from localhost ([127.0.0.1]:41051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSGbj-0007kR-TY for submit@debbugs.gnu.org; Mon, 20 Sep 2021 06:33:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:59350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSGbe-0007kE-3t for submit@debbugs.gnu.org; Mon, 20 Sep 2021 06:33:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45360) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSGbd-0004jP-Dl for bug-guix@gnu.org; Mon, 20 Sep 2021 06:33:01 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55422) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mSGbc-0007aF-HS; Mon, 20 Sep 2021 06:33:01 -0400 Received: from [195.122.1.73] (port=42626 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSGbb-0005gR-87; Mon, 20 Sep 2021 06:32:59 -0400 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: [core-updates-frozen] ca-certificate-bundle generation is broken. Date: Mon, 20 Sep 2021 10:32:56 +0000 Message-ID: <87pmt3sfjb.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: maxim.cournoyer@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hello, On core-updates-frozen, the ca-certificate-bundle derivation produces an empty output. That's because nss-certs only contains .crt files that are ignored by ca-certificate-bundle procedure. The following patches should fix the situation. Thanks, Mathieu --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-certdata2pem-Produce-pem-files.patch >From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:26:30 +0000 Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files. Create files with pem extension instead of crt. * gnu/packages/certs.scm (certdata2pem)[arguments]<#:phases>{fix-extension}: New phase. --- gnu/packages/certs.scm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 37e3fa6786..c9d8e7b76c 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -104,6 +104,11 @@ port forwarding to your local machine.") (arguments `(#:phases (modify-phases %standard-phases (delete 'configure) + (add-before 'build 'fix-extension + (lambda _ + (substitute* "certdata2pem.c" + (("\\.crt") + ".pem")))) (replace 'build (lambda _ (invoke ,(cc-for-target) "certdata2pem.c" -- 2.33.0 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0002-gnu-nss-certs-Copy-pem-files.patch >From 751a89919aa7a7bdf963a85112346153bfd03407 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:27:55 +0000 Subject: [PATCH 2/2] gnu: nss-certs: Copy pem files. * gnu/packages/certs.scm (nss-certs)[arguments]<#:phases>{install}: Copy pem files instead of crt files. --- gnu/packages/certs.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index c9d8e7b76c..39c3ebd128 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -164,9 +164,9 @@ that was originally contributed to Debian.") (call-with-output-file "blacklist.txt" (const #t))) ;; Extract selected single certificates from blob. (invoke "certdata2pem") - ;; Copy .crt files into the output. + ;; Copy .pem files into the output. (for-each (cut install-file <> certsdir) - (find-files "." ".*\\.crt$"))) + (find-files "." ".*\\.pem$"))) (invoke "openssl" "rehash" certsdir))))))) (synopsis "CA certificates from Mozilla") (description -- 2.33.0 --=-=-=-- ------------=_1632210301-21404-1--