From unknown Wed Jun 18 23:04:01 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#50697 <50697@debbugs.gnu.org> To: bug#50697 <50697@debbugs.gnu.org> Subject: Status: [core-updates-frozen] ca-certificate-bundle generation is broken. Reply-To: bug#50697 <50697@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:04:01 +0000 retitle 50697 [core-updates-frozen] ca-certificate-bundle generation is bro= ken. reassign 50697 guix submitter 50697 Mathieu Othacehe severity 50697 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 20 06:33:08 2021 Received: (at submit) by debbugs.gnu.org; 20 Sep 2021 10:33:08 +0000 Received: from localhost ([127.0.0.1]:41051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSGbj-0007kR-TY for submit@debbugs.gnu.org; Mon, 20 Sep 2021 06:33:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:59350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSGbe-0007kE-3t for submit@debbugs.gnu.org; Mon, 20 Sep 2021 06:33:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45360) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSGbd-0004jP-Dl for bug-guix@gnu.org; Mon, 20 Sep 2021 06:33:01 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55422) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mSGbc-0007aF-HS; Mon, 20 Sep 2021 06:33:01 -0400 Received: from [195.122.1.73] (port=42626 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSGbb-0005gR-87; Mon, 20 Sep 2021 06:32:59 -0400 From: Mathieu Othacehe To: bug-guix@gnu.org Subject: [core-updates-frozen] ca-certificate-bundle generation is broken. Date: Mon, 20 Sep 2021 10:32:56 +0000 Message-ID: <87pmt3sfjb.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: maxim.cournoyer@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hello, On core-updates-frozen, the ca-certificate-bundle derivation produces an empty output. That's because nss-certs only contains .crt files that are ignored by ca-certificate-bundle procedure. The following patches should fix the situation. Thanks, Mathieu --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-certdata2pem-Produce-pem-files.patch >From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:26:30 +0000 Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files. Create files with pem extension instead of crt. * gnu/packages/certs.scm (certdata2pem)[arguments]<#:phases>{fix-extension}: New phase. --- gnu/packages/certs.scm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 37e3fa6786..c9d8e7b76c 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -104,6 +104,11 @@ port forwarding to your local machine.") (arguments `(#:phases (modify-phases %standard-phases (delete 'configure) + (add-before 'build 'fix-extension + (lambda _ + (substitute* "certdata2pem.c" + (("\\.crt") + ".pem")))) (replace 'build (lambda _ (invoke ,(cc-for-target) "certdata2pem.c" -- 2.33.0 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0002-gnu-nss-certs-Copy-pem-files.patch >From 751a89919aa7a7bdf963a85112346153bfd03407 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 20 Sep 2021 10:27:55 +0000 Subject: [PATCH 2/2] gnu: nss-certs: Copy pem files. * gnu/packages/certs.scm (nss-certs)[arguments]<#:phases>{install}: Copy pem files instead of crt files. --- gnu/packages/certs.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index c9d8e7b76c..39c3ebd128 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -164,9 +164,9 @@ that was originally contributed to Debian.") (call-with-output-file "blacklist.txt" (const #t))) ;; Extract selected single certificates from blob. (invoke "certdata2pem") - ;; Copy .crt files into the output. + ;; Copy .pem files into the output. (for-each (cut install-file <> certsdir) - (find-files "." ".*\\.crt$"))) + (find-files "." ".*\\.pem$"))) (invoke "openssl" "rehash" certsdir))))))) (synopsis "CA certificates from Mozilla") (description -- 2.33.0 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 20 08:42:00 2021 Received: (at 50697) by debbugs.gnu.org; 20 Sep 2021 12:42:00 +0000 Received: from localhost ([127.0.0.1]:41203 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSIcS-0006nq-HV for submit@debbugs.gnu.org; Mon, 20 Sep 2021 08:42:00 -0400 Received: from mout02.posteo.de ([185.67.36.66]:44211) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSIcP-0006nc-TW for 50697@debbugs.gnu.org; Mon, 20 Sep 2021 08:41:58 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id C4C60240101 for <50697@debbugs.gnu.org>; Mon, 20 Sep 2021 14:41:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1632141711; bh=FnMFdZ2nReWCleHeRwNgxUGnGmuDyaUXvKc1knx6rzc=; h=From:To:Cc:Subject:Date:From; b=RYrDvbU24CN8oKsOHMSwcrtYUQhsyvUAavw+nPRDs/1n87h17Zu3Pg1GUy0cCwKMS QER/dzXCM84zCsRodJhoDgNqAL/MLUzK/uZpfq5jKxMbqAoz6+NfGbGD46rDRZ3i4d V95yv41eOP+qHmfn2ljKAwV0qZJ6c26P+gGPtqHyGPiStILqNnoaYyq+Ega5WK9Fkv DE/Mh1Vh5AHIWz6d2MoaVYLf3/PsCG5EWWvRZefg/ZYZZCRrXvvtnwWmmh8bihVZ05 R3LJ0/k4Z9h5rEhXDz0i0AVd0N7EvJh6aWe8kXPJ4MmeelRKSu9NXoB2o4opNuUFUp h/r78gCFIsyBw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4HCkhY5wlpz9rxH; Mon, 20 Sep 2021 14:41:49 +0200 (CEST) References: <87pmt3sfjb.fsf@gnu.org> From: Guillaume Le Vaillant To: Mathieu Othacehe Subject: Re: bug#50697: [core-updates-frozen] ca-certificate-bundle generation is broken. Date: Mon, 20 Sep 2021 12:36:52 +0000 In-reply-to: <87pmt3sfjb.fsf@gnu.org> Message-ID: <87lf3r2zcj.fsf@kitej> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 50697 Cc: 50697@debbugs.gnu.org, maxim.cournoyer@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Mathieu Othacehe skribis: > Hello, > > On core-updates-frozen, the ca-certificate-bundle derivation produces an > empty output. That's because nss-certs only contains .crt files that are > ignored by ca-certificate-bundle procedure. > > The following patches should fix the situation. > > Thanks, > > Mathieu > > From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001 > From: Mathieu Othacehe > Date: Mon, 20 Sep 2021 10:26:30 +0000 > Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files. > > Create files with pem extension instead of crt. > > [...] Hi, With this patch I think the 'install-keystore' phase of icedtea-7 will also have to be updated to search for the ".pem" files instead of the ".crt" ones. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIUEAREKAC0WIQTLxZxm7Ce5cXlAaz5r6CCK3yH+PwUCYUiBjA8cZ2x2QHBvc3Rl by5uZXQACgkQa+ggit8h/j8xuwEAi0tfhxPLWttftWBCdgbeuzWC2Ra7zPvRjzA7 4h3oK4gBAJqgFdMIwuUtXCRmswycoh1P3jUjfSeIlwo9zST3xcSM =s+yI -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 21 03:44:34 2021 Received: (at 50697-done) by debbugs.gnu.org; 21 Sep 2021 07:44:34 +0000 Received: from localhost ([127.0.0.1]:44761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSaS7-0005YL-Hu for submit@debbugs.gnu.org; Tue, 21 Sep 2021 03:44:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43930) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mSaRy-0005Xe-JP for 50697-done@debbugs.gnu.org; Tue, 21 Sep 2021 03:44:29 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60954) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mSaRr-00034t-5n; Tue, 21 Sep 2021 03:44:15 -0400 Received: from [109.110.20.156] (port=47472 helo=meije) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mSaRq-0004JO-Ld; Tue, 21 Sep 2021 03:44:15 -0400 From: Mathieu Othacehe To: Guillaume Le Vaillant Subject: Re: bug#50697: [core-updates-frozen] ca-certificate-bundle generation is broken. References: <87pmt3sfjb.fsf@gnu.org> <87lf3r2zcj.fsf@kitej> Date: Tue, 21 Sep 2021 07:44:11 +0000 In-Reply-To: <87lf3r2zcj.fsf@kitej> (Guillaume Le Vaillant's message of "Mon, 20 Sep 2021 12:36:52 +0000") Message-ID: <87tuie5q5w.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 50697-done Cc: 50697-done@debbugs.gnu.org, maxim.cournoyer@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hey, > With this patch I think the 'install-keystore' phase of icedtea-7 will > also have to be updated to search for the ".pem" files instead of the > ".crt" ones. Right, thanks for the heads up. I pushed the original two patches plus a new one to fix icedtea-7. Thanks, Mathieu From unknown Wed Jun 18 23:04:01 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 19 Oct 2021 11:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator