GNU bug report logs -
#50697
[core-updates-frozen] ca-certificate-bundle generation is broken.
Previous Next
Reported by: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 20 Sep 2021 10:34:01 UTC
Severity: normal
Done: Mathieu Othacehe <othacehe <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#50697: [core-updates-frozen] ca-certificate-bundle generation is broken.
which was filed against the guix package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 50697 <at> debbugs.gnu.org.
--
50697: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=50697
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Hey,
> With this patch I think the 'install-keystore' phase of icedtea-7 will
> also have to be updated to search for the ".pem" files instead of the
> ".crt" ones.
Right, thanks for the heads up. I pushed the original two patches plus a
new one to fix icedtea-7.
Thanks,
Mathieu
[Message part 3 (message/rfc822, inline)]
[Message part 4 (text/plain, inline)]
Hello,
On core-updates-frozen, the ca-certificate-bundle derivation produces an
empty output. That's because nss-certs only contains .crt files that are
ignored by ca-certificate-bundle procedure.
The following patches should fix the situation.
Thanks,
Mathieu
[0001-gnu-certdata2pem-Produce-pem-files.patch (text/x-patch, inline)]
From 18248cc817952c690694707cc965283dad1933c2 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 20 Sep 2021 10:26:30 +0000
Subject: [PATCH 1/2] gnu: certdata2pem: Produce pem files.
Create files with pem extension instead of crt.
* gnu/packages/certs.scm (certdata2pem)[arguments]<#:phases>{fix-extension}:
New phase.
---
gnu/packages/certs.scm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 37e3fa6786..c9d8e7b76c 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -104,6 +104,11 @@ port forwarding to your local machine.")
(arguments
`(#:phases (modify-phases %standard-phases
(delete 'configure)
+ (add-before 'build 'fix-extension
+ (lambda _
+ (substitute* "certdata2pem.c"
+ (("\\.crt")
+ ".pem"))))
(replace 'build
(lambda _
(invoke ,(cc-for-target) "certdata2pem.c"
--
2.33.0
[0002-gnu-nss-certs-Copy-pem-files.patch (text/x-patch, inline)]
From 751a89919aa7a7bdf963a85112346153bfd03407 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe <othacehe <at> gnu.org>
Date: Mon, 20 Sep 2021 10:27:55 +0000
Subject: [PATCH 2/2] gnu: nss-certs: Copy pem files.
* gnu/packages/certs.scm (nss-certs)[arguments]<#:phases>{install}: Copy pem
files instead of crt files.
---
gnu/packages/certs.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index c9d8e7b76c..39c3ebd128 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -164,9 +164,9 @@ that was originally contributed to Debian.")
(call-with-output-file "blacklist.txt" (const #t)))
;; Extract selected single certificates from blob.
(invoke "certdata2pem")
- ;; Copy .crt files into the output.
+ ;; Copy .pem files into the output.
(for-each (cut install-file <> certsdir)
- (find-files "." ".*\\.crt$")))
+ (find-files "." ".*\\.pem$")))
(invoke "openssl" "rehash" certsdir)))))))
(synopsis "CA certificates from Mozilla")
(description
--
2.33.0
This bug report was last modified 3 years and 240 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.