GNU bug report logs - #70926
Having default nss-certs plus nss-certs in operating-system packages causes problems

Previous Next

Package: guix;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Mon, 13 May 2024 21:39:01 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
To: Christopher Baines <mail <at> cbaines.net>, 70926 <at> debbugs.gnu.org
Subject: bug#70926: Having default nss-certs plus nss-certs in operating-system packages causes problems
Date: Tue, 14 May 2024 07:44:30 +0200

Am Montag, dem 13.05.2024 um 22:38 +0100 schrieb Christopher Baines:
> I've seen this when updating systems, but it seems like something is
> wrong with the handling of nss-certs.
> 
> I'm on a guix revision with nss-certs by default, and when I add
> nss-certs to my system packages (to simulate not removing it when
> upgrading), it breaks certificates (e.g. wget https://guix.gnu.org/
> doesn't work).
I can confirm this on three machines (two of my own, one from a
relative): Having nss-certs in the packages field unexpectedly breaks
all known certificates.

> My reading of the operating-system-packages code suggests that adding
> nss-certs shouldn't have any effect, but this doesn't seem to be
> working.
It would be really nice to detect the mismatching versions if it's
based on that.  IIUC we graft nss-certs now, so that we can hot-swap
stuff like pythons certifi package.  Is this use case broken by any
chance?

Cheers
This bug report was last modified 1 year and 3 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.