GNU bug report logs -
#70926
Having default nss-certs plus nss-certs in operating-system packages causes problems
Previous Next
Reported by: Christopher Baines <mail <at> cbaines.net>
Date: Mon, 13 May 2024 21:39:01 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 70926 <at> debbugs.gnu.org (full text, mbox):
Am Montag, dem 13.05.2024 um 22:38 +0100 schrieb Christopher Baines:
> I've seen this when updating systems, but it seems like something is
> wrong with the handling of nss-certs.
>
> I'm on a guix revision with nss-certs by default, and when I add
> nss-certs to my system packages (to simulate not removing it when
> upgrading), it breaks certificates (e.g. wget https://guix.gnu.org/
> doesn't work).
I can confirm this on three machines (two of my own, one from a
relative): Having nss-certs in the packages field unexpectedly breaks
all known certificates.
> My reading of the operating-system-packages code suggests that adding
> nss-certs shouldn't have any effect, but this doesn't seem to be
> working.
It would be really nice to detect the mismatching versions if it's
based on that. IIUC we graft nss-certs now, so that we can hot-swap
stuff like pythons certifi package. Is this use case broken by any
chance?
Cheers
This bug report was last modified 1 year and 3 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.