H= ello Guix!

Package: flatpak

Whenever I try "flatpak remote-= add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo"= ; I keep getting the error "Can't load uri https://flathub.org/repo/flath= ub.flatpakrepo: TLS support is not available".

I even tried follow= ing steps mentioned at https://www.gnu.org/software/guix/manual/en/guix.h= tml#index-TLS. Still not working.

Unless this is fixed, flatpak in= guix will be unusable with remote repositories.

Regards,
RG. ----=_RainLoop_957_212577591.1552595818-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#34861: TLS Error with Flatpak Date: Mon, 18 Mar 2019 10:49:33 +0100 Message-ID: <87imwgpl5e.fsf@gnu.org> References: <002a84964102ac2171089fa7dc007092@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:46123) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5ouC-0000qf-7j for bug-guix@gnu.org; Mon, 18 Mar 2019 05:50:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5ouA-0000BI-UZ for bug-guix@gnu.org; Mon, 18 Mar 2019 05:50:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34578) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h5ouA-0000BA-HJ for bug-guix@gnu.org; Mon, 18 Mar 2019 05:50:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h5ouA-000836-B0 for bug-guix@gnu.org; Mon, 18 Mar 2019 05:50:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <002a84964102ac2171089fa7dc007092@disroot.org> (Raghav Gururajan's message of "Thu, 14 Mar 2019 20:36:58 +0000") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861@debbugs.gnu.org Hello, "Raghav Gururajan" skribis: > Whenever I try "flatpak remote-add --if-not-exists flathub https://flathu= b.org/repo/flathub.flatpakrepo"; I keep getting the error "Can't load uri h= ttps://flathub.org/repo/flathub.flatpakrepo: TLS support is not available". > > I even tried following steps mentioned at https://www.gnu.org/software/gu= ix/manual/en/guix.html#index-TLS. Still not working. To be more specific, did you install =E2=80=98nss-certs=E2=80=99? If you did is it installed system-wide in /etc/ssl/certs, or per-user? Did you set =E2=80=98SSL_CERT_DIR=E2=80=99, =E2=80=98SSL_CERT_FILE=E2=80=99= , or related environment variables? Thanks, Ludo=E2=80=99. From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Raghav Gururajan" Subject: bug#34861: TLS Error with Flatpak Date: Mon, 18 Mar 2019 17:31:54 +0000 Message-ID: References: <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:56747) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5w8F-0006gj-Cf for bug-guix@gnu.org; Mon, 18 Mar 2019 13:33:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5w8E-0007Hs-Hf for bug-guix@gnu.org; Mon, 18 Mar 2019 13:33:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35610) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h5w8E-0007Hb-75 for bug-guix@gnu.org; Mon, 18 Mar 2019 13:33:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h5w8E-0000oV-0d for bug-guix@gnu.org; Mon, 18 Mar 2019 13:33:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87imwgpl5e.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 34861@debbugs.gnu.org Hello Ludovic!=0A=0AYes, I did them. Still did not work.=0A=0AI did the f= ollowing to set env variables:=0A=0A$ guix package -i nss-certs=0A$ expor= t SSL_CERT_DIR=3D"$HOME/.guix-profile/etc/ssl/certs"=0A$ export SSL_CERT_= FILE=3D"$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"=0A$ export= GIT_SSL_CAINFO=3D"$SSL_CERT_FILE"=0A=0ARegards,=0ARG.=0A=0AMarch 18, 201= 9 9:49 AM, "Ludovic Court=C3=A8s" wrote:=0A=0A> Hello,=0A>= =0A> "Raghav Gururajan" skribis:=0A> =0A>> Whenever I= try "flatpak remote-add --if-not-exists flathub=0A>> https://flathub.org= /repo/flathub.flatpakrepo"; I keep getting the error "Can't load uri=0A>>= https://flathub.org/repo/flathub.flatpakrepo: TLS support is not availab= le".=0A>> =0A>> I even tried following steps mentioned at=0A>> https://ww= w.gnu.org/software/guix/manual/en/guix.html#index-TLS. Still not working.= =0A> =0A> To be more specific, did you install =E2=80=98nss-certs=E2=80= =99?=0A> =0A> If you did is it installed system-wide in /etc/ssl/certs, o= r per-user?=0A> =0A> Did you set =E2=80=98SSL_CERT_DIR=E2=80=99, =E2=80= =98SSL_CERT_FILE=E2=80=99, or related environment=0A> variables?=0A> =0A>= Thanks,=0A> Ludo=E2=80=99. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: bug#34861: TLS Error with Flatpak Date: Mon, 18 Mar 2019 22:24:12 +0100 Message-ID: <87ef73yiyr.fsf@elephly.net> References: <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([209.51.188.92]:35715) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5zko-0004G9-4B for bug-guix@gnu.org; Mon, 18 Mar 2019 17:25:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5zkn-0006pO-FV for bug-guix@gnu.org; Mon, 18 Mar 2019 17:25:06 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35728) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h5zkn-0006ow-7g for bug-guix@gnu.org; Mon, 18 Mar 2019 17:25:05 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h5zkl-0006ZH-8b for bug-guix@gnu.org; Mon, 18 Mar 2019 17:25:05 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861@debbugs.gnu.org Raghav Gururajan writes: > Yes, I did them. Still did not work. > > I did the following to set env variables: > > $ guix package -i nss-certs > $ export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs" > $ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt" > $ export GIT_SSL_CAINFO="$SSL_CERT_FILE" Flatpak uses libsoup with SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE. libsoup delegates TLS handling to glib-networking. Raghav, could you trace flatpak to see what certificate files it is trying to access? -- Ricardo From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Raghav Gururajan" Subject: bug#34861: TLS Error with Flatpak Date: Mon, 18 Mar 2019 23:10:48 +0000 Message-ID: <2d04774df83fe600777de7b8f26aca87@disroot.org> References: <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--=_RainLoop_231_772500090.1552950648" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:46812) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h61PT-00046l-Ns for bug-guix@gnu.org; Mon, 18 Mar 2019 19:11:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h61PS-0005wx-Cp for bug-guix@gnu.org; Mon, 18 Mar 2019 19:11:11 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35800) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h61PM-0005mX-AH for bug-guix@gnu.org; Mon, 18 Mar 2019 19:11:10 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h61PL-0000mu-UG for bug-guix@gnu.org; Mon, 18 Mar 2019 19:11:04 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87ef73yiyr.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 34861@debbugs.gnu.org ----=_RainLoop_231_772500090.1552950648 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Ricardo!=0A=0APlease find the following information.=0A=0AFROM FLAT= PAK SOURECODE:=0A=0ASoupSession *=0Aflatpak_create_soup_session (const ch= ar *user_agent)=0A{=0ASoupSession *soup_session;=0Aconst char *http_proxy= ;=0A=0Asoup_session =3D soup_session_new_with_options (SOUP_SESSION_USER_= AGENT, user_agent,=0ASOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,=0ASOUP_SE= SSION_USE_THREAD_CONTEXT, TRUE,=0ASOUP_SESSION_TIMEOUT, 60,=0ASOUP_SESSIO= N_IDLE_TIMEOUT, 60,=0ANULL);=0Asoup_session_remove_feature_by_type (soup_= session, SOUP_TYPE_CONTENT_DECODER);=0Ahttp_proxy =3D g_getenv ("http_pro= xy");=0Aif (http_proxy)=0A{=0Ag_autoptr(SoupURI) proxy_uri =3D soup_uri_n= ew (http_proxy);=0Aif (!proxy_uri)=0Ag_warning ("Invalid proxy URI '%s'",= http_proxy);=0Aelse=0Ag_object_set (soup_session, SOUP_SESSION_PROXY_URI= , proxy_uri, NULL);=0A}=0A=0Aif (g_getenv ("OSTREE_DEBUG_HTTP"))=0Asoup_s= ession_add_feature (soup_session, (SoupSessionFeature *) soup_logger_new = (SOUP_LOGGER_LOG_BODY, 500));=0A=0Areturn soup_session;=0A}=0A=0AFROM LIB= SOUP MANUAL:=0A=0AThe =E2=80=9Cssl-use-system-ca-file=E2=80=9D property= =0A=0A=E2=80=9Cssl-use-system-ca-file=E2=80=9D gboolean=0A=0ASetting this= to TRUE is equivalent to setting =E2=80=9Ctls-database=E2=80=9D to the d= efault system CA database. (and likewise, setting =E2=80=9Ctls-database= =E2=80=9D to the default database by hand will cause this property to bec= ome TRUE).=0A=0ASetting this to FALSE (when it was previously TRUE) will = clear the =E2=80=9Ctls-database=E2=80=9D field.=0A=0ASee =E2=80=9Cssl-str= ict=E2=80=9D for more information on how https certificate validation is = handled.=0A=0AThe =E2=80=9Cssl-strict=E2=80=9D property=0A=0A=E2=80=9Cssl= -strict=E2=80=9D gboolean=0A=0ANormally, if =E2=80=9Ctls-database=E2=80= =9D is set (including if it was set via =E2=80=9Cssl-use-system-ca-file= =E2=80=9D or =E2=80=9Cssl-ca-file=E2=80=9D), then libsoup will reject any= certificate that is invalid (ie, expired) or that is not signed by one o= f the given CA certificates, and the SoupMessage will fail with the statu= s SOUP_STATUS_SSL_FAILED.=0A=0AIf you set =E2=80=9Cssl-strict=E2=80=9D to= FALSE, then all certificates will be accepted, and you will need to call= soup_message_get_https_status() to distinguish valid from invalid certif= icates. (This can be used, eg, if you want to accept invalid certificates= after giving some sort of warning.)=0A=0AFor a plain SoupSession, if the= session has no CA file or TLS database, and this property is TRUE, then = all certificates will be rejected.=0A=0A--=0ARegards,=0ARG.=0A=0AMarch 18= , 2019 9:24 PM, "Ricardo Wurmus" wrote:=0A Raghav Gururajan writes:=0A Yes, I did them. Still did not work.=0A=0AI did the fo= llowing to set env variables:=0A=0A$ guix package -i nss-certs=0A$ export= SSL_CERT_DIR=3D"$HOME/.guix-profile/etc/ssl/certs"=0A$ export SSL_CERT_F= ILE=3D"$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"=0A$ export = GIT_SSL_CAINFO=3D"$SSL_CERT_FILE" =0A=0AFlatpak uses libsoup with SOUP_SE= SSION_SSL_USE_SYSTEM_CA_FILE. libsoup=0Adelegates TLS handling to glib-ne= tworking.=0A=0ARaghav, could you trace flatpak to see what certificate fi= les it is=0Atrying to access?=0A=0A--=0ARicardo ----=_RainLoop_231_772500090.1552950648 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

H= ello Ricardo!

Please find the following information.

FROM FLATPAK SOURECODE:

SoupSession *
flatpak_create= _soup_session (const char *user_agent)
{
SoupSession *soup_session;=
const char *http_proxy;

soup_session =3D soup_session_new_with= _options (SOUP_SESSION_USER_AGENT, user_agent,
SOUP_SESSION_SSL_USE_SY= STEM_CA_FILE, TRUE,
SOUP_SESSION_USE_THREAD_CONTEXT, TRUE,
SOUP_SES= SION_TIMEOUT, 60,
SOUP_SESSION_IDLE_TIMEOUT, 60,
NULL);
soup_ses= sion_remove_feature_by_type (soup_session, SOUP_TYPE_CONTENT_DECODER);http_proxy =3D g_getenv ("http_proxy");
if (http_proxy)
{
g_aut= optr(SoupURI) proxy_uri =3D soup_uri_new (http_proxy);
if (!proxy_uri)=
g_warning ("Invalid proxy URI '%s'", http_proxy);
else
g_object= _set (soup_session, SOUP_SESSION_PROXY_URI, proxy_uri, NULL);
}
if (g_getenv ("OSTREE_DEBUG_HTTP"))
soup_session_add_feature (soup_se= ssion, (SoupSessionFeature *) soup_logger_new (SOUP_LOGGER_LOG_BODY, 500)= );

return soup_session;
}

FROM LIBSOUP MANUAL:

The =E2=80=9Cssl-use-system-ca-file=E2=80=9D prope= rty

=E2=80=9Cssl-use-system-ca-file=E2=80=9D gboolean
=
Setting this to TRUE is equivalent to setting =E2=80=9Ctls-database= =E2=80=9D to the default system CA database. (and likewise, setting =E2= =80=9Ctls-database=E2=80=9D to the default database by hand will cause th= is property to become TRUE).

Setting this to FALSE (when it was pr= eviously TRUE) will clear the =E2=80=9Ctls-database=E2=80=9D field.
See =E2=80=9Cssl-strict=E2=80=9D for more information on how https cert= ificate validation is handled.

The =E2=80=9Cssl-strict=E2= =80=9D property

=E2=80=9Cssl-strict=E2=80=9D gboolean
=
Normally, if =E2=80=9Ctls-database=E2=80=9D is set (including if it w= as set via =E2=80=9Cssl-use-system-ca-file=E2=80=9D or =E2=80=9Cssl-ca-fi= le=E2=80=9D), then libsoup will reject any certificate that is invalid (i= e, expired) or that is not signed by one of the given CA certificates, an= d the SoupMessage will fail with the status SOUP_STATUS_SSL_FAILED.
If you set =E2=80=9Cssl-strict=E2=80=9D to FALSE, then all certificates= will be accepted, and you will need to call soup_message_get_https_statu= s() to distinguish valid from invalid certificates. (This can be used, eg= , if you want to accept invalid certificates after giving some sort of wa= rning.)

For a plain SoupSession, if the session has no CA file or = TLS database, and this property is TRUE, then all certificates will be re= jected.

--
Regards,
RG.

March 18, 2019 9:24 PM, "Rica= rdo Wurmus" <rekado@elephly.net> wrote:
Raghav Gururajan <rvgn@disroot.org> writes:
Yes, I did them. Still did not work.

I did the following= to set env variables:

$ guix package -i nss-certs
$ export SSL= _CERT_DIR=3D"$HOME/.guix-profile/etc/ssl/certs"
$ export SSL_CERT_FILE= =3D"$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
$ export GI= T_SSL_CAINFO=3D"$SSL_CERT_FILE"

Flatpak uses libsoup= with SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE. libsoup
delegates TLS handl= ing to glib-networking.

Raghav, could you trace flatpak to see wha= t certificate files it is
trying to access?

--
Ricardo

----=_RainLoop_231_772500090.1552950648-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Raghav Gururajan" Subject: bug#34861: TLS Error with Flatpak Date: Tue, 19 Mar 2019 00:43:03 +0000 Message-ID: References: <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:46425) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h62rW-0003zZ-Bg for bug-guix@gnu.org; Mon, 18 Mar 2019 20:44:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h62rR-0005Bt-Sd for bug-guix@gnu.org; Mon, 18 Mar 2019 20:44:10 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35834) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h62rK-00058q-9M for bug-guix@gnu.org; Mon, 18 Mar 2019 20:44:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h62rK-00031s-4U for bug-guix@gnu.org; Mon, 18 Mar 2019 20:44:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87d0mnn282.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 34861@debbugs.gnu.org Hi Ricardo!=0A=0APlease find the log at: https://bin.disroot.org/?597e32c= b7e42e40e#r9lqwZ6w7sIAWlY2mt6dsgKCKRO5q0ZVt9U69vnZVZs=3D=0A=0AThank you!= =0A=0ARegards,=0ARG.=0A=0AMarch 19, 2019 12:22 AM, "Ricardo Wurmus" wrote:=0A=0A> Hi Raghav,=0A> =0A>> Please find the follow= ing information. [=E2=80=A6]=0A> =0A> Unfortunately, this is not very hel= pful as it only shows that flatpak=0A> uses libsoup.=0A> =0A>> Raghav, co= uld you trace flatpak to see what certificate files it is=0A>> trying to = access?=0A> =0A> I meant: could you run the flatpak command with =E2=80= =9Cstrace -f -o log -s=0A> 2048 flatpak =E2=80=A6=E2=80=9D? This would sh= ow us what files it attempts to access,=0A> hopefully including certifica= te files.=0A> =0A> --=0A> Ricardo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: bug#34861: TLS Error with Flatpak Date: Tue, 19 Mar 2019 01:21:17 +0100 Message-ID: <87d0mnn282.fsf@elephly.net> References: <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:35519) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h63Ew-0002O2-Ty for bug-guix@gnu.org; Mon, 18 Mar 2019 21:08:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h63Eu-0008Ub-Ms for bug-guix@gnu.org; Mon, 18 Mar 2019 21:08:26 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35839) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h63EY-0008IE-6p for bug-guix@gnu.org; Mon, 18 Mar 2019 21:08:17 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h63EX-0003aV-Od for bug-guix@gnu.org; Mon, 18 Mar 2019 21:08:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <2d04774df83fe600777de7b8f26aca87@disroot.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861@debbugs.gnu.org Hi Raghav, > Please find the following information. [=E2=80=A6] Unfortunately, this is not very helpful as it only shows that flatpak uses libsoup. > Raghav, could you trace flatpak to see what certificate files it is > trying to access? I meant: could you run the flatpak command with =E2=80=9Cstrace -f -o log -s 2048 flatpak =E2=80=A6=E2=80=9D? This would show us what files it attempts= to access, hopefully including certificate files. -- Ricardo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#34861: TLS Error with Flatpak Date: Fri, 22 Mar 2019 22:00:23 +0100 Message-ID: <87mulm4obc.fsf@gnu.org> References: <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:60866) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7Rbo-0008Gj-UU for bug-guix@gnu.org; Fri, 22 Mar 2019 17:21:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h7RWP-0002pA-1z for bug-guix@gnu.org; Fri, 22 Mar 2019 17:16:15 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41211) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h7RWJ-0002iB-4D for bug-guix@gnu.org; Fri, 22 Mar 2019 17:16:09 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h7RWI-0000au-Qd for bug-guix@gnu.org; Fri, 22 Mar 2019 17:16:06 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (Raghav Gururajan's message of "Tue, 19 Mar 2019 00:43:03 +0000") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861@debbugs.gnu.org Hi Raghav, "Raghav Gururajan" skribis: > Please find the log at: https://bin.disroot.org/?597e32cb7e42e40e#r9lqwZ6= w7sIAWlY2mt6dsgKCKRO5q0ZVt9U69vnZVZs=3D >=20 > 5462 connect(12, {sa_family=3DAF_INET, sin_port=3Dhtons(443), sin_addr= =3Dinet_addr("93.93.130.103")}, 16) =3D -1 EINPROGRESS (Operation now in pr= ogress) [...] > 5462 getsockopt(12, SOL_SOCKET, SO_ERROR, [0], [4]) =3D 0 > 5462 setsockopt(12, SOL_TCP, TCP_NODELAY, [1], 4) =3D 0 [...] > 5462 close(12) =3D 0 [...] > 5461 write(2, "\33[31m\33[1merror: \33[22m\33[0mTLS support is not avail= able\n", 54) =3D 54 Thanks for sending the strace output. That output shows that Flatpak never tries to access /etc/ssl/certs, ~/.guix-profile/etc/ssl/certs or anything like that. The error message comes from GLib, in gdummytlsbackend.c. AFAICS our GLib also includes the TLS (not dummy) backend: --8<---------------cut here---------------start------------->8--- $ objdump -T /gnu/store/0q9pq9flr76rh4bv2524niknknnl2kvq-glib-2.56.3/lib/li= bgio-2.0.so | grep g_tls_backend 0000000000093e90 g DF .text 0000000000000082 Base g_tls_backend_= get_default_database 0000000000093dd0 g DF .text 000000000000006f Base g_tls_backend_= supports_tls 0000000000093f40 g DF .text 000000000000001b Base g_tls_backend_= get_client_connection_type 0000000000093e40 g DF .text 0000000000000049 Base g_tls_backend_= supports_dtls 0000000000093db0 g DF .text 0000000000000015 Base g_tls_backend_= get_default 0000000000093f80 g DF .text 0000000000000072 Base g_tls_backend_= get_dtls_client_connection_type 0000000000093f60 g DF .text 000000000000001b Base g_tls_backend_= get_server_connection_type 0000000000094000 g DF .text 0000000000000072 Base g_tls_backend_= get_dtls_server_connection_type 0000000000094080 g DF .text 000000000000007f Base g_tls_backend_= get_file_database_type 0000000000093d20 g DF .text 0000000000000084 Base g_tls_backend_= get_type 0000000000093f20 g DF .text 000000000000001b Base g_tls_backend_= get_certificate_type --8<---------------cut here---------------end--------------->8--- Libsoup does this: --8<---------------cut here---------------start------------->8--- static gboolean soup_socket_setup_ssl (SoupSocket *sock, const char *ssl_host, GCancellable *cancellable, GError **error) { SoupSocketPrivate *priv =3D soup_socket_get_instance_private (sock); GTlsBackend *backend =3D g_tls_backend_get_default (); --8<---------------cut here---------------end--------------->8--- =E2=80=98g_tls_backend_get_default=E2=80=99 itself looks like this: --8<---------------cut here---------------start------------->8--- GTlsBackend * g_tls_backend_get_default (void) { return _g_io_module_get_default (G_TLS_BACKEND_EXTENSION_POINT_NAME, "GIO_USE_TLS", NULL); } --8<---------------cut here---------------end--------------->8--- Could you try setting the =E2=80=98GIO_USE_TLS=E2=80=99 environment variabl= e? Like: export GIO_USE_TLS=3Dtls or maybe: export GIO_USE_TLS=3DGTlsBackend and then run Flatpak in that environment? TIA, Ludo=E2=80=99. From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Raghav Gururajan" Subject: bug#34861: TLS Error with Flatpak Date: Sat, 23 Mar 2019 04:02:25 +0000 Message-ID: <1b38d1aece009c4dc9321811abeea14d@disroot.org> References: <87mulm4obc.fsf@gnu.org> <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:58127) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7Y6m-0007pJ-6J for bug-guix@gnu.org; Sat, 23 Mar 2019 00:18:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h7Xs6-0000z8-LS for bug-guix@gnu.org; Sat, 23 Mar 2019 00:03:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41357) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h7Xs6-0000z3-Ar for bug-guix@gnu.org; Sat, 23 Mar 2019 00:03:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h7Xs6-0002g9-2a for bug-guix@gnu.org; Sat, 23 Mar 2019 00:03:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87mulm4obc.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 34861@debbugs.gnu.org Thank you very much.=0A=0AShould I be running just "export GIO_USE_TLS=3D= tls" as it is mentioned or should I insert it in some other command/synta= x?=0A=0AThanks!=0A=0ARegards,=0ARG.=0A=0AMarch 22, 2019 5:15 PM, "Ludovic= Court=C3=A8s" wrote:=0A=0A> Hi Raghav,=0A> =0A> "Raghav G= ururajan" skribis:=0A> =0A>> Please find the log at:= =0A>> https://bin.disroot.org/?597e32cb7e42e40e#r9lqwZ6w7sIAWlY2mt6dsgKCK= RO5q0ZVt9U69vnZVZs=3D=0A>> =0A>> 5462 connect(12, {sa_family=3DAF_INET, s= in_port=3Dhtons(443), sin_addr=3Dinet_addr("93.93.130.103")}, 16)=0A>> = =3D -1 EINPROGRESS (Operation now in progress)=0A> =0A> [...]=0A> =0A>> 5= 462 getsockopt(12, SOL_SOCKET, SO_ERROR, [0], [4]) =3D 0=0A>> 5462 setsoc= kopt(12, SOL_TCP, TCP_NODELAY, [1], 4) =3D 0=0A> =0A> [...]=0A> =0A>> 546= 2 close(12) =3D 0=0A> =0A> [...]=0A> =0A>> 5461 write(2, "\33[31m\33[1mer= ror: \33[22m\33[0mTLS support is not available\n", 54) =3D 54=0A> =0A> Th= anks for sending the strace output. That output shows that Flatpak=0A> ne= ver tries to access /etc/ssl/certs, ~/.guix-profile/etc/ssl/certs or=0A> = anything like that.=0A> =0A> The error message comes from GLib, in gdummy= tlsbackend.c. AFAICS our=0A> GLib also includes the TLS (not dummy) backe= nd:=0A> =0A> --8<---------------cut here---------------start-------------= >8---=0A> $ objdump -T /gnu/store/0q9pq9flr76rh4bv2524niknknnl2kvq-glib-2= .56.3/lib/libgio-2.0.so | grep=0A> g_tls_backend=0A> 0000000000093e90 g D= F .text 0000000000000082 Base g_tls_backend_get_default_database=0A> 0000= 000000093dd0 g DF .text 000000000000006f Base g_tls_backend_supports_tls= =0A> 0000000000093f40 g DF .text 000000000000001b Base g_tls_backend_get_= client_connection_type=0A> 0000000000093e40 g DF .text 0000000000000049 B= ase g_tls_backend_supports_dtls=0A> 0000000000093db0 g DF .text 000000000= 0000015 Base g_tls_backend_get_default=0A> 0000000000093f80 g DF .text 00= 00000000000072 Base g_tls_backend_get_dtls_client_connection_type=0A> 000= 0000000093f60 g DF .text 000000000000001b Base g_tls_backend_get_server_c= onnection_type=0A> 0000000000094000 g DF .text 0000000000000072 Base g_tl= s_backend_get_dtls_server_connection_type=0A> 0000000000094080 g DF .text= 000000000000007f Base g_tls_backend_get_file_database_type=0A> 000000000= 0093d20 g DF .text 0000000000000084 Base g_tls_backend_get_type=0A> 00000= 00000093f20 g DF .text 000000000000001b Base g_tls_backend_get_certificat= e_type=0A> --8<---------------cut here---------------end--------------->8= ---=0A> =0A> Libsoup does this:=0A> =0A> --8<---------------cut here-----= ----------start------------->8---=0A> static gboolean=0A> soup_socket_set= up_ssl (SoupSocket *sock,=0A> const char *ssl_host,=0A> GCancellable *can= cellable,=0A> GError **error)=0A> {=0A> SoupSocketPrivate *priv =3D soup_= socket_get_instance_private (sock);=0A> GTlsBackend *backend =3D g_tls_ba= ckend_get_default ();=0A> --8<---------------cut here---------------end--= ------------->8---=0A> =0A> =E2=80=98g_tls_backend_get_default=E2=80=99 i= tself looks like this:=0A> =0A> --8<---------------cut here--------------= -start------------->8---=0A> GTlsBackend *=0A> g_tls_backend_get_default = (void)=0A> {=0A> return _g_io_module_get_default (G_TLS_BACKEND_EXTENSION= _POINT_NAME,=0A> "GIO_USE_TLS", NULL);=0A> }=0A> --8<---------------cut h= ere---------------end--------------->8---=0A> =0A> Could you try setting = the =E2=80=98GIO_USE_TLS=E2=80=99 environment variable? Like:=0A> =0A> ex= port GIO_USE_TLS=3Dtls=0A> =0A> or maybe:=0A> =0A> export GIO_USE_TLS=3DG= TlsBackend=0A> =0A> and then run Flatpak in that environment?=0A> =0A> TI= A,=0A> Ludo=E2=80=99. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: bug#34861: TLS Error with Flatpak Date: Sat, 23 Mar 2019 09:05:35 +0100 Message-ID: <87va0a5834.fsf@elephly.net> References: <87mulm4obc.fsf@gnu.org> <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> <1b38d1aece009c4dc9321811abeea14d@disroot.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([209.51.188.92]:39116) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7bgF-0007ug-P9 for bug-guix@gnu.org; Sat, 23 Mar 2019 04:07:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h7bgE-00076R-RU for bug-guix@gnu.org; Sat, 23 Mar 2019 04:07:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41442) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h7bgE-00076C-Jl for bug-guix@gnu.org; Sat, 23 Mar 2019 04:07:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h7bgE-000067-5Z for bug-guix@gnu.org; Sat, 23 Mar 2019 04:07:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <1b38d1aece009c4dc9321811abeea14d@disroot.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861@debbugs.gnu.org Raghav Gururajan writes: > Should I be running just "export GIO_USE_TLS=tls" as it is mentioned > or should I insert it in some other command/syntax? Just that. And then after that run the flatpak command in the same shell session. -- Ricardo From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Raghav Gururajan" Subject: bug#34861: TLS Error with Flatpak Date: Sun, 24 Mar 2019 06:48:11 +0000 Message-ID: References: <87va0a5834.fsf@elephly.net> <87mulm4obc.fsf@gnu.org> <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> <1b38d1aece009c4dc9321811abeea14d@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:55511) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h7wwJ-0005gQ-18 for bug-guix@gnu.org; Sun, 24 Mar 2019 02:49:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h7wwI-0001MI-65 for bug-guix@gnu.org; Sun, 24 Mar 2019 02:49:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:42447) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h7wwI-0001Lv-0E for bug-guix@gnu.org; Sun, 24 Mar 2019 02:49:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h7wwH-0004FF-Pp for bug-guix@gnu.org; Sun, 24 Mar 2019 02:49:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87va0a5834.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 34861@debbugs.gnu.org Hello!=0A=0AAdding remote repo in Flatpak is working now. Thank you very = much. Can you make export variable information mentioned at the end "guix= package -i flatpak" process?=0A=0ARegards,=0ARG.=0A=0AMarch 23, 2019 8:0= 6 AM, "Ricardo Wurmus" wrote:=0A=0A> Raghav Gururaja= n writes:=0A> =0A>> Should I be running just "export G= IO_USE_TLS=3Dtls" as it is mentioned=0A>> or should I insert it in some o= ther command/syntax?=0A> =0A> Just that. And then after that run the flat= pak command in the same=0A> shell session.=0A> =0A> --=0A> Ricardo From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#34861: TLS Error with Flatpak Date: Sun, 24 Mar 2019 23:13:03 +0100 Message-ID: <87y353syz4.fsf@gnu.org> References: <87va0a5834.fsf@elephly.net> <87mulm4obc.fsf@gnu.org> <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> <1b38d1aece009c4dc9321811abeea14d@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:54658) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h8BNT-00006g-Ov for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h8BNT-0002Ib-07 for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43690) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h8BNS-0002IT-RZ for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h8BNS-0005XW-H1 for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:02 -0400 Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Message-ID: In-Reply-To: (Raghav Gururajan's message of "Sun, 24 Mar 2019 06:48:11 +0000") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861-done@debbugs.gnu.org Hello, "Raghav Gururajan" skribis: > Adding remote repo in Flatpak is working now. Thank you very much. Nice! > Can you make export variable information mentioned at the end "guix packa= ge -i flatpak" process? I think we should rather find out why GIO uses the =E2=80=9Cdummy=E2=80=9D = TLS backend by default. The GnuTLS backend is part of =E2=80=98glib-networking=E2=80= =99, not GLib, and =E2=80=98GIO_EXTRA_MODULES=E2=80=99 was not being set, which is why the= correct TLS backend wasn=E2=80=99t found. Fixed in commit 16360cc884030eb69590dc18d9694b04c67273f6. Once you=E2=80=99ve upgraded you should no longer need to set =E2=80=98GIO_= USE_TLS=E2=80=99. Thanks! Ludo=E2=80=99. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#34861: TLS Error with Flatpak Date: Sun, 24 Mar 2019 23:13:19 +0100 Message-ID: <87woknsyyo.fsf@gnu.org> References: <87va0a5834.fsf@elephly.net> <87mulm4obc.fsf@gnu.org> <87d0mnn282.fsf@elephly.net> <87ef73yiyr.fsf@elephly.net> <87imwgpl5e.fsf@gnu.org> <002a84964102ac2171089fa7dc007092@disroot.org> <2d04774df83fe600777de7b8f26aca87@disroot.org> <1b38d1aece009c4dc9321811abeea14d@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:54666) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h8BNU-00006i-6E for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h8BNT-0002Iq-DL for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43692) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h8BNT-0002Im-A6 for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h8BNT-0005Xm-54 for bug-guix@gnu.org; Sun, 24 Mar 2019 18:14:03 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (Raghav Gururajan's message of "Sun, 24 Mar 2019 06:48:11 +0000") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Raghav Gururajan Cc: 34861-done@debbugs.gnu.org Hello, "Raghav Gururajan" skribis: > Adding remote repo in Flatpak is working now. Thank you very much. Nice! > Can you make export variable information mentioned at the end "guix packa= ge -i flatpak" process? I think we should rather find out why GIO uses the =E2=80=9Cdummy=E2=80=9D = TLS backend by default. The GnuTLS backend is part of =E2=80=98glib-networking=E2=80= =99, not GLib, and =E2=80=98GIO_EXTRA_MODULES=E2=80=99 was not being set, which is why the= correct TLS backend wasn=E2=80=99t found. Fixed in commit 16360cc884030eb69590dc18d9694b04c67273f6. Once you=E2=80=99ve upgraded you should no longer need to set =E2=80=98GIO_= USE_TLS=E2=80=99. Thanks! Ludo=E2=80=99.