From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bengt Richter Subject: bug#38857: X.509 certificate of 'crates.io' could not be verified during a recursive import from crates.io Date: Thu, 2 Jan 2020 11:06:25 -0800 Message-ID: <20200102190625.GA861@Evo25c2ArchGx4.localdomain> References: <20200102071243.GS23018@E5400> Reply-To: Bengt Richter Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:49782) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1in5oG-0001H5-Bq for bug-guix@gnu.org; Thu, 02 Jan 2020 14:07:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1in5oE-0008AP-Mc for bug-guix@gnu.org; Thu, 02 Jan 2020 14:07:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:34058) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1in5oE-0008AE-IF for bug-guix@gnu.org; Thu, 02 Jan 2020 14:07:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1in5oE-0005MR-DV for bug-guix@gnu.org; Thu, 02 Jan 2020 14:07:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <20200102071243.GS23018@E5400> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Efraim Flashner Cc: Valentin Ignatev , 38857@debbugs.gnu.org Hi Guix, On +2020-01-02 09:12:43 +0200, Efraim Flashner wrote: > On Thu, Jan 02, 2020 at 01:45:35AM +0300, Valentin Ignatev wrote: > > Hi! I'm trying to recursively import a package from crates.io like this: > > > > guix import crate notify@4.0.14 --recursive > > > > It follows redirections for a while untill at some point throws this: > > > > Backtrace: > > 12 (primitive-load "/home/vj/.config/guix/current/bin/guix") > > In guix/ui.scm: > > 1806:12 11 (run-guix-command _ . _) > > In guix/scripts/import.scm: > > 116:11 10 (guix-import . _) > > In guix/scripts/import/crate.scm: > > 103:16 9 (guix-import-crate . _) > > In guix/import/utils.scm: > > 425:7 8 (recursive-import _ _ #:repo->guix-package _ #:guix-name …) > > 397:31 7 (topological-sort _ # …) > > In srfi/srfi-1.scm: > > 592:17 6 (map1 ("tempfile")) > > In guix/import/utils.scm: > > 421:36 5 (lookup-node "tempfile") > > In guix/import/crate.scm: > > 222:10 4 (crate->guix-package "tempfile" _) > > 150:15 3 (make-crate-sexp #:name _ #:version _ #:cargo-inputs _ # …) > > In guix/http-client.scm: > > 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …) > > In guix/build/download.scm: > > 419:4 1 (open-connection-for-uri _ #:timeout _ # _) > > 306:6 0 (tls-wrap # _ # _) > > > > guix/build/download.scm:306:6: In procedure tls-wrap: > > X.509 certificate of 'crates.io' could not be verified: > > signer-not-found > > invalid > > > > I suspect that it happens after the importer hits > > "wasm-bindgen-webidl" and starts going circles. Maybe there's some > > circullar dependencies going on, but I'm not sure. I'm attaching a > > full log for convenience. > > > > For additional info: I'm running Guix on Arch Linux. I've also > > installed nss-certs package, exported all neeeded variables > > (SSL_CERT_DIR, SSL_CERT_FILE and GIT_SSL_CAINFO) before running guix > > import and also made sure nscd.service is running. > > > > Regards, > > Valentin Ignatev > > I've had it happen to me also sometimes. It's like it forgets that it > just successfully connected 100+ times and then fails. > > > -- > Efraim Flashner אפרים פלשנר > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypted I don't know if this could be related, but... I am also running guix on Archlinux and experienced a TLS problem after doing pacman -Syu. Mutt got updated and I could no longer get my pop mail. I reverted the last mutt update: --8<---------------cut here---------------start------------->8--- [2020-01-01T15:53:13-0800] [ALPM] downgraded mutt (1.13.2-1 -> 1.12.2-1) --8<---------------cut here---------------end--------------->8--- And am writing this with the reverted verssion. (So BTW this may be a heads-up not to package 1.13.2-1 until the problem is resolved, to avoid similar breakage for other Arch users, and perhaps others?) BTW2, if you are using pacman on arch, this little snippet is handy to list what your last pacman {up,down}grade did: I do listing variants as ls-whatever -- this one is ls-pacupd: --8<---------------cut here---------------start------------->8--- #!/usr/bin/bash # ~/bin/ls-pacupd -- list latest pacman Syu upgrades latest="$(stat -c '%y' /var/log/pacman.log|cut -d ' ' -f1)" egrep "$latest.* (up|down)graded " /var/log/pacman.log --8<---------------cut here---------------end--------------->8--- I found that the guix-installed version of mutt worked for getting mail, and saw that it used the prior version. However, emacs is mutt's configured editor, and after some longish time editing the entire system would freeze and not respond to ANY key input, and I had to power down physically (5-sec press of power button). So I had to go back to the old Arch version. I am still mystified by this freeze-up. It's possible that I am typing some fatal combination of keys on this keyboard or that my migration from a dying laptop to an SSD in a USB3 cassette booted with UEFI on a Lenovo Swift did not entirely succeed. My context: I am running on tty1 with guix "disabled" by not setting up its paths etc in ~/.bash_profile at login, so this is my current boot context here: ┌─────────────────────────────────────────────────────────────────────────────────┐ │ Booted at 2020-01-02 08:50 -0800 (PST) and logged in as as bokr@Evo25c2ArchGx4 │ ├─────────────────────────────────────────────────────────────────────────────────┤ │ HW host: Acer Swift SF113-31/ASAHI_AP_S, BIOS V1.08 11/22/2017 │ │ MOUNTPOINT KNAME LABEL SIZE FSAVAIL FSUSE% │ │ /boot sda1 Evo25c2EFI1 1G 461.9M 55% │ │ / sda4 Evo25c2ArchGx4 167.9G 73.5G 50% │ │ Kernel: 5.4.6-arch3-1 #1 SMP PREEMPT Tue, 24 Dec 2019 04:36:53 +0000 │ │ CPU: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz │ └─────────────────────────────────────────────────────────────────────────────────┘ Whereas on tty4 I logged in with a config value that my ~/.bash_profile uses to set MY_GUIX_MODE=enabled at the top and do further enabled/disabled specializations after that, so e.g. guix is found in $PATH and currently that makes (captured on tty4 and and retrieved here on tty1) guix describe: --8<---------------cut here---------------start------------->8--- Generation 27 Dec 29 2019 18:49:23 (current) guix 996182a repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 996182a84bafb4c4982dcb36c2c54b350c16629a --8<---------------cut here---------------end--------------->8--- Editing context in emacs here and now: --8<---------------cut here---------------start------------->8--- pidparents ? 8747 Ss /usr/bin/bash /home/bokr/bin/pidparents emacs tty1 2420 Sl+ emacs /home/bokr/.mutt/temp/mutt-Evo25c2ArchGx4-1000-861-11810734661506241046 mutt tty1 861 S mutt bash tty1 461 Ss -bash login ? 447 Ss login -- bokr systemd ? 1 Ss /sbin/init \EFI\Evo25c2ArchGx4\vmlinuz-linux --8<---------------cut here---------------end--------------->8--- Regards, Bengt Richter