From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 2GcnBz4A+F7GBgAA0tVLHw (envelope-from ) for ; Sun, 28 Jun 2020 02:28:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id GAPYAj4A+F6zeQAAbx9fmQ (envelope-from ) for ; Sun, 28 Jun 2020 02:28:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8D88D94036C for ; Sun, 28 Jun 2020 02:28:13 +0000 (UTC) Received: from localhost ([::1]:60008 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpN3C-0004oq-Nb for larch@yhetil.org; Sat, 27 Jun 2020 22:28:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35298) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jpN35-0004oU-8G for bug-guix@gnu.org; Sat, 27 Jun 2020 22:28:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33345) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jpN34-0008FB-Vo for bug-guix@gnu.org; Sat, 27 Jun 2020 22:28:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jpN34-0007ME-4C for bug-guix@gnu.org; Sat, 27 Jun 2020 22:28:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#42076: SSL_CERT_* variables and GVFS (and probably more) are not initialized if you don't use GDM Resent-From: raingloom Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 28 Jun 2020 02:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42076 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 42076@debbugs.gnu.org Received: via spool by 42076-submit@debbugs.gnu.org id=B42076.159331127828272 (code B ref 42076); Sun, 28 Jun 2020 02:28:02 +0000 Received: (at 42076) by debbugs.gnu.org; 28 Jun 2020 02:27:58 +0000 Received: from localhost ([127.0.0.1]:44891 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpN30-0007Lw-95 for submit@debbugs.gnu.org; Sat, 27 Jun 2020 22:27:58 -0400 Received: from mx1.riseup.net ([198.252.153.129]:34802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jpN2x-0007Lm-Ll for 42076@debbugs.gnu.org; Sat, 27 Jun 2020 22:27:56 -0400 Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 49vZKQ678zzFd2c for <42076@debbugs.gnu.org>; Sat, 27 Jun 2020 19:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1593311274; bh=0FOIu7g31r4E+X+OuqeVHAWK00s9nZj5eSuD5DzYPcM=; h=Date:From:To:Subject:In-Reply-To:References:From; b=ligqpbhti/Gcm80fgVtXMWeH91b8UWA/JDdWi52VFsM2MN/nZJBIu5Oc0R/4v3ZjR qjaMPhmoqGHn9f87mdAX55xcXWLO0N58Vkwb2ptLCXUuzwe0YQQI5Svnu+bS3btw7h dDGiQdsXu8Gif/44vLxeoG2NrirPeChLQcg6hTZ8= X-Riseup-User-ID: 8A2DDA41679E97C270494AB3973C20CD767EA3762AC72ED8F97973ECB090DD95 Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 49vZKQ2Rs3zJnDp for <42076@debbugs.gnu.org>; Sat, 27 Jun 2020 19:27:53 -0700 (PDT) Date: Sat, 27 Jun 2020 22:16:05 +0200 From: raingloom Message-ID: <20200627221605.38116e75@riseup.net> In-Reply-To: <871rm0suma.fsf@nckx> References: <20200627053551.63452543@riseup.net> <871rm0suma.fsf@nckx> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.4 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -0.6 (/) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=riseup.net header.s=squak header.b=ligqpbht; dmarc=fail reason="SPF not aligned (relaxed)" header.from=riseup.net (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: WBwoaWEuk84I On Sat, 27 Jun 2020 11:53:01 +0200 Tobias Geerinckx-Rice wrote: > Hi! >=20 > Thanks for the bug report. How are these two things related? Did=20 > GVFS start working when you fixed your certs? Is GVFS failing=20 > because of other unset search paths? They should be tracked as=20 > separate bug #s otherwise. No idea, I don't know enough about GVFS to know how it's initalized. But this falls into the same category for me, ie.: a bunch of things are not initalized. But actually I've already made a bug report about it, it's just that nobody replied to it. See 41927. > It's not true that =E2=80=98SSL_CERT_* variables are not initialized if=20 > you don't use GDM=E2=80=99: they're initialised if a package declares a=20 > native-search-path requirement on them, and another package in the=20 > same profile provides matching files. >=20 > How were you failing to =E2=80=98download things=E2=80=99, =E2=80=98acces= s the web=E2=80=99? How=20 > did you fix it? SSL errors. They can probably be worked around, but it's annoying. And turning SSL off isn't the solution. I fixed it by setting SSL_CERT_{DIR,FILE} to the entries in /etc. Having nss-certs in the ad-hoc environment was not enough. for instance, Netsurf still does not work. (guix environment --ad-hoc nss-certs netsurf -- netsurf-gtk3) > I see that wget doesn't declare any search-paths. That's odd=20 > (bug?) but I don't use it. >=20 > I prefer curl, which does declare SSL_CERT_* search-paths:=20 > installing it will set SSL_CERT_{DIR,FILE} in the profile as long=20 > as there are (nss-)certs in that same profile to point at. Putting curl in the ad-hoc environment does fix it for Netsurf. So that's a bug in the Netsurf package I guess. > git, on the other hand, doesn't use SSL_CERT_*, but=20 > GIT_SSL_CAINFO. Here too, users don't need to care about the=20 > variable(s) because Guix sets them up as soon as certs are=20 > installed alongside. Git did work with `guix environment --ad-hoc nss-certs`, but since nss-certs is installed globally, I don't understand why that should be necessary. Or, well, I kind of do understand now, but I consider this a bug. The templates in gnu/system/examples/ all imply that nss-certs is necessary for HTTPS and that installing it system wide is enough. And it should be enough. > If you install the (nss-)certs to a different profile than all=20 > SSL_CERT_* consumers, this won't happen. An ugly hack-around=20 > would be to add native-seach-paths entries to the providing=20 > packages which would unconditionally set them. I'm not convinced=20 > this case is worth supporting. I don't think having undocumented broken edge cases is a good idea. =20 > I've not used GVFS & can't say anything sensible about it. >=20 > Kind regards, >=20 > T G-R Thanks for the help!