From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id sB9wKYEMFWKuXQAAgWs5BA (envelope-from ) for ; Tue, 22 Feb 2022 17:17:05 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id mIn0JYEMFWJtOgAAauVa8A (envelope-from ) for ; Tue, 22 Feb 2022 17:17:05 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 36A8214CDE for ; Tue, 22 Feb 2022 17:17:05 +0100 (CET) Received: from localhost ([::1]:32962 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nMXqa-0007mG-19 for larch@yhetil.org; Tue, 22 Feb 2022 11:17:04 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60396) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nMQYc-0006eJ-Tt for bug-guix@gnu.org; Tue, 22 Feb 2022 03:30:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:46046) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nMQYc-0004Jo-KO for bug-guix@gnu.org; Tue, 22 Feb 2022 03:30:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nMQYc-00015H-8f for bug-guix@gnu.org; Tue, 22 Feb 2022 03:30:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#54101: SSL_CERT_DIR is not always unary Resent-From: "David Arroyo" Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 22 Feb 2022 08:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54101 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54101@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16455185764098 (code B ref -1); Tue, 22 Feb 2022 08:30:02 +0000 Received: (at submit) by debbugs.gnu.org; 22 Feb 2022 08:29:36 +0000 Received: from localhost ([127.0.0.1]:39941 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nMQYC-000140-E3 for submit@debbugs.gnu.org; Tue, 22 Feb 2022 03:29:36 -0500 Received: from lists.gnu.org ([209.51.188.17]:51350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nMN5a-0003cd-5D for submit@debbugs.gnu.org; Mon, 21 Feb 2022 23:47:50 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49624) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nMN5Z-0006No-UJ for bug-guix@gnu.org; Mon, 21 Feb 2022 23:47:49 -0500 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:44935) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nMN5W-0005I7-CP for bug-guix@gnu.org; Mon, 21 Feb 2022 23:47:49 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 90C963202049 for ; Mon, 21 Feb 2022 23:47:41 -0500 (EST) Received: from imap43 ([10.202.2.93]) by compute5.internal (MEProxy); Mon, 21 Feb 2022 23:47:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=jWEygKu8q1n3McdbU2UmpzkTdN4WVVdQdahceff6R xs=; b=ZrFIahBI1a06LNG4wA6DpbK8hAEJ+y7stpSmQiRPnfSEzhtqD9Qtq9pI+ 5/DZ2n3Ev0NUK9gPKMChTK0oU92rgEB0wHB0mDwtqSJ/iWHXB3C1IFUF8Ogv4Tc+ J7UtwTgSHn1KjnwPubmluv/fnhD2IXi0KsFoPBJGfFv79YgPCY50CsBJPmL8payK hdnFz8KE0GXEi45XWxk5cZTzX0YPLcYR0jh4rpJiyD31eVrGj9tWoXd+XlucW+px qT2bEiI687ZXn1NAxnjoURA94juB488MIJI7KMohIw9OjzsP4ZfGXi5t4fPIs1xu /T9pKXvJidYL/AxHXi1lclbNdZYCA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeejgdejgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdffrghvihguucetrhhrohihohdfuceouggrvhhiugesrghqfigr rhhirdhnvghtqeenucggtffrrghtthgvrhhnpeehjeeltdetjeefgedvgfffueevtdegtd etffetvefhteekgefgteeuteekudduieenucffohhmrghinhepghhithhhuhgsrdgtohhm necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrvh hiugesrghqfigrrhhirdhnvght X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id E49E7AC0E99; Mon, 21 Feb 2022 23:47:40 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997 Mime-Version: 1.0 Message-Id: <2556bad4-8f11-4245-9cd0-15fdbe803ac2@www.fastmail.com> Date: Mon, 21 Feb 2022 23:47:20 -0500 From: "David Arroyo" Content-Type: text/plain Received-SPF: pass client-ip=64.147.123.21; envelope-from=david@aqwari.net; helo=wout5-smtp.messagingengine.com X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Tue, 22 Feb 2022 03:29:36 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Tue, 22 Feb 2022 11:10:27 -0500 X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1645546625; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=jWEygKu8q1n3McdbU2UmpzkTdN4WVVdQdahceff6Rxs=; b=ZAne+8Gz39pOXkuOPRvOCk+zPojybNJ8QRDusvnFCWRnX3Gq2rjsoyo/p8h7+guyrNGilN Jf4I2QBnC8SignDLpqGeCO63Kr34SEP2VnRJzZx5Oqe+BMYzoa/cCpcJ/XIpHZdYS9pNKk mX+o8mGQhyvlGmNqXGEKORYFmFpiJq/Vw2PoetGvb2+VO/yXX0y2/5Wgyz22Ywd3ooMI2n MJnFOT1Kx7KLA3WEmLmsQZ5j4ejan9Dv5PwKbOITsWbQHBRCIdYqGwvJTLQRvPkwS/kJOd EeY2+bjYoe0FfugkKMXZoGTCk/NLEpdpFJ39pRCOrMTmgfxprN282+Qoa39dcQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1645546625; a=rsa-sha256; cv=none; b=kpw+tP1/+uK8/Amqjmu4vND5T7wpjFsL43Ylh6Dr3r/tbOf5s8hmuoVo42Q3c84Wrhtalr iZThxgIzTZybLgsL95yLn8VVQ09VJbBeKolxF6g5NbUYpNh/8pP7QcpgQlO4QJ8fgy7TAr bEzxvPtOq3D/NQ2Q9PMUWu18XWv9pDV1/7Cw7oWYSDGfIaUUzVfek7+6awneRtc+myUBbf RMJuiNH+7bET1aEX5xkJWnRukzIGp5TOSnB0BHSsm1Li3YUD+faDm2WKy3Hf4lUXeaC597 OjtGI16M9IW0E9/vRGGjgssMsB/eRUUEYsNO30jICx8E1m5/ivJkxeDyZUni3Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=ZrFIahBI; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.32 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=ZrFIahBI; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 36A8214CDE X-Spam-Score: -3.32 X-Migadu-Scanner: scn0.migadu.com X-TUID: 0MdYPUOqmMkC The guix shell profile, at least on non-guix SD systems, contains the line export SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR" Since it prepends to the SSL_CERT_DIR variable, if a silly user were to accidentally source this file twice, say, to pick up changes they've made to a file that sources this file, the variable will contain duplicate paths. However, several locations in the guix source assume SSL_CERT_DIR is a single directory. As an example, I ran into this issue when attempting to use `guix import opam -r faraday`: Starting download of /tmp/guix-file.XFPss4 From https://github.com/inhabitedtype/faraday/archive/0.8.1.tar.gz... X.509 certificate of 'github.com' could not be verified: signer-not-found invalid Running the command with `strace -f` showed that guix was attempting to open $SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR. It might be better to clobber this variable in the guix shell profile, rather than render it unusable for some subcommands. If not that, then we should remove the assumption that it contains a single path element.