unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
From: "David Arroyo" <david@aqwari.net>
To: 54102@debbugs.gnu.org
Subject: bug#54102: SSL_CERT_DIR is not always unary
Date: Mon, 21 Feb 2022 23:56:29 -0500	[thread overview]
Message-ID: <775ea9f0-6247-4b0e-a89f-dc9e9ba9d75d@www.fastmail.com> (raw)

The guix shell profile, at least on non-guix SD systems, contains the line

	export SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"

Since it prepends to the SSL_CERT_DIR variable, if a silly user were to accidentally source this file twice, say, to pick up changes they've made to a file that sources this file, the variable will contain duplicate paths.

However, several locations in the guix source assume SSL_CERT_DIR is a single directory. As an example, I ran into this issue when attempting to use `guix import opam -r faraday`:

	Starting download of /tmp/guix-file.XFPss4
	From https://github.com/inhabitedtype/faraday/archive/0.8.1.tar.gz...
	X.509 certificate of 'github.com' could not be verified:
	  signer-not-found
	  invalid

Running the command with `strace -f` showed that guix was attempting to open $SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR.

It might be better to clobber this variable in the guix shell profile, rather than render it unusable for some subcommands. If not that, then we should remove the assumption that it contains a single path element.

(apologies if this is a duplicate email; I sent this earlier before subscribing to the list)




                 reply	other threads:[~2022-02-22 16:22 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=775ea9f0-6247-4b0e-a89f-dc9e9ba9d75d@www.fastmail.com \
    --to=david@aqwari.net \
    --cc=54102@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).