From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UH2eNMANFWJpQgAAgWs5BA (envelope-from ) for ; Tue, 22 Feb 2022 17:22:24 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id ID8VMcANFWJheQEAauVa8A (envelope-from ) for ; Tue, 22 Feb 2022 17:22:24 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 815AD1F71A for ; Tue, 22 Feb 2022 17:22:24 +0100 (CET) Received: from localhost ([::1]:44820 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nMXvj-0007Ob-29 for larch@yhetil.org; Tue, 22 Feb 2022 11:22:23 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60398) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nMQYd-0006eM-NS for bug-guix@gnu.org; Tue, 22 Feb 2022 03:30:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:46048) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nMQYd-0004K0-5g for bug-guix@gnu.org; Tue, 22 Feb 2022 03:30:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nMQYc-00015X-Ux for bug-guix@gnu.org; Tue, 22 Feb 2022 03:30:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#54102: SSL_CERT_DIR is not always unary Resent-From: "David Arroyo" Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 22 Feb 2022 08:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54102 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54102@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16455185774104 (code B ref -1); Tue, 22 Feb 2022 08:30:02 +0000 Received: (at submit) by debbugs.gnu.org; 22 Feb 2022 08:29:37 +0000 Received: from localhost ([127.0.0.1]:39943 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nMQYC-000143-Qz for submit@debbugs.gnu.org; Tue, 22 Feb 2022 03:29:37 -0500 Received: from lists.gnu.org ([209.51.188.17]:51858) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nMNEL-0003rB-NM for submit@debbugs.gnu.org; Mon, 21 Feb 2022 23:56:54 -0500 Received: from eggs.gnu.org ([209.51.188.92]:51190) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nMNEL-0007CP-FQ for bug-guix@gnu.org; Mon, 21 Feb 2022 23:56:53 -0500 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:39479) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nMNEJ-0006bP-Rv for bug-guix@gnu.org; Mon, 21 Feb 2022 23:56:53 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 7ABE23200F81 for ; Mon, 21 Feb 2022 23:56:50 -0500 (EST) Received: from imap43 ([10.202.2.93]) by compute5.internal (MEProxy); Mon, 21 Feb 2022 23:56:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=cmya4Bu2ydjFUZpowTBXmi91ofBBV55FaVNnaSOB1 oM=; b=QuddOgDJX1dyWeklNp74wdxh4ixbeadbBsZTwHcMHr3Vpzw+4DKMUvalw WUo4Dez01DOwMmzOvoXG8DLF1pkTO6E9PL/VjKcvoVICMKbkN5ITBIoDDcCWTn6F m8AoH2t+MhFA9VP/ql0H6UsQa1b5iPrF3XRXL9cZDMnc/5RycmaHL1eaGDY88437 LqskFvWkXTKM98s5s7Gu6pxejiaY8qGqBpILV3aPfjmdE0gsOHSaJgc0B9Yu3CcO DygPk1nrFsBvG4XdV2zgaa6t4Fiv+yQ6kwzTVJMtppCPz2ktuHL9unpxC82FY/3x VM7Ob5AjLC3cx8e16gMtkSsUQrCvg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrkeejgdejiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdffrghvihguucetrhhrohihohdfuceouggrvhhiugesrghqfigr rhhirdhnvghtqeenucggtffrrghtthgvrhhnpeehjeeltdetjeefgedvgfffueevtdegtd etffetvefhteekgefgteeuteekudduieenucffohhmrghinhepghhithhhuhgsrdgtohhm necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrvh hiugesrghqfigrrhhirdhnvght X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id C6F67AC0E99; Mon, 21 Feb 2022 23:56:49 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997 Mime-Version: 1.0 Message-Id: <775ea9f0-6247-4b0e-a89f-dc9e9ba9d75d@www.fastmail.com> Date: Mon, 21 Feb 2022 23:56:29 -0500 From: "David Arroyo" Content-Type: text/plain Received-SPF: pass client-ip=64.147.123.21; envelope-from=david@aqwari.net; helo=wout5-smtp.messagingengine.com X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Tue, 22 Feb 2022 03:29:36 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Tue, 22 Feb 2022 11:10:27 -0500 X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1645546944; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:list-id:list-help:list-unsubscribe:list-subscribe: list-post:dkim-signature; bh=cmya4Bu2ydjFUZpowTBXmi91ofBBV55FaVNnaSOB1oM=; b=kIQIKfp2L/KwoTrPIx6KAyQ69iZ9O+FOTsv74h43eGCkHtOSYSo1Ck2Q9Y+MwZ7MqCm6u4 uuikidN6bJYmbxTMNYa4Y5AI5LG5FYToLnBWS4W0guyD22AOgyuLAfnEUEnzUr9R6CEXit d3i/+nMAOO+JJMvt4GfQQHbdA/r9w+Jma07hmAS/srlXamDjiIITYVVc8rWGKqj49OB3cN FNXq+ebYdu62Wq0uuhZo0QvsU2iNfOfY1vzB/PJLDajkJQjGBdSmfpW7xgoxCibpvcQL6O ravb2sz3kz+Nl045Kvf8ICeTz5dSiq8NYfwCHfV6a+y7xnCTlSLAUrSGl2EfEw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1645546944; a=rsa-sha256; cv=none; b=Nl6yxlhEyxKTdIzgLWGUXhvcQJGyBP3VFMq5VUA5Jl2mNcG/D4l9XPGrI2/c6dyTU713oP z6dcDEWAKZzd92UKkE3OCtYLcYeNHkmCKPobDER1zTnKed4u2f6yaz/P2e6MA7ZGAsMame qNjRXo406vCNo4PLMRJngnDjmRQG4Pju6Kot5FF1GNyUDOdDDHpstCRiZ5CkoKqH+UVmF0 HltpFzld/mgNB0KMGPA2KJBeDGZRsz6cQgfnlIa/6RsPe7TvYegTwtyoU8pqPV+K0sH139 AY4YqtVU82mcS6GxwReg9AITmgpTZEQeYGqALjcJcFcvVoO2MMrHVHAA+hix+A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=QuddOgDJ; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.32 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=QuddOgDJ; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 815AD1F71A X-Spam-Score: -3.32 X-Migadu-Scanner: scn0.migadu.com X-TUID: 6AkWxLuDcQ3d The guix shell profile, at least on non-guix SD systems, contains the line export SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR" Since it prepends to the SSL_CERT_DIR variable, if a silly user were to accidentally source this file twice, say, to pick up changes they've made to a file that sources this file, the variable will contain duplicate paths. However, several locations in the guix source assume SSL_CERT_DIR is a single directory. As an example, I ran into this issue when attempting to use `guix import opam -r faraday`: Starting download of /tmp/guix-file.XFPss4 From https://github.com/inhabitedtype/faraday/archive/0.8.1.tar.gz... X.509 certificate of 'github.com' could not be verified: signer-not-found invalid Running the command with `strace -f` showed that guix was attempting to open $SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR. It might be better to clobber this variable in the guix shell profile, rather than render it unusable for some subcommands. If not that, then we should remove the assumption that it contains a single path element. (apologies if this is a duplicate email; I sent this earlier before subscribing to the list)