From: "Ludovic Courtès" <ludo@gnu.org>
To: ngraves@ngraves.fr
Cc: 74711@debbugs.gnu.org
Subject: bug#74711: Certificate issues with ‘guix pull’ when system clock is in the past
Date: Tue, 10 Dec 2024 23:23:27 +0100 [thread overview]
Message-ID: <877c87i3ds.fsf_-_@gnu.org> (raw)
In-Reply-To: <4fe84e12db12aa32d75a427d3000db02@ngraves.fr> (ngraves@ngraves.fr's message of "Sat, 07 Dec 2024 10:45:02 +0100")
Hi,
ngraves@ngraves.fr skribis:
> I've found the reason behind the extremely annoying SSL certification
> refusals.
>
> When I use an installation image, the date is not necessarily set at
> the real date. In my case, `date` was set in 2019, and triggered the
> SSL verification refusal (not yet valid).
Could it be that the clock battery of that computer is dead? Otherwise
it’s not supposed to happen.
> I don't know why it sometimes doesn't happen. If we can't
> fix/automate it at the time we boot in the installation medium, we
> should probably add a warning in the manual / a hint in guix pull / a
> proper error in guile-git (that could provide more information than
> just Git failing) ?
The error I see is:
--8<---------------cut here---------------start------------->8---
$ guix shell libfaketime -- faketime 2019-01-01 guix pull -p /tmp/p
Updating channel 'shepherd' from Git repository at 'https://git.savannah.gnu.org/git/shepherd.git'...
guix pull: error: Git error: the SSL certificate is invalid
--8<---------------cut here---------------end--------------->8---
I agree it could give more details, but that’s all we get from libgit2 I
believe. Worth investigating how this can be improved.
That said, what we could/should do is add a ‘--no-check-certificate’
option to ‘pull’ and ‘time-machine’; it would be handy in emergency
situations like you described.
It should be possible to implement that with the ‘certificate_check’
callback in ‘git_remote_callbacks’. I’ll see what can be done in this
area.
Thanks,
Ludo’.
next prev parent reply other threads:[~2024-12-10 22:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-06 13:47 bug#74711: Is grub broken and breaking Guix ? ngraves
2024-12-07 9:45 ` bug#74711: Sharing some progress ngraves
2024-12-07 9:53 ` ngraves
2024-12-10 22:27 ` bug#74711: Is grub broken and breaking Guix ? Ludovic Courtès
2024-12-10 22:23 ` Ludovic Courtès [this message]
2024-12-10 23:38 ` Ludovic Courtès
2024-12-10 23:17 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877c87i3ds.fsf_-_@gnu.org \
--to=ludo@gnu.org \
--cc=74711@debbugs.gnu.org \
--cc=ngraves@ngraves.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).