From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#26948: gnutls errors on multiple guix commands Date: Tue, 30 May 2017 13:25:40 +0200 Message-ID: <87bmqa8u2z.fsf@gnu.org> References: <8737c51e6r.fsf@gmail.com> <87shk3y74g.fsf@gnu.org> <8737btieie.fsf@gmail.com> <87vaoovvvz.fsf@gnu.org> <87poes25dw.fsf@netris.org> <87a85wc8li.fsf@gnu.org> <87a85v1hik.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40503) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dFfHn-0007iK-OL for bug-guix@gnu.org; Tue, 30 May 2017 07:26:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dFfHm-0006a5-Ib for bug-guix@gnu.org; Tue, 30 May 2017 07:26:03 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:41522) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dFfHm-0006Zz-9s for bug-guix@gnu.org; Tue, 30 May 2017 07:26:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dFfHm-00068j-15 for bug-guix@gnu.org; Tue, 30 May 2017 07:26:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87a85v1hik.fsf@netris.org> (Mark H. Weaver's message of "Mon, 29 May 2017 17:26:43 -0400") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Mark H Weaver Cc: 26948@debbugs.gnu.org, Maxim Cournoyer Hi Mark, Mark H Weaver skribis: >> In the meantime we can work around it this way: >> >> diff --git a/guix/build/download.scm b/guix/build/download.scm >> index ce4708a87..6ef623334 100644 >> --- a/guix/build/download.scm >> +++ b/guix/build/download.scm >> @@ -296,6 +296,13 @@ session record port using PORT as its underlying co= mmunication port." >> (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY") >> (getenv "SSL_CERT_DIR")))) ;like OpenSSL >>=20=20 >> +(define (set-certificate-credentials-x509-trust-file!* cred file format) >> + "Like 'set-certificate-credentials-x509-trust-file!', but without the= file >> +name decoding bug described at >> +." >> + (let ((data (call-with-input-file file get-bytevector-all))) >> + (set-certificate-credentials-x509-trust-data! cred data format))) >> + >> (define (make-credendials-with-ca-trust-files directory) >> "Return certificate credentials with X.509 authority certificates rea= d from >> DIRECTORY. Those authority certificates are checked when >> @@ -309,7 +316,7 @@ DIRECTORY. Those authority certificates are checked= when >> (let ((file (string-append directory "/" file))) >> ;; Protect against dangling symlinks. >> (when (file-exists? file) >> - (set-certificate-credentials-x509-trust-file! >> + (set-certificate-credentials-x509-trust-file!* >> cred file >> x509-certificate-format/pem)))) >> (or files '())) >> >> >> WDYT? I=E2=80=99ll commit it if that=E2=80=99s fine with you. > > I'm not sufficiently familiar with GnuTLS to properly review this, but I > trust your judgement. Pushed as 27fd13c3c2701204f48fe0012438edbb91957dfc. Thanks, Ludo=E2=80=99.