From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Subject: bug#38254: Download code should honor /etc/ssl/certs/*.crt
Date: Mon, 18 Nov 2019 10:29:06 +0100
Message-ID: <87h831lehp.fsf@inria.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:58729)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iWdP7-0000hb-2O
 for bug-guix@gnu.org; Mon, 18 Nov 2019 04:33:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iWdP4-0003Vu-U4
 for bug-guix@gnu.org; Mon, 18 Nov 2019 04:33:04 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:34340)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iWdP4-0003Vn-P9
 for bug-guix@gnu.org; Mon, 18 Nov 2019 04:33:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iWdP4-0004Zw-KZ
 for bug-guix@gnu.org; Mon, 18 Nov 2019 04:33:02 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.38254.B.157406957717580@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:58698)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludovic.courtes@inria.fr>) id 1iWdOr-0000Z4-GL
 for bug-Guix@gnu.org; Mon, 18 Nov 2019 04:32:54 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludovic.courtes@inria.fr>) id 1iWdOp-0003TL-Gk
 for bug-Guix@gnu.org; Mon, 18 Nov 2019 04:32:48 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:36837)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <ludovic.courtes@inria.fr>)
 id 1iWdOp-0003Sm-74
 for bug-Guix@gnu.org; Mon, 18 Nov 2019 04:32:47 -0500
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: bug-Guix@gnu.org

Hello,

Some distros such as CentOS 7 with its =E2=80=98ca-certificates=E2=80=99 pa=
ckage provide
nothing but a certificate bundle in /etc/ssl:

--8<---------------cut here---------------start------------->8---
$ ls -l /etc/ssl/certs/
total 12
lrwxrwxrwx. 1 root root   49  8 nov.  16:44 ca-bundle.crt -> /etc/pki/ca-tr=
ust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55  8 nov.  16:44 ca-bundle.trust.crt -> /etc/pki=
/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rwxr-xr-x. 1 root root  610 30 oct.   2018 make-dummy-cert
-rw-r--r--. 1 root root 2516 30 oct.   2018 Makefile
-rwxr-xr-x. 1 root root  829 30 oct.   2018 renew-dummy-cert
--8<---------------cut here---------------end--------------->8---

As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, =E2=80=98guix downlo=
ad=E2=80=99 &
co. (anything that relies on (guix build download)) fail because they
looks for /etc/ssl/certs/*.pem by default and there=E2=80=99s no such file.

Thanks,
Ludo=E2=80=99.