From: "Ludovic Courtès" <ludo@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Cc: Mathieu Othacehe <othacehe@gnu.org>, 30619@debbugs.gnu.org
Subject: bug#30619: Cuirass requires TLS certificates
Date: Fri, 15 Oct 2021 17:20:57 +0200 [thread overview]
Message-ID: <87o87qiaau.fsf@gnu.org> (raw)
In-Reply-To: <86ily1kitk.fsf@gmail.com> (zimoun's message of "Tue, 12 Oct 2021 23:57:11 +0200")
Hi,
zimoun <zimon.toutoune@gmail.com> skribis:
> On Thu, 16 Sep 2021 at 09:33, zimoun <zimon.toutoune@gmail.com> wrote:
>> On Tue, 27 Feb 2018 at 17:00, ludo@gnu.org (Ludovic Courtès) wrote:
>>> Andreas Enge <andreas@enge.fr> skribis:
>>>
>>>> the cuirass service requires TLS certificates to do continuous integration
>>>> of guix (or more generally, git repositories served over https). This works
>>>> when nss-certs is installed as a global package in the system.
>>>>
>>>> Should the service depend on the nss-certs package? Or maybe take as an
>>>> optional configuration parameter a certificate package?
>>>
>>> I thought that, instead of assuming /etc/ssl/certs exists, the Cuirass
>>> service could use (file-append nss-certs "/etc/ssl/certs/ca-certificates.crt").
>>> That would make it self-contained.
>>>
>>> That’s currently not possible though because this certificate bundle is
>>> built as a profile hook. We would first need to export the procedure
>>> that creates bundles, possibly by moving it to a new (guix
>>> x509-certificates) module.
>>
>> What is the status of this old bug [1]? Well, if it is not fixed yet,
>> it seems a forgotten bug. :-)
>>
>> 1: <http://issues.guix.gnu.org/issue/30619>
>
> From my understanding, this old bug could be closed. But I am not sure
> to get it right about this TLS story. So closing?
The Cuirass Shepherd service still does:
#:environment-variables
(list "GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt" …)
which means that users still need to install certificates globally.
Now, whether it’s an issue, I don’t know.
Maybe we can close?
Thanks,
Ludo’.
next prev parent reply other threads:[~2021-10-15 15:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-26 20:51 bug#30619: Cuirass requires TLS certificates Andreas Enge
2018-02-27 16:00 ` Ludovic Courtès
2021-09-16 7:33 ` zimoun
2021-10-12 21:57 ` zimoun
2021-10-15 15:20 ` Ludovic Courtès [this message]
2021-11-26 1:38 ` zimoun
2021-11-26 6:28 ` Maxime Devos
2021-11-26 6:31 ` Maxime Devos
2021-11-26 6:32 ` Maxime Devos
2022-01-04 23:09 ` zimoun
2022-01-05 9:53 ` Maxime Devos
2022-01-21 10:44 ` Maxime Devos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o87qiaau.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=30619@debbugs.gnu.org \
--cc=othacehe@gnu.org \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).