From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: bug#26948: gnutls errors on multiple guix commands
Date: Sun, 28 May 2017 14:38:51 -0400
Message-ID: <87poes25dw.fsf@netris.org>
References: <8737c51e6r.fsf@gmail.com> <87shk3y74g.fsf@gnu.org>
	<8737btieie.fsf@gmail.com> <87vaoovvvz.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40594)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dF36j-0000K7-HS
	for bug-guix@gnu.org; Sun, 28 May 2017 14:40:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dF36g-0000RZ-9R
	for bug-guix@gnu.org; Sun, 28 May 2017 14:40:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:39322)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dF36g-0000RG-5e
	for bug-guix@gnu.org; Sun, 28 May 2017 14:40:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dF36f-00058s-V9
	for bug-guix@gnu.org; Sun, 28 May 2017 14:40:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.26948.B26948.149599675619713@debbugs.gnu.org>
In-Reply-To: <87vaoovvvz.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Fri, 26 May 2017 10:56:48 +0200")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 26948@debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@gmail.com>

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> It seems that the problem is caused by the file:
>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147=
.123.224.21.227.87.240.105.140.203.236.12.p".

This reminds me of a bug that I found in the Guile binding in GnuTLS a
while ago, but forgot to report.  Maybe it's related:

In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:

  static unsigned int
  set_certificate_file (certificate_set_file_function_t set_file,
                        SCM cred, SCM file, SCM format, const char *func_na=
me)
  #define FUNC_NAME func_name
  {
    int err;
    char *c_file;
    size_t c_file_len;
=20=20
    gnutls_certificate_credentials_t c_cred;
    gnutls_x509_crt_fmt_t c_format;
=20=20
    c_cred =3D scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
    SCM_VALIDATE_STRING (2, file);
    c_format =3D scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAM=
E);
=20=20
    c_file_len =3D scm_c_string_length (file);
    c_file =3D alloca (c_file_len + 1);
=20=20
    (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
    c_file[c_file_len] =3D '\0';
=20=20
    err =3D set_file (c_cred, c_file, c_format);
    if (EXPECT_FALSE (err < 0))
      scm_gnutls_error (err, FUNC_NAME);
=20=20
    /* Return the number of certificates processed.  */
    return ((unsigned int) err);
  }

'scm_c_string_length' is inappropriately assumed to return the length
of the encoded C string in bytes, whereas it actually returns the
number of characters (code points).

This led to:

stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=3DS_IFREG|0444, =
st_size=3D2444, ...}) =3D 0
open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.1=
47.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) =3D -1 ENOENT (No=
 such file or directory)

While doing this:

mhw@jojen ~$ strace -o trace.out guix import gem rails
Backtrace:
In unknown file:
   ?: 19 [apply-smob/1 #<catch-closure 2793e20>]
In ice-9/boot-9.scm:
  66: 18 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
 432: 17 [eval # #]
In ice-9/boot-9.scm:
2412: 16 [save-module-excursion #<procedure 27b4900 at ice-9/boot-9.scm:408=
4:3 ()>]
4089: 15 [#<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
1734: 14 [%start-stack load-stack ...]
1739: 13 [#<procedure 27c6b40 ()>]
In unknown file:
   ?: 12 [primitive-load "/home/mhw/guix/scripts/guix"]
In guix/ui.scm:
1255: 11 [run-guix-command import "gem" "rails"]
In guix/scripts/import.scm:
 114: 10 [guix-import "gem" "rails"]
In guix/scripts/import/gem.scm:
  84: 9 [guix-import-gem "rails"]
In guix/import/gem.scm:
 121: 8 [gem->guix-package "rails" #f]
In ice-9/boot-9.scm:
 160: 7 [catch srfi-34 #<procedure 3518440 at guix/import/json.scm:29:2 ()>=
 ...]
In guix/import/json.scm:
  32: 6 [#<procedure 3518440 at guix/import/json.scm:29:2 ()>]
In guix/http-client.scm:
 239: 5 [loop #]
In guix/build/download.scm:
 520: 4 [open-connection-for-uri # # #f ...]
 391: 3 [tls-wrap #<input-output: socket 10> "rubygems.org" ...]
 308: 2 [make-credendials-with-ca-trust-files "/etc/ssl/certs"]
In srfi/srfi-1.scm:
 616: 1 [for-each #<procedure 351f090 at guix/build/download.scm:308:14 (fi=
le)> #]
In unknown file:
   ?: 0 [set-certificate-credentials-x509-trust-file! # ...]

ERROR: In procedure set-certificate-credentials-x509-trust-file!:
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error wh=
ile reading file.> set-certificate-credentials-x509-trust-file!)'.
mhw@jojen ~$

The problem can be worked around by using the C locale:

mhw@jojen ~$ LC_ALL=3DC guix import gem rails
(package
  (name "ruby-rails")
  (version "5.1.0")
  (source
    (origin
      (method url-fetch)
      (uri (rubygems-uri "rails" version))
      (sha256
        (base32
          "0cpcnrlqg1am2jfdz6pf9snh89qzbny9ikbpg3xz31qrqv9f4hyq"))))
  (build-system ruby-build-system)
  (propagated-inputs
    `(("ruby-actioncable" ,ruby-actioncable)
      ("ruby-actionmailer" ,ruby-actionmailer)
      ("ruby-actionpack" ,ruby-actionpack)
      ("ruby-actionview" ,ruby-actionview)
      ("ruby-activejob" ,ruby-activejob)
      ("ruby-activemodel" ,ruby-activemodel)
      ("ruby-activerecord" ,ruby-activerecord)
      ("ruby-activesupport" ,ruby-activesupport)
      ("bundler" ,bundler)
      ("ruby-railties" ,ruby-railties)
      ("ruby-sprockets-rails" ,ruby-sprockets-rails)))
  (synopsis
    "Ruby on Rails is a full-stack web framework optimized for programmer h=
appiness and sustainable productivity. It encourages beautiful code by favo=
ring convention over configuration.")
  (description
    "Ruby on Rails is a full-stack web framework optimized for programmer h=
appiness and sustainable productivity.  It encourages beautiful code by fav=
oring convention over configuration.")
  (home-page "http://rubyonrails.org")
  (license license:expat))
mhw@jojen ~$=20