From mboxrd@z Thu Jan  1 00:00:00 1970
From: swedebugia <swedebugia@riseup.net>
Subject: bug#33272: guix refresh/download backtrace error when missing
	nss-certs
Date: Mon, 5 Nov 2018 12:16:08 +0100
Message-ID: <c3452987-de4e-fc70-ef01-c0c717141561@riseup.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41737)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gJcsV-0004pg-W9
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:17:09 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gJcsQ-0007sL-Uo
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:17:07 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:58618)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1gJcsQ-0007rM-P6
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:17:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1gJcsQ-0003hS-Fl
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:17:02 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.33272.B.154141660614195@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41606)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <swedebugia@riseup.net>) id 1gJcrl-0004mb-Ux
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:16:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <swedebugia@riseup.net>) id 1gJcrh-0008L7-92
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:16:21 -0500
Received: from mx1.riseup.net ([198.252.153.129]:43505)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <swedebugia@riseup.net>)
	id 1gJcrc-0007Nm-V9
	for bug-guix@gnu.org; Mon, 05 Nov 2018 06:16:13 -0500
Received: from piha.riseup.net (piha-pn.riseup.net [10.0.1.163])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net",
	Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.riseup.net (Postfix) with ESMTPS id D308F1A04CC
	for <bug-guix@gnu.org>; Mon,  5 Nov 2018 03:16:10 -0800 (PST)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by piha.riseup.net with ESMTPSA id 20C351EFA12
	for <bug-guix@gnu.org>; Mon,  5 Nov 2018 03:16:09 -0800 (PST)
Content-Language: en-US
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: 33272@debbugs.gnu.org

In a qemu VM based on the image for 0.15 and pulled once I get:

sdb@komputilo ~$ git clone https://git.savannah.gnu.org/git/guix.git test
Cloning into 'test'...
fatal: unable to access 'https://git.savannah.gnu.org/git/guix.git/':=20
Problem with the SSL CA cert (path? access rights?)

fails nicely in contrast to:

sdb@komputilo ~$ guix refresh artanis
Backtrace:
 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 13 (primitive-loa=
d "/home/sdb/.config/guix/current/bin/guix")
In guix/ui.scm:
 =C2=A0 1578:12 12 (run-guix-command _ . _)
In ice-9/boot-9.scm:
 =C2=A0=C2=A0=C2=A0 829:9 11 (catch srfi-34 #<procedure 28dd540 at guix/u=
i.scm:610:=E2=80=A6> =E2=80=A6)
 =C2=A0=C2=A0=C2=A0 829:9 10 (catch system-error #<procedure 262fe10 at g=
uix/script=E2=80=A6> =E2=80=A6)
In guix/scripts/refresh.scm:
 =C2=A0=C2=A0 449:12=C2=A0 9 (_)
In srfi/srfi-1.scm:
 =C2=A0=C2=A0=C2=A0 640:9=C2=A0 8 (for-each #<procedure 28e3f20 at guix/s=
cripts/refresh.=E2=80=A6> =E2=80=A6)
In guix/scripts/refresh.scm:
 =C2=A0=C2=A0=C2=A0 236:2=C2=A0 7 (check-for-package-update #<package art=
anis@0.2.1-3 gn=E2=80=A6> =E2=80=A6)
In guix/gnu-maintenance.scm:
 =C2=A0=C2=A0 472:21=C2=A0 6 (latest-gnu-release _)
 =C2=A0=C2=A0 457:16=C2=A0 5 (_)
In ice-9/boot-9.scm:
 =C2=A0=C2=A0=C2=A0 829:9=C2=A0 4 (catch srfi-34 #<procedure 262fdc0 at g=
uix/http-client=E2=80=A6> =E2=80=A6)
In guix/http-client.scm:
 =C2=A0=C2=A0 182:20=C2=A0 3 (_)
 =C2=A0=C2=A0=C2=A0 88:25=C2=A0 2 (http-fetch _ #:port _ #:text? _ #:buff=
ered? _ # _ # _ # =E2=80=A6)
In guix/build/download.scm:
 =C2=A0=C2=A0=C2=A0 398:4=C2=A0 1 (open-connection-for-uri _ #:timeout _ =
# _)
 =C2=A0=C2=A0=C2=A0 296:6=C2=A0 0 (tls-wrap #<closed: file 2641c40> _ # _=
)

guix/build/download.scm:296:6: In procedure tls-wrap:
X.509 certificate of 'ftp.gnu.org' could not be verified:
 =C2=A0 signer-not-found
 =C2=A0 invalid


I suggest we change it to fail nicely. I am willing to create a patch.=20
Would somebody be willing to mentor me?

As a start:

How do I check if nss-certs is installed?

This is the first thing we should do when handling https-URIs

(define tls-wrap is a quite complicated procedure, maybe an extra (if at=20
the body (of the let) will do?

something like

(if package-available? nss-certs

 =C2=A0=C2=A0=C2=A0 true; continue

 =C2=A0=C2=A0=C2=A0 false-> error nicely

--=20
Cheers
Swedebugia