From mboxrd@z Thu Jan 1 00:00:00 1970 From: Martin Becze Subject: bug#38857: X.509 certificate of 'crates.io' could not be verified during a recursive import from crates.io Date: Thu, 2 Jan 2020 14:37:52 -0500 Message-ID: References: <20200102071243.GS23018@E5400> <20200102190625.GA861@Evo25c2ArchGx4.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:52985) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1in6JD-0004Zq-PE for bug-guix@gnu.org; Thu, 02 Jan 2020 14:39:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1in6JC-00011h-2d for bug-guix@gnu.org; Thu, 02 Jan 2020 14:39:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:34088) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1in6JB-00011V-VL for bug-guix@gnu.org; Thu, 02 Jan 2020 14:39:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1in6JB-00067H-Tu for bug-guix@gnu.org; Thu, 02 Jan 2020 14:39:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:52857) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1in6IA-0004Mx-Ro for bug-guix@gnu.org; Thu, 02 Jan 2020 14:38:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1in6I8-0008WQ-Mx for bug-guix@gnu.org; Thu, 02 Jan 2020 14:37:58 -0500 Received: from mx1.riseup.net ([198.252.153.129]:54858) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1in6I8-0008VH-Aj for bug-guix@gnu.org; Thu, 02 Jan 2020 14:37:56 -0500 Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 47pdc250MfzDsQT for ; Thu, 2 Jan 2020 11:37:54 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id 47pdc21NfFz8tJC for ; Thu, 2 Jan 2020 11:37:53 -0800 (PST) In-Reply-To: Content-Language: en-US List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 38857@debbugs.gnu.org I have had this problem as well. I noticed that the file descriptors=20 where not being closed when the connections end. I think this is causing=20 the issue. Related https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D20145 On 1/2/20 2:20 PM, Valentin Ignatev wrote: > I don't think that it's related, but who knows. I only have a > certificate issue when I'm using recursive crates import. I am able to > import packages from crates one by one without an issue as well as > doing other tls-sensitive stuff. > > Regards, > Valentin > > On 1/2/20, Bengt Richter wrote: >> Hi Guix, >> >> On +2020-01-02 09:12:43 +0200, Efraim Flashner wrote: >>> On Thu, Jan 02, 2020 at 01:45:35AM +0300, Valentin Ignatev wrote: >>>> Hi! I'm trying to recursively import a package from crates.io like >>>> this: >>>> >>>> guix import crate notify@4.0.14 --recursive >>>> >>>> It follows redirections for a while untill at some point throws this= : >>>> >>>> Backtrace: >>>> 12 (primitive-load "/home/vj/.config/guix/current/bin/gui= x") >>>> In guix/ui.scm: >>>> 1806:12 11 (run-guix-command _ . _) >>>> In guix/scripts/import.scm: >>>> 116:11 10 (guix-import . _) >>>> In guix/scripts/import/crate.scm: >>>> 103:16 9 (guix-import-crate . _) >>>> In guix/import/utils.scm: >>>> 425:7 8 (recursive-import _ _ #:repo->guix-package _ #:guix-na= me >>>> =E2=80=A6) >>>> 397:31 7 (topological-sort _ # >>>> =E2=80=A6) >>>> In srfi/srfi-1.scm: >>>> 592:17 6 (map1 ("tempfile")) >>>> In guix/import/utils.scm: >>>> 421:36 5 (lookup-node "tempfile") >>>> In guix/import/crate.scm: >>>> 222:10 4 (crate->guix-package "tempfile" _) >>>> 150:15 3 (make-crate-sexp #:name _ #:version _ #:cargo-inputs _= # >>>> =E2=80=A6) >>>> In guix/http-client.scm: >>>> 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _= # >>>> =E2=80=A6) >>>> In guix/build/download.scm: >>>> 419:4 1 (open-connection-for-uri _ #:timeout _ # _) >>>> 306:6 0 (tls-wrap # _ # _) >>>> >>>> guix/build/download.scm:306:6: In procedure tls-wrap: >>>> X.509 certificate of 'crates.io' could not be verified: >>>> signer-not-found >>>> invalid >>>> >>>> I suspect that it happens after the importer hits >>>> "wasm-bindgen-webidl" and starts going circles. Maybe there's some >>>> circullar dependencies going on, but I'm not sure. I'm attaching a >>>> full log for convenience. >>>> >>>> For additional info: I'm running Guix on Arch Linux. I've also >>>> installed nss-certs package, exported all neeeded variables >>>> (SSL_CERT_DIR, SSL_CERT_FILE and GIT_SSL_CAINFO) before running guix >>>> import and also made sure nscd.service is running. >>>> >>>> Regards, >>>> Valentin Ignatev >>> I've had it happen to me also sometimes. It's like it forgets that it >>> just successfully connected 100+ times and then fails. >>> >>> >>> -- >>> Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7= =9D =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 >>> GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 >>> Confidentiality cannot be guaranteed on emails sent or received >>> unencrypted >> I don't know if this could be related, but... >> I am also running guix on Archlinux and experienced a TLS problem >> after doing pacman -Syu. >> >> Mutt got updated and I could no longer get my pop mail. >> I reverted the last mutt update: >> >> --8<---------------cut here---------------start------------->8--- >> [2020-01-01T15:53:13-0800] [ALPM] downgraded mutt (1.13.2-1 -> 1.12.2-= 1) >> --8<---------------cut here---------------end--------------->8--- >> >> And am writing this with the reverted verssion. >> (So BTW this may be a heads-up not to package 1.13.2-1 until the probl= em >> is resolved, to avoid similar breakage for other Arch users, and perha= ps >> others?) >> >> BTW2, if you are using pacman on arch, this little snippet is handy to= list >> what your last pacman {up,down}grade did: >> >> I do listing variants as ls-whatever -- this one is ls-pacupd: >> --8<---------------cut here---------------start------------->8--- >> #!/usr/bin/bash >> # ~/bin/ls-pacupd -- list latest pacman Syu upgrades >> latest=3D"$(stat -c '%y' /var/log/pacman.log|cut -d ' ' -f1)" >> egrep "$latest.* (up|down)graded " /var/log/pacman.log >> --8<---------------cut here---------------end--------------->8--- >> >> I found that the guix-installed version of mutt worked for getting ma= il, >> and saw that it used the prior version. >> >> However, emacs is mutt's configured editor, and after some longish tim= e >> editing >> the entire system would freeze and not respond to ANY key input, and I= had >> to >> power down physically (5-sec press of power button). >> So I had to go back to the old Arch version. >> >> I am still mystified by this freeze-up. It's possible that I am typing= some >> fatal >> combination of keys on this keyboard or that my migration from a dying >> laptop to >> an SSD in a USB3 cassette booted with UEFI on a Lenovo Swift did not >> entirely succeed. >> >> My context: >> >> I am running on tty1 with guix "disabled" by not setting up its paths = etc >> in >> ~/.bash_profile at login, so this is my current boot context here: >> =E2=94=8C=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=90 >> =E2=94=82 Booted at 2020-01-02 08:50 -0800 (PST) and logged in as as >> bokr@Evo25c2ArchGx4 =E2=94=82 >> =E2=94=9C=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=A4 >> =E2=94=82 HW host: Acer Swift SF113-31/ASAHI_AP_S, BIOS V1.08 11/22/2= 017 >> =E2=94=82 >> =E2=94=82 MOUNTPOINT KNAME LABEL SIZE FSAVAIL FSUSE% >> =E2=94=82 >> =E2=94=82 /boot sda1 Evo25c2EFI1 1G 461.9M 55% >> =E2=94=82 >> =E2=94=82 / sda4 Evo25c2ArchGx4 167.9G 73.5G 50% >> =E2=94=82 >> =E2=94=82 Kernel: 5.4.6-arch3-1 #1 SMP PREEMPT Tue, 24 Dec 2019 04:36:= 53 +0000 >> =E2=94=82 >> =E2=94=82 CPU: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz >> =E2=94=82 >> =E2=94=94=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=98 >> >> Whereas on tty4 I logged in with a config value that my ~/.bash_profil= e >> uses >> to set MY_GUIX_MODE=3Denabled at the top and do further enabled/disabl= ed >> specializations >> after that, so e.g. guix is found in $PATH and currently that makes >> (captured on tty4 and and retrieved here on tty1) >> >> guix describe: >> --8<---------------cut here---------------start------------->8--- >> Generation 27 Dec 29 2019 18:49:23 (current) >> guix 996182a >> repository URL: https://git.savannah.gnu.org/git/guix.git >> branch: master >> commit: 996182a84bafb4c4982dcb36c2c54b350c16629a >> --8<---------------cut here---------------end--------------->8--- >> >> Editing context in emacs here and now: >> --8<---------------cut here---------------start------------->8--- >> pidparents ? 8747 Ss /usr/bin/bash >> /home/bokr/bin/pidparents >> emacs tty1 2420 Sl+ emacs >> /home/bokr/.mutt/temp/mutt-Evo25c2ArchGx4-1000-861-1181073466150624104= 6 >> mutt tty1 861 S mutt >> bash tty1 461 Ss -bash >> login ? 447 Ss login -- bokr >> systemd ? 1 Ss /sbin/init >> \EFI\Evo25c2ArchGx4\vmlinuz-linux >> --8<---------------cut here---------------end--------------->8--- >> >> Regards, >> Bengt Richter >> > >