From: Andreas Enge <andreas@enge.fr>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org
Subject: Re: CA certificates
Date: Thu, 12 Feb 2015 20:48:13 +0100 [thread overview]
Message-ID: <20150212194813.GA24208@debian> (raw)
In-Reply-To: <87h9urt50j.fsf@netris.org>
On Thu, Feb 12, 2015 at 12:26:52PM -0500, Mark H Weaver wrote:
> Sounds good! It should be noted, however, that GnuTLS will currently
> only use the certs in /etc/ssl/certs unless some application-specific
> setting is provided. This will later be improved with the 'p11-kit'
> solution.
Indeed! I do not intend to work on it in the near future, so if someone
feels like it, please go ahead.
> Guile converts POSIX byte strings (e.g. file names) to strings using to
> the current locale encoding, but the default locale in our build
> environment is "C" which means ASCII-only.
> I would advocate using a UTF-8 locale for all builds by default.
I agree, this is the standard nowadays. And also because of the following
problem:
> For now, I would try putting the following code at the beginning of your
> custom 'install' phase:
> --8<---------------cut here---------------start------------->8---
> (setenv "LOCPATH" (getcwd))
> (zero? (system* "localedef" "--no-archive"
> "--prefix" (getcwd) "-i" "en_US"
> "-f" "UTF-8" "./en_US.UTF-8"))
> (setlocale LC_ALL "en_US.UTF-8")
> --8<---------------cut here---------------end--------------->8---
It works, but ends with the following:
phase `install' succeeded after 8 seconds
@ build-succeeded /gnu/store/ryqpxy531n3njz04c3gvclzw2ljdxrbl-nss-certs-3.17.3.drv -
@ build-started /gnu/store/4adp88ayxq38r0zx5k4wy5lb8318jlx4-nss-certs-3.17.3.drv - x86_64-linux /usr/local/guix-git/var/log/guix/drvs/4a//dp88ayxq38r0zx5k4wy5lb8318jlx4-nss-certs-3.17.3.drv.bz2
Backtrace:
In ice-9/boot-9.scm:
...
ERROR: read error "/gnu/store/d2wasj07dhpqxwrgm99ssfjk2vrkgkcj-nss-certs-3.17.3/etc/ssl/certs/AC_Ra??z_Certic??mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem" #f 2
grafting '/gnu/store/d2wasj07dhpqxwrgm99ssfjk2vrkgkcj-nss-certs-3.17.3' -> '/gnu/store/68b75w7phgdmd2h85gx1yrmx9f7mwg2m-nss-certs-3.17.3'...
So the build succeeds, but grafting the output does not. This should also
be done in an UTF-8 locale, I think.
Andreas
next prev parent reply other threads:[~2015-02-12 19:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-10 20:14 CA certificates Andreas Enge
2015-02-12 16:44 ` Andreas Enge
2015-02-12 17:26 ` Mark H Weaver
2015-02-12 19:48 ` Andreas Enge [this message]
2015-02-12 20:20 ` Locale of build environments Ludovic Courtès
2015-02-12 20:28 ` Andreas Enge
2015-02-15 0:12 ` Mark H Weaver
2015-02-26 23:16 ` Ludovic Courtès
2015-02-26 23:45 ` Mark H Weaver
2015-02-27 10:36 ` Ludovic Courtès
2015-02-27 14:13 ` Ludovic Courtès
2015-03-01 16:48 ` Ludovic Courtès
2015-02-13 7:28 ` CA certificates Mark H Weaver
2015-02-13 10:23 ` Andreas Enge
2015-02-12 20:30 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150212194813.GA24208@debian \
--to=andreas@enge.fr \
--cc=guix-devel@gnu.org \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).