From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: `guix pull` over HTTPS Date: Fri, 10 Feb 2017 01:30:54 +0100 Message-ID: <20170210003054.GA12412@jasmine> References: <20170209155512.GA11291@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45350) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cbz7O-0008UI-Nr for guix-devel@gnu.org; Thu, 09 Feb 2017 19:31:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cbz7K-0002Mp-NT for guix-devel@gnu.org; Thu, 09 Feb 2017 19:31:18 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:32911) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cbz7K-0002MM-G8 for guix-devel@gnu.org; Thu, 09 Feb 2017 19:31:14 -0500 Received: from localhost (123-190-190-109.dsl.ovh.fr [109.190.190.123]) by mail.messagingengine.com (Postfix) with ESMTPA id 279267E5D1 for ; Thu, 9 Feb 2017 19:31:12 -0500 (EST) Content-Disposition: inline In-Reply-To: <20170209155512.GA11291@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 09, 2017 at 04:55:12PM +0100, Leo Famulari wrote: > Does anyone have any specific concerns or advice about changing the > value of %snapshot-url in (guix scripts pull) to use the HTTPS URL? > Should the change be that simple, or should we do more? While testing, I realized that an X.509 certificate store is not a standard feature of GuixSD, so using Savannah's HTTPS URL will not work in all cases. SSL_CERT_FILE and SSL_CERT_DIR appear to be set unconditionally in (gnu system operating-system-environment-variables), so it's not enough to test that they are set in order to decide which protocol to download the Guix source code with. Any advice on how to proceed? --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlidCboACgkQJkb6MLrK fwi2oA//YJLIiRxjUPKqS7+YGkdKkDItszUWc60x7E6PuN2StsixBsIvWWuu1u/1 vOLdLF2YYxsJY+ybdmYtmW7MZj0WA9Mvvw/XMHqfOVUeHLb0rlXxEaGJfXIltOmE w6h2kKX6Gunc+ckt7F/pJQS4th2jTWgfZAuW2euHOSC+s3Nmc85xynIu2p61k/pK xGBxGz4vTIoat609bXAlmRYCeU/Uucy6XTyMSsQ2K88Df3Q4AcqZ3JBrSHbaHBBD Gf4EiU5PIjnkg7WluDau/UD/DMaGp3skweDOnYvvbQOAVKfZl7bSjnYpp/QrOIDi sjCKtvlKupOuQ7dxRMY7KRs1xF0TLXbcAy7rtCedc2Ny1cooJEqFtNChMS6gkBbO 2yW+dVADH8NH3DgQ02Y8W/QPWHOGZg1ZgY4/kbLKwoQzvyEhYxclxFg5gMdtV6S+ ro89Om6ZdlEq9ixuEkvXkrxJ6U8VOUL6ca0/c35iAnQ1oZtsbwEBjNu0DJYuqdJI klfws9eNopuNMIMnxFq/2yfW/lrvpBUtdbej5JTmV263Nshs4oNa4iAQJZAm/+2F /E6FnQt01LGxgoj8SallxagZY6YemZs9dyP8WXcgpRpVLcBE9GDgrjYsEQz99Xjf xIZlAYlV/hX6pzUP2xxcJQU3Uj0dCdSvPezVTKom1qe21R0ZeSI= =fIDg -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--