Re: pypi import certs issues

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: ng0 <ng0@n0.is>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: pypi import certs issues
Date: Mon, 19 Mar 2018 17:48:29 +0000	[thread overview]
Message-ID: <20180319174829.td7a64f3hjokb4fs@abyayala> (raw)
In-Reply-To: <878taouhw5.fsf@gnu.org>

Ludovic Courtès transcribed 2.7K bytes:
> Hello,
> 
> ng0 <ng0@n0.is> skribis:
> 
> > on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues:
> >
> > user@abyayala ~$ guix package -l | grep "nss-certs"
> > user@abyayala ~$ env | grep "SSL_"
> > GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
> > SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
> > SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs
> > user@abyayala ~$ guix import pypi readline
> > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> > ;;;       newer than compiled /home/user/.config/guix/latest/guix/download.go
> > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> > ;;;       newer than compiled /gnu/store/3abjgr7dws69089lrfkf0n92qww1946j-guix-0.14.0-9.bdf0c64/lib/guile/2.2/site-ccache/guix/download.go
> > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> > ;;;       newer than compiled /run/current-system/profile/lib/guile/2.2/site-ccache/guix/download.go
> > Backtrace:
> >           11 (apply-smob/1 #<catch-closure 24703a0>)
> >           In ice-9/boot-9.scm:
> >               705:2 10 (call-with-prompt _ _ #<procedure default-prompt-handleb&>)
> >               In ice-9/eval.scm:
> >                   619:8  9 (_ #(#(#<directory (guile-user) 2526140>)))
> >                   In guix/ui.scm:
> >                     1501:12  8 (run-guix-command _ . _)
> >                     In guix/scripts/import.scm:
> >                        114:11  7 (guix-import . _)
> >                        In guix/scripts/import/pypi.scm:
> >                            84:19  6 (guix-import-pypi . _)
> >                            In guix/import/pypi.scm:
> >                               274:17  5 (pypi->guix-package _)
> >                               In ice-9/boot-9.scm:
> >                                   829:9  4 (catch srfi-34 #<procedure 2db97e0 at guix/import/jsonb&> b&)
> >                                   In guix/import/json.scm:
> >                                       32:17  3 (_)
> >                                       In guix/http-client.scm:
> >                                           88:25  2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # b&)
> >                                           In guix/build/download.scm:
> >                                               398:4  1 (open-connection-for-uri _ #:timeout _ # _)
> >                                                   296:6  0 (tls-wrap #<closed: file 292ee00> _ # _)
> >
> > guix/build/download.scm:296:6: In procedure tls-wrap:
> > X.509 certificate of 'pypi.python.org' could not be verified:
> >   insecure-algorithm
> >     signer-not-found
> >       invalid
> 
> I don’t see that.  Could it be that the certs you have in /etc/ssl are
> too old, or something along these lines?

But how? The system I have is build from the same commit (+ my 4 irrelevant, not SSL touching
packages on top of it). So nss-certs is system-wide, as it has always been, and that's what
used for our /etc/ssl/certs/

> Thanks,
> Ludo’.
> 
> 

Thanks,
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

next prev parent reply	other threads:[~2018-03-19 17:48 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-19 13:24 pypi import certs issues ng0
2018-03-19 16:52 ` Ludovic Courtès
2018-03-19 17:48   ` ng0 [this message]
2018-03-20 16:33     ` Ludovic Courtès
2018-03-20 17:45       ` ng0
2018-03-21 23:03         ` Ricardo Wurmus
2018-03-22  1:14           ` Mark H Weaver
2018-03-22  1:27             ` Mark H Weaver
2018-03-22  8:14               ` ng0
2018-03-22  8:11           ` ng0

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180319174829.td7a64f3hjokb4fs@abyayala \
    --to=ng0@n0.is \
    --cc=guix-devel@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).