From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: pypi import certs issues Date: Tue, 20 Mar 2018 17:45:23 +0000 Message-ID: <20180320174523.suhvrlijk5o3vbwp@abyayala> References: <20180319132454.zf7xp3eblw3y4fe7@abyayala> <878taouhw5.fsf@gnu.org> <20180319174829.td7a64f3hjokb4fs@abyayala> <87zi32iu5g.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54828) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eyLKA-0000ST-Tf for guix-devel@gnu.org; Tue, 20 Mar 2018 13:45:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eyLK9-0007Cf-Hy for guix-devel@gnu.org; Tue, 20 Mar 2018 13:45:26 -0400 Content-Disposition: inline In-Reply-To: <87zi32iu5g.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Ludovic Courtès transcribed 911 bytes: > ng0 skribis: > > > Ludovic Courtès transcribed 2.7K bytes: > >> Hello, > >> > >> ng0 skribis: > >> > >> > on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues: > >> > > >> > user@abyayala ~$ guix package -l | grep "nss-certs" > >> > user@abyayala ~$ env | grep "SSL_" > >> > GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt > >> > SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt > >> > SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs > > [...] > > >> > guix/build/download.scm:296:6: In procedure tls-wrap: > >> > X.509 certificate of 'pypi.python.org' could not be verified: > >> > insecure-algorithm > >> > signer-not-found > >> > invalid > >> > >> I don’t see that. Could it be that the certs you have in /etc/ssl are > >> too old, or something along these lines? > > What if you do: > > export SSL_CERT_DIR=/etc/ssl/certs > > ? > > Ludo’. Okay, that worked. So why is the .guix-profile/etc/ssl/certs not updated? I don't even have nss-certs in my user profile, it is global. Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/ empty? I assume it is just for user-space (space=profile in my line of thought here) certificates which are not global? Thanks -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is