From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pierre Neidhardt Subject: TLS certificates for web browsers in guix environment --container Date: Tue, 21 Apr 2020 15:03:43 +0200 Message-ID: <874ktdrnww.fsf@ambrevar.xyz> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:45188) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jQsZG-0002Js-Ea for guix-devel@gnu.org; Tue, 21 Apr 2020 09:04:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jQsZ6-0003JC-Jd for guix-devel@gnu.org; Tue, 21 Apr 2020 09:04:01 -0400 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:52341) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jQsZ5-0003HO-Th for guix-devel@gnu.org; Tue, 21 Apr 2020 09:03:52 -0400 Received: from mimimi (moi44-1-78-199-129-170.fbx.proxad.net [78.199.129.170]) (Authenticated sender: mail@ambrevar.xyz) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 4E96B1C0003 for ; Tue, 21 Apr 2020 13:03:46 +0000 (UTC) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi! I'd like to run browsers in `guix environment` which seems to be a good idea!=C2=A0:) IceCat has been discussed in the past. Now I'd like to run WebKitGTK-based browsers. Let's try with Eolie for now, since it seems to have less issues than, say, Epiphany. =2D-8<---------------cut here---------------start------------->8--- $ guix environment -C -N --expose=3D/etc/machine-id --expose=3D/etc/ssl/cer= ts/ --share=3D$HOME/.local/share/eolie/=3D$HOME/.local/share/eolie/ --ad-ho= c dbus eolie coreutils -- env DISPLAY=3D$DISPLAY SSL_CERT_DIR=3D"$SSL_CERT_= DIR" SSL_CERT_FILE=3D"$SSL_CERT_FILE" eolie (org.gnome.Eolie:1): Gtk-WARNING **: 12:50:06.747: Could not find the icon = 'go-previous-symbolic-ltr'. The 'hicolor' theme was not found either, perhaps you need to install it. You can get a copy from: http://icon-theme.freedesktop.org/releases [ERROR] 2020-04-21 12:50:07 DatabasePhishing::__save_rules():Expecting valu= e: line 1 column 1 (char 0) -> b'error code: 1020' [WARNING] 2020-04-21 12:50:08 TaskHelper::__on_request_send_async(): g-io-e= rror-quark: Operation was cancelled (19) [ERROR] 2020-04-21 12:50:08 DatabaseAdblock::__on_load_uri_content(): https= ://adaway.org/hosts.txt =2D-8<---------------cut here---------------end--------------->8--- It seems to work well except for TLS certificate validation. I guess the certificate files cannot be found in the container since they can be found in a --pure environment: =2D-8<---------------cut here---------------start------------->8--- $ guix environment --pure --ad-hoc dbus eolie coreutils -- env DISPLAY=3D$D= ISPLAY eolie =2D-8<---------------cut here---------------end--------------->8--- so I presume the certificate errors are not due to my environment and 'bin/eolie' exports the right environment variables. My guess is that webkitgtk, glib-networking, glib or gnutls tries to fetch the certificates in a well-known location. Any idea about this? =2D- Pierre Neidhardt https://ambrevar.xyz/ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl6e7y8ACgkQm9z0l6S7 zH+xxAf/Tw6QyyXL7IQRYbz+rjQOVdy3ApDSh0j7SO/q/CrT5FCqURG0iapRxJdd Me4VYQXMM645zMzsvoErjjiWL3IDDksyu7gxXV/w24x5S3rPiNndI5fNdrfYsAMg 3ty9nriFdHA1vRZUO+SLLpA1N28+0tbFPQ/R+8rboNZbX4N1B+t14h+6FqAQMaCm copGO7EcxdT9w+EBbLX0fUWGorrkRoF/li3/EyxipI1lPVHEYU/GIehdqMrea3FA bVW6EFiFsAMlUtgzq4asDtxuRjRxGa7wvMmSmNo6bUOA78TpuCwITaE3zpC7S6Q7 KTis/pDpeoVddYkOtzOuETtljH6ULw== =abZe -----END PGP SIGNATURE----- --=-=-=--