unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: ng0@n0.is
To: ng0@n0.is
Cc: guix-devel@gnu.org
Subject: Re: [bug#30165] [PATCH] gnu: gnurl: Add '--with-ca-bundle' path to	configure-flags.
Date: Wed, 24 Jan 2018 13:23:32 +0000	[thread overview]
Message-ID: <87d11zv19n.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <87fu6v1njc.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> (ng0's message of "Wed, 24 Jan 2018 11:52:55 +0000")

> Sorry, my email went out-of-order for the past 7 days.
> I would've sent an explanation to the patch otherwise.
> Let me comment inline.
>
> adam@vany.ca transcribed Tue 23 Jan 2018 08:55:35 PM UTC bytes:
>> Regarding https://debbugs.gnu.org/30165
>>
>> gnurl is failing to build on my system and I think this patch is to
>> blame.  Why is gnurl referencing something under the root filesystem
>> rather something provided by an input?  Shouldn't we provided
>> ca-certificates.crt from an input and reference that?
>
> The problem I'm trying to address is the same horror story we
> have with cURL: We need to be able to reference a certificate
> store.
> So far no one in 2+ years fixed this in our cURL to my best
> knowledge, so my idea as a maintainer of gnURL was to simply
> apply this to gnURL because someone in GNUnet reported errors
> with regards to gnURL not finding the certificates with a recent
> build of gnURL. I though I had this fixed a while ago, but
> apparently I didn't.
> I'm more than open to better fixes (we could also set the
> expected environment variable).

Another path forward I see is that I recommend every distro
to set this path for themselves. We haven't fixed the Guix
and GuixSD issue with this, but that's something I need to
adjust for the upcoming release.


>> I guess we want to be able to to change what certificates that gnurl
>> accepts without rebulding the package, but I think we need something to
>> provide that file when building the package in the first place, or
>
> What you seem to want is the env. variable solution.

I'll try that on the weekend at the CI and at home.
Alternative solutions with reference to the original cURL issue
bug in Guix are still welcome.

If we haven't fixed that for cURL in core-updates, as I thought
we had when I read the thread that inspired me for this fix:
Why? Why are we waiting for months and months and months to
patch every single application instead of simply fixing cURL
or our build of cURL and close this case?

On the plus side, once we know which configuration this bug
occurred with, we know that cURL could fail in a similar way ;)

>> disable the relelvant tests.
>>
>> For reference the build error I'm seeing is
>> ==========================
>> test 0324...[TLS-SRP with server cert checking]
>>
>> curl returned 77, when expecting 51
>>  exit FAILED
>>
>>  - abort tests
>>
>> =========================
>
> Wild. For what it's worth, I built this before I've sent a patch
> and it passed all of its relevant testsuites. I didn't get this
> error.
>
>> From the curl man page, exit code 77 means "Problem with reading the SSL
>> CA cert (path? access rights?)."
>
> May I ask what system you are building on? I have a GuixSD-only
> setup here. Next time I'll wait for the CI to finish building
> (Debian based). I'm in the middle of releasing gnURL 7.58.0 and
> preparing for a test that I have tomorrow, followed by some
> social appointments afterwards, so I'll be able to start working
> on a real fix on the weekend.
>
> In the meantime you could send a patch to revert my commit.

-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

  reply	other threads:[~2018-01-24 13:23 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-24  1:55 [bug#30165] [PATCH] gnu: gnurl: Add '--with-ca-bundle' path to configure-flags Adam Van Ymeren
2018-01-24 11:52 ` ng0+guixpatches
2018-01-24 13:23   ` ng0 [this message]
2018-01-24 14:40     ` Ricardo Wurmus
2018-01-24 17:00     ` Adam Van Ymeren
2018-01-24 17:00     ` Adam Van Ymeren
2018-01-24 17:56       ` ng0
2018-01-24 18:15         ` Adam Van Ymeren

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87d11zv19n.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me \
    --to=ng0@n0.is \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).