From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8IL/MiEzdGJycgEAbAwnHQ (envelope-from ) for ; Thu, 05 May 2022 22:27:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 2JYsMiEzdGLQ0AAAG6o9tA (envelope-from ) for ; Thu, 05 May 2022 22:27:13 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7D7F729CAF for ; Thu, 5 May 2022 22:27:13 +0200 (CEST) Received: from localhost ([::1]:55950 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nmi48-000616-Km for larch@yhetil.org; Thu, 05 May 2022 16:27:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40256) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nmi3u-0005z0-2C for guix-devel@gnu.org; Thu, 05 May 2022 16:26:58 -0400 Received: from michel.telenet-ops.be ([2a02:1800:110:4::f00:18]:46730) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nmi3s-0000Jt-0B for guix-devel@gnu.org; Thu, 05 May 2022 16:26:57 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id T8Ss270014UW6Th068Ss7T; Thu, 05 May 2022 22:26:52 +0200 Message-ID: Subject: Re: Multiple profiles with Guix Home From: Maxime Devos To: Liliana Marie Prikler , guix-devel@gnu.org Date: Thu, 05 May 2022 22:26:43 +0200 In-Reply-To: <4fd13e93eddb301528b2ef10735090a098043f37.camel@gmail.com> References: <550e75e83ee9c154766294779c8fd0b5f3715355.camel@telenet.be> <06de1b665cea1f4ca6e2b032168a38f7dbf8a82a.camel@telenet.be> <4fd13e93eddb301528b2ef10735090a098043f37.camel@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-aQzZ3Fijm8hWQQkMb9mf" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1651782412; bh=7debk4C21M4j7kexEvYRzn/J+KdmjZowKJtypS5X0RA=; h=Subject:From:To:Date:In-Reply-To:References; b=QLTtYCA+IX9jyqsADi1V/Kz0ks+JbIXzlcX9GOLIzZL0zzUPUoVspx5+h1y+f1sEA pKIuXyTWuWVPvxtEYk4YrqjUZkFzJboIA/sGWIC8+qskLPV1pE84xXI9/xboTRFt2L 1fqtOtqd0Xix/ivox3UPUyazvHu9tCEXEIV5OCQE3DEzaXcN3Sz6Q5Ozp9MjchwLWs 0hjtJ/LtvsB3YnNbdk1DTdy6qV3UQPlUM1M3q960QIe6c/7nkJhTnCMWiuJEoNlh6h Lrmj5dfsKphwBezuvKR4XkZJeB3R0GRDIT2sX5UlPdg9VJ6zCktQt++H6ljMHyQrv7 d0RFNOr74HtFA== Received-SPF: pass client-ip=2a02:1800:110:4::f00:18; envelope-from=maximedevos@telenet.be; helo=michel.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1651782433; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=7debk4C21M4j7kexEvYRzn/J+KdmjZowKJtypS5X0RA=; b=j/3Bj+cJ9vfvf7N3GFgyHQSEZ+J6DZxDldK9LFhsaGkPLHUCn0TTg8BBz9HUKYB6jPUR9K 5x+4fDUQHe+ROq7wP19yzJYJqBq/ffeyYcVgkcEqTSKoKbl9dgni/V0mg+pyRCcP88a+1H pP7jYMc8icYcyGUkAm7E1PNCR1vHePeYW9VgrqEN1kstE1e48v9Q/gXTQfb8rfYY3WxsMh prUVfjcp7bbTXD1Y1jJQN/x19aW8eFc3NkkG8eQUUR46Q65dkxyDlXVaDb8aotMMuB4TMO 8EOoxyCqHxlBOIgFsNjJO0M2fYMGhCUJRSJPfKvRs7TvrbpRAmv2cnYRagLC4w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1651782433; a=rsa-sha256; cv=none; b=dWwS++XlvfcwqIBvVHiK/DMs244qknpGK6XH96TLPcQcWKRf0ZT9KO87yC25UFIGM9sKga TKHvWtyFgmo89I4nj6sExqobFfnAO2viHpWG+0PknY2kPUbXgFWODPuhgOAqiIz65wbK+x ZAjYY5/Y/bk/EbhxzaVh7zheOPAPCrrY4N978sgn8TJE/b2u51d6TgnD8U026EF3WNxrcp szEe9vtrIBzaQy+ECsICrs8DBrfpnweV16LQD08xAj4YUpCsXW65Git47061t153v3ELOx c1uESMQXmlo6vtUxoIqJEC1caqGLLCCZ3YDJIzLwtVpxncgk9tfmJ8fXIhUMLg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=QLTtYCA+; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -11.59 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=QLTtYCA+; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 7D7F729CAF X-Spam-Score: -11.59 X-Migadu-Scanner: scn0.migadu.com X-TUID: BwoP5gXCCqtI --=-aQzZ3Fijm8hWQQkMb9mf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Liliana Marie Prikler schreef op do 05-05-2022 om 20:24 [+0200]: > > This doesn't work for SSL_CERT_DIR/SSL_CERT_FILE > nss-certs can be installed to their own profile and referenced from > there No, if it is installed in its own profile, then SSL_CERT_DIR/SSL_CERT_FILE won't be set: * Put nss-certs its own 'certificates' profile. * Put curl in a 'applications' profile. 'curl' has a SSL_CERT_FILE search path. However, its profile does not have the etc/ssl/certs/ca-certificates.crt, so the SSL_CERT_FILE environment variable will not be defined for 'applications' nss-certs does not have any search paths, so the 'certificates' profile doesn't have any either. > [...], but are typically part of the OS config.=C2=A0 No glaring issue > here. If I install a certificate package, then I expect my certificates to be actually used, instead of the system's certificates (except for the GNUtls just-use-/etc/ssl/certs limitation for which there's a WIP patch to be integrated, and certifi packages for which there's a separate Guix issue). Especially since =E2=80=98Guix Home=E2=80=99 is about _home_, not _system_ = (so no having to rely on the system administrator), and since =E2=80=98Guix Home= =E2=80=99 is about declarativity so I expect it to respect the certificates I declared. And especially since the limitation =E2=80=98nss-certs won't wor= k when using separated Guix Home profiles=E2=80=99 isn't documented. More generally, not having to rely on the OS config is almost in the (guix)Introduction: > Guix makes it easy for _unprivileged_ users to install, upgrade, > or remove software packages, to roll back to a previous package set, > to build packages from source, and generally assists with the > creation and maintenance of software environments. (emphasis mine). Greetings, Maxime. --=-aQzZ3Fijm8hWQQkMb9mf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYnQzAxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7l2zAQDt9tQ1JTdIbL8c/44ebohsUt3L G9dn9wXeIrV/BaXm+AD+LN5cb3TC/Y+sAfVX0V6iIjQbOl4dIGHWLN4fIVjDEg8= =1Fas -----END PGP SIGNATURE----- --=-aQzZ3Fijm8hWQQkMb9mf--