[bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

[bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

[Maxime Devos]

[-- Attachment #1: Type: text/plain, Size: 515 bytes --]

Hi,

This patch series adds $SSL_CERT_DIR/$SSL_CERT_FILE to youtube-dl, some
dependents and w3m, as they respect $SSL_CERT_DIR/$SSL_CERT_FILE.

To make this easier (e.g. less duplication), I moved the definition of
$SSL_CERT_DIR/$SSL_CERT_FILE to a single location (guix search-paths)
instead of many separate packages.

This moving was previously rejected by Ludo, but that was in a
different context, maybe in this context it's considered ok?

TODO:

 * [ ] build dependents

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

[bug#55297] [PATCH 01/10] search-paths: Define $SSL_CERT_DIR and $SSL_CERT_FILE.

[Maxime Devos]

For the ‘why’, see the docstring next to $SSL_CERT_DIR.  In later commits,
packages will be changed to use these variables and the variables will be
added to more packages.

* guix/search-paths.scm ($SSL_CERT_DIR, $SSL_CERT_FILE): New variables.
* doc/guix.texi (Search Paths): Document them.
---
 doc/guix.texi         | 21 ++++++++++++++++++++-
 guix/search-paths.scm | 26 ++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 7369a306f6..25e2429533 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -88,7 +88,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
 Copyright @copyright{} 2020 John Soo@*
 Copyright @copyright{} 2020 Jonathan Brielmaier@*
 Copyright @copyright{} 2020 Edgar Vincent@*
-Copyright @copyright{} 2021 Maxime Devos@*
+Copyright @copyright{} 2021, 2022 Maxime Devos@*
 Copyright @copyright{} 2021 B. Wilson@*
 Copyright @copyright{} 2021 Xinglu Chen@*
 Copyright @copyright{} 2021 Raghav Gururajan@*
@@ -9830,6 +9830,25 @@ Again, the libxml2 example shows a situation where this is needed.
 @end table
 @end deftp
 
+Some search paths are not tied by a single package but to many packages.
+To reduce duplications, some of them are pre-defined in @code{(guix
+search-paths)}.
+
+@defvr {Scheme Variable} $SSL_CERT_DIR
+@defvrx {Scheme Variable} $SSL_CERT_FILE
+These two search paths indicate where X.509 certificates can be found
+(@pxref{X.509 Certificates}).
+@end defvr
+
+These pre-defined search paths can be used as in the following example:
+
+@lisp
+(package
+  (name "curl")
+  ;; some fields omitted ...
+  (native-search-paths (list $SSL_CERT_DIR $SSL_CERT_FILE)))
+@end lisp
+
 How do you turn search path specifications on one hand and a bunch of
 directories on the other hand in a set of environment variable
 definitions?  That's the job of @code{evaluate-search-paths}.
diff --git a/guix/search-paths.scm b/guix/search-paths.scm
index 002e6342bb..6b13a98946 100644
--- a/guix/search-paths.scm
+++ b/guix/search-paths.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022 Maxime Devos <maximedevos@telenet.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,8 @@ (define-module (guix search-paths)
             search-path-specification-file-pattern
 
             $PATH
+            $SSL_CERT_DIR
+            $SSL_CERT_FILE
 
             search-path-specification->sexp
             sexp->search-path-specification
@@ -70,6 +73,29 @@ (define $PATH
    (variable "PATH")
    (files '("bin" "sbin"))))
 
+;; Two variables for certificates (see (guix)X.509 Certificates),
+;; respected by 'openssl', possibly GnuTLS in the future
+;; (https://gitlab.com/gnutls/gnutls/-/merge_requests/1541)
+;; and many of their dependents -- even some GnuTLS depepdents
+;; like Guile.  As they are not tied to a single package, define
+;; them here to avoid duplication.
+;;
+;; Additionally, the 'native-search-paths' field is not thunked,
+;; so doing (package-native-search-paths openssl)
+;; could cause import cycle issues.
+(define-public $SSL_CERT_DIR
+  (search-path-specification
+   (variable "SSL_CERT_DIR")
+   (separator #f)              ;single entry
+   (files '("etc/ssl/certs"))))
+
+(define-public $SSL_CERT_FILE
+  (search-path-specification
+   (variable "SSL_CERT_FILE")
+   (file-type 'regular)
+   (separator #f)              ;single entry
+   (files '("etc/ssl/certs/ca-certificates.crt"))))
+
 (define (search-path-specification->sexp spec)
   "Return an sexp representing SPEC, a <search-path-specification>.  The sexp
 corresponds to the arguments expected by `set-path-environment-variable'."

base-commit: 855097683230b756ba28636bed03ce904b6f3589
prerequisite-patch-id: 8c36bd91ff2f97cee25843119fdb12a71b3947bd
prerequisite-patch-id: 3082a0c917de3ca7abf1fc40c2fced691da6d99f
prerequisite-patch-id: ae89e00772cf3737e32b3b7bd191bfbeaaf5d0ed
prerequisite-patch-id: d74573180a62eaa0b6ac57ef46d08409fb5652a8
prerequisite-patch-id: ccb777079d8182a3e44b29cc061f59496ae16188
prerequisite-patch-id: cbb90155003134235f98b750f5e4de2096c9e414
prerequisite-patch-id: ff8b567c0b58018b9c2085a324ce02711eadc77e
prerequisite-patch-id: 6569c696b96227cfb2f056a894d441b99141a571
prerequisite-patch-id: eeb5c4446896b7d5209de79e7b9a2486a9a5dadb
prerequisite-patch-id: 226931bbd40f2e7b43df22ea44783293d663e97a
prerequisite-patch-id: 7b0f5bf490c804d1ce3f3bb0daf45273ce9bae8a
prerequisite-patch-id: 0605551576cb5fbb0215575f8acee2ad91441ec8
prerequisite-patch-id: 851c816dcdc728b085c2cad0f00b140113915af7
prerequisite-patch-id: eca886865831aca6a9803626f60fd37f1f3e1a49
prerequisite-patch-id: 49190c9aa45e582877c7716c59f4f509a4623948
prerequisite-patch-id: f9e4fa15bc34d249aecf318c66cb598762ee5728
prerequisite-patch-id: 69e49a32a11f33c23ccaa1a785c40dfc04068403
prerequisite-patch-id: ec55a066dbaf5790b993edfbead3d27c7817949e
prerequisite-patch-id: 44dedf2945b47ffe0a298b7129e7134567327d2d
prerequisite-patch-id: 441f8c8acc52886c30a2ca167329cf5117b9d024
prerequisite-patch-id: ad05c828905c092a370a7b267c09c4ec2dbc4850
prerequisite-patch-id: 4683b5d9fe136a4f71cf3f8f6fa99363b80aaa64
prerequisite-patch-id: bd6189df0a2a0122a769ba3f849dcd1f047dea14
prerequisite-patch-id: b723e932d080a91ab5d87a92c154e6ede074fe9c
prerequisite-patch-id: cb2dd382af23e9d1d7eb63f55c463ea15ab7fb95
-- 
2.35.1

[bug#55297] [PATCH 02/10] gnu: openssl: Use $SSL_CERT_DIR/$SSL_CERT_FILE.

[Maxime Devos]

* gnu/packages/tls.scm (openssl)[native-search-paths]: Use the
$SSL_CERT_DIR/$SSL_CERT_FILE from (guix search-paths) instead of a
local copy.
---
 gnu/packages/tls.scm | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index cadc9a1518..38643d6284 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -50,6 +50,7 @@ (define-module (gnu packages tls)
   #:use-module (guix build-system python)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system trivial)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
@@ -494,15 +495,7 @@ (define-public openssl
                                                      #$(package-version this-package)
                                                      "/misc")))))))
     (native-search-paths
-     (list (search-path-specification
-            (variable "SSL_CERT_DIR")
-            (separator #f)              ;single entry
-            (files '("etc/ssl/certs")))
-           (search-path-specification
-            (variable "SSL_CERT_FILE")
-            (file-type 'regular)
-            (separator #f)              ;single entry
-            (files '("etc/ssl/certs/ca-certificates.crt")))))
+     (list $SSL_CERT_DIR $SSL_CERT_FILE))
     (synopsis "SSL/TLS implementation")
     (description
      "OpenSSL is an implementation of SSL/TLS.")
-- 
2.35.1

[bug#55297] [PATCH 03/10] gnu: cuirass: Use $SSL_CERT_DIR.

[Maxime Devos]

* gnu/packages/ci.scm (cuirass)[native-search-paths]: Use the
$SSL_CERT_DIR from (guix search-paths) instead of a
local copy.
---
 gnu/packages/ci.scm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm
index a2dce71d40..ab421fe870 100644
--- a/gnu/packages/ci.scm
+++ b/gnu/packages/ci.scm
@@ -28,6 +28,7 @@ (define-module (gnu packages ci)
   #:use-module (guix download)
   #:use-module (guix git-download)
   #:use-module (guix download)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR))
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
   #:use-module (gnu packages boost)
@@ -52,7 +53,8 @@ (define-module (gnu packages ci)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xml)
   #:use-module (guix build-system cmake)
-  #:use-module (guix build-system gnu))
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR)))
 
 (define-public cuirass
   (let ((commit "9f08035f942a1e78f92e2db886d7837b0ab98b2f")
@@ -173,9 +175,7 @@ (define-public cuirass
               (file-type 'regular)
               (separator #f)                      ;single entry
               (files '("etc/ssl/certs/ca-certificates.crt")))
-             (search-path-specification
-              (variable "SSL_CERT_DIR")
-              (files '("etc/ssl/certs")))))
+             $SSL_CERT_DIR))
       (synopsis "Continuous integration system")
       (description
        "Cuirass is a continuous integration tool using GNU Guix.  It is
-- 
2.35.1

[bug#55297] [PATCH 04/10] gnu: cmake-bootstrap: Use $SSL_CERT_DIR/$SSL_CERT_FILE.

[Maxime Devos]

* gnu/packages/cmake.scm (cmake-bootstrap)[native-search-paths]: Use the
$SSL_CERT_DIR/$SSL_CERT_FILE from (guix search-paths) instead of a local copy.
---
 gnu/packages/cmake.scm | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index 4207f14310..cf930c57fc 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -38,6 +38,7 @@ (define-module (gnu packages cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system emacs)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
   #:use-module (gnu packages)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages compression)
@@ -229,15 +230,8 @@ (define-public cmake-bootstrap
             (files '("")))
            ;; "cmake-curl-certificates.patch" changes CMake to honor 'SSL_CERT_DIR'
            ;; and 'SSL_CERT_FILE', hence these search path entries.
-           (search-path-specification
-            (variable "SSL_CERT_DIR")
-            (separator #f)              ;single entry
-            (files '("etc/ssl/certs")))
-           (search-path-specification
-            (variable "SSL_CERT_FILE")
-            (file-type 'regular)
-            (separator #f)              ;single entry
-            (files '("etc/ssl/certs/ca-certificates.crt")))))
+           $SSL_CERT_DIR
+           $SSL_CERT_FILE))
     (home-page "https://cmake.org/")
     (synopsis "Cross-platform build system")
     (description
-- 
2.35.1

[bug#55297] [PATCH 05/10] gnu: curl: Use $SSL_CERT_DIR/$SSL_CERT_FILE.

[Maxime Devos]

* gnu/packages/curl.scm (curl)[native-search-paths]: Use the
$SSL_CERT_DIR/$SSL_CERT_FILE from (guix search-paths) instead
of a local copy.
---
 gnu/packages/curl.scm | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index a83ecbaa09..7fa0261147 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -41,6 +41,7 @@ (define-module (gnu packages curl)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system go)
   #:use-module (guix build-system meson)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
   #:use-module (gnu packages)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
@@ -82,15 +83,8 @@ (define-public curl
        ("python" ,python-minimal-wrapper)))
    (native-search-paths
     ;; These variables are introduced by curl-use-ssl-cert-env.patch.
-    (list (search-path-specification
-           (variable "SSL_CERT_DIR")
-           (separator #f)                        ;single entry
-           (files '("etc/ssl/certs")))
-          (search-path-specification
-           (variable "SSL_CERT_FILE")
-           (file-type 'regular)
-           (separator #f)                        ;single entry
-           (files '("etc/ssl/certs/ca-certificates.crt")))
+    (list $SSL_CERT_DIR
+          $SSL_CERT_FILE
           ;; Note: This search path is respected by the `curl` command-line
           ;; tool only.  Patching libcurl to read it too would bring no
           ;; advantages and require maintaining a more complex patch.
-- 
2.35.1

[bug#55297] [PATCH 06/10] gnu: guix: Use $SSL_CERT_DIR.

[Maxime Devos]

* gnu/packages/package-management.scm (guix)[native-search-paths]: Use the
$SSL_CERT_DIR from (guix search-paths) instead of a
local copy.
---
 gnu/packages/package-management.scm | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 9c5db0d608..3a8f620335 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -120,6 +120,7 @@ (define-module (gnu packages package-management)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1))
 
@@ -472,14 +473,9 @@ (define code
        (list (search-path-specification
               (variable "GUIX_EXTENSIONS_PATH")
               (files '("share/guix/extensions")))
-
              ;; (guix git) and (guix build download) honor this variable whose
              ;; name comes from OpenSSL.
-             (search-path-specification
-              (variable "SSL_CERT_DIR")
-              (separator #f)                      ;single entry
-              (files '("etc/ssl/certs")))))
-
+             $SSL_CERT_DIR))
       (home-page "https://www.gnu.org/software/guix/")
       (synopsis "Functional package manager for installed software packages and versions")
       (description
-- 
2.35.1

[bug#55297] [PATCH 07/10] gnu: youtube-dl: Add missing $SSL_CERT_DIR/FILE search paths.

[Maxime Devos]

youtube-dl respects these variables.

* gnu/packages/video.scm (youtube-dl)[native-search-paths]: Add $SSL_CERT_DIR
/ $SSL_CERT_FILE.
---
 gnu/packages/video.scm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 4bc50073cd..204fdb7c6f 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -60,6 +60,7 @@
 ;;; Copyright © 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
 ;;; Copyright © 2022 Bird <birdsite@airmail.cc>
 ;;; Copyright © 2022 Jai Vetrivelan <jaivetrivelan@gmail.com>
+;;; Copyright © 2022 Maxime Devos <maximedevos@telenet.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -99,6 +100,7 @@ (define-module (gnu packages video)
   #:use-module (guix build-system qt)
   #:use-module (guix build-system waf)
   #:use-module (guix build-system trivial)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
   #:use-module (gnu packages)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages assembly)
@@ -2441,6 +2443,8 @@ (define-public youtube-dl
      (list zip))
     (inputs
      (list ffmpeg))
+    (native-search-paths
+     (list $SSL_CERT_DIR $SSL_CERT_FILE))
     (synopsis "Download videos from YouTube.com and other sites")
     (description
      "Youtube-dl is a small command-line program to download videos from
-- 
2.35.1

[bug#55297] [PATCH 08/10] gnu: youtube-dl-gui: Add search paths of 'youtube-dl'.

[Maxime Devos]

'youtube-dl-gui' uses 'youtube-dl' so presumably it needs the same search
paths.

* gnu/packages/video.scm (youtube-dl-gui)[native-search-paths]: Add the
search paths of 'youtube-dl'.
---
 gnu/packages/video.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 204fdb7c6f..1a1ab31653 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -2610,6 +2610,7 @@ (define-public youtube-dl-gui
      (list gettext-minimal))
     (inputs
      (list python2-twodict python2-wxpython youtube-dl))
+    (native-search-paths (package-native-search-paths youtube-dl))
     (home-page "https://github.com/MrS0m30n3/youtube-dl-gui")
     (synopsis
      "GUI (Graphical User Interface) for @command{youtube-dl}")
-- 
2.35.1

[bug#55297] [PATCH 09/10] gnu: youtube-viewer: Add search paths of 'youtube-dl'.

[Maxime Devos]

'youtube-viewer' uses 'youtube-dl' so presumably it needs the same search
paths.

* gnu/packages/video.scm (youtube-viewer)[native-search-paths]: Add the
search paths of 'youtube-dl'.
---
 gnu/packages/video.scm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 1a1ab31653..9b009dc1b9 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -2729,6 +2729,7 @@ (define-public youtube-viewer
                               `("PERL5LIB" ":" prefix (,lib-path ,site-dir)))
                          (find-files bin-dir))
                #t))))))
+    (native-search-paths (package-native-search-paths youtube-dl))
     (synopsis
      "Lightweight application for searching and streaming videos from YouTube")
     (description
-- 
2.35.1

[bug#55297] [PATCH 10/10] gnu: w3m: Add $SSL_CERT_DIR/$SSL_CERT_FILE search paths..

[Maxime Devos]

Try

$ guix shell openssl w3m le-certs --pure -- w3m https://en.wikipedia.org

and

$ guix shell openssl w3m nss-certs --pure -- w3m https://en.wikipedia.org

The second command succeeds whereas the first command results in
‘unable to get local issuer certificate; accept? (y/n)’, so it looks
like w3m respects $SSL_CERT_DIR/$SSL_CERT_FILE.

* gnu/packages/w3m.scm (w3m)[native-search-paths]: Add
$SSL_CERT_DIR/$SSL_CERT_FILE search paths.
* gnu/ackages/freedesktop.scm (xdg-utils)[native-inputs]{w3m}: Use a variant
of 'w3m' without $SSL_CERT_DIR/$SSL_CERT_FILE to avoid rebuilds.
---
 gnu/packages/freedesktop.scm | 7 ++++++-
 gnu/packages/w3m.scm         | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 55bde8e705..f785e42b89 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -409,7 +409,12 @@ (define-public xdg-utils
              "1nai806smz3zcb2l5iny4x7li0fak0rzmjg6vlyhdqm8z25b166p"))))
     (build-system gnu-build-system)
     (native-inputs
-     (list docbook-xsl docbook-xml-4.1.2 libxslt w3m xmlto))
+     (list docbook-xsl docbook-xml-4.1.2 libxslt
+           ;; TODO(staging): don't remove search paths.
+           ;; Search paths are temporarily removed to
+           ;; avoid rebuilds.
+           (package (inherit w3m) (native-search-paths '()))
+           xmlto))
     (inputs
      `(("awk" ,gawk)
        ("coreutils" ,coreutils)
diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm
index 5239cd43a0..72ed22bfe4 100644
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@@ -35,6 +35,7 @@ (define-module (gnu packages w3m)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages)
+  #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
   #:use-module (guix packages)
   #:use-module (guix git-download)
   #:use-module (guix build-system gnu))
@@ -78,6 +79,7 @@ (define-public w3m
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)))
     (home-page "http://w3m.sourceforge.net/")
+    (native-search-paths (list $SSL_CERT_DIR $SSL_CERT_FILE))
     (synopsis "Text-mode web browser")
     (description
      "w3m is a text-based web browser as well as a pager like @code{more} or
-- 
2.35.1

[bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

[Maxime Devos]

[-- Attachment #1: Type: text/plain, Size: 323 bytes --]

Maxime Devos schreef op za 07-05-2022 om 10:35 [+0200]:
> 
> TODO:
> 
>  * [ ] build dependents

Looks like data.guix-patches.cbaines.net will do so:
https://data.guix-patches.cbaines.net/revision/5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4
(in-progress at time of writing, not yet completed).

Greetings,
Maxime

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

[bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

[Maxime Devos]

[-- Attachment #1: Type: text/plain, Size: 1022 bytes --]

Maxime Devos schreef op za 07-05-2022 om 10:48 [+0200]:
> Maxime Devos schreef op za 07-05-2022 om 10:35 [+0200]:
> > 
> > TODO:
> > 
> >  * [ ] build dependents
> 
> Looks like data.guix-patches.cbaines.net will do so:
> https://data.guix-patches.cbaines.net/revision/5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4
> (in-progress at time of writing, not yet completed).

According to <https://data.guix-patches.cbaines.net/compare/package-derivations?base_commit=312879fddcf0713c0f1dafcc6faa089edbbb6e04&target_commit=5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4&build_change=broken&after_name=&limit_results=40>,
there are no new build failures.


However, according to
<https://data.guix-patches.cbaines.net/compare/package-derivations?base_commit=312879fddcf0713c0f1dafcc6faa089edbbb6e04&target_commit=5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4&build_change=still-working&after_name=&limit_results=40>,
there are no ‘still working’ builds either, so maybe I'm misinterpreting things?

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

[bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

[Ludovic Courtès]

Hi!

Maxime Devos <maximedevos@telenet.be> skribis:

> This patch series adds $SSL_CERT_DIR/$SSL_CERT_FILE to youtube-dl, some
> dependents and w3m, as they respect $SSL_CERT_DIR/$SSL_CERT_FILE.
>
> To make this easier (e.g. less duplication), I moved the definition of
> $SSL_CERT_DIR/$SSL_CERT_FILE to a single location (guix search-paths)
> instead of many separate packages.
>
> This moving was previously rejected by Ludo, but that was in a
> different context, maybe in this context it's considered ok?

I don’t remember the previous discussion, but here I think it’s
reasonable.  It’s a case where, effectively, those variables that were
initially OpenSSL-specific are now honored by other pieces of software.

However, the last few patches are incorrect in that, for example, w3m
does not honor these variables by itself (its code doesn’t call getenv):

--8<---------------cut here---------------start------------->8---
$ grep -r SSL_CERT_ $(guix build -S w3m)
/gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:#define CMT_SSL_CERT_FILE N_("PEM encoded certificate file of client")
/gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:     CMT_SSL_CERT_FILE, NULL},
--8<---------------cut here---------------end--------------->8---

Instead, it honors them because it’s linked against OpenSSL.

Likewise for youtube-dl & co.

So I’m omitting the last few patches that add search paths.

I hope that makes sense.

Thanks!

Ludo’.

[bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

[Maxime Devos]

[-- Attachment #1: Type: text/plain, Size: 1076 bytes --]

Ludovic Courtès schreef op vr 13-05-2022 om 17:32 [+0200]:
> However, the last few patches are incorrect in that, for example, w3m
> does not honor these variables by itself (its code doesn’t call getenv):
> 
> --8<---------------cut here---------------start------------->8---
> $ grep -r SSL_CERT_ $(guix build -S w3m)
> /gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:#define CMT_SSL_CERT_FILE N_("PEM encoded certificate file of client")
> /gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:     CMT_SSL_CERT_FILE, NULL},
> --8<---------------cut here---------------end--------------->8---
> 
> Instead, it honors them because it’s linked against OpenSSL.
> 
> Likewise for youtube-dl & co.
> 
> So I’m omitting the last few patches that add search paths.

<https://issues.guix.gnu.org/22138> has not been resolved yet though,
so it's still necessary (see experiment in commit message of patch
10/10), though perhaps it could have been worded more precisely.

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]