From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id MAy2APXPD2H6IAAAgWs5BA (envelope-from ) for ; Sun, 08 Aug 2021 14:37:09 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id kMCGN/TPD2EScwAA1q6Kng (envelope-from ) for ; Sun, 08 Aug 2021 12:37:08 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3942D19B9C for ; Sun, 8 Aug 2021 14:37:08 +0200 (CEST) Received: from localhost ([::1]:49566 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mCi39-0002ae-79 for larch@yhetil.org; Sun, 08 Aug 2021 08:37:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59020) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mCi34-0002aW-2Z for guix-patches@gnu.org; Sun, 08 Aug 2021 08:37:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:42236) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mCi33-0007Y8-Re for guix-patches@gnu.org; Sun, 08 Aug 2021 08:37:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mCi33-00028K-JB for guix-patches@gnu.org; Sun, 08 Aug 2021 08:37:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs. Resent-From: pukkamustard Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 08 Aug 2021 12:37:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49867 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Xinglu Chen Cc: 49867@debbugs.gnu.org Received: via spool by 49867-submit@debbugs.gnu.org id=B49867.16284262018173 (code B ref 49867); Sun, 08 Aug 2021 12:37:01 +0000 Received: (at 49867) by debbugs.gnu.org; 8 Aug 2021 12:36:41 +0000 Received: from localhost ([127.0.0.1]:53782 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mCi2i-00027k-V0 for submit@debbugs.gnu.org; Sun, 08 Aug 2021 08:36:41 -0400 Received: from mout02.posteo.de ([185.67.36.66]:53523) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mCi2e-00027S-NX for 49867@debbugs.gnu.org; Sun, 08 Aug 2021 08:36:39 -0400 Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 4E7A7240106 for <49867@debbugs.gnu.org>; Sun, 8 Aug 2021 14:36:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1628426190; bh=RSau9VbR/N3ZjNCWW8aqeYEOfAl4VFr7tcgGeQCwYyM=; h=From:To:Cc:Subject:Date:From; b=qdbrQkpPsR5e3zi6e/t7YHal+MwZQLBywp92IWNq9+Cflv12WiwUw3Ir54wR8X/Q3 C05MUAVtTC2gyPt2e8sNPSlkse5psfmeSRvy2tn8C6+X+pL+3rvlVsbz8q3ooPUKif mnBGZE+yHOzFaXNEnP8sWruAWvJLerfa2l+qgRdpxmmmCP8xVPNBGVl0Qd8kSk/w8L IcO6Q2HdrZQIxdup7/wUFrHUJLihDfZwJHWdsaYnScifV+L0ef82hnmJP9vuYJu3YN +UVB9CXq0wsWb6FYpqqgYEJnhfka5qISFR5dOAnkD8RYAxH6R+Ir/Pp/3Rq9cleHq4 kPxcFiMMI31Yg== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4GjJcF1J37z9rxR; Sun, 8 Aug 2021 14:36:28 +0200 (CEST) References: <20210804071545.21181-1-pukkamustard@posteo.net> <20210804071545.21181-24-pukkamustard@posteo.net> <87fsvnkgzk.fsf@yoctocell.xyz> From: pukkamustard In-reply-to: <87fsvnkgzk.fsf@yoctocell.xyz> Date: Sun, 08 Aug 2021 12:36:27 +0000 Message-ID: <867dgw6rlg.fsf@posteo.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1628426228; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=aMpwof11t7PrRxCkTH3P0JM9bWfqt7XyvI0nBOrrbV0=; b=gfbOrT9BFTTB8a/MRVZ6N1SorVLWsCn8pAdbvlix977ZdMiGnQEDe81xcQn4Q4o3oYcugM HfGRSdu/17nu3xGlKMw9BHZDrq6Ro0I2tzyKQGx9hmxWV6zWutfDXoKkVRyuuJe+QxN2jh rx0LeDlLCOLHA+g1kUCBhYs6vdMq3Bx74dFrTdjb/2tCQEcHZJEaPeME22On9omlEZvRYp fV0TH7+a2tIWEKzW7oq0iXnVea9iVmJhKoiro0WHtdhDzZa2eRA3WSlCMEw9G5w93uzfDf VP14UhCcqlWXNXelYmBQdDNK5knA1xcJ2JlFJwnyeG4sJ/gn1d5kg7mnAnj0Hw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1628426228; a=rsa-sha256; cv=none; b=Om8Ak1+owwnh0U7DNnA9SfECf+G1y7I/L8ET67crWwGyenNAyRbQD7t0hb6OoCUMvzMVWQ qcr4QhIJH2SdP3ZFm4e0FH375NoODO+xIIQffO/gicCi6yUTcSX2WSfBN2PqbkWtf3TVse lWGe/0KmldAW62GWHFUCyirU3AOWCYIQcqDh9LOC/KApNiV3LH0fRRdTpPEy3Dt2U5V41B YPexmdY85Hsz/HkVbsp/w7WiVlbLKYaUyiAUDVYPRCH+qurjNz1KxMG6UoQcDiULSOSF6d KhpUn/a3/fEjmo0KPMSEMixtLQh3KZMJtjWRrrZnM07QIupAIPpIaPbGsKeb+w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=posteo.net header.s=2017 header.b=qdbrQkpP; dmarc=fail reason="SPF not aligned (strict)" header.from=posteo.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -1.31 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=posteo.net header.s=2017 header.b=qdbrQkpP; dmarc=fail reason="SPF not aligned (strict)" header.from=posteo.net (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 3942D19B9C X-Spam-Score: -1.31 X-Migadu-Scanner: scn0.migadu.com X-TUID: umxDQ+8OGWDu Xinglu Chen writes: >> + ;; Tests are failing as they require=20 >> certificates to be in /etc/ssl/certs >> + #:tests? #f)) > > The same issue has been mentioned by NixOS people on their bug > tracker[1], they solved[2] it by reading the NIX_SSL_CERT_FILE > environment variable, which automatically gets set in the build > environment if the =E2=80=98cacert=E2=80=99 package is specified as an in= put. I=20 > don=E2=80=99t > know if Guix does something similar. > > [1]: > [2]: > Thanks for the pointers. Inspired by the package definition for curl, I tried setting=20 NIX_SSL_CERT_FILE with native-search-paths: ``` (native-search-paths (list (search-path-specification (variable "NIX_SSL_CERT_FILE") (file-type 'regular) (separator #f) ;single entry (files '("/etc/ssl/certs/ca-certificates.crt"))))) ``` and adding `nss-certs` to the native-inputs. However, this does not work. Some observations/questions: - The NIX_SSL_CERT_FILE does not appear in the=20 `environment-variables` file when running `guix build -K`. I=20 would have expected it to be set there. - `nss-certs` does not provide the `ca-certificates.crt` file. It=20 is built when creating a profile with the=20 `ca-certificate-bundle` hook. Is this run when creating a build=20 environment? I seem to be not understanding a lot of things about the build=20 environment ... Pointers very welcome! >> + (propagated-inputs >> + `(("ocaml-astring" ,ocaml-astring) >> + ("ocaml-bos" ,ocaml-bos) >> + ("ocaml-fpath" ,ocaml-fpath) >> + ("ocaml-rresult" ,ocaml-rresult) >> + ("ocaml-ptime" ,ocaml-ptime) >> + ("ocaml-logs" ,ocaml-logs) >> + ("ocaml-mirage-crypto" ,ocaml-mirage-crypto) >> + ("ocaml-x509" ,ocaml-x509))) >> + (native-inputs >> + `(("ocaml-alcotest" ,ocaml-alcotest))) >> + (synopsis >> + "Detect root CA certificates from the operating system") >> + (description >> + "TLS requires a set of root anchors (Certificate=20 >> Authorities) to >> +authenticate servers. This library exposes this list so that=20 >> it can be > ^ > Double spacing. Fixed in V2.