From: Xinglu Chen <public@yoctocell.xyz>
To: pukkamustard <pukkamustard@posteo.net>
Cc: 49867@debbugs.gnu.org
Subject: [bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs.
Date: Mon, 09 Aug 2021 11:30:50 +0200 [thread overview]
Message-ID: <87tujzoth1.fsf@yoctocell.xyz> (raw)
In-Reply-To: <867dgw6rlg.fsf@posteo.net>
[-- Attachment #1: Type: text/plain, Size: 2258 bytes --]
On Sun, Aug 08 2021, pukkamustard wrote:
> Xinglu Chen <public@yoctocell.xyz> writes:
>
>>> + ;; Tests are failing as they require
>>> certificates to be in /etc/ssl/certs
>>> + #:tests? #f))
>>
>> The same issue has been mentioned by NixOS people on their bug
>> tracker[1], they solved[2] it by reading the NIX_SSL_CERT_FILE
>> environment variable, which automatically gets set in the build
>> environment if the ‘cacert’ package is specified as an input. I
>> don’t
>> know if Guix does something similar.
>>
>> [1]: <https://github.com/mirage/ca-certs/issues/16>
>> [2]: <https://github.com/mirage/ca-certs/pull/17>
>>
>
> Thanks for the pointers.
>
> Inspired by the package definition for curl, I tried setting
> NIX_SSL_CERT_FILE with native-search-paths:
>
> ```
> (native-search-paths
> (list
> (search-path-specification
> (variable "NIX_SSL_CERT_FILE")
> (file-type 'regular)
> (separator #f) ;single entry
> (files '("/etc/ssl/certs/ca-certificates.crt")))))
> ```
>
> and adding `nss-certs` to the native-inputs.
>
> However, this does not work. Some observations/questions:
>
> - The NIX_SSL_CERT_FILE does not appear in the
> `environment-variables` file when running `guix build -K`. I
> would have expected it to be set there.
> - `nss-certs` does not provide the `ca-certificates.crt` file. It
> is built when creating a profile with the
> `ca-certificate-bundle` hook. Is this run when creating a build
> environment?
>
> I seem to be not understanding a lot of things about the build
> environment ... Pointers very welcome!
Maybe the environment variables in ‘native-search-paths’ are only set if
the package is installed in a profile (in ~/.guix-profile/etc/profile)?
I don’t think profile hooks are run in the build environment, so that’s
probably why.
In Nix, the bundle is created during the build phase[1], not sure if we
should do this too.
I think it’s fine to disable tests for now, but it would be great to see
what other people think too.
[1]: https://github.com/nixos/nixpkgs/blob/master/pkgs/data/misc/cacert/default.nix#L53
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 861 bytes --]
next prev parent reply other threads:[~2021-08-09 9:33 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 7:10 [bug#49867] [PATCH 00/29] gnu: Add ocaml-cohttp-lwt-unix pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 01/29] gnu: Add ocaml-cohttp-lwt pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 02/29] gnu: Add ocaml-domain-name pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 03/29] gnu: Add ocaml-macaddr pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 04/29] gnu: Add ocaml-ipaddr pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 05/29] gnu: Add ocaml-ipaddr-cstruct pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 06/29] gnu: Add ocaml-ipaddr-sexp pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 07/29] gnu: Add ocaml-conduit pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 08/29] gnu: Add ocaml-conduit-lwt pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 09/29] gnu: Add ocaml-eqaf pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 10/29] gnu: Add ocaml-mirage-crypto pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 11/29] gnu: Add ocaml-duration pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 12/29] gnu: Add ocaml-randomconv pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 13/29] gnu: Add ocaml-mirage-crypto-rng pukkamustard
2021-08-05 15:42 ` Xinglu Chen
2021-08-08 11:04 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 14/29] gnu: Add ocaml-mirage-crypto-pk pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 15/29] gnu: Add ocaml-ptime pukkamustard
2021-08-05 15:48 ` Xinglu Chen
2021-08-08 11:13 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 16/29] gnu: Add ocaml-asn1-combinators pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 17/29] gnu: Add ocaml-ppx-deriving pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 18/29] gnu: Add ocaml-ppx-deriving-yojson pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 19/29] gnu: Add ocaml-mirage-crypto-ec pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 20/29] gnu: Add ocaml-gmap pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 21/29] gnu: Add ocaml-pbkdf pukkamustard
2021-08-05 15:55 ` Xinglu Chen
2021-08-08 11:21 ` pukkamustard
2021-08-09 9:53 ` Xinglu Chen
2021-08-04 7:15 ` [bug#49867] [PATCH 22/29] gnu: Add ocaml-cstruct-unix pukkamustard
2021-08-05 16:02 ` Xinglu Chen
2021-08-08 11:24 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 23/29] gnu: Add ocaml-x509 pukkamustard
2021-08-05 16:04 ` Xinglu Chen
2021-08-08 11:29 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs pukkamustard
[not found] ` <87fsvnkgzk.fsf@yoctocell.xyz>
2021-08-08 12:36 ` pukkamustard
2021-08-09 9:30 ` Xinglu Chen [this message]
2021-08-04 7:15 ` [bug#49867] [PATCH 25/29] gnu: Add ocaml-lwt-log pukkamustard
2021-08-05 16:18 ` Xinglu Chen
2021-08-08 13:01 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 26/29] gnu: Add ocaml-lwt-ssl pukkamustard
2021-08-05 16:20 ` Xinglu Chen
2021-08-08 13:04 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 27/29] gnu: Add ocaml-conduit-lwt-unix pukkamustard
2021-08-05 16:20 ` Xinglu Chen
2021-08-08 13:06 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 28/29] gnu: Add ocaml-magic-mime pukkamustard
2021-08-05 16:22 ` Xinglu Chen
2021-08-08 13:07 ` pukkamustard
2021-08-04 7:15 ` [bug#49867] [PATCH 29/29] gnu: Add ocaml-cohttp-lwt-unix pukkamustard
2021-08-05 16:25 ` Xinglu Chen
2021-08-08 13:14 ` pukkamustard
2021-08-05 15:38 ` [bug#49867] [PATCH 00/29] " Xinglu Chen
2021-08-09 6:55 ` pukkamustard
2021-08-09 6:59 ` [bug#49867] [PATCH 01/31] gnu: Add ocaml-cohttp-lwt pukkamustard
2021-08-09 6:59 ` [bug#49867] [PATCH 02/31] gnu: Add ocaml-domain-name pukkamustard
2021-08-09 7:00 ` [bug#49867] [PATCH v2 01/31] gnu: Add ocaml-cohttp-lwt pukkamustard
2021-08-09 7:00 ` [bug#49867] [PATCH v2 02/31] gnu: Add ocaml-domain-name pukkamustard
2021-08-09 7:00 ` [bug#49867] [PATCH v2 03/31] gnu: Add ocaml-macaddr pukkamustard
2021-08-09 7:00 ` [bug#49867] [PATCH v2 04/31] gnu: Add ocaml-ipaddr pukkamustard
2021-08-09 7:00 ` [bug#49867] [PATCH v2 05/31] gnu: Add ocaml-ipaddr-cstruct pukkamustard
2021-08-09 7:00 ` [bug#49867] [PATCH v2 06/31] gnu: Add ocaml-ipaddr-sexp pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 07/31] gnu: Add ocaml-conduit pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 08/31] gnu: Add ocaml-conduit-lwt pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 09/31] gnu: Add ocaml-afl-persistent pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 10/31] gnu: Add ocaml-pprint pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 11/31] gnu: Add ocaml-crowbar pukkamustard
2021-08-09 9:51 ` Xinglu Chen
2021-08-09 11:13 ` Julien Lepiller
2021-08-09 12:39 ` Xinglu Chen
2021-08-10 8:00 ` pukkamustard
2021-08-10 12:04 ` Xinglu Chen
2021-08-09 7:01 ` [bug#49867] [PATCH v2 12/31] gnu: Add ocaml-eqaf pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 13/31] gnu: Add ocaml-mirage-crypto pukkamustard
2021-08-21 14:01 ` Julien Lepiller
2021-08-23 14:27 ` pukkamustard
2021-08-23 16:52 ` pukkamustard
2021-09-08 8:53 ` pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 14/31] gnu: Add ocaml-duration pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 15/31] gnu: Add ocaml-randomconv pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 16/31] gnu: Add ocaml-mirage-crypto-rng pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 17/31] gnu: Add ocaml-mirage-crypto-pk pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 18/31] gnu: Add ocaml-ptime pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 19/31] gnu: Add ocaml-asn1-combinators pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 20/31] gnu: Add ocaml-ppx-deriving pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 21/31] gnu: Add ocaml-ppx-deriving-yojson pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 22/31] gnu: Add ocaml-mirage-crypto-ec pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 23/31] gnu: Add ocaml-gmap pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 24/31] gnu: Add ocaml-pbkdf pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 25/31] gnu: Add ocaml-cstruct-unix pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 26/31] gnu: Add ocaml-x509 pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 27/31] gnu: Add ocaml-ca-certs pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 28/31] gnu: Add ocaml-lwt-ssl pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 29/31] gnu: Add ocaml-conduit-lwt-unix pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 30/31] gnu: Add ocaml-magic-mime pukkamustard
2021-08-09 7:01 ` [bug#49867] [PATCH v2 31/31] gnu: Add ocaml-cohttp-lwt-unix pukkamustard
2021-08-09 9:55 ` [bug#49867] [PATCH 00/29] " Xinglu Chen
2021-11-15 13:23 ` bug#49867: " pukkamustard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tujzoth1.fsf@yoctocell.xyz \
--to=public@yoctocell.xyz \
--cc=49867@debbugs.gnu.org \
--cc=pukkamustard@posteo.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).