From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id iMM2AFn2EGH8kgAAgWs5BA (envelope-from ) for ; Mon, 09 Aug 2021 11:33:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id gJtcN1j2EGGQKAAAB5/wlQ (envelope-from ) for ; Mon, 09 Aug 2021 09:33:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A43DA1ADFF for ; Mon, 9 Aug 2021 11:33:12 +0200 (CEST) Received: from localhost ([::1]:47726 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mD1eh-00087L-LN for larch@yhetil.org; Mon, 09 Aug 2021 05:33:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44092) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mD1da-0006XF-Hl for guix-patches@gnu.org; Mon, 09 Aug 2021 05:32:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:44214) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mD1da-0006pr-9i for guix-patches@gnu.org; Mon, 09 Aug 2021 05:32:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mD1da-0001D9-13 for guix-patches@gnu.org; Mon, 09 Aug 2021 05:32:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs. Resent-From: Xinglu Chen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 09 Aug 2021 09:32:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49867 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: pukkamustard Cc: 49867@debbugs.gnu.org Received: via spool by 49867-submit@debbugs.gnu.org id=B49867.16285014864612 (code B ref 49867); Mon, 09 Aug 2021 09:32:01 +0000 Received: (at 49867) by debbugs.gnu.org; 9 Aug 2021 09:31:26 +0000 Received: from localhost ([127.0.0.1]:55760 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mD1d0-0001CJ-Dd for submit@debbugs.gnu.org; Mon, 09 Aug 2021 05:31:26 -0400 Received: from h87-96-130-155.cust.a3fiber.se ([87.96.130.155]:42334 helo=mail.yoctocell.xyz) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mD1cx-0001C3-0f for 49867@debbugs.gnu.org; Mon, 09 Aug 2021 05:31:25 -0400 From: Xinglu Chen DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yoctocell.xyz; s=mail; t=1628501473; bh=iRTE4WfKaVA1vEuSIrkb7C2dW8YMcSPXS7EKGZMWCqY=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=GGLa/lJzesAaF2508yLN8ggShUi55MkfMMpcuEz008Z4vI6VTNo61cJUNQkBZ8RHM ik/jmH5OxydZqxiW518SUhI3outD3WdTqRD1fY4qXKo3OrKJB9ZktzLyBkQhWh3r/L VG/XmsnHC47nuxfup9BLKum2fcI2EnqExSU8BOCw= In-Reply-To: <867dgw6rlg.fsf@posteo.net> References: <20210804071545.21181-1-pukkamustard@posteo.net> <20210804071545.21181-24-pukkamustard@posteo.net> <87fsvnkgzk.fsf@yoctocell.xyz> <867dgw6rlg.fsf@posteo.net> Date: Mon, 09 Aug 2021 11:30:50 +0200 Message-ID: <87tujzoth1.fsf@yoctocell.xyz> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1628501592; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=yMkg/8fIgiK7X+OsiMH6TN1KhnCLWBjhQo7uprImAkk=; b=ZVOAV5auANhzkMkX4gFn/wkAlgYeWFkI69fT6tqb4tyQ+AFwqYfZjKgZ037Aa9+im3LbiN sa0L/LNAua7A7rtuATF0tArDl6FOhRPZYxlEfbMO7CjDoem6SWl1XwTkyVRBUoOrAoTyJv ni0a9/A5aSSGtyrsN+kqxT38j/oY9mCNtF/pkU+nBLT9fn13laJHP6FAGYLlV5lGvJxQRy tJ85t1RLpDix/+h9dhc6l5Hmxiy3maWhNpBJuyXd7Sb0OWFD6oNXVaSdmhu3nVKk0Doo+m DdgaAVcRZ9gmLygfuVMip6cCqamDe9d1fy2IkwMxTlgOhPHn8XAl/PWNuTV94A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1628501592; a=rsa-sha256; cv=none; b=LoO3STBxtc5yoQQRWnYzxh7/kzlwbQLlF32rY3pS7aSet2km0tHcgrWvXMBo11Y+dcXjMs l8uE2MI+KuSN9ApM38jTwH8WYU6TRRamPGS5v+SfqtJKD7sYSwk6ZAWfhEf2QDS2qutYLt 2h3NjlLthHtrphuUnGWPXw6HrLA2sDzNE6vwInMcPcTeIr4iHNV37WR7weqcDlgWKxt8cy IoxaBPtGpOdv5Fhxt4wEnyFRVlPDNm7TIHWQBocxjZejTGkrzRq/2W9Z/ssh7nuoZ8wgq0 PH/odANdUMGVa60uKl1CeWLxv+hyROUlnXiY20TGK9R5Et8jIAgyYZzp2WYysA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=yoctocell.xyz header.s=mail header.b="GGLa/lJz"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=yoctocell.xyz (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -3.41 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=yoctocell.xyz header.s=mail header.b="GGLa/lJz"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=yoctocell.xyz (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: A43DA1ADFF X-Spam-Score: -3.41 X-Migadu-Scanner: scn0.migadu.com X-TUID: oACfyZ9OpHmD --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Sun, Aug 08 2021, pukkamustard wrote: > Xinglu Chen writes: > >>> + ;; Tests are failing as they require=20 >>> certificates to be in /etc/ssl/certs >>> + #:tests? #f)) >> >> The same issue has been mentioned by NixOS people on their bug >> tracker[1], they solved[2] it by reading the NIX_SSL_CERT_FILE >> environment variable, which automatically gets set in the build >> environment if the =E2=80=98cacert=E2=80=99 package is specified as an i= nput. I=20 >> don=E2=80=99t >> know if Guix does something similar. >> >> [1]: >> [2]: >> > > Thanks for the pointers. > > Inspired by the package definition for curl, I tried setting=20 > NIX_SSL_CERT_FILE with native-search-paths: > > ``` > (native-search-paths > (list > (search-path-specification > (variable "NIX_SSL_CERT_FILE") > (file-type 'regular) > (separator #f) ;single entry > (files '("/etc/ssl/certs/ca-certificates.crt"))))) > ``` > > and adding `nss-certs` to the native-inputs. > > However, this does not work. Some observations/questions: > > - The NIX_SSL_CERT_FILE does not appear in the=20 > `environment-variables` file when running `guix build -K`. I=20 > would have expected it to be set there. > - `nss-certs` does not provide the `ca-certificates.crt` file. It=20 > is built when creating a profile with the=20 > `ca-certificate-bundle` hook. Is this run when creating a build=20 > environment? > > I seem to be not understanding a lot of things about the build=20 > environment ... Pointers very welcome! Maybe the environment variables in =E2=80=98native-search-paths=E2=80=99 ar= e only set if the package is installed in a profile (in ~/.guix-profile/etc/profile)?=20= =20 I don=E2=80=99t think profile hooks are run in the build environment, so th= at=E2=80=99s probably why. In Nix, the bundle is created during the build phase[1], not sure if we should do this too. I think it=E2=80=99s fine to disable tests for now, but it would be great t= o see what other people think too. [1]: https://github.com/nixos/nixpkgs/blob/master/pkgs/data/misc/cacert/def= ault.nix#L53 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEAVhh4yyK5+SEykIzrPUJmaL7XHkFAmEQ9csVHHB1YmxpY0B5 b2N0b2NlbGwueHl6AAoJEKz1CZmi+1x5fV4P/3AHvdhEEaCLNezGIqe9dO/GkG6E p0mnINAMOabkpZPb7AWNC/1UQyNuHXQJZu17fPyRt51DESQIWeYrcnTQRmxNRh4z dClCw1ejD7qOcOTHodrt9vghOZ5ZfKe5qs4HLzniL8GHb3mE1NYL+cPXd+/bHIu2 iT/TVk52wJcXoYVwPJyyw9scf8oPF/PWkszk24ZVgDsd8R4DQ5rvGVgYM0+slr7K YyFmbjT9sxMk5Hjcpm8xAbWcurbsej3LXO1B7IrGMjitLnT2Ecd/7mymapkKu8HK IOIcwpCYOGQMhq6TES3h1njdi5puv75+l+nXxmt5yLxtz0+1NQvtXLYn9FNVLKtH JkBMiQxlEff4N+9Q1CwmMGipKT0EzIUijoyU1DVfiEDt7EYVDQcqT3jyeMLvGNJi qARUo8rry825iLaJhF/9olcXTMscMj3gCqfAvxyTiR9bFEIRppRjzemAWqU0hkrR d4bu6MdBYxqdaBs7JSBTiFxo9oi7hU6mA7UusKi65kpORx9B/ACXTcUjXO6Aw8es Oh51f/eWkwXQitHM2yjCpnXEbtujHZVv/VJiOWnpu6V4i1DAq5Lfn575xSlp4YeX GO/n5l2TLJQ07yiEsUnTG6D8lPYM2T/QlefiUSdeRvsFpmytnhzEldB51V/5LQGa BZoqgwqdaN/HLvEz =GU+q -----END PGP SIGNATURE----- --=-=-=--