From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id +MAQDqmtWmE7AwEAgWs5BA (envelope-from ) for ; Mon, 04 Oct 2021 09:30:49 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id mKGeCamtWmGbSgAAbx9fmQ (envelope-from ) for ; Mon, 04 Oct 2021 07:30:49 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8B6292A5AC for ; Mon, 4 Oct 2021 09:30:48 +0200 (CEST) Received: from localhost ([::1]:55738 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mXIQu-0004C8-PT for larch@yhetil.org; Mon, 04 Oct 2021 03:30:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41082) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mXIQJ-0004AX-EU for help-guix@gnu.org; Mon, 04 Oct 2021 03:30:07 -0400 Received: from mail-wr1-x432.google.com ([2a00:1450:4864:20::432]:41562) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mXIQH-0001A0-Mr for help-guix@gnu.org; Mon, 04 Oct 2021 03:30:07 -0400 Received: by mail-wr1-x432.google.com with SMTP id t2so5499736wrb.8 for ; Mon, 04 Oct 2021 00:30:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:in-reply-to:references:date:message-id:mime-version :content-transfer-encoding; bh=2ylJJ6E3QNXKM+CzCdSpuJ8ciBpJ9SSA7Y50Qb1PIoA=; b=lnbIp0J6sZ/2AL2VgFnRARqkiXsYilNl7g+XfzAfSdbddT2tXNp2KxPyc3v8bnQ8fu b+pzxGI0qDOX+kcOq+ResRBngOeuUYFHgRId5XhEe+T1evG1MqzdkQyl4Cv/KpPwZu3d qt5ILEO7SakeuJ9nGOwHktf9pdl3AuSUK+BAAV2h022WI6G2h6eenBpKZcqgAFhbwBUQ 7mmw7Pb3jqttX03TSzQCOPK4t8AgJU1dCwyYSXumQOrNljwQmzdw9KADz+5Rw9n4bPYl Qz1MU6D1rBH1R10bJS+Ya3/Nxt3VIvjaWI4zGmg8cOZB9f20IwVRReNUz04U9a0O510P yyqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=2ylJJ6E3QNXKM+CzCdSpuJ8ciBpJ9SSA7Y50Qb1PIoA=; b=kKset2xj0i2Tiwr3KGJjIt5xYNE1x05O1A1AUb8e+QiIzht53mGzgYWKoMzbnZQJvi yty5oEysaP03rn2aRYXfGIG+MqlB84gMhNFpLGsHeE7FHLYZFbrIMv94WFAu0itXArNQ CG8M1M47xNLL7prYhhX0Wv5oCS80NaNZ3NNi8S8Ha9LGlogVetTPB5gVOTcV70hPxAWG +C5DYURvUBsz5uoSAyIlafDnwCzhch744dnui/gppA2EP1EipcSqVEtFa5/ZVwticCZs 7Ky6HqDqJbyxUXYwupGpViW7zC/8Iwsp48ZRIgXofnPnfWMX9yD2gAJp2urCsCORUQLd wndA== X-Gm-Message-State: AOAM531leik253zHYLjALNTgqlno2v/m7Mr4FxXO3A5pkXbY2TYO6L/X +AibQWVx4uRoFGJWTb2fOAA= X-Google-Smtp-Source: ABdhPJz1rafJphCLcwexRPtATfKx8Duh/YSog3D7YLFX4ATpdRCKYM/xSlZPgDFiuaEX/xJwPzkBGA== X-Received: by 2002:adf:a413:: with SMTP id d19mr12271545wra.246.1633332603333; Mon, 04 Oct 2021 00:30:03 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id z5sm18907945wmp.26.2021.10.04.00.30.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Oct 2021 00:30:02 -0700 (PDT) From: zimoun To: Wiktor =?utf-8?Q?=C5=BBelazny?= , help-guix@gnu.org, Konrad Hinsen Subject: Re: Certificates in pure and containerized environments In-Reply-To: <20211003164510.ebwlm6u24a2bgao4@wzguix> References: <20211003164510.ebwlm6u24a2bgao4@wzguix> Date: Mon, 04 Oct 2021 09:25:13 +0200 Message-ID: <86v92ddzfq.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::432; envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x432.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1633332648; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=2ylJJ6E3QNXKM+CzCdSpuJ8ciBpJ9SSA7Y50Qb1PIoA=; b=u7Crhhgy3hmZKok3A0L5hLI3snbJZam5QAgMcpYWjIW8rz1CSGzIJdqYXMV5qsaZOyvnep EmA4XEfXRIoxUQlfW0F+D5ncnYoLf5o86qIpIZR6cLyiYSewYSrD67y/PICRXCwkGYsVXc Wye0xzT2dKsQs0aHDAjiW+fchX6eFejtXnyYKLdTb3QISZKIbcRz9lusO6SlcJf491NDgN Q6u/KLmmSJmZVqLytrQhSEMDct5R/AMPmk8lkTUrqaJKzJH03LkK66VMSq21sJQfBI0GCh G9fkzI99gw3enT7DkpmCpOJo40h+/3MArrzmH8jZs+6AYg1sc6kaPPtl3o43TA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1633332648; a=rsa-sha256; cv=none; b=CjISKjLeoTV8iy7q/TsFiuCThCZ13tyQV42iRLeJfuOTrodgubC3iw+oq73lbtWp/WCURN QpgeQ8ycfcf7FLbbv3pwUulxsz/iDOfaKrsEI9pdIFXx6BzzKH/vehhWodVs8oUlX/nD6z 5Kx9U6OTup1mEnl6E7culx5djLISdtlD8IWE8eEuYEVZ8tbEAbv7fy2KeGIqo8fLxRcSkn tO847J6UQAwEkVknrLawjpDa0wXbvmqhuusoDqCQlt7mAIw/WjtC/aN0Ola3qT6TXr/Lq6 lva51Ohx8I8Q/uGnmuv5SBNAs0thFy5QS8+fpP863CdbkGpdtRyOfmBwz+9jag== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=lnbIp0J6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.11 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=lnbIp0J6; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 8B6292A5AC X-Spam-Score: -3.11 X-Migadu-Scanner: scn0.migadu.com X-TUID: z9ijOvQLRUg/ Hi Konrad and Wikt=C3=B3r, On Sun, 03 Oct 2021 at 18:45, Wiktor =C5=BBelazny wrote: > On Thu, Sep 30, 2021 at 12:08:53PM +0200, Konrad Hinsen wrote: > >> guix environment --pure \ >> --ad-hoc python nss-certs -- \ >> python3 -c 'import urllib.request; print(urllib.request.urlop= en("http://wwwbis.sidc.be/DATA/uset/Wlight/2003/11/UPH20031109112104.FTS"))' >> >> but this doesn't work - same error as initially. Yeah for some reasom SSL_CERT_DIR is not exported=E2=80=A6 > For some reason, it works for me with > > --ad-hoc python nss-certs guix -- \ =E2=80=A6but exported here. --8<---------------cut here---------------start------------->8--- $ guix environment --ad-hoc python nss-certs $ cat $GUIX_ENVIRONMENT/etc/profile # Source this file to define all the relevant environment variables in Bash # for this profile. You may want to define the 'GUIX_PROFILE' environment # variable to point to the "visible" name of the profile, like this: # # GUIX_PROFILE=3D/path/to/profile ; \ # source /path/to/profile/etc/profile # # When GUIX_PROFILE is undefined, the various environment variables refer # to this specific profile generation. export PATH=3D"${GUIX_PROFILE:-/gnu/store/bp1xirq9p5cw36nkgi1131knhmhdzcvf-= profile}/bin${PATH:+:}$PATH" export PYTHONPATH=3D"${GUIX_PROFILE:-/gnu/store/bp1xirq9p5cw36nkgi1131knhmh= dzcvf-profile}/lib/python3.8/site-packages${PYTHONPATH:+:}$PYTHONPATH" --8<---------------cut here---------------end--------------->8--- If any package depending on nss-certs is added, then it works, I guess. For instance, a package totally unrelated, say r-reqon: --8<---------------cut here---------------start------------->8--- $ guix environment --ad-hoc python nss-certs r-reqon $ cat $GUIX_ENVIRONMENT/etc/profile # Source this file to define all the relevant environment variables in Bash # for this profile. You may want to define the 'GUIX_PROFILE' environment # variable to point to the "visible" name of the profile, like this: # # GUIX_PROFILE=3D/path/to/profile ; \ # source /path/to/profile/etc/profile # # When GUIX_PROFILE is undefined, the various environment variables refer # to this specific profile generation. export PATH=3D"${GUIX_PROFILE:-/gnu/store/mj821vsw16c8krqm2c4syg2mdfzqy3j0-= profile}/bin${PATH:+:}$PATH" export CURL_CA_BUNDLE=3D"${GUIX_PROFILE:-/gnu/store/mj821vsw16c8krqm2c4syg2= mdfzqy3j0-profile}/etc/ssl/certs/ca-certificates.crt" export SSL_CERT_FILE=3D"${GUIX_PROFILE:-/gnu/store/mj821vsw16c8krqm2c4syg2m= dfzqy3j0-profile}/etc/ssl/certs/ca-certificates.crt" export SSL_CERT_DIR=3D"${GUIX_PROFILE:-/gnu/store/mj821vsw16c8krqm2c4syg2md= fzqy3j0-profile}/etc/ssl/certs" export PYTHONPATH=3D"${GUIX_PROFILE:-/gnu/store/mj821vsw16c8krqm2c4syg2mdfz= qy3j0-profile}/lib/python3.8/site-packages${PYTHONPATH:+:}$PYTHONPATH" --8<---------------cut here---------------end--------------->8--- Hope that helps, simon