Re: R install.packages() fails: 'Peer certificate cannot be authenticated with given CA certificates'

[Ricardo Wurmus <rekado@elephly.net>]

myglc2 <myglc2@gmail.com> writes:

> With GuixSD user config ...
>
> (use-package-modules
>  base   ; glibc-utf8-locales
>  ssh    ; mosh
>  admin  ; tree
>  aspell ; aspell-dict-en
>  mail   ; notmuch mu isync
>  statistics ; r
>  emacs      ; emacs-ess
>  certs      ; nss-certs
>  )
> (packages->manifest
>  (list
>   mosh
>   tree
>   aspell-dict-en ; because emacs doesn't find system install
>   notmuch mu isync ; also building from git source but this gets run-time dependencies
>   r emacs-ess
>   r-devtools r-openssl r-stringr r-xml2 r-httr 
>   )
>  )

You forgot to actually add “nss-certs” to the manifest.  After adding
“nss-certs” you need to set the environment variable CURL_CA_BUNDLE:

  export CURL_CA_BUNDLE=/home/rekado/.myglc2-profile/etc/ssl/certs/ca-certificates.crt

(I only recently patched r-curl to respect this environment variable.
We should patch libcurl so that all packages using libcurl understand
it.)

Now installation works.  Or rather: it fails with a different error :)
You should also make sure that your manifest contains a suitable build
environment, possibly including “gcc-toolchain”, “gfortran”, and “make”.

If you’re on a foreign distro it is important that you have
“gcc-toolchain” in the profile when you want to use install.packages
because there are quite a few R packages that build bindings to system
libs.  Our toolchain will refuse linking with system libs, but if you
use the system GCC and linker you will only notice breakage at runtime
when trying to use the package.  Our linker’s refusal to link to libs of
the host system is a blessing here, because it spares you the trouble of
runtime breakage later on.

(Better than “install.packages” is to use Guix with “r-*” packages
instead.  I’ll try to add more in the near future, so that it’s an
easier choice to make.)

BTW: you can simplify your manifest if you reference packages by name
instead of variable name.  I like to use suggest something like this for
users at the MDC because it looks cleaner:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(define packages '("r"
                   "emacs-ess"
                   "emacs"
                   "samtools@0"))

;; Boilerplate code to turn the above list of packages into a manifest
(use-modules (gnu packages))
(packages->manifest (map specification->package packages))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Note that these package names can include version prefixes as in
“samtools@0”, which will get me the latest version of the Samtools 0.x
series instead of the latest version.

~~ Ricardo