From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jelle Licht Subject: Re: tls woes with importers Date: Fri, 27 Jul 2018 12:38:30 +0200 Message-ID: References: <87fu089351.fsf@fsfe.org> <87wothvaxe.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="0000000000007bb2c50571f8b6d6" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40040) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fj08t-0005jM-B5 for help-guix@gnu.org; Fri, 27 Jul 2018 06:38:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fj08p-0008HM-81 for help-guix@gnu.org; Fri, 27 Jul 2018 06:38:39 -0400 In-Reply-To: <87wothvaxe.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: help-guix --0000000000007bb2c50571f8b6d6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable As you said, my $SSL_CERT_DIR was messed up: "/home/jelle/.guix-profile/etc/ssl/certs:/etc/ssl/certs". It seems that several tools dislike having :-delimited directories in SSL_CERT_DIR, I guess? Either way, uninstalling nss-certs from my user profile, and leaving it in my system definition as before, fixed the issue. Kind of a bummer actually, as I really like sharing my user manifest files between Guix and GuixSD machines. Thanks Ludo! 2018-07-27 1:23 GMT+02:00 Ludovic Court=C3=A8s : > Hello Jelle, > > Jelle Licht skribis: > > > $ guix import elpa org > > Backtrace: > > 13 (primitive-load "/home/jelle/.config/guix/current/bin/g=E2= =80=A6") > > In guix/ui.scm: > > 1579:12 12 (run-guix-command _ . _) > > In guix/scripts/import.scm: > > 115:11 11 (guix-import . _) > > In guix/scripts/import/elpa.scm: > > 108:23 10 (guix-import-elpa . _) > > In guix/import/elpa.scm: > > 249:2 9 (elpa->guix-package "org" _) > > 182:13 8 (fetch-elpa-package "org" _) > > 113:18 7 (elpa-package-info "org" _) > > 85:21 6 (elpa-fetch-archive _) > > In ice-9/boot-9.scm: > > 829:9 5 (catch system-error # =E2=80=A6) > > 829:9 4 (catch srfi-34 # =E2=80=A6) > > In guix/http-client.scm: > > 182:20 3 (_) > > 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # = =E2=80=A6) > > In guix/build/download.scm: > > 398:4 1 (open-connection-for-uri _ #:timeout _ # _) > > 296:6 0 (tls-wrap # _ # _) > > > > guix/build/download.scm:296:6: In procedure tls-wrap: > > X.509 certificate of 'elpa.gnu.org' could not be verified: > > signer-not-found > > invalid > > This means that the certificate could not be validated, probably due to > missing certificates. > > Could you make sure to install =E2=80=98nss-cert=E2=80=99 and to define = =E2=80=98SSL_CERT_DIR=E2=80=99 > accordingly? See > 002e509-Certificates.html>. > > HTH, > Ludo=E2=80=99. > --0000000000007bb2c50571f8b6d6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
As you said, my $SSL_CERT_DIR was messed up= :
"/home/jelle/.guix-profile/etc/ssl/certs:/etc/ssl/certs".
It seems that several tools dislike having :-delimited director= ies in SSL_CERT_DIR, I guess?
Either way, uninstalling nss-certs f= rom my user profile, and leaving it in my system definition as before, fixe= d the issue.
Kind of a bummer actually, as I really like shar= ing my user manifest files between Guix and GuixSD machines.

T= hanks Ludo!


2018-07-27 1:23 GMT+02:00 Ludovic = Court=C3=A8s <ludo@gnu.org>:
= Hello Jelle,

Jelle Licht <jlicht@fsfe.org> = skribis:

> $ guix import elpa org
> Backtrace:
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A013 (primitive-load "/home= /jelle/.config/guix/current/bin/g=E2=80=A6")
> In guix/ui.scm:
>=C2=A0 =C2=A01579:12 12 (run-guix-command _ . _)
> In guix/scripts/import.scm:
>=C2=A0 =C2=A0 115:11 11 (guix-import . _)
> In guix/scripts/import/elpa.scm:
>=C2=A0 =C2=A0 108:23 10 (guix-import-elpa . _)
> In guix/import/elpa.scm:
>=C2=A0 =C2=A0 =C2=A0249:2=C2=A0 9 (elpa->guix-package "org"= ; _)
>=C2=A0 =C2=A0 182:13=C2=A0 8 (fetch-elpa-package "org" _)
>=C2=A0 =C2=A0 113:18=C2=A0 7 (elpa-package-info "org" _)
>=C2=A0 =C2=A0 =C2=A085:21=C2=A0 6 (elpa-fetch-archive _)
> In ice-9/boot-9.scm:
>=C2=A0 =C2=A0 =C2=A0829:9=C2=A0 5 (catch system-error #<procedure 10= fb300 at guix/http-c=E2=80=A6> =E2=80=A6)
>=C2=A0 =C2=A0 =C2=A0829:9=C2=A0 4 (catch srfi-34 #<procedure 10e6f50= at guix/http-client=E2=80=A6> =E2=80=A6)
> In guix/http-client.scm:
>=C2=A0 =C2=A0 182:20=C2=A0 3 (_)
>=C2=A0 =C2=A0 =C2=A088:25=C2=A0 2 (http-fetch _ #:port _ #:text? _ #:bu= ffered? _ # _ # _ # =E2=80=A6)
> In guix/build/download.scm:
>=C2=A0 =C2=A0 =C2=A0398:4=C2=A0 1 (open-connection-for-uri _ #:timeout = _ # _)
>=C2=A0 =C2=A0 =C2=A0296:6=C2=A0 0 (tls-wrap #<closed: file 101f0e0&g= t; _ # _)
>
> guix/build/download.scm:296:6: In procedure tls-wrap:
> X.509 certificate of 'elpa.gnu.org' could not be verified:
>=C2=A0 =C2=A0signer-not-found
>=C2=A0 =C2=A0invalid

This means that the certificate could not be validated, probabl= y due to
missing certificates.

Could you make sure to install =E2=80=98nss-cert=E2=80=99 and to define =E2= =80=98SSL_CERT_DIR=E2=80=99
accordingly?=C2=A0 See
<https://www.gnu= .org/software/guix/manual/en/html_node/X_002e509-Certificates.htm= l>.

HTH,
Ludo=E2=80=99.

--0000000000007bb2c50571f8b6d6--