* tls woes with importers
@ 2018-07-24 13:25 Jelle Licht
2018-07-26 23:23 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Jelle Licht @ 2018-07-24 13:25 UTC (permalink / raw)
To: help-guix
Hi all,
Recently, I have been running into some gnutls-issues again. The
biggest issue for me right now is the lack of a working importer, as
follows:
--8<---------------cut here---------------start------------->8---
$ guix import elpa org
Backtrace:
13 (primitive-load "/home/jelle/.config/guix/current/bin/g…")
In guix/ui.scm:
1579:12 12 (run-guix-command _ . _)
In guix/scripts/import.scm:
115:11 11 (guix-import . _)
In guix/scripts/import/elpa.scm:
108:23 10 (guix-import-elpa . _)
In guix/import/elpa.scm:
249:2 9 (elpa->guix-package "org" _)
182:13 8 (fetch-elpa-package "org" _)
113:18 7 (elpa-package-info "org" _)
85:21 6 (elpa-fetch-archive _)
In ice-9/boot-9.scm:
829:9 5 (catch system-error #<procedure 10fb300 at guix/http-c…> …)
829:9 4 (catch srfi-34 #<procedure 10e6f50 at guix/http-client…> …)
In guix/http-client.scm:
182:20 3 (_)
88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
In guix/build/download.scm:
398:4 1 (open-connection-for-uri _ #:timeout _ # _)
296:6 0 (tls-wrap #<closed: file 101f0e0> _ # _)
guix/build/download.scm:296:6: In procedure tls-wrap:
X.509 certificate of 'elpa.gnu.org' could not be verified:
signer-not-found
invalid
--8<---------------cut here---------------end--------------->8---
I am running GuixSD, with
--8<---------------cut here---------------start------------->8---
$ guix --version
guix (GNU Guix) 19f2a52644ffabf4902d0506329aa29d835dda4f
Copyright (C) 2018 the Guix authors
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
--8<---------------cut here---------------end--------------->8---
I have verified that I have nss-certs installed in my system profile.
Other programs using TLS connections seem to not have this issue
(e.g. Emacs and Icecat).
I have already tried:
- installing nss-certs to my user profile as well.
- installing gnutls to my user profile.
... but none of this changed anything for me sadly. Does anyone know
what I can do to remedy this situation?
Regards,
Jelle
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: tls woes with importers
2018-07-24 13:25 tls woes with importers Jelle Licht
@ 2018-07-26 23:23 ` Ludovic Courtès
2018-07-27 10:38 ` Jelle Licht
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2018-07-26 23:23 UTC (permalink / raw)
To: Jelle Licht; +Cc: help-guix
Hello Jelle,
Jelle Licht <jlicht@fsfe.org> skribis:
> $ guix import elpa org
> Backtrace:
> 13 (primitive-load "/home/jelle/.config/guix/current/bin/g…")
> In guix/ui.scm:
> 1579:12 12 (run-guix-command _ . _)
> In guix/scripts/import.scm:
> 115:11 11 (guix-import . _)
> In guix/scripts/import/elpa.scm:
> 108:23 10 (guix-import-elpa . _)
> In guix/import/elpa.scm:
> 249:2 9 (elpa->guix-package "org" _)
> 182:13 8 (fetch-elpa-package "org" _)
> 113:18 7 (elpa-package-info "org" _)
> 85:21 6 (elpa-fetch-archive _)
> In ice-9/boot-9.scm:
> 829:9 5 (catch system-error #<procedure 10fb300 at guix/http-c…> …)
> 829:9 4 (catch srfi-34 #<procedure 10e6f50 at guix/http-client…> …)
> In guix/http-client.scm:
> 182:20 3 (_)
> 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
> In guix/build/download.scm:
> 398:4 1 (open-connection-for-uri _ #:timeout _ # _)
> 296:6 0 (tls-wrap #<closed: file 101f0e0> _ # _)
>
> guix/build/download.scm:296:6: In procedure tls-wrap:
> X.509 certificate of 'elpa.gnu.org' could not be verified:
> signer-not-found
> invalid
This means that the certificate could not be validated, probably due to
missing certificates.
Could you make sure to install ‘nss-cert’ and to define ‘SSL_CERT_DIR’
accordingly? See
<https://www.gnu.org/software/guix/manual/en/html_node/X_002e509-Certificates.html>.
HTH,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: tls woes with importers
2018-07-26 23:23 ` Ludovic Courtès
@ 2018-07-27 10:38 ` Jelle Licht
0 siblings, 0 replies; 3+ messages in thread
From: Jelle Licht @ 2018-07-27 10:38 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: help-guix
[-- Attachment #1: Type: text/plain, Size: 2101 bytes --]
As you said, my $SSL_CERT_DIR was messed up:
"/home/jelle/.guix-profile/etc/ssl/certs:/etc/ssl/certs".
It seems that several tools dislike having :-delimited directories in
SSL_CERT_DIR, I guess?
Either way, uninstalling nss-certs from my user profile, and leaving it in
my system definition as before, fixed the issue.
Kind of a bummer actually, as I really like sharing my user manifest files
between Guix and GuixSD machines.
Thanks Ludo!
2018-07-27 1:23 GMT+02:00 Ludovic Courtès <ludo@gnu.org>:
> Hello Jelle,
>
> Jelle Licht <jlicht@fsfe.org> skribis:
>
> > $ guix import elpa org
> > Backtrace:
> > 13 (primitive-load "/home/jelle/.config/guix/current/bin/g…")
> > In guix/ui.scm:
> > 1579:12 12 (run-guix-command _ . _)
> > In guix/scripts/import.scm:
> > 115:11 11 (guix-import . _)
> > In guix/scripts/import/elpa.scm:
> > 108:23 10 (guix-import-elpa . _)
> > In guix/import/elpa.scm:
> > 249:2 9 (elpa->guix-package "org" _)
> > 182:13 8 (fetch-elpa-package "org" _)
> > 113:18 7 (elpa-package-info "org" _)
> > 85:21 6 (elpa-fetch-archive _)
> > In ice-9/boot-9.scm:
> > 829:9 5 (catch system-error #<procedure 10fb300 at guix/http-c…> …)
> > 829:9 4 (catch srfi-34 #<procedure 10e6f50 at guix/http-client…> …)
> > In guix/http-client.scm:
> > 182:20 3 (_)
> > 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
> > In guix/build/download.scm:
> > 398:4 1 (open-connection-for-uri _ #:timeout _ # _)
> > 296:6 0 (tls-wrap #<closed: file 101f0e0> _ # _)
> >
> > guix/build/download.scm:296:6: In procedure tls-wrap:
> > X.509 certificate of 'elpa.gnu.org' could not be verified:
> > signer-not-found
> > invalid
>
> This means that the certificate could not be validated, probably due to
> missing certificates.
>
> Could you make sure to install ‘nss-cert’ and to define ‘SSL_CERT_DIR’
> accordingly? See
> <https://www.gnu.org/software/guix/manual/en/html_node/X_
> 002e509-Certificates.html>.
>
> HTH,
> Ludo’.
>
[-- Attachment #2: Type: text/html, Size: 3071 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-07-27 10:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-24 13:25 tls woes with importers Jelle Licht
2018-07-26 23:23 ` Ludovic Courtès
2018-07-27 10:38 ` Jelle Licht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).