Jean-Baptiste Volatier schreef op zo 04-07-2021 om 07:17 [+0000]: > On Saturday, July 3rd, 2021 at 9:54 PM, Maxime Devos wrote: > > > What are the reasons for adding "nss-certs" here? > > nss-certs is added to address this: https://github.com/JuliaLang/julia/issues/40185 > Quoting Sacha0 from github: > > > IIRC generate_precompile builds a mock registry to avoid going to network, but > > the cert issue that nico202 mentioned breaks that mock setup, and downstream > > operations subsequently try to go to network. > > It is only needed to build the julia package. > Cheers, > JB. I see. The following still applies though: ‘Also, it should be possible to update the certificate bundle (e.g. if it turns out some root was or became evil or something, or was compromised) quickly, without going through a world rebuild. So dependencies on "nss-certs" should be avoided.’ So perhaps you could define a "nss-certs-for-tests" variable (currently just pointing to nss-certs), and add "nss-certs-for-tests" to #:disallowed-references to prevent "nss-certs-for-tests" being used at run-time? I don't quite see _why_ Julia needs certificates at build time though ... Also, I wonder if this causes reproducibility issues --- if we try to rebuild julia after, say, 50 years, e.g. by using "guix time-machine", wouldn't the certificates become invalid, and would therefore the build of Julia fail? Greetings, Maxime.