From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: CA certificates Date: Thu, 12 Feb 2015 20:48:13 +0100 Message-ID: <20150212194813.GA24208@debian> References: <20150210201452.GA15529@debian> <87h9urt50j.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40041) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YLzkL-0002QS-Vx for guix-devel@gnu.org; Thu, 12 Feb 2015 14:48:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YLzkH-00051Q-SP for guix-devel@gnu.org; Thu, 12 Feb 2015 14:48:21 -0500 Received: from mout.kundenserver.de ([212.227.17.24]:59637) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YLzkH-00051G-J1 for guix-devel@gnu.org; Thu, 12 Feb 2015 14:48:17 -0500 Content-Disposition: inline In-Reply-To: <87h9urt50j.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org On Thu, Feb 12, 2015 at 12:26:52PM -0500, Mark H Weaver wrote: > Sounds good! It should be noted, however, that GnuTLS will currently > only use the certs in /etc/ssl/certs unless some application-specific > setting is provided. This will later be improved with the 'p11-kit' > solution. Indeed! I do not intend to work on it in the near future, so if someone feels like it, please go ahead. > Guile converts POSIX byte strings (e.g. file names) to strings using to > the current locale encoding, but the default locale in our build > environment is "C" which means ASCII-only. > I would advocate using a UTF-8 locale for all builds by default. I agree, this is the standard nowadays. And also because of the following problem: > For now, I would try putting the following code at the beginning of your > custom 'install' phase: > --8<---------------cut here---------------start------------->8--- > (setenv "LOCPATH" (getcwd)) > (zero? (system* "localedef" "--no-archive" > "--prefix" (getcwd) "-i" "en_US" > "-f" "UTF-8" "./en_US.UTF-8")) > (setlocale LC_ALL "en_US.UTF-8") > --8<---------------cut here---------------end--------------->8--- It works, but ends with the following: phase `install' succeeded after 8 seconds @ build-succeeded /gnu/store/ryqpxy531n3njz04c3gvclzw2ljdxrbl-nss-certs-3.17.3.drv - @ build-started /gnu/store/4adp88ayxq38r0zx5k4wy5lb8318jlx4-nss-certs-3.17.3.drv - x86_64-linux /usr/local/guix-git/var/log/guix/drvs/4a//dp88ayxq38r0zx5k4wy5lb8318jlx4-nss-certs-3.17.3.drv.bz2 Backtrace: In ice-9/boot-9.scm: ... ERROR: read error "/gnu/store/d2wasj07dhpqxwrgm99ssfjk2vrkgkcj-nss-certs-3.17.3/etc/ssl/certs/AC_Ra??z_Certic??mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem" #f 2 grafting '/gnu/store/d2wasj07dhpqxwrgm99ssfjk2vrkgkcj-nss-certs-3.17.3' -> '/gnu/store/68b75w7phgdmd2h85gx1yrmx9f7mwg2m-nss-certs-3.17.3'... So the build succeeds, but grafting the output does not. This should also be done in an UTF-8 locale, I think. Andreas