From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Enge <andreas@enge.fr>
Subject: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store
Date: Sun, 15 Feb 2015 10:16:32 +0100
Message-ID: <20150215091632.GA9692@debian>
References: <87r3u7di49.fsf@netris.org>
	<20150204123652.GA21908@debian.eduroam.u-bordeaux.fr>
	<87wq3jah2w.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52286)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas@enge.fr>) id 1YMvJh-0005Jh-VD
	for guix-devel@gnu.org; Sun, 15 Feb 2015 04:16:46 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <andreas@enge.fr>) id 1YMvJd-0007dn-BJ
	for guix-devel@gnu.org; Sun, 15 Feb 2015 04:16:41 -0500
Received: from mout.kundenserver.de ([212.227.126.131]:54537)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas@enge.fr>) id 1YMvJd-0007dc-2i
	for guix-devel@gnu.org; Sun, 15 Feb 2015 04:16:37 -0500
Content-Disposition: inline
In-Reply-To: <87wq3jah2w.fsf@netris.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org

Hello Mark,

I am a bit lost with this explanation:

On Sun, Feb 15, 2015 at 12:17:59AM -0500, Mark H Weaver wrote:
> I've set GIT_SSL_CAINFO in my environment for a long time to make Git
> check certificates properly on GuixSD, but without the single-file
> certificate bundle, I've lost certificate checking in Git.

Is this because upon installing nss-certs, you uninstalled your single file?
Since we had no certificates at all before, I fail to understand how the
situation could be worse now than it was.

Would implementing the p11-kit suggestion for gnutls solve the problem?

Your further analysis might also imply that we need search path definitions
for git and curl (although this does not seem to be enough at the moment).

Andreas