From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst. Date: Tue, 27 Sep 2016 14:48:00 -0400 Message-ID: <20160927184800.GA6184@jasmine> References: <87y43ksj47.fsf@we.make.ritual.n0.is> <87h9a4y5ck.fsf@gnu.org> <87y43g60j3.fsf@we.make.ritual.n0.is> <87oa48lm43.fsf@gnu.org> <87oa47sp7u.fsf@we.make.ritual.n0.is> <87shszx5wi.fsf@we.make.ritual.n0.is> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33408) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boxQJ-0002ef-Og for guix-devel@gnu.org; Tue, 27 Sep 2016 14:48:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1boxQG-0000bG-1V for guix-devel@gnu.org; Tue, 27 Sep 2016 14:48:10 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:42220) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1boxQE-0000UA-Qi for guix-devel@gnu.org; Tue, 27 Sep 2016 14:48:07 -0400 Content-Disposition: inline In-Reply-To: <87shszx5wi.fsf@we.make.ritual.n0.is> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: ng0 Cc: guix-devel@gnu.org On Fri, Sep 16, 2016 at 02:42:37PM +0000, ng0 wrote: > Ricardo Wurmus writes: > > > ng0 writes: > > > >> Ludovic Courtès writes: > >> > >>> Hi, > >>> > >>> ng0 skribis: > >>> > >>>>> The ‘nss-certs’ package provides X.509 certificates: > >>>>> > >>>>> https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html > >>>> > >>>> I commented nss-certs, enabled or disabled it made no difference to the > >>>> resulting binary. > >>> > >>> You need to have ‘nss-certs’ installed, *and* set the environment > >>> variables mentioned above (depending on whether you use OpenSSL, GnuTLS, > >>> Git, etc.; for GnuTLS, I think there’s no such environment variable.) > >>> > >>> HTH! > >>> Ludo’. > >> > >> Thanks. > >> > >> Can you be more specific on why it could fail when all of this is set in > >> the user environment? I did all of this, and it still fails. environment > >> values exported in my user profile, nss-certs installed in user profile > >> and system wide, set nss-certs as an input of pbpst, still: > > > > What environment variables did you set? The patch for pbpst is very > > hard to read, so it’s not obvious what you tried. > > > > If this tool just shells out to “curl” then it might respect > > “CURL_CA_BUNDLE” as per the Curl documentation. > > > > ~~ Ricardo > > I had CURL_CA_BUNDLE set, in my profile. This is what I assume I need > to do, I've done so and yet it failed. nss-certs is in my profile. I > don't know what else I should try. > > ng0@shadowwalker ~$ echo $CURL_CA_BUNDLE > /home/ng0/.guix-profile/etc/ssl/certs/ca-certificates.crt This looks related to the issues I'm having with the Darcs package. Darcs uses libcurl, but can't find the certificates at runtime, despite CURL_CA_BUNDLE being set correctly.