From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: pypi import certs issues Date: Mon, 19 Mar 2018 17:48:29 +0000 Message-ID: <20180319174829.td7a64f3hjokb4fs@abyayala> References: <20180319132454.zf7xp3eblw3y4fe7@abyayala> <878taouhw5.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39347) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1exytV-00077b-IU for guix-devel@gnu.org; Mon, 19 Mar 2018 13:48:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1exytU-0004MQ-L6 for guix-devel@gnu.org; Mon, 19 Mar 2018 13:48:25 -0400 Content-Disposition: inline In-Reply-To: <878taouhw5.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Ludovic Courtès transcribed 2.7K bytes: > Hello, > > ng0 skribis: > > > on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues: > > > > user@abyayala ~$ guix package -l | grep "nss-certs" > > user@abyayala ~$ env | grep "SSL_" > > GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt > > SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt > > SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs > > user@abyayala ~$ guix import pypi readline > > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm > > ;;; newer than compiled /home/user/.config/guix/latest/guix/download.go > > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm > > ;;; newer than compiled /gnu/store/3abjgr7dws69089lrfkf0n92qww1946j-guix-0.14.0-9.bdf0c64/lib/guile/2.2/site-ccache/guix/download.go > > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm > > ;;; newer than compiled /run/current-system/profile/lib/guile/2.2/site-ccache/guix/download.go > > Backtrace: > > 11 (apply-smob/1 #) > > In ice-9/boot-9.scm: > > 705:2 10 (call-with-prompt _ _ #) > > In ice-9/eval.scm: > > 619:8 9 (_ #(#(#))) > > In guix/ui.scm: > > 1501:12 8 (run-guix-command _ . _) > > In guix/scripts/import.scm: > > 114:11 7 (guix-import . _) > > In guix/scripts/import/pypi.scm: > > 84:19 6 (guix-import-pypi . _) > > In guix/import/pypi.scm: > > 274:17 5 (pypi->guix-package _) > > In ice-9/boot-9.scm: > > 829:9 4 (catch srfi-34 # b&) > > In guix/import/json.scm: > > 32:17 3 (_) > > In guix/http-client.scm: > > 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # b&) > > In guix/build/download.scm: > > 398:4 1 (open-connection-for-uri _ #:timeout _ # _) > > 296:6 0 (tls-wrap # _ # _) > > > > guix/build/download.scm:296:6: In procedure tls-wrap: > > X.509 certificate of 'pypi.python.org' could not be verified: > > insecure-algorithm > > signer-not-found > > invalid > > I don’t see that. Could it be that the certs you have in /etc/ssl are > too old, or something along these lines? But how? The system I have is build from the same commit (+ my 4 irrelevant, not SSL touching packages on top of it). So nss-certs is system-wide, as it has always been, and that's what used for our /etc/ssl/certs/ > Thanks, > Ludo’. > > Thanks, -- A88C8ADD129828D7EAC02E52E22F9BBFEE348588 https://n0.is