all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* pypi import certs issues
@ 2018-03-19 13:24 ng0
  2018-03-19 16:52 ` Ludovic Courtès
  0 siblings, 1 reply; 17+ messages in thread
From: ng0 @ 2018-03-19 13:24 UTC (permalink / raw)
  To: guix-devel

Hi,

on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues:

user@abyayala ~$ guix package -l | grep "nss-certs"
user@abyayala ~$ env | grep "SSL_"
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs
user@abyayala ~$ guix import pypi readline
;;; note: source file /home/user/.config/guix/latest/guix/download.scm
;;;       newer than compiled /home/user/.config/guix/latest/guix/download.go
;;; note: source file /home/user/.config/guix/latest/guix/download.scm
;;;       newer than compiled /gnu/store/3abjgr7dws69089lrfkf0n92qww1946j-guix-0.14.0-9.bdf0c64/lib/guile/2.2/site-ccache/guix/download.go
;;; note: source file /home/user/.config/guix/latest/guix/download.scm
;;;       newer than compiled /run/current-system/profile/lib/guile/2.2/site-ccache/guix/download.go
Backtrace:
          11 (apply-smob/1 #<catch-closure 24703a0>)
          In ice-9/boot-9.scm:
              705:2 10 (call-with-prompt _ _ #<procedure default-prompt-handleb&>)
              In ice-9/eval.scm:
                  619:8  9 (_ #(#(#<directory (guile-user) 2526140>)))
                  In guix/ui.scm:
                    1501:12  8 (run-guix-command _ . _)
                    In guix/scripts/import.scm:
                       114:11  7 (guix-import . _)
                       In guix/scripts/import/pypi.scm:
                           84:19  6 (guix-import-pypi . _)
                           In guix/import/pypi.scm:
                              274:17  5 (pypi->guix-package _)
                              In ice-9/boot-9.scm:
                                  829:9  4 (catch srfi-34 #<procedure 2db97e0 at guix/import/jsonb&> b&)
                                  In guix/import/json.scm:
                                      32:17  3 (_)
                                      In guix/http-client.scm:
                                          88:25  2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # b&)
                                          In guix/build/download.scm:
                                              398:4  1 (open-connection-for-uri _ #:timeout _ # _)
                                                  296:6  0 (tls-wrap #<closed: file 292ee00> _ # _)

guix/build/download.scm:296:6: In procedure tls-wrap:
X.509 certificate of 'pypi.python.org' could not be verified:
  insecure-algorithm
    signer-not-found
      invalid

user@abyayala ~$ ^C
user@abyayala ~$ cat src/systems/old_systems/guixsd/workstations/abyayala/config.scm | grep "nss-certs"
                                                  "nss-certs" ;certs
                                                  

-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-19 13:24 pypi import certs issues ng0
@ 2018-03-19 16:52 ` Ludovic Courtès
  2018-03-19 17:48   ` ng0
  0 siblings, 1 reply; 17+ messages in thread
From: Ludovic Courtès @ 2018-03-19 16:52 UTC (permalink / raw)
  To: guix-devel

Hello,

ng0 <ng0@n0.is> skribis:

> on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues:
>
> user@abyayala ~$ guix package -l | grep "nss-certs"
> user@abyayala ~$ env | grep "SSL_"
> GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
> SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
> SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs
> user@abyayala ~$ guix import pypi readline
> ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> ;;;       newer than compiled /home/user/.config/guix/latest/guix/download.go
> ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> ;;;       newer than compiled /gnu/store/3abjgr7dws69089lrfkf0n92qww1946j-guix-0.14.0-9.bdf0c64/lib/guile/2.2/site-ccache/guix/download.go
> ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> ;;;       newer than compiled /run/current-system/profile/lib/guile/2.2/site-ccache/guix/download.go
> Backtrace:
>           11 (apply-smob/1 #<catch-closure 24703a0>)
>           In ice-9/boot-9.scm:
>               705:2 10 (call-with-prompt _ _ #<procedure default-prompt-handleb&>)
>               In ice-9/eval.scm:
>                   619:8  9 (_ #(#(#<directory (guile-user) 2526140>)))
>                   In guix/ui.scm:
>                     1501:12  8 (run-guix-command _ . _)
>                     In guix/scripts/import.scm:
>                        114:11  7 (guix-import . _)
>                        In guix/scripts/import/pypi.scm:
>                            84:19  6 (guix-import-pypi . _)
>                            In guix/import/pypi.scm:
>                               274:17  5 (pypi->guix-package _)
>                               In ice-9/boot-9.scm:
>                                   829:9  4 (catch srfi-34 #<procedure 2db97e0 at guix/import/jsonb&> b&)
>                                   In guix/import/json.scm:
>                                       32:17  3 (_)
>                                       In guix/http-client.scm:
>                                           88:25  2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # b&)
>                                           In guix/build/download.scm:
>                                               398:4  1 (open-connection-for-uri _ #:timeout _ # _)
>                                                   296:6  0 (tls-wrap #<closed: file 292ee00> _ # _)
>
> guix/build/download.scm:296:6: In procedure tls-wrap:
> X.509 certificate of 'pypi.python.org' could not be verified:
>   insecure-algorithm
>     signer-not-found
>       invalid

I don’t see that.  Could it be that the certs you have in /etc/ssl are
too old, or something along these lines?

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-19 16:52 ` Ludovic Courtès
@ 2018-03-19 17:48   ` ng0
  2018-03-20 16:33     ` Ludovic Courtès
  0 siblings, 1 reply; 17+ messages in thread
From: ng0 @ 2018-03-19 17:48 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

Ludovic Courtès transcribed 2.7K bytes:
> Hello,
> 
> ng0 <ng0@n0.is> skribis:
> 
> > on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues:
> >
> > user@abyayala ~$ guix package -l | grep "nss-certs"
> > user@abyayala ~$ env | grep "SSL_"
> > GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
> > SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
> > SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs
> > user@abyayala ~$ guix import pypi readline
> > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> > ;;;       newer than compiled /home/user/.config/guix/latest/guix/download.go
> > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> > ;;;       newer than compiled /gnu/store/3abjgr7dws69089lrfkf0n92qww1946j-guix-0.14.0-9.bdf0c64/lib/guile/2.2/site-ccache/guix/download.go
> > ;;; note: source file /home/user/.config/guix/latest/guix/download.scm
> > ;;;       newer than compiled /run/current-system/profile/lib/guile/2.2/site-ccache/guix/download.go
> > Backtrace:
> >           11 (apply-smob/1 #<catch-closure 24703a0>)
> >           In ice-9/boot-9.scm:
> >               705:2 10 (call-with-prompt _ _ #<procedure default-prompt-handleb&>)
> >               In ice-9/eval.scm:
> >                   619:8  9 (_ #(#(#<directory (guile-user) 2526140>)))
> >                   In guix/ui.scm:
> >                     1501:12  8 (run-guix-command _ . _)
> >                     In guix/scripts/import.scm:
> >                        114:11  7 (guix-import . _)
> >                        In guix/scripts/import/pypi.scm:
> >                            84:19  6 (guix-import-pypi . _)
> >                            In guix/import/pypi.scm:
> >                               274:17  5 (pypi->guix-package _)
> >                               In ice-9/boot-9.scm:
> >                                   829:9  4 (catch srfi-34 #<procedure 2db97e0 at guix/import/jsonb&> b&)
> >                                   In guix/import/json.scm:
> >                                       32:17  3 (_)
> >                                       In guix/http-client.scm:
> >                                           88:25  2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # b&)
> >                                           In guix/build/download.scm:
> >                                               398:4  1 (open-connection-for-uri _ #:timeout _ # _)
> >                                                   296:6  0 (tls-wrap #<closed: file 292ee00> _ # _)
> >
> > guix/build/download.scm:296:6: In procedure tls-wrap:
> > X.509 certificate of 'pypi.python.org' could not be verified:
> >   insecure-algorithm
> >     signer-not-found
> >       invalid
> 
> I don’t see that.  Could it be that the certs you have in /etc/ssl are
> too old, or something along these lines?

But how? The system I have is build from the same commit (+ my 4 irrelevant, not SSL touching
packages on top of it). So nss-certs is system-wide, as it has always been, and that's what
used for our /etc/ssl/certs/

> Thanks,
> Ludo’.
> 
> 

Thanks,
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-19 17:48   ` ng0
@ 2018-03-20 16:33     ` Ludovic Courtès
  2018-03-20 17:45       ` ng0
  0 siblings, 1 reply; 17+ messages in thread
From: Ludovic Courtès @ 2018-03-20 16:33 UTC (permalink / raw)
  To: guix-devel

ng0 <ng0@n0.is> skribis:

> Ludovic Courtès transcribed 2.7K bytes:
>> Hello,
>> 
>> ng0 <ng0@n0.is> skribis:
>> 
>> > on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues:
>> >
>> > user@abyayala ~$ guix package -l | grep "nss-certs"
>> > user@abyayala ~$ env | grep "SSL_"
>> > GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
>> > SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
>> > SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs

[...]

>> > guix/build/download.scm:296:6: In procedure tls-wrap:
>> > X.509 certificate of 'pypi.python.org' could not be verified:
>> >   insecure-algorithm
>> >     signer-not-found
>> >       invalid
>> 
>> I don’t see that.  Could it be that the certs you have in /etc/ssl are
>> too old, or something along these lines?

What if you do:

  export SSL_CERT_DIR=/etc/ssl/certs

?

Ludo’.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-20 16:33     ` Ludovic Courtès
@ 2018-03-20 17:45       ` ng0
  2018-03-21 23:03         ` Ricardo Wurmus
  0 siblings, 1 reply; 17+ messages in thread
From: ng0 @ 2018-03-20 17:45 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

Ludovic Courtès transcribed 911 bytes:
> ng0 <ng0@n0.is> skribis:
> 
> > Ludovic Courtès transcribed 2.7K bytes:
> >> Hello,
> >> 
> >> ng0 <ng0@n0.is> skribis:
> >> 
> >> > on commit 72406062b9c3cdb6e9e30266f3cc31d0b2116b68 pypi import has issues:
> >> >
> >> > user@abyayala ~$ guix package -l | grep "nss-certs"
> >> > user@abyayala ~$ env | grep "SSL_"
> >> > GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
> >> > SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
> >> > SSL_CERT_DIR=/home/user/.guix-profile/etc/ssl/certs:/etc/ssl/certs
> 
> [...]
> 
> >> > guix/build/download.scm:296:6: In procedure tls-wrap:
> >> > X.509 certificate of 'pypi.python.org' could not be verified:
> >> >   insecure-algorithm
> >> >     signer-not-found
> >> >       invalid
> >> 
> >> I don’t see that.  Could it be that the certs you have in /etc/ssl are
> >> too old, or something along these lines?
> 
> What if you do:
> 
>   export SSL_CERT_DIR=/etc/ssl/certs
> 
> ?
> 
> Ludo’.

Okay, that worked. So why is the .guix-profile/etc/ssl/certs
not updated? I don't even have nss-certs in my user profile, it is
global. Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
empty? I assume it is just for user-space (space=profile in my
line of thought here) certificates which are not global?

Thanks
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-20 17:45       ` ng0
@ 2018-03-21 23:03         ` Ricardo Wurmus
  2018-03-22  1:14           ` Mark H Weaver
  2018-03-22  8:11           ` ng0
  0 siblings, 2 replies; 17+ messages in thread
From: Ricardo Wurmus @ 2018-03-21 23:03 UTC (permalink / raw)
  To: ng0; +Cc: guix-devel


ng0 <ng0@n0.is> writes:

> Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
> empty? I assume it is just for user-space (space=profile in my
> line of thought here) certificates which are not global?

Which of the packages in your profile provides this directory?  What
does “readlink” tell you?

-- 
Ricardo

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-21 23:03         ` Ricardo Wurmus
@ 2018-03-22  1:14           ` Mark H Weaver
  2018-03-22  1:27             ` Mark H Weaver
  2018-03-22  8:11           ` ng0
  1 sibling, 1 reply; 17+ messages in thread
From: Mark H Weaver @ 2018-03-22  1:14 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: guix-devel, ng0

Ricardo Wurmus <rekado@elephly.net> writes:

> ng0 <ng0@n0.is> writes:
>
>> Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
>> empty? I assume it is just for user-space (space=profile in my
>> line of thought here) certificates which are not global?

Yes, that's right.

> Which of the packages in your profile provides this directory?  What
> does “readlink” tell you?

The directory is created by the 'ca-certificate-bundle' profile hook in
(guix profiles), whose purpose is to create a single-file certificate
bundle in ../etc/ssl/certs/ca-certificates.crt containing all of the
certs from all of the certificate packages included in the profile.

     Mark

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-22  1:14           ` Mark H Weaver
@ 2018-03-22  1:27             ` Mark H Weaver
  2018-03-22  8:14               ` ng0
  0 siblings, 1 reply; 17+ messages in thread
From: Mark H Weaver @ 2018-03-22  1:27 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: guix-devel, ng0

Mark H Weaver <mhw@netris.org> writes:

> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> ng0 <ng0@n0.is> writes:
>>
>>> Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
>>> empty? I assume it is just for user-space (space=profile in my
>>> line of thought here) certificates which are not global?
>
> Yes, that's right.
>
>> Which of the packages in your profile provides this directory?  What
>> does “readlink” tell you?
>
> The directory is created by the 'ca-certificate-bundle' profile hook in
> (guix profiles), whose purpose is to create a single-file certificate
> bundle in ../etc/ssl/certs/ca-certificates.crt containing all of the
> certs from all of the certificate packages included in the profile.

Hmm, although it looks like that profile hook shouldn't ever create the
etc/ssl/crts directory without also creating the ca-certificates.crt
file within it.  In this case I guess some other package must have
created that directory, so I'm also curious to see the output of the
following commands:

  readlink ~/.guix-profile/etc
  readlink ~/.guix-profile/etc/ssl
  readlink ~/.guix-profile/etc/ssl/certs

      Mark

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-21 23:03         ` Ricardo Wurmus
  2018-03-22  1:14           ` Mark H Weaver
@ 2018-03-22  8:11           ` ng0
  1 sibling, 0 replies; 17+ messages in thread
From: ng0 @ 2018-03-22  8:11 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: guix-devel, ng0

Ricardo Wurmus transcribed 341 bytes:
> 
> ng0 <ng0@n0.is> writes:
> 
> > Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
> > empty? I assume it is just for user-space (space=profile in my
> > line of thought here) certificates which are not global?
> 
> Which of the packages in your profile provides this directory?  What
> does “readlink” tell you?

Surprisingly it returns an empty result, which is why I asked :)
Even the files in the directory above (~/.guix-profile/etc/ssl/) are
empty results.

> 
> -- 
> Ricardo
> 
> 

-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2018-03-22  1:27             ` Mark H Weaver
@ 2018-03-22  8:14               ` ng0
  0 siblings, 0 replies; 17+ messages in thread
From: ng0 @ 2018-03-22  8:14 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel, ng0

Mark H Weaver transcribed 1.1K bytes:
> Mark H Weaver <mhw@netris.org> writes:
> 
> > Ricardo Wurmus <rekado@elephly.net> writes:
> >
> >> ng0 <ng0@n0.is> writes:
> >>
> >>> Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
> >>> empty? I assume it is just for user-space (space=profile in my
> >>> line of thought here) certificates which are not global?
> >
> > Yes, that's right.
> >
> >> Which of the packages in your profile provides this directory?  What
> >> does “readlink” tell you?
> >
> > The directory is created by the 'ca-certificate-bundle' profile hook in
> > (guix profiles), whose purpose is to create a single-file certificate
> > bundle in ../etc/ssl/certs/ca-certificates.crt containing all of the
> > certs from all of the certificate packages included in the profile.
> 
> Hmm, although it looks like that profile hook shouldn't ever create the
> etc/ssl/crts directory without also creating the ca-certificates.crt
> file within it.  In this case I guess some other package must have
> created that directory, so I'm also curious to see the output of the
> following commands:
> 
>   readlink ~/.guix-profile/etc
>   readlink ~/.guix-profile/etc/ssl
>   readlink ~/.guix-profile/etc/ssl/certs
> 
>       Mark

Ah, this is where my custom global profile seems to come in to blame:

user@abyayala ~$ readlink ~/.guix-profile/etc
user@abyayala ~$ readlink ~/.guix-profile/etc/ssl
/gnu/store/bfrpbapb440fkqb7n389xry596i73jml-libressl-2.6.4/etc/ssl
user@abyayala ~$ readlink ~/.guix-profile/etc/ssl/certs
user@abyayala ~$ 

Although you should be able to install libressl and use openssl generated data.
-- 
A88C8ADD129828D7EAC02E52E22F9BBFEE348588
https://n0.is

^ permalink raw reply	[flat|nested] 17+ messages in thread

* pypi import certs issues
@ 2023-05-06 17:23 c4droid
  2023-05-08  1:18 ` Maxim Cournoyer
  0 siblings, 1 reply; 17+ messages in thread
From: c4droid @ 2023-05-06 17:23 UTC (permalink / raw)
  To: help-guix

Hi, Guix!

on commit dc5430c9dc20ee53441995d9a89a90b0a86aeed3 pypi import has
issues:

Backtrace:
In ice-9/eval.scm:
    619:8 19 (_ #(#(#<directory (guile-user) 7fb1cb718c80>)))
In guix/ui.scm:
   2300:7 18 (run-guix . _)
  2263:10 17 (run-guix-command _ . _)
In guix/scripts/import.scm:
    89:11 16 (guix-import . _)
In ice-9/boot-9.scm:
  1752:10 15 (with-exception-handler _ _ #:unwind? _ # _)
In guix/scripts/import/pypi.scm:
    97:21 14 (_)
In guix/import/utils.scm:
   638:27 13 (recursive-import "pwntools" #:repo->guix-package _ # . #)
   630:33 12 (lookup-node "pwntools" #f)
In guix/memoization.scm:
     98:0 11 (mproc "pwntools" #:version #f #:repo->guix-package #<…> …)
In unknown file:
          10 (_ #<procedure 7fb1c7d05a20 at guix/memoization.scm:17…> …)
In guix/import/pypi.scm:
   495:21  9 (_ "pwntools" #:version _)
   126:10  8 (pypi-fetch _)
In ice-9/exceptions.scm:
   406:15  7 (json-fetch _ #:http-fetch _ #:headers _)
In ice-9/boot-9.scm:
  1752:10  6 (with-exception-handler _ _ #:unwind? _ # _)
In guix/import/json.scm:
    53:19  5 (_)
In guix/http-client.scm:
   107:28  4 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
In guix/build/download.scm:
    468:4  3 (open-connection-for-uri _ #:timeout _ # _)
    360:6  2 (tls-wrap #<closed: file 7fb1c7a3ce00> _ # _)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1683:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1683:16: In procedure raise-exception:
X.509 certificate of 'pypi.org' could not be verified:
  revocation-data-superseded
  invalid

I found a old discuss in
https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00247.html,
but set SSL_CERTS_DIR to /etc/ssl/certs don't working.

The environment variable for SSL:
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2023-05-06 17:23 c4droid
@ 2023-05-08  1:18 ` Maxim Cournoyer
  2023-05-08 15:35   ` c4droid
  2023-05-08 15:55   ` c4droid
  0 siblings, 2 replies; 17+ messages in thread
From: Maxim Cournoyer @ 2023-05-08  1:18 UTC (permalink / raw)
  To: c4droid; +Cc: help-guix

Hi,

c4droid <c4droid@foxmail.com> writes:

> Hi, Guix!
>
> on commit dc5430c9dc20ee53441995d9a89a90b0a86aeed3 pypi import has
> issues:
>
> Backtrace:
> In ice-9/eval.scm:
>     619:8 19 (_ #(#(#<directory (guile-user) 7fb1cb718c80>)))
> In guix/ui.scm:
>    2300:7 18 (run-guix . _)
>   2263:10 17 (run-guix-command _ . _)
> In guix/scripts/import.scm:
>     89:11 16 (guix-import . _)
> In ice-9/boot-9.scm:
>   1752:10 15 (with-exception-handler _ _ #:unwind? _ # _)
> In guix/scripts/import/pypi.scm:
>     97:21 14 (_)
> In guix/import/utils.scm:
>    638:27 13 (recursive-import "pwntools" #:repo->guix-package _ # . #)
>    630:33 12 (lookup-node "pwntools" #f)
> In guix/memoization.scm:
>      98:0 11 (mproc "pwntools" #:version #f #:repo->guix-package #<…> …)
> In unknown file:
>           10 (_ #<procedure 7fb1c7d05a20 at guix/memoization.scm:17…> …)
> In guix/import/pypi.scm:
>    495:21  9 (_ "pwntools" #:version _)
>    126:10  8 (pypi-fetch _)
> In ice-9/exceptions.scm:
>    406:15  7 (json-fetch _ #:http-fetch _ #:headers _)
> In ice-9/boot-9.scm:
>   1752:10  6 (with-exception-handler _ _ #:unwind? _ # _)
> In guix/import/json.scm:
>     53:19  5 (_)
> In guix/http-client.scm:
>    107:28  4 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
> In guix/build/download.scm:
>     468:4  3 (open-connection-for-uri _ #:timeout _ # _)
>     360:6  2 (tls-wrap #<closed: file 7fb1c7a3ce00> _ # _)
> In ice-9/boot-9.scm:
>   1685:16  1 (raise-exception _ #:continuable? _)
>   1683:16  0 (raise-exception _ #:continuable? _)
>
> ice-9/boot-9.scm:1683:16: In procedure raise-exception:
> X.509 certificate of 'pypi.org' could not be verified:
>   revocation-data-superseded
>   invalid
>
> I found a old discuss in
> https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00247.html,
> but set SSL_CERTS_DIR to /etc/ssl/certs don't working.

[...]

Do you have nss-certs installed in your operating system declaration (on
Guix System) ?

Not sure if it could help, but I just updated nss-certs to 3.88.1, up
from 3.85, so pulling and reconfiguring your system may help.

-- 
Thanks,
Maxim


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2023-05-08 15:55   ` c4droid
@ 2023-05-08 11:55     ` James R. Haigh (+ML.GNU.Guix subaddress)
  2023-05-09  0:55       ` c4droid
  2023-05-08 12:12     ` Maxim Cournoyer
  1 sibling, 1 reply; 17+ messages in thread
From: James R. Haigh (+ML.GNU.Guix subaddress) @ 2023-05-08 11:55 UTC (permalink / raw)
  To: c4droid; +Cc: help-guix

Hi c4droid,

At Z+0800=2023-05-08Mon23:55:06, c4droid sent:
> […]

You appear to have sent an email from the future.  That time is currently over 4 hours into the future.  Note that certificate validation relies upon correct clock synchronisation, so without even looking into the details of what is going on with Guix, simply correcting your system clock time may in fact resolve your issue afterall.

	Looking at the Received headers on your email, I notice that your email was in fact sent a few hours in the past:–

Mon, 08 May 2023 15:55:05 +0800
Mon, 08 May 2023 03:55:26 -0400
Mon, 08 May 2023 03:55:29 -0400
Mon, 08 May 2023 03:55:31 -0400
Mon, 08 May 2023 09:55:59 +0200
Mon, 08 May 2023 09:56:02 +0200

These are all broadly the same time: UTC+0=07:55.  Therefore, at the time of sending, the timestamp in the Date header of your email was precisely 8 hours into the future.  Its timezone is also UTC+8, which indicates that you may have actually confused local time with system time when setting the time.  If you set your system time to UTC+8 and then on top of that your local time adds another 8 hours, at UTC+0=07:55, UTC+8+8=23:55.  That seems like a plausible explanation.

	Furthermore, a common cause for system time being set to local time is if you dual-boot with another operating system that does not respect the system time being independent of local time.  I have heard that this is a common problem for those who dual-boot with Microsoft Windows – at least it was in the days of XP.  I don't know whether it is still a common issue in newer versions, but if you have such a dual-boot and this keeps happening, that would be a good first place to investigate to try to fix the issue.

Kind regards,
James.
-- 
Wealth doesn't bring happiness, but poverty brings sadness.
Sent from Debian with Claws Mail, using email subaddressing as an alternative to error-prone heuristical spam filtering.


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2023-05-08 15:55   ` c4droid
  2023-05-08 11:55     ` James R. Haigh (+ML.GNU.Guix subaddress)
@ 2023-05-08 12:12     ` Maxim Cournoyer
  1 sibling, 0 replies; 17+ messages in thread
From: Maxim Cournoyer @ 2023-05-08 12:12 UTC (permalink / raw)
  To: c4droid; +Cc: help-guix

Hi,

c4droid <c4droid@foxmail.com> writes:

> Hi, Maxim
>
> On Sun, May 07, 2023 at 09:18:25PM -0400, Maxim Cournoyer wrote:
>> Hi,
>> 
>> c4droid <c4droid@foxmail.com> writes:
>> 
>> > Hi, Guix!
>> >
>> > on commit dc5430c9dc20ee53441995d9a89a90b0a86aeed3 pypi import has
>> > issues:
>> >
>> > Backtrace:
>> > In ice-9/eval.scm:
>> >     619:8 19 (_ #(#(#<directory (guile-user) 7fb1cb718c80>)))
>> > In guix/ui.scm:
>> >    2300:7 18 (run-guix . _)
>> >   2263:10 17 (run-guix-command _ . _)
>> > In guix/scripts/import.scm:
>> >     89:11 16 (guix-import . _)
>> > In ice-9/boot-9.scm:
>> >   1752:10 15 (with-exception-handler _ _ #:unwind? _ # _)
>> > In guix/scripts/import/pypi.scm:
>> >     97:21 14 (_)
>> > In guix/import/utils.scm:
>> >    638:27 13 (recursive-import "pwntools" #:repo->guix-package _ # . #)
>> >    630:33 12 (lookup-node "pwntools" #f)
>> > In guix/memoization.scm:
>> >      98:0 11 (mproc "pwntools" #:version #f #:repo->guix-package #<…> …)
>> > In unknown file:
>> >           10 (_ #<procedure 7fb1c7d05a20 at guix/memoization.scm:17…> …)
>> > In guix/import/pypi.scm:
>> >    495:21  9 (_ "pwntools" #:version _)
>> >    126:10  8 (pypi-fetch _)
>> > In ice-9/exceptions.scm:
>> >    406:15  7 (json-fetch _ #:http-fetch _ #:headers _)
>> > In ice-9/boot-9.scm:
>> >   1752:10  6 (with-exception-handler _ _ #:unwind? _ # _)
>> > In guix/import/json.scm:
>> >     53:19  5 (_)
>> > In guix/http-client.scm:
>> >    107:28  4 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
>> > In guix/build/download.scm:
>> >     468:4  3 (open-connection-for-uri _ #:timeout _ # _)
>> >     360:6  2 (tls-wrap #<closed: file 7fb1c7a3ce00> _ # _)
>> > In ice-9/boot-9.scm:
>> >   1685:16  1 (raise-exception _ #:continuable? _)
>> >   1683:16  0 (raise-exception _ #:continuable? _)
>> >
>> > ice-9/boot-9.scm:1683:16: In procedure raise-exception:
>> > X.509 certificate of 'pypi.org' could not be verified:
>> >   revocation-data-superseded
>> >   invalid
>> >
>> > I found a old discuss in
>> > https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00247.html,
>> > but set SSL_CERTS_DIR to /etc/ssl/certs don't working.
>> 
>> [...]
>> 
>> Do you have nss-certs installed in your operating system declaration (on
>> Guix System) ?
>> 
>> Not sure if it could help, but I just updated nss-certs to 3.88.1, up
>> from 3.85, so pulling and reconfiguring your system may help.
>
> I tried to update nss-certs, after reconfiguring system still report this.

At least we've ironed out that.  I'm out of ideas for now :-/.
Hopefully a TLS certs expert jumps in.

-- 
Thanks,
Maxim


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2023-05-08  1:18 ` Maxim Cournoyer
@ 2023-05-08 15:35   ` c4droid
  2023-05-08 15:55   ` c4droid
  1 sibling, 0 replies; 17+ messages in thread
From: c4droid @ 2023-05-08 15:35 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: help-guix

On Sun, May 07, 2023 at 09:18:25PM -0400, Maxim Cournoyer wrote:
Hi, Maxim

> Hi,
> 
> c4droid <c4droid@foxmail.com> writes:
> 
> > Hi, Guix!
> >
> > on commit dc5430c9dc20ee53441995d9a89a90b0a86aeed3 pypi import has
> > issues:
> >
> > Backtrace:
> > In ice-9/eval.scm:
> >     619:8 19 (_ #(#(#<directory (guile-user) 7fb1cb718c80>)))
> > In guix/ui.scm:
> >    2300:7 18 (run-guix . _)
> >   2263:10 17 (run-guix-command _ . _)
> > In guix/scripts/import.scm:
> >     89:11 16 (guix-import . _)
> > In ice-9/boot-9.scm:
> >   1752:10 15 (with-exception-handler _ _ #:unwind? _ # _)
> > In guix/scripts/import/pypi.scm:
> >     97:21 14 (_)
> > In guix/import/utils.scm:
> >    638:27 13 (recursive-import "pwntools" #:repo->guix-package _ # . #)
> >    630:33 12 (lookup-node "pwntools" #f)
> > In guix/memoization.scm:
> >      98:0 11 (mproc "pwntools" #:version #f #:repo->guix-package #<…> …)
> > In unknown file:
> >           10 (_ #<procedure 7fb1c7d05a20 at guix/memoization.scm:17…> …)
> > In guix/import/pypi.scm:
> >    495:21  9 (_ "pwntools" #:version _)
> >    126:10  8 (pypi-fetch _)
> > In ice-9/exceptions.scm:
> >    406:15  7 (json-fetch _ #:http-fetch _ #:headers _)
> > In ice-9/boot-9.scm:
> >   1752:10  6 (with-exception-handler _ _ #:unwind? _ # _)
> > In guix/import/json.scm:
> >     53:19  5 (_)
> > In guix/http-client.scm:
> >    107:28  4 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
> > In guix/build/download.scm:
> >     468:4  3 (open-connection-for-uri _ #:timeout _ # _)
> >     360:6  2 (tls-wrap #<closed: file 7fb1c7a3ce00> _ # _)
> > In ice-9/boot-9.scm:
> >   1685:16  1 (raise-exception _ #:continuable? _)
> >   1683:16  0 (raise-exception _ #:continuable? _)
> >
> > ice-9/boot-9.scm:1683:16: In procedure raise-exception:
> > X.509 certificate of 'pypi.org' could not be verified:
> >   revocation-data-superseded
> >   invalid
> >
> > I found a old discuss in
> > https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00247.html,
> > but set SSL_CERTS_DIR to /etc/ssl/certs don't working.
> 
> [...]
> 
> Do you have nss-certs installed in your operating system declaration (on
> Guix System) ?

I installed nss-certs on my operating-system declaration.

> 
> Not sure if it could help, but I just updated nss-certs to 3.88.1, up
> from 3.85, so pulling and reconfiguring your system may help.

Hope it can be use for me, I'll update my guix channel and reconfiguring system then running guix
import pypi again.

> 
> -- 
> Thanks,
> Maxim
\0



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2023-05-08  1:18 ` Maxim Cournoyer
  2023-05-08 15:35   ` c4droid
@ 2023-05-08 15:55   ` c4droid
  2023-05-08 11:55     ` James R. Haigh (+ML.GNU.Guix subaddress)
  2023-05-08 12:12     ` Maxim Cournoyer
  1 sibling, 2 replies; 17+ messages in thread
From: c4droid @ 2023-05-08 15:55 UTC (permalink / raw)
  To: Maxim Cournoyer; +Cc: help-guix

Hi, Maxim

On Sun, May 07, 2023 at 09:18:25PM -0400, Maxim Cournoyer wrote:
> Hi,
> 
> c4droid <c4droid@foxmail.com> writes:
> 
> > Hi, Guix!
> >
> > on commit dc5430c9dc20ee53441995d9a89a90b0a86aeed3 pypi import has
> > issues:
> >
> > Backtrace:
> > In ice-9/eval.scm:
> >     619:8 19 (_ #(#(#<directory (guile-user) 7fb1cb718c80>)))
> > In guix/ui.scm:
> >    2300:7 18 (run-guix . _)
> >   2263:10 17 (run-guix-command _ . _)
> > In guix/scripts/import.scm:
> >     89:11 16 (guix-import . _)
> > In ice-9/boot-9.scm:
> >   1752:10 15 (with-exception-handler _ _ #:unwind? _ # _)
> > In guix/scripts/import/pypi.scm:
> >     97:21 14 (_)
> > In guix/import/utils.scm:
> >    638:27 13 (recursive-import "pwntools" #:repo->guix-package _ # . #)
> >    630:33 12 (lookup-node "pwntools" #f)
> > In guix/memoization.scm:
> >      98:0 11 (mproc "pwntools" #:version #f #:repo->guix-package #<…> …)
> > In unknown file:
> >           10 (_ #<procedure 7fb1c7d05a20 at guix/memoization.scm:17…> …)
> > In guix/import/pypi.scm:
> >    495:21  9 (_ "pwntools" #:version _)
> >    126:10  8 (pypi-fetch _)
> > In ice-9/exceptions.scm:
> >    406:15  7 (json-fetch _ #:http-fetch _ #:headers _)
> > In ice-9/boot-9.scm:
> >   1752:10  6 (with-exception-handler _ _ #:unwind? _ # _)
> > In guix/import/json.scm:
> >     53:19  5 (_)
> > In guix/http-client.scm:
> >    107:28  4 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
> > In guix/build/download.scm:
> >     468:4  3 (open-connection-for-uri _ #:timeout _ # _)
> >     360:6  2 (tls-wrap #<closed: file 7fb1c7a3ce00> _ # _)
> > In ice-9/boot-9.scm:
> >   1685:16  1 (raise-exception _ #:continuable? _)
> >   1683:16  0 (raise-exception _ #:continuable? _)
> >
> > ice-9/boot-9.scm:1683:16: In procedure raise-exception:
> > X.509 certificate of 'pypi.org' could not be verified:
> >   revocation-data-superseded
> >   invalid
> >
> > I found a old discuss in
> > https://lists.gnu.org/archive/html/guix-devel/2018-03/msg00247.html,
> > but set SSL_CERTS_DIR to /etc/ssl/certs don't working.
> 
> [...]
> 
> Do you have nss-certs installed in your operating system declaration (on
> Guix System) ?
> 
> Not sure if it could help, but I just updated nss-certs to 3.88.1, up
> from 3.85, so pulling and reconfiguring your system may help.

I tried to update nss-certs, after reconfiguring system still report this.

> 
> -- 
> Thanks,
> Maxim



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: pypi import certs issues
  2023-05-08 11:55     ` James R. Haigh (+ML.GNU.Guix subaddress)
@ 2023-05-09  0:55       ` c4droid
  0 siblings, 0 replies; 17+ messages in thread
From: c4droid @ 2023-05-09  0:55 UTC (permalink / raw)
  To: James R. Haigh (+ML.GNU.Guix subaddress); +Cc: help-guix

Hi, James.

On Mon, May 08, 2023 at 12:55:57PM +0100, James R. Haigh (+ML.GNU.Guix subaddress) wrote:
> Hi c4droid,
> 
> At Z+0800=2023-05-08Mon23:55:06, c4droid sent:
> > […]
> 

Thanks for the hint, I just checked my system services noticed the ntp is not install on my system,
after set it up, everything is normal.

> You appear to have sent an email from the future.  That time is currently over 4 hours into the future.  Note that certificate validation relies upon correct clock synchronisation, so without even looking into the details of what is going on with Guix, simply correcting your system clock time may in fact resolve your issue afterall.
> 
> 	Looking at the Received headers on your email, I notice that your email was in fact sent a few hours in the past:–
> 
> Mon, 08 May 2023 15:55:05 +0800
> Mon, 08 May 2023 03:55:26 -0400
> Mon, 08 May 2023 03:55:29 -0400
> Mon, 08 May 2023 03:55:31 -0400
> Mon, 08 May 2023 09:55:59 +0200
> Mon, 08 May 2023 09:56:02 +0200
> 
> These are all broadly the same time: UTC+0=07:55.  Therefore, at the time of sending, the timestamp in the Date header of your email was precisely 8 hours into the future.  Its timezone is also UTC+8, which indicates that you may have actually confused local time with system time when setting the time.  If you set your system time to UTC+8 and then on top of that your local time adds another 8 hours, at UTC+0=07:55, UTC+8+8=23:55.  That seems like a plausible explanation.
> 
> 	Furthermore, a common cause for system time being set to local time is if you dual-boot with another operating system that does not respect the system time being independent of local time.  I have heard that this is a common problem for those who dual-boot with Microsoft Windows – at least it was in the days of XP.  I don't know whether it is still a common issue in newer versions, but if you have such a dual-boot and this keeps happening, that would be a good first place to investigate to try to fix the issue.

BTW, thanks for the answer. :)

> 
> Kind regards,
> James.
> -- 
> Wealth doesn't bring happiness, but poverty brings sadness.
> Sent from Debian with Claws Mail, using email subaddressing as an alternative to error-prone heuristical spam filtering.



^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2023-05-09  1:02 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-03-19 13:24 pypi import certs issues ng0
2018-03-19 16:52 ` Ludovic Courtès
2018-03-19 17:48   ` ng0
2018-03-20 16:33     ` Ludovic Courtès
2018-03-20 17:45       ` ng0
2018-03-21 23:03         ` Ricardo Wurmus
2018-03-22  1:14           ` Mark H Weaver
2018-03-22  1:27             ` Mark H Weaver
2018-03-22  8:14               ` ng0
2018-03-22  8:11           ` ng0
  -- strict thread matches above, loose matches on Subject: below --
2023-05-06 17:23 c4droid
2023-05-08  1:18 ` Maxim Cournoyer
2023-05-08 15:35   ` c4droid
2023-05-08 15:55   ` c4droid
2023-05-08 11:55     ` James R. Haigh (+ML.GNU.Guix subaddress)
2023-05-09  0:55       ` c4droid
2023-05-08 12:12     ` Maxim Cournoyer

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.