From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#33272: guix refresh/download backtrace error when missing nss-certs Date: Mon, 5 Nov 2018 15:26:50 -0500 Message-ID: <20181105202650.GB19298@jasmine.lan> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SkvwRMAIpAhPCcCJ" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45286) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gJlTj-0002Bt-0w for bug-guix@gnu.org; Mon, 05 Nov 2018 15:28:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gJlTe-000094-LB for bug-guix@gnu.org; Mon, 05 Nov 2018 15:28:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:59650) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gJlTe-00008B-9q for bug-guix@gnu.org; Mon, 05 Nov 2018 15:28:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gJlTe-0002K8-44 for bug-guix@gnu.org; Mon, 05 Nov 2018 15:28:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: swedebugia Cc: 33272@debbugs.gnu.org --SkvwRMAIpAhPCcCJ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 05, 2018 at 12:16:08PM +0100, swedebugia wrote: > I suggest we change it to fail nicely. I am willing to create a patch. Wo= uld > somebody be willing to mentor me? >=20 > As a start: >=20 > How do I check if nss-certs is installed? >=20 > This is the first thing we should do when handling https-URIs >=20 > (define tls-wrap is a quite complicated procedure, maybe an extra (if at = the > body (of the let) will do? >=20 > something like >=20 > (if package-available? nss-certs >=20 > =A0=A0=A0 true; continue >=20 > =A0=A0=A0 false-> error nicely IMO a better solution is to catch the error and print an informative message. Already, the error message at the end is coming from Guix, but we should hide the backtrace and add a hint towards a solution. I think handling the TLS error gracefully is orthogonal to whether or not nss-certs is installed. There are other X.509 certificate collections available on the systems that Guix supports, and even some Guix packages use their own collections. Also, programs that need to look up certificates tend to find them via environment variables, so if one wanted to use nss-certs, it's not enough just to install it. https://www.gnu.org/software/guix/manual/en/html_node/X_002e509-Certificate= s.html --SkvwRMAIpAhPCcCJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlvgp4oACgkQJkb6MLrK fwinqw/+Ni6+Kgbx2g+brP2DLqfobOWFRfSnnDCDqyeVWWUXpdFcdI2rYpP79n6v fBVh/XrM3Wx7Ey3TnEs5SX4glmmmoSErpbynNWwJvyqkAWP5mb7+ZXx0Z7DYOPlk VHAc5AeZARLW1/XKDc+6StS63BwTRZdq79Qas4Ys3HLTHSND3e9hZMbXcoAeQS41 zpyI/PEsqo9URUcABxY4u/nUl0pPnCX/RJr7rz0IADVY9kgy3+G0TepNLGc0woyN DTEvcFnVzbC1yhETil89Hz3xdXFtpBtRXbbH2pLsNsaX2Z+9/sZx5H2WcD1hmB5f KhoAKxBD7e/4L+ifIuT8ovwiT8lOINi+9IoM0kgrCRoBPghANrCO0YO+vAPgGpi3 s37zeZOgR3PYhz/6kwlgeqa0RQgK22r5UF02zL/gWehlFLcY3KmWYEQMthBey82Y 4AZl1U60bF0kLQ505HDsOyDeSL/8LcVLRyydo8DR64GzXHIVDo6oAR91KlTtXCuW pZLA1EF1ZR+Cose++srKFbjAOC5nd2LXPW93wfN3VsLgH5UZg3blHbo7KqgMspcg XvTPf7MmKx2btlHGpK9oMQA7FtGhAT6zbeuDPABzUzXp4DWEzmqiLdRyUDxjlCOP zNS+Vnx2/8hJmgAqf3sR05C+IXpjsP1jOeECAEkz9+dYqvFscQQ= =Q6NI -----END PGP SIGNATURE----- --SkvwRMAIpAhPCcCJ--