From mboxrd@z Thu Jan 1 00:00:00 1970 From: Efraim Flashner Subject: bug#38857: X.509 certificate of 'crates.io' could not be verified during a recursive import from crates.io Date: Thu, 2 Jan 2020 09:12:43 +0200 Message-ID: <20200102071243.GS23018@E5400> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="McY+hxfTRXXDFVKC" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:60123) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1imugH-0003z0-6L for bug-guix@gnu.org; Thu, 02 Jan 2020 02:14:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1imugF-0007ef-Vj for bug-guix@gnu.org; Thu, 02 Jan 2020 02:14:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:60279) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1imugF-0007eE-Qe for bug-guix@gnu.org; Thu, 02 Jan 2020 02:14:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1imugD-0000Ul-LF for bug-guix@gnu.org; Thu, 02 Jan 2020 02:14:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Valentin Ignatev Cc: 38857@debbugs.gnu.org --McY+hxfTRXXDFVKC Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 02, 2020 at 01:45:35AM +0300, Valentin Ignatev wrote: > Hi! I'm trying to recursively import a package from crates.io like this: >=20 > guix import crate notify@4.0.14 --recursive >=20 > It follows redirections for a while untill at some point throws this: >=20 > Backtrace: > 12 (primitive-load "/home/vj/.config/guix/current/bin/guix") > In guix/ui.scm: > 1806:12 11 (run-guix-command _ . _) > In guix/scripts/import.scm: > 116:11 10 (guix-import . _) > In guix/scripts/import/crate.scm: > 103:16 9 (guix-import-crate . _) > In guix/import/utils.scm: > 425:7 8 (recursive-import _ _ #:repo->guix-package _ #:guix-name =E2= =80=A6) > 397:31 7 (topological-sort _ # =E2=80=A6) > In srfi/srfi-1.scm: > 592:17 6 (map1 ("tempfile")) > In guix/import/utils.scm: > 421:36 5 (lookup-node "tempfile") > In guix/import/crate.scm: > 222:10 4 (crate->guix-package "tempfile" _) > 150:15 3 (make-crate-sexp #:name _ #:version _ #:cargo-inputs _ # =E2= =80=A6) > In guix/http-client.scm: > 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # =E2= =80=A6) > In guix/build/download.scm: > 419:4 1 (open-connection-for-uri _ #:timeout _ # _) > 306:6 0 (tls-wrap # _ # _) >=20 > guix/build/download.scm:306:6: In procedure tls-wrap: > X.509 certificate of 'crates.io' could not be verified: > signer-not-found > invalid >=20 > I suspect that it happens after the importer hits > "wasm-bindgen-webidl" and starts going circles. Maybe there's some > circullar dependencies going on, but I'm not sure. I'm attaching a > full log for convenience. >=20 > For additional info: I'm running Guix on Arch Linux. I've also > installed nss-certs package, exported all neeeded variables > (SSL_CERT_DIR, SSL_CERT_FILE and GIT_SSL_CAINFO) before running guix > import and also made sure nscd.service is running. >=20 > Regards, > Valentin Ignatev I've had it happen to me also sometimes. It's like it forgets that it just successfully connected 100+ times and then fails. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --McY+hxfTRXXDFVKC Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl4Nl+sACgkQQarn3Mo9 g1GWyw/9GvGpRGBaoQZBLsXszstTSU/k/PoZwnMqj2KPdK5rZ6t4bZXwRMXukkjP ZT2bxiz9SEk1oh7d0AoUFJdl4KYrrmcG9+toVNQknyOX9FX1ghIml/6ocgTw6er6 h6wO6YCF3vTSqbim0e2wfBkeKpujdCny9wRomC9guO15Z+2IKoy44IpubjEm/CC8 YDUN7KFT9FJSI1dZMdLoW5Bg4oXa2jSNk6hJ6tcu/uLiO8MK50XI++ooxiNAS2IV zj3Vxdqj/6a4vpSC11MLV/otcwceT1YOqb6QZycuoWlZ63uCJ0lvC+TohQ4Cdp4h p6TWMEKLypUrI+rDoKautZcF/XMPBXa1FJft9tLmTeuDcOmoYdu2CbkUg3J1f8va nikzz15f2LGhaAmnQa1HJJ4g3MK+zFk29XkGF5i+uCInoiTKYQkXj1jJimtDggdU aCjvvai1V6QBCDceb8slGnqgxGpIXckh3wlHWDLaw+DmR1c18jcUgxR7/jbs5h9E Ncx4EKX27RUD5xootrXE7iZAUUvE3J6YXVEdXnL+UQoLgAxKBiqzOPfXp/Z/0hXD clpalQgb2dbCXin9DkRys4KvrWAe2Ze5SiN9Sud21mbSIXlmlNcWhtDhfiZlDFz1 JKNxGfLo1rxqfgaY307skCWaiTo7tAO2afsGyoMIrFrXgkbzoZM= =iVjn -----END PGP SIGNATURE----- --McY+hxfTRXXDFVKC--