From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 8PUJAQxt1WEnJgEAgWs5BA (envelope-from ) for ; Wed, 05 Jan 2022 11:03:56 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id 4PBsNQtt1WGxkQAAG6o9tA (envelope-from ) for ; Wed, 05 Jan 2022 11:03:55 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5E33E3021A for ; Wed, 5 Jan 2022 11:03:55 +0100 (CET) Received: from localhost ([::1]:53534 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n5398-0008CQ-Bz for larch@yhetil.org; Wed, 05 Jan 2022 05:03:54 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56298) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n52za-0008Df-LA for bug-guix@gnu.org; Wed, 05 Jan 2022 04:54:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:56286) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n52zZ-0003pJ-Si for bug-guix@gnu.org; Wed, 05 Jan 2022 04:54:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n52zZ-0001sj-ST for bug-guix@gnu.org; Wed, 05 Jan 2022 04:54:01 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#30619: Cuirass requires TLS certificates Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 05 Jan 2022 09:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 30619 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: zimoun Received: via spool by 30619-submit@debbugs.gnu.org id=B30619.16413764337214 (code B ref 30619); Wed, 05 Jan 2022 09:54:01 +0000 Received: (at 30619) by debbugs.gnu.org; 5 Jan 2022 09:53:53 +0000 Received: from localhost ([127.0.0.1]:39599 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n52zR-0001sI-FN for submit@debbugs.gnu.org; Wed, 05 Jan 2022 04:53:53 -0500 Received: from baptiste.telenet-ops.be ([195.130.132.51]:45990) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n52zP-0001s9-QD for 30619@debbugs.gnu.org; Wed, 05 Jan 2022 04:53:52 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by baptiste.telenet-ops.be with bizsmtp id extp2600R4UW6Th01xtpPo; Wed, 05 Jan 2022 10:53:50 +0100 Message-ID: <61df0fdc1a0db3ec42f2a03500333b0a1bbaa2eb.camel@telenet.be> From: Maxime Devos Date: Wed, 05 Jan 2022 10:53:20 +0100 In-Reply-To: <86r19nayjh.fsf@gmail.com> References: <20180226205158.GA2432@jurong> <87lgfe1kyf.fsf@gnu.org> <8635q5rn44.fsf@gmail.com> <86ily1kitk.fsf@gmail.com> <87o87qiaau.fsf@gnu.org> <86k0gvr90x.fsf@gmail.com> <72886a55a3351fb56335c71179bdf155e27a630a.camel@telenet.be> <86r19nayjh.fsf@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-WgHpKxtDXvD4ytOlqFZh" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1641376430; bh=WFbLX6qPOm4g/fIsadWGozkBIn1zjbZ5a2jJppJ7qrQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=YkGJXkjobqINiY9l5gG3eQvQpR5OKnjnPuhQfuLyqzxLFjz0s77YkVe8itdFoqomh PLOwM5f/tVN0Os9RU5PNFd8ogPjwdWxPwJBVh3oHnX0pZA+sM94PLOms+yOmVOanRh A0Op1MsWoOx+cQhLYyTO1BEz+LAUe9iowcEgxucnAl21tkoUerm9zduZxKvRxXyG2R kQ2W1K4Iq/aid1lHF3SWvOrq5Pni5SFkUjyWfMDYpCTZL1RHho9nfraOMdiIjhv/Nj sTCM5473t8D0ExAFxHgJD6wu1RBFo0qo3jd2cE7oNDDuxTED0hEe5MsSkTbQVM0n8f iOWBnmtMR4dhQ== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mathieu Othacehe , 30619@debbugs.gnu.org, Andreas Enge Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1641377035; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=WFbLX6qPOm4g/fIsadWGozkBIn1zjbZ5a2jJppJ7qrQ=; b=IumWvLIksPKUrvyRha1wBFKZR3U0x8GR3UZDXgWWAO4N1xwI5NtDu6rC402dH6cbfSwJwt J4rVzpikLp7Pd5ufqxCg8OKKZXYRE5dela/olF+ShkZ54OQ83o/WCz6y6pVbY8+d3Uxoyb 0+lVC5HyKaKbon53QTIyKuLDv793k3t2l4yrHKU0SPOVuYXQjbgo7FrR9pxAKzztvLkyQX qbzxYHLK/kLxRHI5S2S0qyTfhfa/cOqpY2cKZPvpY9sHSq8Ulbn5rNu18ORLivTEWD2Ix2 ED8Tcwuzf7YfpHpsZLjuVproG91H8UNVNCtF3n/8bjtqukqln757sR8jf8/DvQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1641377035; a=rsa-sha256; cv=none; b=l3+4SmwVD5qXbxBXvfusntVBRibQERkwit7HT2C16jQFPGL5LUGzbGft07hK79OskPn0dg jG1x13xkjH0Xn4FQArxW4lJv5K1L/9iMYnKIH6Egw04qvyQ3vaUTo4DOr152pHFp2RDGHh MZNwBrZZ7oqFdIJFgknMK8gNZS5+EK8iQOBSV2E4TtemuZfKxVz67Ls8+oeHorEVcj9zzh /bR/aH5DYZ4bc89ueehkVjc3nhaI+XrE/hkFIGf3Qjmp1RLMo4TSoP0Ro6SKlgLzxbrF8u dIPLtQik1g1M79Q2GroZm8Dbls1JEB6Oo3+18UYhhQU+ZEEvi7heky2sbFX2IQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=YkGJXkjo; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.10 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=YkGJXkjo; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 5E33E3021A X-Spam-Score: -4.10 X-Migadu-Scanner: scn0.migadu.com X-TUID: Ph/jGYGMhCxj --=-WgHpKxtDXvD4ytOlqFZh Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable zimoun schreef op wo 05-01-2022 om 00:09 [+0100]: > Hi Maxime. >=20 > On Fri, 26 Nov 2021 at 06:28, Maxime Devos wrote= : > > zimoun schreef op vr 26-11-2021 om 02:38 [+0100]: > > > On Fri, 15 Oct 2021 at 17:20, Ludovic Court=C3=A8s wro= te: > > > > zimoun skribis: > > > > > On Thu, 16 Sep 2021 at 09:33, zimoun > > > > > > On Tue, 27 Feb 2018 at 17:00, ludo@gnu.org=C2=A0(Ludovic Court= =C3=A8s) > > >=20 > > > > The Cuirass Shepherd service still does: > > > >=20 > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 #:environment-variables > > > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 (list "GIT_SSL_CAINFO=3D/etc/ssl/certs/ca- > > > > certificates.crt" =E2=80=A6) > > > >=20 > > > > which means that users still need to install certificates globally. > > > >=20 > > > > Now, whether it=E2=80=99s an issue, I don=E2=80=99t know. > > > >=20 > > > > Maybe we can close? > > >=20 > > > I propose to close since I do not see what could the next action. > > >=20 > > > 1: > >=20 > > The next action would be splitting of the bundle generation from the > > profile code, and adding a =E2=80=98certificates=E2=80=99 field default= ing to nss- > > certs, as Ludo seemed to suggest. >=20 > Do you have an idea how to implement this suggestion? Otherwise, I > think closing is reasonable. :-) That suggestion (+ Ludovic's suggestion of a (guix x509-certificates) module) was my suggested implementation, it just needs to be translated from a description in English to an actual patch . Anyway, I don't think closing is reasonable, because the bug (certificates need to be installed globally) still exist, and it is actionable (there's even a suggested implementation, so a sufficiently motivated party (not me currently) could address the issue. Greetings, Maxime. --=-WgHpKxtDXvD4ytOlqFZh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYdVqkBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7p2IAQDax1OyBEEBRaaH3SZAoEsF9nrm pF+Tisf6dcWj4mRKTQD/YkE6I9WhushEQz9+RTPHOqM+e/yUL9rDNHz7T/kZkQA= =Dlt+ -----END PGP SIGNATURE----- --=-WgHpKxtDXvD4ytOlqFZh--