* Fallout from recent nss-certs changes
@ 2024-04-20 18:17 Ian Eure
2024-04-21 8:32 ` pelzflorian (Florian Pelz)
2024-04-21 15:02 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
0 siblings, 2 replies; 6+ messages in thread
From: Ian Eure @ 2024-04-20 18:17 UTC (permalink / raw)
To: Guix Devel; +Cc: Jacob Hrbek, Maxim Cournoyer, Andrew Tropin
Some recent nss-certs changes have a negative side effects which
needs to be fixed.
A patch of mine was pushed recently (commit
0920693381d9f6b7923e69fe00be5de8621ddb6f), which adds nss-certs
3.98 to (gnu packages certs), under the nss-certs-3.98 variable.
Then, commit fdfd7667c66cf9ce746330f39bcd366e124460e1 was pushed,
which adds nss-certs to %base-packages-networking. This
references the nss-certs variable, which is version 3.88.1.
If an operating-system’s packages includes
`(specification->package "nss-certs")', this causes breakage,
because that form selects version 3.98, but %base-packages
includes 3.88.1, which causes an error on the next `guix system
reconfigure' due to conflicting package versions in the profile.
Prior to commit 65e8472a4b6fc6f66871ba0dad518b7d4c63595e, the
graphical installer would ask users if they wanted to install
nss-certs, and put this form into the operating-system’s packages,
so there are likely many users affected -- it bit me, and I’ve
seen a couple in IRC as well.
I think the options to fix this are:
1. Removing (specification->package "nss-certs") from one’s
operating-system.
2. Grafting nss-certs 3.98 onto nss-certs 3.88.1.
3. Replacing nss-certs 3.88.1 with 3.98.
The most expedient option is 1, as it can be applied by users --
but there’s probably not a good way to communicate that this needs
to happen.
There was some talk in IRC about grafting nss/nss-certs, but it
looks like this didn’t happen. An upgrade is the best path, but
would probably need to happen in core-updates, since this rebuilds
a large number of packages.
Thoughts on this?
Thanks,
— Ian
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fallout from recent nss-certs changes
2024-04-20 18:17 Fallout from recent nss-certs changes Ian Eure
@ 2024-04-21 8:32 ` pelzflorian (Florian Pelz)
2024-04-21 16:01 ` Ian Eure
2024-04-21 15:02 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
1 sibling, 1 reply; 6+ messages in thread
From: pelzflorian (Florian Pelz) @ 2024-04-21 8:32 UTC (permalink / raw)
To: Ian Eure; +Cc: Guix Devel, Jacob Hrbek, Maxim Cournoyer, Andrew Tropin
Hello Ian. My understanding of the nss-certs etc/news.scm item had been
that we should remove (specification->package "nss-certs"), which became
unnecessary and clutters config.scm. From what you write, this was
actually not intended, but it is still not a bug IMHO.
(I’m not involved with the change, though.)
Regards,
Florian
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fallout from recent nss-certs changes
2024-04-20 18:17 Fallout from recent nss-certs changes Ian Eure
2024-04-21 8:32 ` pelzflorian (Florian Pelz)
@ 2024-04-21 15:02 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-04-21 16:04 ` Ian Eure
1 sibling, 1 reply; 6+ messages in thread
From: Felix Lechner via Development of GNU Guix and the GNU System distribution. @ 2024-04-21 15:02 UTC (permalink / raw)
To: Ian Eure, Guix Devel; +Cc: Jacob Hrbek, Maxim Cournoyer, Andrew Tropin
Hi,
On Sat, Apr 20 2024, Ian Eure wrote:
> If an operating-system’s packages includes `(specification->package
> "nss-certs")', this causes breakage, because that form selects version
> 3.98, but %base-packages includes 3.88.1, which causes an error on the
> next `guix system reconfigure' due to conflicting package versions in
> the profile.
Why does the unversioned stringy selector (specification->package
"nss-certs") resolve to a version different from the unversioned
variable nss-certs? Is that a bug?
Kind regards
Felix
P.S. I hoped to use the word "reified" but did not know how it fit in.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fallout from recent nss-certs changes
2024-04-21 8:32 ` pelzflorian (Florian Pelz)
@ 2024-04-21 16:01 ` Ian Eure
2024-04-23 6:16 ` pelzflorian (Florian Pelz)
0 siblings, 1 reply; 6+ messages in thread
From: Ian Eure @ 2024-04-21 16:01 UTC (permalink / raw)
To: pelzflorian (Florian Pelz)
Cc: Guix Devel, Jacob Hrbek, Maxim Cournoyer, Andrew Tropin
[-- Attachment #1: Type: text/plain, Size: 593 bytes --]
The change is mentioned in the channel news, but it says nothing about needing to remove that part of the config.
On April 21, 2024 1:32:38 AM PDT, "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote:
>Hello Ian. My understanding of the nss-certs etc/news.scm item had been
>that we should remove (specification->package "nss-certs"), which became
>unnecessary and clutters config.scm. From what you write, this was
>actually not intended, but it is still not a bug IMHO.
>
>(I’m not involved with the change, though.)
>
>Regards,
>Florian
Thanks,
— Ian
[-- Attachment #2: Type: text/html, Size: 946 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fallout from recent nss-certs changes
2024-04-21 15:02 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
@ 2024-04-21 16:04 ` Ian Eure
0 siblings, 0 replies; 6+ messages in thread
From: Ian Eure @ 2024-04-21 16:04 UTC (permalink / raw)
To: Felix Lechner, Guix Devel; +Cc: Jacob Hrbek, Maxim Cournoyer, Andrew Tropin
[-- Attachment #1: Type: text/plain, Size: 924 bytes --]
No, this is not a bug. specification->package always returns the latest version of a package and has no way of knowing what variable(s) that package object is bound to.
On April 21, 2024 8:02:50 AM PDT, Felix Lechner <felix.lechner@lease-up.com> wrote:
>Hi,
>
>On Sat, Apr 20 2024, Ian Eure wrote:
>
>> If an operating-system’s packages includes `(specification->package
>> "nss-certs")', this causes breakage, because that form selects version
>> 3.98, but %base-packages includes 3.88.1, which causes an error on the
>> next `guix system reconfigure' due to conflicting package versions in
>> the profile.
>
>Why does the unversioned stringy selector (specification->package
>"nss-certs") resolve to a version different from the unversioned
>variable nss-certs? Is that a bug?
>
>Kind regards
>Felix
>
>P.S. I hoped to use the word "reified" but did not know how it fit in.
Thanks,
— Ian
[-- Attachment #2: Type: text/html, Size: 1456 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fallout from recent nss-certs changes
2024-04-21 16:01 ` Ian Eure
@ 2024-04-23 6:16 ` pelzflorian (Florian Pelz)
0 siblings, 0 replies; 6+ messages in thread
From: pelzflorian (Florian Pelz) @ 2024-04-23 6:16 UTC (permalink / raw)
To: Ian Eure; +Cc: Guix Devel, Jacob Hrbek, Maxim Cournoyer, Andrew Tropin
Ian Eure <ian@retrospec.tv> writes:
> The change is mentioned in the channel news, but it says nothing about
> needing to remove that part of the config.
You are right; I have added more explicit instructions as commit
e5c0ea22e68cc8d6f99957295bc9198afb8455df.
Users should see it when they guix pull again.
Regards,
Florian
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-04-23 6:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-20 18:17 Fallout from recent nss-certs changes Ian Eure
2024-04-21 8:32 ` pelzflorian (Florian Pelz)
2024-04-21 16:01 ` Ian Eure
2024-04-23 6:16 ` pelzflorian (Florian Pelz)
2024-04-21 15:02 ` Felix Lechner via Development of GNU Guix and the GNU System distribution.
2024-04-21 16:04 ` Ian Eure
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.