From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Errors Linting Package Definition for New
	Package	ruby-net-http-digest-auth
Date: Sat, 12 Nov 2016 14:50:56 +0100
Message-ID: <878tsoolhb.fsf@gnu.org>
References: <CALjrZwbY8ESoJSj9mdXeL9ES-W2T7V78qMikWL-tL-JOuf=dig@mail.gmail.com>
	<20161108213940.GA23513@jasmine>
	<8760ntc24j.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33441)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1c5Yi0-0001Na-Rc
	for guix-devel@gnu.org; Sat, 12 Nov 2016 08:51:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1c5Yhw-0005Gv-0Z
	for guix-devel@gnu.org; Sat, 12 Nov 2016 08:51:04 -0500
In-Reply-To: <8760ntc24j.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	(Marius Bakke's message of "Fri, 11 Nov 2016 18:17:32 +0000")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: guix-devel@gnu.org, Frederick Muriithi <fredmanglis@gmail.com>

Marius Bakke <mbakke@fastmail.com> skribis:

>>> guix/build/download.scm:383:6: In procedure tls-wrap:
>>> guix/build/download.scm:383:6: X.509 certificate of 'static.nvd.nist.go=
v' could not be verified:
>>>   signer-not-found
>>>   invalid
>
> That's interesting, I have a similar problem after rebuilding my GuixSD
> system from latest git and rebooting. The substituter consistently fails
> to verify mirror.hydra.gnu.org. Passing --no-substitutes works, however.
>
> substitute: Backtrace:
> substitute: In ice-9/boot-9.scm:
> substitute:  157: 9 [catch #t #<catch-closure 187c840> ...]
> substitute: In unknown file:
> substitute:    ?: 8 [apply-smob/1 #<catch-closure 187c840>]
> substitute: In ice-9/boot-9.scm:
> substitute:   63: 7 [call-with-prompt prompt0 ...]
> substitute: In ice-9/eval.scm:
> substitute:  432: 6 [eval # #]
> substitute: In ice-9/boot-9.scm:
> substitute: 2401: 5 [save-module-excursion #<procedure 1899940 at ice-9/b=
oot-9.scm:4045:3 ()>]
> substitute: 4050: 4 [#<procedure 1899940 at ice-9/boot-9.scm:4045:3 ()>]
> substitute: 1724: 3 [%start-stack load-stack ...]
> substitute: 1729: 2 [#<procedure 18b1ea0 ()>]
> substitute: In unknown file:
> substitute:    ?: 1 [primitive-load "/gnu/store/84favpg3n9wxx3sv7v3sd6y0s=
8722p35-guix-0.11.0-1.324a/bin/.guix-real"]
> substitute: In guix/ui.scm:
> substitute: 1220: 0 [run-guix-command substitute "--query"]
> substitute:=20
> substitute: guix/ui.scm:1220:8: In procedure run-guix-command:
> substitute: guix/ui.scm:1220:8: X.509 certificate of 'mirror.hydra.gnu.or=
g' could not be verified:
> substitute:   signer-not-found
> substitute:   invalid
> substitute:=20
> guix package: error: build failed: substituter `substitute' died unexpect=
edly
>
> Rebuilding Guix from source did not help, but booting into an older
> generation works. I'm guessing the daemon needs SSL_CERT_DIR, or call
> `guix download` without verifying TLS certificates.

Oh, I had overlooked that, indeed.

I=E2=80=99ll disable certificate verification in =E2=80=98guix substitute=
=E2=80=99: it doesn=E2=80=99t
provide any additional guarantee since we authenticate narinfos and
nars.

Done in commits 166ba5b10207f44360e218d9e3f00772d09bc7cd and
998f9ac56df6c8cc2ca383c0309f394b262d7f6a.

You should now be able to reconfigure GuixSD with --no-substitute to get
the fix.

Thank you!

Ludo=E2=80=99.