From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geerinckx-Rice Subject: Re: Guix and clamav, freshclam doesn't dowload Date: Fri, 03 Apr 2020 18:25:38 +0200 Message-ID: <87d08o4juw.fsf@nckx> References: <86090f22-76ad-47c5-a2d8-cbb12e786bc8@localhost> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:36893) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jKP8a-0008A0-QS for help-guix@gnu.org; Fri, 03 Apr 2020 12:25:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jKP8Y-0001So-EU for help-guix@gnu.org; Fri, 03 Apr 2020 12:25:43 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:57262) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jKP8X-0001MA-Un for help-guix@gnu.org; Fri, 03 Apr 2020 12:25:42 -0400 Received: by tobias.gr (OpenSMTPD) with ESMTP id ac8c02c1 for ; Fri, 3 Apr 2020 16:25:38 +0000 (UTC) Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id d8840251 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Fri, 3 Apr 2020 16:25:38 +0000 (UTC) In-reply-to: <86090f22-76ad-47c5-a2d8-cbb12e786bc8@localhost> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane-mx.org@gnu.org Sender: "Help-Guix" To: help-guix@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable =E7=99=BD=E3=81=84=E7=86=8A, =E7=99=BD=E3=81=84=E7=86=8A =E5=86=99=E9=81=93=EF=BC=9A > Now, running freshclam, I get: > > ClamAV update process started at Fri Apr 3 14:28:23 2020 > daily database available for download (remote version: 25770) > WARNING: Download failed (60) WARNING: Message: SSL peer=20 > certificate or SSH remote key was not OK This means that (lib)curl couldn't local trust store against which=20 to verify the server's certificate. freshclam uses libcurl to download files, and the libcurl authors=20 have for better or worse decreed that every user has to take care=20 of pointing libcurl to the local store (instead of honouring=20 CURL_CA_BUNDLE in the library). On most systems this isn't a problem because the default (/etc/=E2=80=A6)=20 location exists. Not so on Guix: we rely entirely on=20 CURL_CA_BUNDLE being set to the correct location in /gnu/store. Let's see how we can patch freshclam to point libcurl in the right=20 direction=E2=80=A6 Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfo+u0AlEeO9y5k0W2Imw8BjFSTwFAl6HY4IACgkQ2Imw8BjF STwVVA//WVosnDGPd3Ixtj4NKMA3pnnUanQnqVv+zTgm6i5DV+3HoexbYI0ZYt23 fFhVr2mFuaDDTYL4CwlfDb8fuGwxIu1ACAOLgXLuIXI3tpSBL6+lgawDy/LGmJEU zyZpAs3fIHqpIhA9jxrHkLI8PC4EjCf/svRDHf6vmOh0d2rjQJIRNpPla8cuQze2 rhADQEY+3Zbjvk7LFsiccMdIYF6c04PzJk7Zfp2fH+TeHRd/kItKjlayjxvToQTm stkptaEhmeGKZ+obBJbethcqsyeyga8VDiNwYq/vDeNqr+YQ+LuI8HTCtbvqP4Gr 3sjphWQnLZ3knlko60R4XmT01TXYN59aQmwHG1lSqf67+6+HW6GVdGjp2r96xneP sN4hw+WYTCDjgQ0cMQH54EoEAR2Di3PdPOwIHMtgdV2qgSUN5uBEFSnLepggrkzH yugC0nQrpE3atwiWqt3THD1Z7Nub8s+HUBVDHKlSPFC5f9tkmTSW4hzlVC51a3a6 TYUG3+XZAfpDABGTWWVOkhTh03kTJtnA9QM4hUccXlicw8phoqviQJG4P88/U02J 5GKGr4Eyvm7r6sjggaF4WDH1/46xxFHMXlwVVCPkYydioKfrdZudR5Zas8LTMOEW quh2A6GVbE1fks/GA0w4KCa8dbxSnR35xSo4twHMGQuqfzsG3Ck= =cxtx -----END PGP SIGNATURE----- --=-=-=--