From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Allan Webber Subject: Re: `guix pull` over HTTPS Date: Fri, 10 Feb 2017 12:55:22 -0600 Message-ID: <87d1eplvtx.fsf@dustycloud.org> References: <20170209155512.GA11291@jasmine> <20170210003054.GA12412@jasmine> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33907) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccGLv-0001Zl-QU for guix-devel@gnu.org; Fri, 10 Feb 2017 13:55:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccGLv-0000VH-1J for guix-devel@gnu.org; Fri, 10 Feb 2017 13:55:27 -0500 Received: from dustycloud.org ([2600:3c02::f03c:91ff:feae:cb51]:34900) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ccGLu-0000Ud-SX for guix-devel@gnu.org; Fri, 10 Feb 2017 13:55:26 -0500 In-reply-to: <20170210003054.GA12412@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari writes: > On Thu, Feb 09, 2017 at 04:55:12PM +0100, Leo Famulari wrote: >> Does anyone have any specific concerns or advice about changing the >> value of %snapshot-url in (guix scripts pull) to use the HTTPS URL? >> Should the change be that simple, or should we do more? > > While testing, I realized that an X.509 certificate store is not a > standard feature of GuixSD, so using Savannah's HTTPS URL will not work > in all cases. Maybe it should become standard? > SSL_CERT_FILE and SSL_CERT_DIR appear to be set unconditionally in (gnu > system operating-system-environment-variables), so it's not enough to > test that they are set in order to decide which protocol to download the > Guix source code with. > > Any advice on how to proceed?