From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: pypi import certs issues
Date: Wed, 21 Mar 2018 21:27:55 -0400
Message-ID: <87sh8sew6c.fsf@netris.org>
References: <20180319132454.zf7xp3eblw3y4fe7@abyayala>
	<878taouhw5.fsf@gnu.org> <20180319174829.td7a64f3hjokb4fs@abyayala>
	<87zi32iu5g.fsf@gnu.org> <20180320174523.suhvrlijk5o3vbwp@abyayala>
	<87o9jhav5v.fsf@elephly.net> <87woy4ews8.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58313)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1eyp26-0001Fm-AH
	for guix-devel@gnu.org; Wed, 21 Mar 2018 21:28:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1eyp21-0000az-KQ
	for guix-devel@gnu.org; Wed, 21 Mar 2018 21:28:46 -0400
Received: from world.peace.net ([50.252.239.5]:49500)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mhw@netris.org>) id 1eyp21-0000Zy-Ff
	for guix-devel@gnu.org; Wed, 21 Mar 2018 21:28:41 -0400
In-Reply-To: <87woy4ews8.fsf@netris.org> (Mark H. Weaver's message of "Wed, 21
	Mar 2018 21:14:47 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel@gnu.org, ng0 <ng0@n0.is>

Mark H Weaver <mhw@netris.org> writes:

> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> ng0 <ng0@n0.is> writes:
>>
>>> Continuing thought: Why is ~/.guix-profile/etc/ssl/certs/
>>> empty? I assume it is just for user-space (space=3Dprofile in my
>>> line of thought here) certificates which are not global?
>
> Yes, that's right.
>
>> Which of the packages in your profile provides this directory?  What
>> does =E2=80=9Creadlink=E2=80=9D tell you?
>
> The directory is created by the 'ca-certificate-bundle' profile hook in
> (guix profiles), whose purpose is to create a single-file certificate
> bundle in ../etc/ssl/certs/ca-certificates.crt containing all of the
> certs from all of the certificate packages included in the profile.

Hmm, although it looks like that profile hook shouldn't ever create the
etc/ssl/crts directory without also creating the ca-certificates.crt
file within it.  In this case I guess some other package must have
created that directory, so I'm also curious to see the output of the
following commands:

  readlink ~/.guix-profile/etc
  readlink ~/.guix-profile/etc/ssl
  readlink ~/.guix-profile/etc/ssl/certs

      Mark