From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst. Date: Sun, 28 Aug 2016 21:34:08 +0000 Message-ID: <87y43g60j3.fsf@we.make.ritual.n0.is> References: <87y43ksj47.fsf@we.make.ritual.n0.is> <87h9a4y5ck.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39558) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1be7iZ-0000ot-Lm for guix-devel@gnu.org; Sun, 28 Aug 2016 17:34:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1be7iX-0005Sn-EG for guix-devel@gnu.org; Sun, 28 Aug 2016 17:34:14 -0400 In-Reply-To: <87h9a4y5ck.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Hi, Ludovic Courtès writes: > ng0 skribis: > >> First things first: Corrections will happen, this is not what I ask >> for. I need help with getting pbpst (which just uses curl for this) to >> learn about the certificates on the system. > > [...] > >> + (modify-phases %standard-phases >> + (replace 'configure >> + (lambda _ >> + (substitute* "Makefile" >> + (("@./make.sh") "") >> + ;; XXX: Because this is a drop-in replacement build system, there are >> + ;; some unexplainable special behaviors introduced. One of them is that >> + ;; building pbpst binary out to ../dist/pbpst fails, but inside cwd >> + ;; "src/" succeeds. I blame dark matter. Fix this if you feel the >> + ;; desire for a headache. >> + (("dist/\\$\\(PROGNM\\)") "src/$(PROGNM)") >> + (("src/\\$\\(PROGNM\\)\\.1") "dist/$(PROGNM).1")) >> + (substitute* "Tuprules.tup" >> + (("`git describe --long --tags`") ,version)))) >> + ;;(setenv "SSL_CERT_FILE" "/dev/null"))) ; I have no idea. >> + ;;(setenv "SSL_CERT_DIR" "/etc/ssl/certs") >> + ;;(setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt"))) > > I’m not sure what problem you’re experiencing here. A build environment + log can be viewed at https://dl.n0.is/debug/ or https://tor.n0.is for the onion (we are working on getting a .gnu for gnunet access). > However, note that the build environment lacks /etc/ssl as discussed here: > > https://www.gnu.org/software/guix/manual/html_node/Build-Environment-Setup.html#index-chroot That is the build environment, the problem appears after the build. The application itselfs just uses curl and the abilities of curl I was assured by the developer, so there has to be something, but as I never encountered this before on Guix I don't know where to start. strace wasn't insightful either, neither gdb. > The ‘nss-certs’ package provides X.509 certificates: > > https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html I commented nss-certs, enabled or disabled it made no difference to the resulting binary. > HTH! > > Ludo’. Thanks for the feedback, -- ng0 For non-prism friendly talk find me on http://www.psyced.org