GNU logs - #46779, boring messages

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates
Resent-From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 25 Feb 2021 20:04:01 +0000
Resent-Message-ID: <handler.46779.B.161428339720331 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 46779
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 46779 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix <bug-guix@HIDDEN>
Received: via spool by submit <at> debbugs.gnu.org id=B.161428339720331
          (code B ref -1); Thu, 25 Feb 2021 20:04:01 +0000
Received: (at submit) by debbugs.gnu.org; 25 Feb 2021 20:03:17 +0000
Received: from localhost ([127.0.0.1]:39422 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lFMqy-0005Hq-7S
	for submit <at> debbugs.gnu.org; Thu, 25 Feb 2021 15:03:17 -0500
Received: from lists.gnu.org ([209.51.188.17]:47622)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1lFMqt-0005Hf-JY
 for submit <at> debbugs.gnu.org; Thu, 25 Feb 2021 15:03:14 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:39002)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1lFMqr-0006l9-Ep
 for bug-guix@HIDDEN; Thu, 25 Feb 2021 15:03:11 -0500
Received: from mail-qv1-xf34.google.com ([2607:f8b0:4864:20::f34]:41330)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1lFMqm-0003Ww-Kl
 for bug-guix@HIDDEN; Thu, 25 Feb 2021 15:03:09 -0500
Received: by mail-qv1-xf34.google.com with SMTP id t1so2399454qvj.8
 for <bug-guix@HIDDEN>; Thu, 25 Feb 2021 12:03:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:mime-version;
 bh=o4cLOgSeiiQvFPzwCgDtA6ua743sv22x9+SRjzHfEX4=;
 b=XZSmZDNUR2PJrC9wXFo6HhFk413WzW8mgdshWsLGB8H/ZDWGYQe2jCYP1cc2tTQeGP
 7wctLgiCkyyUMzifvS9KbX/vg48ofTbVzzLvuUPuloNzhW/DYo4/1AUVWFNXLQ7yNqbg
 05nGbOKkr2sE4t3KpqNYMZsvMZRVPgwuMRctpF71rri+Kayt7F//v8gzuIUrmXFJ0uJe
 FeScd64zsBkyFluTJTsJ19sSSP1Shu/xgtKCyBJEmAsDSTsbggv9R0WwytRLghAy/nP2
 aA4YWUHYUo5TRbbEmtdLABrQ/PNSpRQgm6RiQPjH8EppB5YSxQQ7csXi9Ros4+9gCNNx
 Atig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=o4cLOgSeiiQvFPzwCgDtA6ua743sv22x9+SRjzHfEX4=;
 b=Ak8FWKUNcBK1ZNmRSjQ3A6gZDjXDB5By1qOhnNWokh2ORaKuMi6RQz8lVWwkOgSB8z
 pDFzxDUFzdgM+wV05Ocmvt1Zp2pRzVOMPXkjuzNM6HdXY2740IqA2FeVF13dx7h8ZDsT
 mm535WTQJrUNxknA36xWLK4LTq0cjTWN0i0lHGTECkbjnOMaq8TGXTmopj8ZdWx6P1Q1
 X0STKMPoSP4paDzQLtnCDEM+aaDClNBdmrTOmBKNbmsb1jJQwzFrcouosC8W42opjZZ6
 +6fbuBuFCVpJ+zyrbhWtnIUp1ejqNYpnQcs094n/3X9MfcT5m/52zpRaR18pzwu7PXV4
 7v2w==
X-Gm-Message-State: AOAM532ULbhs1K8rJVJktrltMzbJYhWGagXvAsTOcCtIixIEwIMNMlDk
 WejqkfjlGEUq5AHNdgRbYFoT2b41lPjTaw==
X-Google-Smtp-Source: ABdhPJwqOdqC4mKqvFKu8p6UlxmvLSO8/iNwhOS47GyiElfKjF/7/D7+kiVBPXrP8HaEHYyq+r2RXA==
X-Received: by 2002:a05:6214:118d:: with SMTP id
 t13mr4442062qvv.33.1614283383129; 
 Thu, 25 Feb 2021 12:03:03 -0800 (PST)
Received: from hurd (dsl-10-130-102.b2b2c.ca. [72.10.130.102])
 by smtp.gmail.com with ESMTPSA id q204sm4786276qka.84.2021.02.25.12.03.02
 for <bug-guix@HIDDEN>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 25 Feb 2021 12:03:02 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Date: Thu, 25 Feb 2021 15:03:01 -0500
Message-ID: <87im6f9aq2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=2607:f8b0:4864:20::f34;
 envelope-from=maxim.cournoyer@HIDDEN; helo=mail-qv1-xf34.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Hello,

Consider this:

$ guix environment --container --network -E SSL --expose=$SSL_CERT_FILE
--expose=$SSL_CERT_DIR --ad-hoc wget -- wget https://gnu.org

It works on a Guix System, but fails on a foreign distribution, even in
a profile where nss-certs were installed and with the above SSL
environment value properly set.

This is because GnuTLS, which wget uses, looks up the certificates under
the /etc/ssl/certs hard-coded location.  On Guix System, the
SSL_CERT_FILE is set to /etc/ssl/certs/ca-certificates.crt, which
explains why it works there.

We should patch GnuTLS so that it also honors the SSL_* environment
variables documented in the Guix manual.

Maxim

Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: bug#46779: Acknowledgement (GnuTLS uses the hard-coded
 /etc/ssl/certs location for TLS certificates)
Message-ID: <handler.46779.B.161428339720331.ack <at> debbugs.gnu.org>
References: <87im6f9aq2.fsf@HIDDEN>
X-Gnu-PR-Message: ack 46779
X-Gnu-PR-Package: guix
Reply-To: 46779 <at> debbugs.gnu.org
Date: Thu, 25 Feb 2021 20:04:01 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 46779 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
46779: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D46779
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 01 Mar 2021 09:56:02 +0000
Resent-Message-ID: <handler.46779.B46779.161459250417064 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 46779
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Cc: 46779 <at> debbugs.gnu.org
Received: via spool by 46779-submit <at> debbugs.gnu.org id=B46779.161459250417064
          (code B ref 46779); Mon, 01 Mar 2021 09:56:02 +0000
Received: (at 46779) by debbugs.gnu.org; 1 Mar 2021 09:55:04 +0000
Received: from localhost ([127.0.0.1]:48138 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lGfGa-0004RA-2l
	for submit <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:55:04 -0500
Received: from eggs.gnu.org ([209.51.188.92]:45792)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lGfGY-0004Qe-M2
 for 46779 <at> debbugs.gnu.org; Mon, 01 Mar 2021 04:55:03 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:41937)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lGfGT-0002Op-DZ; Mon, 01 Mar 2021 04:54:57 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50280 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1lGfGS-00027Z-Ua; Mon, 01 Mar 2021 04:54:57 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87im6f9aq2.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 11 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 01 Mar 2021 10:54:55 +0100
In-Reply-To: <87im6f9aq2.fsf@HIDDEN> (Maxim Cournoyer's message of "Thu, 25
 Feb 2021 15:03:01 -0500")
Message-ID: <87y2f7td00.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> skribis:

> We should patch GnuTLS so that it also honors the SSL_* environment
> variables documented in the Guix manual.

Note that (1) the SSL_* variables are originally from OpenSSL, and (2)
GnuTLS developers made the conscious decision to not honor any
environment variable, leaving it up to application developers to do
that.

That=E2=80=99s the reason we are in this situation.  See the thread at
<https://lists.gnu.org/archive/html/guix-devel/2014-02/msg00237.html>.

Now, I agree it=E2=80=99s inconvenient for those applications that don=E2=
=80=99t do
anything.  Perhaps we should check if it=E2=80=99s reasonable to report it
upstream when we encounter such issues, or if there=E2=80=99s just too many=
 of
them?

Thanks,
Ludo=E2=80=99.
Last modified: Mon, 1 Mar 2021 10:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.