bug#33272: guix refresh/download backtrace error when missing nss-certs

[swedebugia]

In a qemu VM based on the image for 0.15 and pulled once I get:

address@hidden ~$ git clone https://git.savannah.gnu.org/git/guix.git test
Cloning into 'test'...
fatal: unable to access 'https://git.savannah.gnu.org/git/guix.git/': 
Problem with the SSL CA cert (path? access rights?)

fails nicely in contrast to:

address@hidden ~$ guix refresh artanis
Backtrace:
          13 (primitive-load "/home/sdb/.config/guix/current/bin/guix")
In guix/ui.scm:
  1578:12 12 (run-guix-command _ . _)
In ice-9/boot-9.scm:
    829:9 11 (catch srfi-34 #<procedure 28dd540 at guix/ui.scm:610:…> …)
    829:9 10 (catch system-error #<procedure 262fe10 at guix/script…> …)
In guix/scripts/refresh.scm:
   449:12  9 (_)
In srfi/srfi-1.scm:
    640:9  8 (for-each #<procedure 28e3f20 at guix/scripts/refresh.…> …)
In guix/scripts/refresh.scm:
    236:2  7 (check-for-package-update #<package address@hidden gn…> …)
In guix/gnu-maintenance.scm:
   472:21  6 (latest-gnu-release _)
   457:16  5 (_)
In ice-9/boot-9.scm:
    829:9  4 (catch srfi-34 #<procedure 262fdc0 at guix/http-client…> …)
In guix/http-client.scm:
   182:20  3 (_)
    88:25  2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # …)
In guix/build/download.scm:
    398:4  1 (open-connection-for-uri _ #:timeout _ # _)
    296:6  0 (tls-wrap #<closed: file 2641c40> _ # _)

guix/build/download.scm:296:6: In procedure tls-wrap:
X.509 certificate of 'ftp.gnu.org' could not be verified:
  signer-not-found
  invalid


I suggest we change it to fail nicely. I am willing to create a patch. 
Would somebody be willing to mentor me?

As a start:

How do I check if nss-certs is installed?

This is the first thing we should do when handling https-URIs

(define tls-wrap is a quite complicated procedure, maybe an extra (if at 
the body (of the let) will do?

something like

(if package-available? nss-certs

    true; continue

    false-> error nicely

--
Cheers
Swedebugia