--- Begin Message ---
Subject: |
Download code should honor /etc/ssl/certs/*.crt |
Date: |
Mon, 18 Nov 2019 10:29:06 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hello,
Some distros such as CentOS 7 with its ‘ca-certificates’ package provide
nothing but a certificate bundle in /etc/ssl:
--8<---------------cut here---------------start------------->8---
$ ls -l /etc/ssl/certs/
total 12
lrwxrwxrwx. 1 root root 49 8 nov. 16:44 ca-bundle.crt ->
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 8 nov. 16:44 ca-bundle.trust.crt ->
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rwxr-xr-x. 1 root root 610 30 oct. 2018 make-dummy-cert
-rw-r--r--. 1 root root 2516 30 oct. 2018 Makefile
-rwxr-xr-x. 1 root root 829 30 oct. 2018 renew-dummy-cert
--8<---------------cut here---------------end--------------->8---
As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, ‘guix download’ &
co. (anything that relies on (guix build download)) fail because they
looks for /etc/ssl/certs/*.pem by default and there’s no such file.
Thanks,
Ludo’.
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#38254: Download code should honor /etc/ssl/certs/*.crt |
Date: |
Mon, 18 Nov 2019 12:21:38 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Ludovic Courtès <address@hidden> skribis:
> Some distros such as CentOS 7 with its ‘ca-certificates’ package provide
> nothing but a certificate bundle in /etc/ssl:
>
> $ ls -l /etc/ssl/certs/
> total 12
> lrwxrwxrwx. 1 root root 49 8 nov. 16:44 ca-bundle.crt ->
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> lrwxrwxrwx. 1 root root 55 8 nov. 16:44 ca-bundle.trust.crt ->
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> -rwxr-xr-x. 1 root root 610 30 oct. 2018 make-dummy-cert
> -rw-r--r--. 1 root root 2516 30 oct. 2018 Makefile
> -rwxr-xr-x. 1 root root 829 30 oct. 2018 renew-dummy-cert
>
> As of commit 9c9982dc0c8c38ce3821b154b7e92509c1564317, ‘guix download’ &
> co. (anything that relies on (guix build download)) fail because they
> looks for /etc/ssl/certs/*.pem by default and there’s no such file.
Fixed in 0d78d0f09c10f5c7a25ac2ab4da4197913cd3321.
Ludo'.
--- End Message ---