'guix publish' file name decoding is locale-dependent

Done

Details

3 participants

Ludovic Courtès
Maxim Cournoyer
Mark H Weaver

Owner: unassigned

Submitted by: Maxim Cournoyer

Severity: important

Maxim Cournoyer wrote on 16 May 2017 07:19

gnutls errors on multiple guix commands

Recipients:(name . bug-guix)(address . bug-guix@gnu.org)

Message-ID:8737c51e6r.fsf@gmail.com

Hello Guix!

This problem has been ongoing for some time. It prevents me from using

things such as "guix lint" or "guix import" (seems to be related to

certs and gnutls). I thought a guix system reconfigure (I'm on GuixSD)

would fix it but it hasn't, even after rebooting the system.

It is reminiscent of bug#25200, but there doesn't appear to be any

dangling symlinks this time around.

The nss-certs package is present in my operating system declaration, and

the /etc/ssl/certs directory is populated ('/etc/ssl' is a symbolic link

pointing to /run/current-system/profile/etc/ssl).

SSL_CERT_DIR is set to "/etc/ssl/certs"

SSL_CERT_FILE is set to "/etc/ssl/certs/ca-certificates.crt"

A couple examples of how things break:

* guix lint

Toggle snippet (27 lines)guix lint emacs
Backtrace:macs@25.2 [cve]...
           9 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
In guix/ui.scm:
   1257:8  8 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    640:9  7 (for-each #<procedure 183c060 at guix/scripts/lint.scm&> &)
In guix/scripts/lint.scm:
    982:4  6 (run-checkers _ _)
In srfi/srfi-1.scm:
    640:9  5 (for-each #<procedure 1f252a0 at guix/scripts/lint.scm&> &)
In guix/scripts/lint.scm:
    805:4  4 (check-vulnerabilities _)
    800:9  3 (_ _)
In unknown file:
           2 (force #<promise #<procedure 7f1db4d41f88 at guix/scrip&>)
In guix/scripts/lint.scm:
   789:24  1 (_)
In ice-9/boot-9.scm:
    837:9  0 (catch srfi-34 #<procedure 7f1db4d4d3a8 at guix/script&> &)

ice-9/boot-9.scm:837:9: In procedure catch:
ice-9/boot-9.scm:837:9: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

* Using guix import

Toggle snippet (31 lines)guix import pypi flask-migrate
Backtrace:
          12 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
In guix/ui.scm:
   1257:8 11 (run-guix-command _ . _)
In guix/scripts/import.scm:
   114:11 10 (guix-import . _)
In guix/scripts/import/pypi.scm:
    84:19  9 (guix-import-pypi . _)
In guix/import/pypi.scm:
   279:17  8 (pypi->guix-package _)
In ice-9/boot-9.scm:
    837:9  7 (catch srfi-34 #<procedure 29a3300 at guix/import/json&> &)
In guix/import/json.scm:
    32:17  6 (_)
In guix/http-client.scm:
   239:25  5 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ # &)
In guix/build/download.scm:
    520:4  4 (open-connection-for-uri _ #:timeout _ # _)
   391:34  3 (tls-wrap #<input-output: socket 14> "pypi.python.org" # &)
    308:4  2 (make-credendials-with-ca-trust-files _)
In srfi/srfi-1.scm:
    640:9  1 (for-each #<procedure 29a9680 at guix/build/download.s&> &)
In unknown file:
           0 (set-certificate-credentials-x509-trust-file! #<certif&> &)

ERROR: In procedure set-certificate-credentials-x509-trust-file!:
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

* Using lint from emacs-guix

Toggle snippet (23 lines)scheme@(guile-user)> ,m (emacs-guix)
scheme@(emacs-guix)> (guix-command "lint" "grub")
;;; Failed to autoload make-session in (gnutls):
;;; ERROR: missing interface for module (gnutls)
guix/scripts/lint.scm:466:16: In procedure validate-uri:
guix/scripts/lint.scm:466:16: In procedure module-lookup: Unbound variable: make-session

Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
scheme@(emacs-guix) [1]> ,bt
In ice-9/boot-9.scm:
    837:9  5 (catch quit #<procedure 1eeb960 at emacs-guix/commands.scm:51:4 ()> #<procedure 1eeb940 at ice-9/boot-9.scm:1057:2 _> _)
In guix/ui.scm:
   1257:8  4 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    640:9  3 (for-each #<procedure 1eeb7e0 at guix/scripts/lint.scm:1075:20 (spec)> ("grub"))
In guix/scripts/lint.scm:
    982:4  2 (run-checkers #<package grub@2.02 gnu/packages/bootloaders.scm:64 3352540> _)
In srfi/srfi-1.scm:
    640:9  1 (for-each #<procedure 39fb4c0 at guix/scripts/lint.scm:982:14 (checker)> _)
In guix/scripts/lint.scm:
   466:16  0 (validate-uri #<<uri> scheme: https userinfo: #f host: "www.gnu.org" port: #f path: "/software/grub/" query: #f fragment: #f> #<package grub@2.02 g&> &)

Any pointer welcome.

Maxim

Ludovic Courtès wrote on 17 May 2017 14:56

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 26948@debbugs.gnu.org)

Message-ID:87shk3y74g.fsf@gnu.org

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (44 lines)> This problem has been ongoing for some time. It prevents me from using
> things such as "guix lint" or "guix import" (seems to be related to
> certs and gnutls). I thought a guix system reconfigure (I'm on GuixSD)
> would fix it but it hasn't, even after rebooting the system.
>
> It is reminiscent of bug#25200, but there doesn't appear to be any
> dangling symlinks this time around.
>
> The nss-certs package is present in my operating system declaration, and
> the /etc/ssl/certs directory is populated ('/etc/ssl' is a symbolic link
> pointing to /run/current-system/profile/etc/ssl).
>
> SSL_CERT_DIR is set to "/etc/ssl/certs"
> SSL_CERT_FILE is set to "/etc/ssl/certs/ca-certificates.crt"
>
>
> A couple examples of how things break:
>
> * guix lint
>
> guix lint emacs
> Backtrace:macs@25.2 [cve]...
>            9 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
> In guix/ui.scm:
>    1257:8  8 (run-guix-command _ . _)
> In srfi/srfi-1.scm:
>     640:9  7 (for-each #<procedure 183c060 at guix/scripts/lint.scm&> &)
> In guix/scripts/lint.scm:
>     982:4  6 (run-checkers _ _)
> In srfi/srfi-1.scm:
>     640:9  5 (for-each #<procedure 1f252a0 at guix/scripts/lint.scm&> &)
> In guix/scripts/lint.scm:
>     805:4  4 (check-vulnerabilities _)
>     800:9  3 (_ _)
> In unknown file:
>            2 (force #<promise #<procedure 7f1db4d41f88 at guix/scrip&>)
> In guix/scripts/lint.scm:
>    789:24  1 (_)
> In ice-9/boot-9.scm:
>     837:9  0 (catch srfi-34 #<procedure 7f1db4d4d3a8 at guix/script&> &)
>
> ice-9/boot-9.scm:837:9: In procedure catch:
> ice-9/boot-9.scm:837:9: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

So the problem here is that $SSL_CERT_DIR or $SSL_CERT_FILE is

unreadable for some reason. Could you ‘strace’ it to see exactly which

file cannot be opened and why?

However, I cannot reproduce it with current master:

Toggle snippet (14 lines)

$ rm -rf ~/.cache/guix/cve

$ SSL_CERT_FILE=/sdfsfd SSL_CERT_DIR=/sdfs guix lint emacs

gnu/packages/emacs.scm:99:2: emacs@25.2: TLS certificate error: ERROR: X.509 certificate of 'www.gnu.org' could not be verified:

signer-not-found

invalid

guix lint: warning: TLS certificate error: ERROR: X.509 certificate of 'static.nvd.nist.gov' could not be verified:

signer-not-found

invalid

guix lint: warning: assuming no CVE vulnerabilities

This is the same story for the other ones.

Essentially, this code from (guix build download):

  (define (make-credendials-with-ca-trust-files directory)
    "Return certificate credentials with X.509 authority certificates read from
  DIRECTORY.  Those authority certificates are checked when
  'peer-certificate-status' is later called."
    (let ((cred  (make-certificate-credentials))
          (files (or (scandir directory
                              (lambda (file)
                                (string-suffix? ".pem" file)))
                     '())))
      (for-each (lambda (file)
                  (let ((file (string-append directory "/" file)))
                    ;; Protect against dangling symlinks.
                    (when (file-exists? file)
                      (set-certificate-credentials-x509-trust-file!
                       cred file
                       x509-certificate-format/pem))))
                (or files '()))
      cred))

seems to select a FILE that passes ‘file-exists?’ but that cannot be
read by ‘set-certificate-credentials-x509-trust-file!’.  I think that
can happen with unreadable files (EPERM), though I can’t reproduce it.

The ‘strace’ output should help us figure out what’s going on.

Thanks,
Ludo’.

Maxim Cournoyer wrote on 25 May 2017 09:26

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26948@debbugs.gnu.org)

Message-ID:8737btieie.fsf@gmail.com

Hi Ludovic!

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (101 lines)> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> This problem has been ongoing for some time. It prevents me from using
>> things such as "guix lint" or "guix import" (seems to be related to
>> certs and gnutls). I thought a guix system reconfigure (I'm on GuixSD)
>> would fix it but it hasn't, even after rebooting the system.
>>
>> It is reminiscent of bug#25200, but there doesn't appear to be any
>> dangling symlinks this time around.
>>
>> The nss-certs package is present in my operating system declaration, and
>> the /etc/ssl/certs directory is populated ('/etc/ssl' is a symbolic link
>> pointing to /run/current-system/profile/etc/ssl).
>>
>> SSL_CERT_DIR is set to "/etc/ssl/certs"
>> SSL_CERT_FILE is set to "/etc/ssl/certs/ca-certificates.crt"
>>
>>
>> A couple examples of how things break:
>>
>> * guix lint
>>
>> guix lint emacs
>> Backtrace:macs@25.2 [cve]...
>>            9 (primitive-load "/gnu/store/80k8kz7qk9palbn0ccw7y3fgym8&")
>> In guix/ui.scm:
>>    1257:8  8 (run-guix-command _ . _)
>> In srfi/srfi-1.scm:
>>     640:9  7 (for-each #<procedure 183c060 at guix/scripts/lint.scm&> &)
>> In guix/scripts/lint.scm:
>>     982:4  6 (run-checkers _ _)
>> In srfi/srfi-1.scm:
>>     640:9  5 (for-each #<procedure 1f252a0 at guix/scripts/lint.scm&> &)
>> In guix/scripts/lint.scm:
>>     805:4  4 (check-vulnerabilities _)
>>     800:9  3 (_ _)
>> In unknown file:
>>            2 (force #<promise #<procedure 7f1db4d41f88 at guix/scrip&>)
>> In guix/scripts/lint.scm:
>>    789:24  1 (_)
>> In ice-9/boot-9.scm:
>>     837:9  0 (catch srfi-34 #<procedure 7f1db4d4d3a8 at guix/script&> &)
>>
>> ice-9/boot-9.scm:837:9: In procedure catch:
>> ice-9/boot-9.scm:837:9: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.
>
> So the problem here is that $SSL_CERT_DIR or $SSL_CERT_FILE is
> unreadable for some reason.  Could you ‘strace’ it to see exactly which
> file cannot be opened and why?
>
> However, I cannot reproduce it with current master:
>
> --8<---------------cut here---------------start------------->8---
> $ rm -rf ~/.cache/guix/cve
> $ SSL_CERT_FILE=/sdfsfd SSL_CERT_DIR=/sdfs  guix lint emacs
> gnu/packages/emacs.scm:99:2: emacs@25.2: TLS certificate error: ERROR: X.509 certificate of 'www.gnu.org' could not be verified:
>   signer-not-found
>   invalid
>
>
> guix lint: warning: TLS certificate error: ERROR: X.509 certificate of 'static.nvd.nist.gov' could not be verified:
>   signer-not-found
>   invalid
>
> guix lint: warning: assuming no CVE vulnerabilities
> --8<---------------cut here---------------end--------------->8---
>
> This is the same story for the other ones.
>
> Essentially, this code from (guix build download):
>
>   (define (make-credendials-with-ca-trust-files directory)
>     "Return certificate credentials with X.509 authority certificates read from
>   DIRECTORY.  Those authority certificates are checked when
>   'peer-certificate-status' is later called."
>     (let ((cred  (make-certificate-credentials))
>           (files (or (scandir directory
>                               (lambda (file)
>                                 (string-suffix? ".pem" file)))
>                      '())))
>       (for-each (lambda (file)
>                   (let ((file (string-append directory "/" file)))
>                     ;; Protect against dangling symlinks.
>                     (when (file-exists? file)
>                       (set-certificate-credentials-x509-trust-file!
>                        cred file
>                        x509-certificate-format/pem))))
>                 (or files '()))
>       cred))
>
> seems to select a FILE that passes ‘file-exists?’ but that cannot be
> read by ‘set-certificate-credentials-x509-trust-file!’.  I think that
> can happen with unreadable files (EPERM), though I can’t reproduce it.
>
> The ‘strace’ output should help us figure out what’s going on.
>
> Thanks,
> Ludo’.

Thanks for the explanation and the suggestion of strace. Here's the

(troncated from the point close to where the error occurs) strace:

Toggle snippet (130 lines)stat("/etc/ssl/certs/ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.pem", {st_mode=S_IFREG|0444, st_size=2939, ...}) = 0
open("/etc/ssl/certs/ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.pem", O_RDONLY) = 15
fstat(15, {st_mode=S_IFREG|0444, st_size=2939, ...}) = 0
lseek(15, 0, SEEK_CUR)                  = 0
fstat(15, {st_mode=S_IFREG|0444, st_size=2939, ...}) = 0
read(15, "# alias=\"ACCVRAIZ1\"\n# trust=CKA_"..., 4096) = 2939
read(15, "", 4096)                      = 0
close(15)                               = 0
stat("/etc/ssl/certs/ACEDICOM_Root:2.8.97.141.199.134.59.1.130.5.pem", {st_mode=S_IFREG|0444, st_size=2212, ...}) = 0
open("/etc/ssl/certs/ACEDICOM_Root:2.8.97.141.199.134.59.1.130.5.pem", O_RDONLY) = 15
fstat(15, {st_mode=S_IFREG|0444, st_size=2212, ...}) = 0
lseek(15, 0, SEEK_CUR)                  = 0
fstat(15, {st_mode=S_IFREG|0444, st_size=2212, ...}) = 0
read(15, "# alias=\"ACEDICOM Root\"\n# trust="..., 4096) = 2212

read(15, "", 4096)                      = 0
close(15)                               = 0
stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=S_IFREG|0444, st_size=2444, ...}) = 0
open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "Backtrace:\n", 11Backtrace:
)            = 11
stat("/home/maxim/src/guix-packages/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/share/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/share/guile/site/2.2/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/repl/debug.scm", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/repl/debug", 0x7ffe124af550) = -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2.2/system/repl/debug.scm", {st_mode=S_IFREG|0444, st_size=7461, ...}) = 0
stat("/home/maxim/src/guix-packages/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib/guile/2.2/site-ccache/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/repl/debug.go", 0x7ffe124af360) = -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2/ccache/system/repl/debug.go", {st_mode=S_IFREG|0444, st_size=78421, ...}) = 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2/ccache/system/repl/debug.go", O_RDONLY|O_CLOEXEC) = 15
lseek(15, 0, SEEK_END)                  = 78421
mmap(NULL, 78421, PROT_READ, MAP_PRIVATE, 15, 0) = 0x7fc6cdf14000
close(15)                               = 0
mprotect(0x7fc6cdf24000, 7112, PROT_READ|PROT_WRITE) = 0
stat("/home/maxim/src/guix-packages/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/share/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/share/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/syntax.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/syntax", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2.2/system/base/syntax.scm", {st_mode=S_IFREG|0444, st_size=13135, ...}) = 0
stat("/home/maxim/src/guix-packages/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib/guile/2.2/site-ccache/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/syntax.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2/ccache/system/base/syntax.go", {st_mode=S_IFREG|0444, st_size=86477, ...}) = 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2/ccache/system/base/syntax.go", O_RDONLY|O_CLOEXEC) = 15
lseek(15, 0, SEEK_END)                  = 86477
mmap(NULL, 86477, PROT_READ, MAP_PRIVATE, 15, 0) = 0x7fc6cdefe000
close(15)                               = 0
mprotect(0x7fc6cdf0e000, 9704, PROT_READ|PROT_WRITE) = 0
stat("/home/maxim/src/guix-packages/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/share/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/share/guile/site/2.2/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/language.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/language", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/share/guile/2.2/system/base/language.scm", {st_mode=S_IFREG|0444, st_size=3799, ...}) = 0
stat("/home/maxim/src/guix-packages/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.config/guix/latest/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/04gdnvw7k8mnpzs9ig5kwmblzvgkxm4a-guix-0.13.0-1.a6d728b/lib/guile/2.2/site-ccache/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/l2paa4ka8lglar0b778qzl7a6h2v5dzn-guile-json-0.6.0/share/guile/site/2.2/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/s6wlq1i2412xv0i57k5av2a1ir434rpv-guile-ssh-0.11.0/share/guile/site/2.2/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/fa6rba5r6m5ad1hy80ngmyc3r391lf9r-guile2.2-gnutls-3.5.9/share/guile/site/2.2/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/lib/guile/2.2/site-ccache/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/.guix-profile/share/guile/site/2.2/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/lib/guile/2.2/site-ccache/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/run/current-system/profile/share/guile/site/2.2/system/base/language.go", 0x7ffe124aefd0) = -1 ENOENT (No such file or directory)
stat("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2/ccache/system/base/language.go", {st_mode=S_IFREG|0444, st_size=74965, ...}) = 0
open("/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/guile/2.2/ccache/system/base/language.go", O_RDONLY|O_CLOEXEC) = 15
lseek(15, 0, SEEK_END)                  = 74965
mmap(NULL, 74965, PROT_READ, MAP_PRIVATE, 15, 0) = 0x7fc6cdeeb000
close(15)                               = 0
mprotect(0x7fc6cdefb000, 4408, PROT_READ|PROT_WRITE) = 0
stat("/home/maxim/src/guix-packages/system/vm/vm.scm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/maxim/src/guix-packages/system/vm/vm", 0x7ffe124af1c0) = -1 ENOENT (No such file or directory)
stat("/home/

This message was truncated. Download the full message here.

Ludovic Courtès wrote on 26 May 2017 10:56

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 26948@debbugs.gnu.org)

Message-ID:87vaoovvvz.fsf@gnu.org

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (3 lines)

> It seems that the problem is caused by the file:

> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p".

Indeed.

Toggle quote (22 lines)> The strange thing is that it shouldn't even get into the `files'
> variable since we are scanning for files ending with a ".pem" suffix.
>
> ls /etc/ssl/certs/AC*2.15.7.126*
> /etc/ssl/certs/AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
>
>
> It looks like I have a locale problem? In my operating-system
> definition, I'm using (locale "en_US.UTF-8") and the locale-definitions
> field is not set (which means it's using %DEFAULT-LOCALE-DEFINITIONS). I
> also have the following installed in my user profile:
>
> guix package -I locale
> glibc-locales   2.25    out     /gnu/store/2d97vjjx23w3bhwp4sbylwcx6l5fy8g2-glibc-locales-2.25
>
>
> Finally,
>
> set | grep LOC
> GUIX_LOCPATH=/run/current-system/locale
> XTERM_LOCALE=en_US.UTF-8

Does the ‘guix’ command say “failed to install locale”? It probably

does, which explains why it fails to decode the file name.

Strangely that file name has question marks instead of the non-ASCII

characters on my GuixSD system:

Toggle snippet (4 lines)

$ ls -l /etc/ssl/certs/*Certi*mara*

lrwxrwxrwx 8 root root 162 Jan 1 1970 '/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem' -> '/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem'

but the initial problem seems to be in nss-certs itself.

What does this report for you:

guix package -p /run/current-system/profile -I nss-cert

Toggle quote (6 lines)

> I would have liked to exercise the

> `make-credendials-with-ca-trust-files' function to debug but there's a

> `make-certificate-credentials' function called which I coudln't source

> (where does it come from? Doing C-c . u in Geiser didn't help making it

> visible, as did grepping the Guix sources for its definition)

These procedures come from (gnutls). They’re written in C.

Thanks,

Ludo’.

Mark H Weaver wrote on 28 May 2017 20:38

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87poes25dw.fsf@netris.org

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (7 lines)

> Hi Maxim,

> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

>> It seems that the problem is caused by the file:

>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p".

This reminds me of a bug that I found in the Guile binding in GnuTLS a
while ago, but forgot to report.  Maybe it's related:

In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:

  static unsigned int
  set_certificate_file (certificate_set_file_function_t set_file,
                        SCM cred, SCM file, SCM format, const char *func_name)
  #define FUNC_NAME func_name
  {
    int err;
    char *c_file;
    size_t c_file_len;
  
    gnutls_certificate_credentials_t c_cred;
    gnutls_x509_crt_fmt_t c_format;
  
    c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
    SCM_VALIDATE_STRING (2, file);
    c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
  
    c_file_len = scm_c_string_length (file);
    c_file = alloca (c_file_len + 1);
  
    (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
    c_file[c_file_len] = '\0';
  
    err = set_file (c_cred, c_file, c_format);
    if (EXPECT_FALSE (err < 0))
      scm_gnutls_error (err, FUNC_NAME);
  
    /* Return the number of certificates processed.  */
    return ((unsigned int) err);
  }

'scm_c_string_length' is inappropriately assumed to return the length
of the encoded C string in bytes, whereas it actually returns the
number of characters (code points).

This led to:

stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=S_IFREG|0444, st_size=2444, ...}) = 0
open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) = -1 ENOENT (No such file or directory)

While doing this:

mhw@jojen ~$ strace -o trace.out guix import gem rails
Backtrace:
In unknown file:
   ?: 19 [apply-smob/1 #<catch-closure 2793e20>]
In ice-9/boot-9.scm:
  66: 18 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
 432: 17 [eval # #]
In ice-9/boot-9.scm:
2412: 16 [save-module-excursion #<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
4089: 15 [#<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
1734: 14 [%start-stack load-stack ...]
1739: 13 [#<procedure 27c6b40 ()>]
In unknown file:
   ?: 12 [primitive-load "/home/mhw/guix/scripts/guix"]
In guix/ui.scm:
1255: 11 [run-guix-command import "gem" "rails"]
In guix/scripts/import.scm:
 114: 10 [guix-import "gem" "rails"]
In guix/scripts/import/gem.scm:
  84: 9 [guix-import-gem "rails"]
In guix/import/gem.scm:
 121: 8 [gem->guix-package "rails" #f]
In ice-9/boot-9.scm:
 160: 7 [catch srfi-34 #<procedure 3518440 at guix/import/json.scm:29:2 ()> ...]
In guix/import/json.scm:
  32: 6 [#<procedure 3518440 at guix/import/json.scm:29:2 ()>]
In guix/http-client.scm:
 239: 5 [loop #]
In guix/build/download.scm:
 520: 4 [open-connection-for-uri # # #f ...]
 391: 3 [tls-wrap #<input-output: socket 10> "rubygems.org" ...]
 308: 2 [make-credendials-with-ca-trust-files "/etc/ssl/certs"]
In srfi/srfi-1.scm:
 616: 1 [for-each #<procedure 351f090 at guix/build/download.scm:308:14 (file)> #]
In unknown file:
   ?: 0 [set-certificate-credentials-x509-trust-file! # ...]

ERROR: In procedure set-certificate-credentials-x509-trust-file!:
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.
mhw@jojen ~$

The problem can be worked around by using the C locale:

mhw@jojen ~$ LC_ALL=C guix import gem rails
(package
  (name "ruby-rails")
  (version "5.1.0")
  (source
    (origin
      (method url-fetch)
      (uri (rubygems-uri "rails" version))
      (sha256
        (base32
          "0cpcnrlqg1am2jfdz6pf9snh89qzbny9ikbpg3xz31qrqv9f4hyq"))))
  (build-system ruby-build-system)
  (propagated-inputs
    `(("ruby-actioncable" ,ruby-actioncable)
      ("ruby-actionmailer" ,ruby-actionmailer)
      ("ruby-actionpack" ,ruby-actionpack)
      ("ruby-actionview" ,ruby-actionview)
      ("ruby-activejob" ,ruby-activejob)
      ("ruby-activemodel" ,ruby-activemodel)
      ("ruby-activerecord" ,ruby-activerecord)
      ("ruby-activesupport" ,ruby-activesupport)
      ("bundler" ,bundler)
      ("ruby-railties" ,ruby-railties)
      ("ruby-sprockets-rails" ,ruby-sprockets-rails)))
  (synopsis
    "Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.")
  (description
    "Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity.  It encourages beautiful code by favoring convention over configuration.")
  (home-page "http://rubyonrails.org")
  (license license:expat))
mhw@jojen ~$

Maxim Cournoyer wrote on 28 May 2017 23:00

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26948@debbugs.gnu.org)

Message-ID:87o9ucu1t3.fsf@gmail.com

Hi Ludovic,

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (34 lines)> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> It seems that the problem is caused by the file:
>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p".
>
> Indeed.
>
>> The strange thing is that it shouldn't even get into the `files'
>> variable since we are scanning for files ending with a ".pem" suffix.
>>
>> ls /etc/ssl/certs/AC*2.15.7.126*
>> /etc/ssl/certs/AC_Raz_Certicmara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
>>
>>
>> It looks like I have a locale problem? In my operating-system
>> definition, I'm using (locale "en_US.UTF-8") and the locale-definitions
>> field is not set (which means it's using %DEFAULT-LOCALE-DEFINITIONS). I
>> also have the following installed in my user profile:
>>
>> guix package -I locale
>> glibc-locales   2.25    out     /gnu/store/2d97vjjx23w3bhwp4sbylwcx6l5fy8g2-glibc-locales-2.25
>>
>>
>> Finally,
>>
>> set | grep LOC
>> GUIX_LOCPATH=/run/current-system/locale
>> XTERM_LOCALE=en_US.UTF-8
>
> Does the 'guix' command say 'failed to install locale'?  It probably
> does, which explains why it fails to decode the file name.

No, it doesn't!

Toggle quote (6 lines)

> Strangely that file name has question marks instead of the non-ASCII

> characters on my GuixSD system:

> $ ls -l /etc/ssl/certs/*Certi*mara*

> lrwxrwxrwx 8 root root 162 Jan 1 1970 '/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem' -> '/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem'

Hmm. That is strange. It seems like you also have a locale problem, but

that it is handled in a way that doesn't break nss-certs?

Toggle quote (6 lines)

> but the initial problem seems to be in nss-certs itself.

> What does this report for you:

> guix package -p /run/current-system/profile -I nss-cert

It gives me:

Toggle snippet (5 lines)

$ guix package -p /run/current-system/profile -I nss-cert

nss-certs 3.30.2 out

/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2

Toggle quote (9 lines)

>> I would have liked to exercise the

>> `make-credendials-with-ca-trust-files' function to debug but there's a

>> `make-certificate-credentials' function called which I coudln't source

>> (where does it come from? Doing C-c . u in Geiser didn't help making it

>> visible, as did grepping the Guix sources for its definition)

> These procedures come from (gnutls). They're written in C.

Thanks for the information. I'll see if I can debug it further.

Maxim

Maxim Cournoyer wrote on 29 May 2017 06:36

Recipients:(name . Mark H Weaver)(address . mhw@netris.org)

Message-ID:87poess2j3.fsf@gmail.com

Mark H Weaver <mhw@netris.org> writes:

Toggle quote (131 lines)> ludo@gnu.org (Ludovic Courtès) writes:
>
>> Hi Maxim,
>>
>> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>>
>>> It seems that the problem is caused by the file:
>>> "/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p".
>
> This reminds me of a bug that I found in the Guile binding in GnuTLS a
> while ago, but forgot to report.  Maybe it's related:
>
> In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:
>
>   static unsigned int
>   set_certificate_file (certificate_set_file_function_t set_file,
>                         SCM cred, SCM file, SCM format, const char *func_name)
>   #define FUNC_NAME func_name
>   {
>     int err;
>     char *c_file;
>     size_t c_file_len;
>   
>     gnutls_certificate_credentials_t c_cred;
>     gnutls_x509_crt_fmt_t c_format;
>   
>     c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>     SCM_VALIDATE_STRING (2, file);
>     c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
>   
>     c_file_len = scm_c_string_length (file);
>     c_file = alloca (c_file_len + 1);
>   
>     (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
>     c_file[c_file_len] = '\0';
>   
>     err = set_file (c_cred, c_file, c_format);
>     if (EXPECT_FALSE (err < 0))
>       scm_gnutls_error (err, FUNC_NAME);
>   
>     /* Return the number of certificates processed.  */
>     return ((unsigned int) err);
>   }
>
> 'scm_c_string_length' is inappropriately assumed to return the length
> of the encoded C string in bytes, whereas it actually returns the
> number of characters (code points).
>
> This led to:
>
> stat("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem", {st_mode=S_IFREG|0444, st_size=2444, ...}) = 0
> open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) = -1 ENOENT (No such file or directory)
>
> While doing this:
>
> mhw@jojen ~$ strace -o trace.out guix import gem rails
> Backtrace:
> In unknown file:
>    ?: 19 [apply-smob/1 #<catch-closure 2793e20>]
> In ice-9/boot-9.scm:
>   66: 18 [call-with-prompt prompt0 ...]
> In ice-9/eval.scm:
>  432: 17 [eval # #]
> In ice-9/boot-9.scm:
> 2412: 16 [save-module-excursion #<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
> 4089: 15 [#<procedure 27b4900 at ice-9/boot-9.scm:4084:3 ()>]
> 1734: 14 [%start-stack load-stack ...]
> 1739: 13 [#<procedure 27c6b40 ()>]
> In unknown file:
>    ?: 12 [primitive-load "/home/mhw/guix/scripts/guix"]
> In guix/ui.scm:
> 1255: 11 [run-guix-command import "gem" "rails"]
> In guix/scripts/import.scm:
>  114: 10 [guix-import "gem" "rails"]
> In guix/scripts/import/gem.scm:
>   84: 9 [guix-import-gem "rails"]
> In guix/import/gem.scm:
>  121: 8 [gem->guix-package "rails" #f]
> In ice-9/boot-9.scm:
>  160: 7 [catch srfi-34 #<procedure 3518440 at guix/import/json.scm:29:2 ()> ...]
> In guix/import/json.scm:
>   32: 6 [#<procedure 3518440 at guix/import/json.scm:29:2 ()>]
> In guix/http-client.scm:
>  239: 5 [loop #]
> In guix/build/download.scm:
>  520: 4 [open-connection-for-uri # # #f ...]
>  391: 3 [tls-wrap #<input-output: socket 10> "rubygems.org" ...]
>  308: 2 [make-credendials-with-ca-trust-files "/etc/ssl/certs"]
> In srfi/srfi-1.scm:
>  616: 1 [for-each #<procedure 351f090 at guix/build/download.scm:308:14 (file)> #]
> In unknown file:
>    ?: 0 [set-certificate-credentials-x509-trust-file! # ...]
>
> ERROR: In procedure set-certificate-credentials-x509-trust-file!:
> ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.
> mhw@jojen ~$
>
> The problem can be worked around by using the C locale:
>
> mhw@jojen ~$ LC_ALL=C guix import gem rails
> (package
>   (name "ruby-rails")
>   (version "5.1.0")
>   (source
>     (origin
>       (method url-fetch)
>       (uri (rubygems-uri "rails" version))
>       (sha256
>         (base32
>           "0cpcnrlqg1am2jfdz6pf9snh89qzbny9ikbpg3xz31qrqv9f4hyq"))))
>   (build-system ruby-build-system)
>   (propagated-inputs
>     `(("ruby-actioncable" ,ruby-actioncable)
>       ("ruby-actionmailer" ,ruby-actionmailer)
>       ("ruby-actionpack" ,ruby-actionpack)
>       ("ruby-actionview" ,ruby-actionview)
>       ("ruby-activejob" ,ruby-activejob)
>       ("ruby-activemodel" ,ruby-activemodel)
>       ("ruby-activerecord" ,ruby-activerecord)
>       ("ruby-activesupport" ,ruby-activesupport)
>       ("bundler" ,bundler)
>       ("ruby-railties" ,ruby-railties)
>       ("ruby-sprockets-rails" ,ruby-sprockets-rails)))
>   (synopsis
>     "Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.")
>   (description
>     "Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity.  It encourages beautiful code by favoring convention over configuration.")
>   (home-page "http://rubyonrails.org")
>   (license license:expat))
> mhw@jojen ~$ 

This is it! Setting "LC_ALL=C" works around the problem. Thanks for

chipping in. I've investigated on the Guile side and isolated the

problem to be with the file name only, which corroborates your finding:

Toggle snippet (27 lines)

(use-modules (ice-9 ftw)

(gnutls))

(define ffile "/etc/ssl/certs/AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem")

;; Simply copied to my home dir.

(define ffile-2 "/home/maxim/AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem")

;; s/í/i/ & s/á/a/

(define ffile-3 "/home/maxim/AC_Raiz_Certicamara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem")

(define cred (make-certificate-credentials))

(set-certificate-credentials-x509-trust-file! cred ffile-2

x509-certificate-format/pem)

;; => ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

(set-certificate-credentials-x509-trust-file! cred ffile-2

x509-certificate-format/pem)

;; => ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'.

(set-certificate-credentials-x509-trust-file! cred ffile-3

x509-certificate-format/pem)

;; => 1

Maxim

Ludovic Courtès wrote on 29 May 2017 11:12

‘write-file’ output should not be locale-dependent

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 26948@debbugs.gnu.org)

Message-ID:87mv9wc9gp.fsf_-_@gnu.org

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (2 lines)

> ludo@gnu.org (Ludovic Courtès) writes:

[...]

Toggle quote (9 lines)

>> Strangely that file name has question marks instead of the non-ASCII

>> characters on my GuixSD system:

>> $ ls -l /etc/ssl/certs/*Certi*mara*

>> lrwxrwxrwx 8 root root 162 Jan 1 1970 '/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem' -> '/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem'

> Hmm. That is strange. It seems like you also have a locale problem, but

> that it is handled in a way that doesn't break nss-certs?

AFAICS the file is really called that way, with question marks:

Toggle snippet (4 lines)

scheme@(guile-user)> (stat "/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem")

$2 = #(64768 4719936 33060 8 0 0 0 2444 1496043280 1 1492867575 4096 8 regular 292 130744281 0 1492867575)

And:

Toggle snippet (31 lines)$ wget -O - https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2 |gunzip -c | guix archive -x t
--2017-05-29 10:55:36--  https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2
Ni solvigas mirror.hydra.gnu.org (mirror.hydra.gnu.org)... 131.159.14.26, 2001:4ca0:2001:10:225:90ff:fedb:c720
Konektado al mirror.hydra.gnu.org (mirror.hydra.gnu.org)|131.159.14.26|:443... konektita.
HTTP peto sendita, ni atendas respondon... 200 OK
Grando: 171969 (168K) [application/octet-stream]
Ni konservas al: 'STDOUT'

-                            100%[==============================================>] 167.94K  --.-KB/s    en 0.08s   

2017-05-29 10:55:37 (2.02 MB/s) - skribita al ?efeligujo [171969/171969]

$ find t -name AC_Ra\*
t/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
$ locale
LANG=en_US.utf8
LC_CTYPE="en_US.utf8"
LC_NUMERIC="en_US.utf8"
LC_TIME="en_US.utf8"
LC_COLLATE="en_US.utf8"
LC_MONETARY="en_US.utf8"
LC_MESSAGES="en_US.utf8"
LC_PAPER=fr_FR.utf8
LC_NAME="en_US.utf8"
LC_ADDRESS="en_US.utf8"
LC_TELEPHONE="en_US.utf8"
LC_MEASUREMENT="en_US.utf8"
LC_IDENTIFICATION="en_US.utf8"
LC_ALL=

But wait! “guix build nss-certs --check -K” fails, and the diff is:

Toggle snippet (34 lines)$ LANGUAGE= diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2{,-check}
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/ae8153b9.0 /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs/ae8153b9.0
--- /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
+++ /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
@@ -3,10 +3,10 @@
 # distrust=
 # openssl-trust=codeSigning emailProtection serverAuth
 -----BEGIN CERTIFICATE-----
-MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW
 MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
 Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9
 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi

[...]

+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
 -----END CERTIFICATE-----
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: Certinomis_-_Autorité_Racine:2.1.1.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: Certinomis_-_Autorit?_Racine:2.1.1.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: NetLock_Arany_=Class_Gold=_F?tanúsítvány:2.6.73.65.44.228.0.16.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: NetLock_Arany_=Class_Gold=_F?tan?s?tv?ny:2.6.73.65.44.228.0.16.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: T?B?TAK_UEKAE_K?k_Sertifika_Hizmet_Sa?lay?c?s?_-_S?r?m_3:2.1.17.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: T?RKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5:2.7.0.142.23.254.36.32.129.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: TÜB?TAK_UEKAE_Kök_Sertifika_Hizmet_Sa?lay?c?s?_-_Sürüm_3:2.1.17.pem
Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5:2.7.0.142.23.254.36.32.129.pem

See? (The difference in the first certificate is weird too…)

There are two ways to create nars. One is via the ‘export-paths’ RPC

(implemented in the daemon in C++), which does not interpret file names

and thus leaves them untouched. The other one is via ‘write-file’ from

(guix serialization), which is written in Scheme and thus converts file

names from locale encoding (specifically, ‘scandir’ does that.)

‘guix publish’ uses the latter, so ‘guix publish’ is sensitive to locale

settings, which is pretty bad.

Guile currently does not allow us to specify whether/how file names

should be decoded, but possible solutions have been discussed for 2.2.

In the meantime, solutions are:

1. To run ‘guix publish’ in a UTF-8 locale, which apparently was not

the case.

2. Add to (guix build syscalls) a separate locale-independent

‘scandir’ implementation and use that.

Thoughts?

Ludo’.

Ludovic Courtès wrote on 29 May 2017 11:31

Re: bug#26948: gnutls errors on multiple guix commands

Recipients:(name . Mark H Weaver)(address . mhw@netris.org)

Message-ID:87a85wc8li.fsf@gnu.org

Hi Mark,

Mark H Weaver <mhw@netris.org> skribis:

Toggle quote (39 lines)> This reminds me of a bug that I found in the Guile binding in GnuTLS a
> while ago, but forgot to report.  Maybe it's related:
>
> In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:
>
>   static unsigned int
>   set_certificate_file (certificate_set_file_function_t set_file,
>                         SCM cred, SCM file, SCM format, const char *func_name)
>   #define FUNC_NAME func_name
>   {
>     int err;
>     char *c_file;
>     size_t c_file_len;
>   
>     gnutls_certificate_credentials_t c_cred;
>     gnutls_x509_crt_fmt_t c_format;
>   
>     c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>     SCM_VALIDATE_STRING (2, file);
>     c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
>   
>     c_file_len = scm_c_string_length (file);
>     c_file = alloca (c_file_len + 1);
>   
>     (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
>     c_file[c_file_len] = '\0';
>   
>     err = set_file (c_cred, c_file, c_format);
>     if (EXPECT_FALSE (err < 0))
>       scm_gnutls_error (err, FUNC_NAME);
>   
>     /* Return the number of certificates processed.  */
>     return ((unsigned int) err);
>   }
>
> 'scm_c_string_length' is inappropriately assumed to return the length
> of the encoded C string in bytes, whereas it actually returns the
> number of characters (code points).

This is terrible! WDYT of this:

Toggle diff (37 lines)diff --git a/guile/src/core.c b/guile/src/core.c
index 605c91f7a..38d573fa9 100644
--- a/guile/src/core.c
+++ b/guile/src/core.c
@@ -1,5 +1,5 @@
 /* GnuTLS --- Guile bindings for GnuTLS.
-   Copyright (C) 2007-2014, 2016 Free Software Foundation, Inc.
+   Copyright (C) 2007-2014, 2016-2017 Free Software Foundation, Inc.
 
    GnuTLS is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -1428,22 +1428,19 @@ set_certificate_file (certificate_set_file_function_t set_file,
 {
   int err;
   char *c_file;
-  size_t c_file_len;
 
   gnutls_certificate_credentials_t c_cred;
   gnutls_x509_crt_fmt_t c_format;
 
   c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
   SCM_VALIDATE_STRING (2, file);
-  c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
-
-  c_file_len = scm_c_string_length (file);
-  c_file = alloca (c_file_len + 1);
 
-  (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
-  c_file[c_file_len] = '\0';
+  c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
+  c_file = scm_to_locale_string (file);
 
   err = set_file (c_cred, c_file, c_format);
+  free (c_file);
+
   if (EXPECT_FALSE (err < 0))
     scm_gnutls_error (err, FUNC_NAME);

Unfortunately there’s a dozen of places in core.c that use this idiom

and would need to be fixed (it’s pre-2.0 code I think).

In the meantime we can work around it this way:

Toggle diff (27 lines)diff --git a/guix/build/download.scm b/guix/build/download.scm
index ce4708a87..6ef623334 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -296,6 +296,13 @@ session record port using PORT as its underlying communication port."
   (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
                       (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
 
+(define (set-certificate-credentials-x509-trust-file!* cred file format)
+  "Like 'set-certificate-credentials-x509-trust-file!', but without the file
+name decoding bug described at
+<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
+  (let ((data (call-with-input-file file get-bytevector-all)))
+    (set-certificate-credentials-x509-trust-data! cred data format)))
+
 (define (make-credendials-with-ca-trust-files directory)
   "Return certificate credentials with X.509 authority certificates read from
 DIRECTORY.  Those authority certificates are checked when
@@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked when
                 (let ((file (string-append directory "/" file)))
                   ;; Protect against dangling symlinks.
                   (when (file-exists? file)
-                    (set-certificate-credentials-x509-trust-file!
+                    (set-certificate-credentials-x509-trust-file!*
                      cred file
                      x509-certificate-format/pem))))
               (or files '()))

WDYT? I’ll commit it if that’s fine with you.

Thanks for the report!

Ludo’.

Maxim Cournoyer wrote on 29 May 2017 22:15

Re: ‘write-file’ output should not be locale-dependent

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26948@debbugs.gnu.org)

Message-ID:87h903s9mf.fsf@gmail.com

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (57 lines)> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> ludo@gnu.org (Ludovic Courtès) writes:
>
> [...]
>
>>> Strangely that file name has question marks instead of the non-ASCII
>>> characters on my GuixSD system:
>>>
>>> $ ls -l /etc/ssl/certs/*Certi*mara*
>>> lrwxrwxrwx 8 root root 162 Jan 1 1970
>>> '/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem'
>>> ->
>>> '/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem'
>>
>> Hmm. That is strange. It seems like you also have a locale problem, but
>> that it is handled in a way that doesn't break nss-certs?
>
> AFAICS the file is really called that way, with question marks:
>
> scheme@(guile-user)> (stat "/gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem")
> $2 = #(64768 4719936 33060 8 0 0 0 2444 1496043280 1 1492867575 4096 8 regular 292 130744281 0 1492867575)
>
>
> And:
>
> $ wget -O - https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2 |gunzip -c | guix archive -x t
> --2017-05-29 10:55:36--  https://mirror.hydra.gnu.org/guix/nar/gzip/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2
> Ni solvigas mirror.hydra.gnu.org (mirror.hydra.gnu.org)... 131.159.14.26, 2001:4ca0:2001:10:225:90ff:fedb:c720
> Konektado al mirror.hydra.gnu.org (mirror.hydra.gnu.org)|131.159.14.26|:443... konektita.
> HTTP peto sendita, ni atendas respondon... 200 OK
> Grando: 171969 (168K) [application/octet-stream]
> Ni konservas al: 'STDOUT'
>
> -                            100%[==============================================>] 167.94K  --.-KB/s    en 0.08s   
>
> 2017-05-29 10:55:37 (2.02 MB/s) - skribita al ?efeligujo [171969/171969]
>
> $ find t -name AC_Ra\*
> t/etc/ssl/certs/AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
> $ locale
> LANG=en_US.utf8
> LC_CTYPE="en_US.utf8"
> LC_NUMERIC="en_US.utf8"
> LC_TIME="en_US.utf8"
> LC_COLLATE="en_US.utf8"
> LC_MONETARY="en_US.utf8"
> LC_MESSAGES="en_US.utf8"
> LC_PAPER=fr_FR.utf8
> LC_NAME="en_US.utf8"
> LC_ADDRESS="en_US.utf8"
> LC_TELEPHONE="en_US.utf8"
> LC_MEASUREMENT="en_US.utf8"
> LC_IDENTIFICATION="en_US.utf8"
> LC_ALL=
>

Toggle snippet (20 lines)$ find /etc/ssl/certs -name AC_Ra\*
/etc/ssl/certs/AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem

$ locale
LANG=en_US.UTF-8
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=

The file name appears normally here (in xterm). I'm not sure why it's

different on your side, since we are both using UTF-8 locales. It does

still look strange when seen from strace though, but I guess this is

peculiarity of strace:

open("/etc/ssl/certs/AC_Ra\303\255z_Certic\303\241mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.p", O_RDONLY) = -1 ENOENT (No such file or directory)

Toggle quote (15 lines)> But wait!  “guix build nss-certs --check -K” fails, and the diff is:
>
> $ LANGUAGE= diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2{,-check}
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
> diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/ae8153b9.0 /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs/ae8153b9.0
> --- /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
> +++ /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
> @@ -3,10 +3,10 @@
>  # distrust=
>  # openssl-trust=codeSigning emailProtection serverAuth
>  -----BEGIN CERTIFICATE-----
> -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
> +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW

Can this be explained by locale alone? That is troubling.

Toggle quote (4 lines)

> MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg

> Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh

> -dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9

> +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9

^ ???

Toggle quote (36 lines)>  MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
>
> [...]
>
> +O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
> +um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
> +NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
>  -----END CERTIFICATE-----
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: Certinomis_-_Autorité_Racine:2.1.1.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: Certinomis_-_Autorit?_Racine:2.1.1.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: NetLock_Arany_=Class_Gold=_F?tanúsítvány:2.6.73.65.44.228.0.16.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: NetLock_Arany_=Class_Gold=_F?tan?s?tv?ny:2.6.73.65.44.228.0.16.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: T?B?TAK_UEKAE_K?k_Sertifika_Hizmet_Sa?lay?c?s?_-_S?r?m_3:2.1.17.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: T?RKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5:2.7.0.142.23.254.36.32.129.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: TÜB?TAK_UEKAE_Kök_Sertifika_Hizmet_Sa?lay?c?s?_-_Sürüm_3:2.1.17.pem
> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sa?lay?c?s?_H5:2.7.0.142.23.254.36.32.129.pem
>
> See?  (The difference in the first certificate is weird too…)
>
> There are two ways to create nars.  One is via the ‘export-paths’ RPC
> (implemented in the daemon in C++), which does not interpret file names
> and thus leaves them untouched.  The other one is via ‘write-file’ from
> (guix serialization), which is written in Scheme and thus converts file
> names from locale encoding (specifically, ‘scandir’ does that.)
>
> ‘guix publish’ uses the latter, so ‘guix publish’ is sensitive to locale
> settings, which is pretty bad.
>
> Guile currently does not allow us to specify whether/how file names
> should be decoded, but possible solutions have been discussed for 2.2.
>
> In the meantime, solutions are:
>
>   1. To run ‘guix publish’ in a UTF-8 locale, which apparently was not
>      the case.

I'm surprised by that. Wouldn't a utf8 locale be the default?

Toggle quote (4 lines)

> 2. Add to (guix build syscalls) a separate locale-independent

> ‘scandir’ implementation and use that.

If the general solution is to fix it in Guile, the workaround proposed

in 1. seems preferable.

Maxim

Mark H Weaver wrote on 29 May 2017 23:26

Re: bug#26948: gnutls errors on multiple guix commands

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87a85v1hik.fsf@netris.org

Hi Ludovic,

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (82 lines)> Mark H Weaver <mhw@netris.org> skribis:
>
>> This reminds me of a bug that I found in the Guile binding in GnuTLS a
>> while ago, but forgot to report.  Maybe it's related:
>>
>> In 'set_certificate_file' in gnutls-3.5.9/guile/src/core.c:
>>
>>   static unsigned int
>>   set_certificate_file (certificate_set_file_function_t set_file,
>>                         SCM cred, SCM file, SCM format, const char *func_name)
>>   #define FUNC_NAME func_name
>>   {
>>     int err;
>>     char *c_file;
>>     size_t c_file_len;
>>   
>>     gnutls_certificate_credentials_t c_cred;
>>     gnutls_x509_crt_fmt_t c_format;
>>   
>>     c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>>     SCM_VALIDATE_STRING (2, file);
>>     c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
>>   
>>     c_file_len = scm_c_string_length (file);
>>     c_file = alloca (c_file_len + 1);
>>   
>>     (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
>>     c_file[c_file_len] = '\0';
>>   
>>     err = set_file (c_cred, c_file, c_format);
>>     if (EXPECT_FALSE (err < 0))
>>       scm_gnutls_error (err, FUNC_NAME);
>>   
>>     /* Return the number of certificates processed.  */
>>     return ((unsigned int) err);
>>   }
>>
>> 'scm_c_string_length' is inappropriately assumed to return the length
>> of the encoded C string in bytes, whereas it actually returns the
>> number of characters (code points).
>
> This is terrible!  WDYT of this:
>
> diff --git a/guile/src/core.c b/guile/src/core.c
> index 605c91f7a..38d573fa9 100644
> --- a/guile/src/core.c
> +++ b/guile/src/core.c
> @@ -1,5 +1,5 @@
>  /* GnuTLS --- Guile bindings for GnuTLS.
> -   Copyright (C) 2007-2014, 2016 Free Software Foundation, Inc.
> +   Copyright (C) 2007-2014, 2016-2017 Free Software Foundation, Inc.
>  
>     GnuTLS is free software; you can redistribute it and/or
>     modify it under the terms of the GNU Lesser General Public
> @@ -1428,22 +1428,19 @@ set_certificate_file (certificate_set_file_function_t set_file,
>  {
>    int err;
>    char *c_file;
> -  size_t c_file_len;
>  
>    gnutls_certificate_credentials_t c_cred;
>    gnutls_x509_crt_fmt_t c_format;
>  
>    c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
>    SCM_VALIDATE_STRING (2, file);
> -  c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
> -
> -  c_file_len = scm_c_string_length (file);
> -  c_file = alloca (c_file_len + 1);
>  
> -  (void) scm_to_locale_stringbuf (file, c_file, c_file_len + 1);
> -  c_file[c_file_len] = '\0';
> +  c_format = scm_to_gnutls_x509_certificate_format (format, 3, FUNC_NAME);
> +  c_file = scm_to_locale_string (file);
>  
>    err = set_file (c_cred, c_file, c_format);
> +  free (c_file);
> +
>    if (EXPECT_FALSE (err < 0))
>      scm_gnutls_error (err, FUNC_NAME);
>  

Looks good to me. In the case when a UTF-8 locale is active, and where

Guile 2.0.12 or later is available, we could use

'scm_c_string_utf8_length' to find the length in bytes, but optimizing

that case is probably not worth the extra code complexity.

Toggle quote (3 lines)

> Unfortunately there’s a dozen of places in core.c that use this idiom

> and would need to be fixed (it’s pre-2.0 code I think).

Bummer.

Toggle quote (33 lines)> In the meantime we can work around it this way:
>
> diff --git a/guix/build/download.scm b/guix/build/download.scm
> index ce4708a87..6ef623334 100644
> --- a/guix/build/download.scm
> +++ b/guix/build/download.scm
> @@ -296,6 +296,13 @@ session record port using PORT as its underlying communication port."
>    (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
>                        (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
>  
> +(define (set-certificate-credentials-x509-trust-file!* cred file format)
> +  "Like 'set-certificate-credentials-x509-trust-file!', but without the file
> +name decoding bug described at
> +<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
> +  (let ((data (call-with-input-file file get-bytevector-all)))
> +    (set-certificate-credentials-x509-trust-data! cred data format)))
> +
>  (define (make-credendials-with-ca-trust-files directory)
>    "Return certificate credentials with X.509 authority certificates read from
>  DIRECTORY.  Those authority certificates are checked when
> @@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked when
>                  (let ((file (string-append directory "/" file)))
>                    ;; Protect against dangling symlinks.
>                    (when (file-exists? file)
> -                    (set-certificate-credentials-x509-trust-file!
> +                    (set-certificate-credentials-x509-trust-file!*
>                       cred file
>                       x509-certificate-format/pem))))
>                (or files '()))
>
>
> WDYT?  I’ll commit it if that’s fine with you.

I'm not sufficiently familiar with GnuTLS to properly review this, but I

trust your judgement.

Thanks!

Mark

Ludovic Courtès wrote on 30 May 2017 13:25

Recipients:(name . Mark H Weaver)(address . mhw@netris.org)

Message-ID:87bmqa8u2z.fsf@gnu.org

Hi Mark,

Mark H Weaver <mhw@netris.org> skribis:

Toggle quote (36 lines)>> In the meantime we can work around it this way:
>>
>> diff --git a/guix/build/download.scm b/guix/build/download.scm
>> index ce4708a87..6ef623334 100644
>> --- a/guix/build/download.scm
>> +++ b/guix/build/download.scm
>> @@ -296,6 +296,13 @@ session record port using PORT as its underlying communication port."
>>    (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
>>                        (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
>>  
>> +(define (set-certificate-credentials-x509-trust-file!* cred file format)
>> +  "Like 'set-certificate-credentials-x509-trust-file!', but without the file
>> +name decoding bug described at
>> +<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
>> +  (let ((data (call-with-input-file file get-bytevector-all)))
>> +    (set-certificate-credentials-x509-trust-data! cred data format)))
>> +
>>  (define (make-credendials-with-ca-trust-files directory)
>>    "Return certificate credentials with X.509 authority certificates read from
>>  DIRECTORY.  Those authority certificates are checked when
>> @@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked when
>>                  (let ((file (string-append directory "/" file)))
>>                    ;; Protect against dangling symlinks.
>>                    (when (file-exists? file)
>> -                    (set-certificate-credentials-x509-trust-file!
>> +                    (set-certificate-credentials-x509-trust-file!*
>>                       cred file
>>                       x509-certificate-format/pem))))
>>                (or files '()))
>>
>>
>> WDYT?  I’ll commit it if that’s fine with you.
>
> I'm not sufficiently familiar with GnuTLS to properly review this, but I
> trust your judgement.

Pushed as 27fd13c3c2701204f48fe0012438edbb91957dfc.

Thanks,

Ludo’.

Ludovic Courtès wrote on 30 May 2017 13:57

Re: ‘write-file’ output should not be locale-dependent

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 26948@debbugs.gnu.org)

Message-ID:878tle7e1n.fsf@gnu.org

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:

Toggle quote (2 lines)

> ludo@gnu.org (Ludovic Courtès) writes:

[...]

Toggle quote (17 lines)>> But wait!  “guix build nss-certs --check -K” fails, and the diff is:
>>
>> $ LANGUAGE= diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2{,-check}
>> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs: AC_Raíz_Certicámara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
>> Only in /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs: AC_Ra?z_Certic?mara_S.A.:2.15.7.126.82.147.123.224.21.227.87.240.105.140.203.236.12.pem
>> diff -ur /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/ae8153b9.0 /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs/ae8153b9.0
>> --- /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2/etc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
>> +++ /gnu/store/3ql0vilc0zv6ra42ghi04787vrg6bb71-nss-certs-3.30.2-check/etc/ssl/certs/ae8153b9.0	1970-01-01 01:00:01.000000000 +0100
>> @@ -3,10 +3,10 @@
>>  # distrust=
>>  # openssl-trust=codeSigning emailProtection serverAuth
>>  -----BEGIN CERTIFICATE-----
>> -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
>> +MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW
>
> Can this be explained by locale alone? That is troubling.

Yes it’s troubling, it deserves more investigation.

Toggle quote (19 lines)>> There are two ways to create nars.  One is via the ‘export-paths’ RPC
>> (implemented in the daemon in C++), which does not interpret file names
>> and thus leaves them untouched.  The other one is via ‘write-file’ from
>> (guix serialization), which is written in Scheme and thus converts file
>> names from locale encoding (specifically, ‘scandir’ does that.)
>>
>> ‘guix publish’ uses the latter, so ‘guix publish’ is sensitive to locale
>> settings, which is pretty bad.
>>
>> Guile currently does not allow us to specify whether/how file names
>> should be decoded, but possible solutions have been discussed for 2.2.
>>
>> In the meantime, solutions are:
>>
>>   1. To run ‘guix publish’ in a UTF-8 locale, which apparently was not
>>      the case.
>
> I'm surprised by that. Wouldn't a utf8 locale be the default?

Users are free to choose their favorite locale. Also, on a foreign

distro where locales are not properly set up, you end up in the C locale

with US-ASCII encoding (as was the case here).

Toggle quote (6 lines)

>> 2. Add to (guix build syscalls) a separate locale-independent

>> ‘scandir’ implementation and use that.

> If the general solution is to fix it in Guile, the workaround proposed

> in 1. seems preferable.

I implemented ‘scandir/utf-8’ and used that in ‘write-file’ (patches

attached). Unfortunately that’s not enough since libguile procedures

like ‘open-file’ still do locale-dependent conversion, so we’d need to

duplicate those as well, which is not great.

But on second thought, I think the problem is not in the ‘write-file’

call that ‘guix publish’ makes: if it were, ‘scandir’ would return bogus

file names (with question marks), but then trying to open them would

fail, so ‘write-file’ wouldn’t produce a bogus nar.

So I think the culprit is ‘restore-file-set’ (used in ‘guix offload’

when retrieving store items from a build machine): this one reads file

names as UTF-8, via ‘read-store-path’, but then when it tries to create

those files using Guile’s primitives, their names can be be converted,

possibly with those question marks popping up. Here ‘restore-file-set’

can’t notice that Guile changed the file names behind its back.

The short-term fix is to ensure guix-daemon itself runs in a UTF-8

locale. :-/

I’ve restarted guix-daemon and ‘guix publish’ in a UTF-8 locale on

hydra.gnu.org.

Thanks,

Ludo’.

Attachment: 0001-syscalls-Add-scandir-utf-8.patch

Toggle diff (77 lines)diff --git a/guix/serialization.scm b/guix/serialization.scm
index e6ae2fc30..77a54f904 100644
--- a/guix/serialization.scm
+++ b/guix/serialization.scm
@@ -18,6 +18,8 @@
 
 (define-module (guix serialization)
   #:use-module (guix combinators)
+  #:use-module ((guix build syscalls)
+                #:select (scandir/utf-8))
   #:use-module (rnrs bytevectors)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26)
@@ -285,8 +287,11 @@ result of 'lstat'; exclude entries for which SELECT? does not return true."
               ;; 'scandir' defaults to 'string-locale<?' to sort files, but
               ;; this happens to be case-insensitive (at least in 'en_US'
               ;; locale on libc 2.18.)  Conversely, we want files to be
-              ;; sorted in a case-sensitive fashion.
-              (scandir f (negate (cut member <> '("." ".."))) string<?)))
+              ;; sorted in a case-sensitive fashion.  Also, always decode file
+              ;; names as UTF-8.
+              (scandir/utf-8
+               f (negate (cut member <> '("." "..")))
+                             string<?)))
          (for-each (lambda (e)
                      (let* ((f (string-append f "/" e))
                             (s (lstat f)))
diff --git a/tests/nar.scm b/tests/nar.scm
index 61646db96..d2eae65c4 100644
--- a/tests/nar.scm
+++ b/tests/nar.scm
@@ -25,6 +25,8 @@
                 #:select (open-sha256-port open-sha256-input-port))
   #:use-module ((guix packages)
                 #:select (base32))
+  #:use-module ((guix utils)
+                #:select (call-with-temporary-directory))
   #:use-module (rnrs bytevectors)
   #:use-module (rnrs io ports)
   #:use-module (srfi srfi-1)
@@ -272,6 +274,36 @@
       (lambda ()
         (rmdir input)))))
 
+(unless (equal? "UTF-8" (fluid-ref %default-port-encoding))
+  (test-skip 1))
+(test-assert "write-file + restore-file, UTF-8 file names"
+  (let* ((output %test-dir)
+         (nar    (string-append output ".nar"))
+         (locale (setlocale LC_ALL)))
+    (dynamic-wind
+      (lambda () #t)
+      (lambda ()
+        (call-with-temporary-directory
+         (lambda (input)
+           (call-with-output-file (string-append input "/α")
+             (const #t))
+           (call-with-output-file (string-append input "/λ")
+             (const #t))
+           (dynamic-wind
+             (const #f)
+             (lambda ()
+               (setlocale LC_ALL "C")
+               (call-with-output-file nar
+                 (cut write-file input <>)))
+             (lambda ()
+               (setlocale LC_ALL locale)))
+           (call-with-input-file nar
+             (cut restore-file <> output))
+           (file-tree-equal? input output))))
+      (lambda ()
+        (false-if-exception (delete-file nar))
+        (false-if-exception (rm-rf output))))))
+
 ;; 'restore-file-set' depends on 'open-sha256-input-port', which in turn
 ;; relies on a Guile 2.0.10+ feature.
 (test-skip (if (false-if-exception

Ludovic Courtès wrote on 16 Jun 2017 17:09

Re: bug#26948: ‘write-file’ output should not be locale-dependent

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 26948@debbugs.gnu.org)

Message-ID:874lvgdl5o.fsf@gnu.org

ludo@gnu.org (Ludovic Courtès) skribis:

Toggle quote (12 lines)>>From e7f464bac58e1f09de5ceb194c4a30f6d899b29a Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> Date: Tue, 30 May 2017 12:03:54 +0200
> Subject: [PATCH] syscalls: Add 'scandir/utf-8'.
>
> * guix/build/syscalls.scm (%struct-dirent-header): New C struct.
> (opendir/utf-8, closedir/utf-8, readdir/utf-8, scandir/utf-8): New
> procedures.
> * tests/syscalls.scm ("scandir/utf-8, ENOENT")
> ("scandir/utf-8, ASCII file names")
> ("scandir/utf8, UTF-8 file names"): New tests.

For unrelated reasons, I pushed an improved variant of this patch as

fa73c1937364872560c509f02b3d7648a5bed006.

Ludo’.

Ludovic Courtès wrote on 27 Jul 2017 14:40

control message for bug #26948

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87d18m3vfc.fsf@gnu.org

retitle 26948 'guix publish' file name decoding is locale-dependent

Ludovic Courtès wrote on 27 Jul 2017 14:40

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87bmo63vf6.fsf@gnu.org

severity 26948 important

Ludovic Courtès wrote on 27 Jul 2017 14:55

Re: bug#26948: ‘write-file’ output should not be locale-dependent

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 26948@debbugs.gnu.org)

Message-ID:874lty3uq6.fsf@gnu.org

ludo@gnu.org (Ludovic Courtès) skribis:

Toggle quote (11 lines)> ‘guix publish’ uses the latter, so ‘guix publish’ is sensitive to locale
> settings, which is pretty bad.
>
> Guile currently does not allow us to specify whether/how file names
> should be decoded, but possible solutions have been discussed for 2.2.
>
> In the meantime, solutions are:
>
>   1. To run ‘guix publish’ in a UTF-8 locale, which apparently was not
>      the case.

Commit 412701b0e5e073e6767eed162c14698db99df69c works around the problem

on GuixSD by running under a UTF-8 locale.

Ludo’.

Maxim Cournoyer wrote on 8 Jan 2021 23:04

Re: bug#26948: 'guix publish' file name decoding is locale-dependent

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 26948-done@debbugs.gnu.org)

Message-ID:87mtxj5bmp.fsf_-_@gmail.com

Hello,

ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (16 lines)> ludo@gnu.org (Ludovic Courtès) skribis:
>
>> ‘guix publish’ uses the latter, so ‘guix publish’ is sensitive to locale
>> settings, which is pretty bad.
>>
>> Guile currently does not allow us to specify whether/how file names
>> should be decoded, but possible solutions have been discussed for 2.2.
>>
>> In the meantime, solutions are:
>>
>>   1. To run ‘guix publish’ in a UTF-8 locale, which apparently was not
>>      the case.
>
> Commit 412701b0e5e073e6767eed162c14698db99df69c works around the problem
> on GuixSD by running under a UTF-8 locale.

Confirmed with you on #guix; that's good enough for now.

Closing,

Thank you!

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 26948@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date