From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 05 06:16:46 2018 Received: (at submit) by debbugs.gnu.org; 5 Nov 2018 11:16:46 +0000 Received: from localhost ([127.0.0.1]:34643 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gJcs8-0003gr-PH for submit@debbugs.gnu.org; Mon, 05 Nov 2018 06:16:46 -0500 Received: from eggs.gnu.org ([208.118.235.92]:60263) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gJcs6-0003gf-QU for submit@debbugs.gnu.org; Mon, 05 Nov 2018 06:16:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gJcru-0002Ej-R7 for submit@debbugs.gnu.org; Mon, 05 Nov 2018 06:16:36 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:55154) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gJcrs-0001iV-6B for submit@debbugs.gnu.org; Mon, 05 Nov 2018 06:16:28 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41606) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gJcrl-0004mb-Ux for bug-guix@gnu.org; Mon, 05 Nov 2018 06:16:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gJcrh-0008L7-92 for bug-guix@gnu.org; Mon, 05 Nov 2018 06:16:21 -0500 Received: from mx1.riseup.net ([198.252.153.129]:43505) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gJcrc-0007Nm-V9 for bug-guix@gnu.org; Mon, 05 Nov 2018 06:16:13 -0500 Received: from piha.riseup.net (piha-pn.riseup.net [10.0.1.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id D308F1A04CC for ; Mon, 5 Nov 2018 03:16:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1541416570; bh=evTKbbAaWdwDr5lHSoB0J7/+uPpuvVj8lNtoFUlL3Sg=; h=To:From:Subject:Date:From; b=VDAjWkJAFyh4iNWaR4cSjLAFNC+5QpWzqnEsng/oKICZe6IHnaeI9k22+8iBMJSXj 66Cn/lIS9uDk7d8qVg8XCI7wztFP/mwlP9BEFOGckU8IBYmAOb4wv81fD5yVB3Mfif aDeTmEmfHlIeusyzVyquY3qc3dI+y9qv1GJ3tiKQ= X-Riseup-User-ID: 43DD8809ED7109DABA4695A3A3C995025E92901191EAFDBD659548C27278F330 Received: from [127.0.0.1] (localhost [127.0.0.1]) by piha.riseup.net with ESMTPSA id 20C351EFA12 for ; Mon, 5 Nov 2018 03:16:09 -0800 (PST) To: bug-guix@gnu.org From: swedebugia Subject: guix refresh/download backtrace error when missing nss-certs Message-ID: Date: Mon, 5 Nov 2018 12:16:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) In a qemu VM based on the image for 0.15 and pulled once I get: sdb@komputilo ~$ git clone https://git.savannah.gnu.org/git/guix.git test Cloning into 'test'... fatal: unable to access 'https://git.savannah.gnu.org/git/guix.git/':=20 Problem with the SSL CA cert (path? access rights?) fails nicely in contrast to: sdb@komputilo ~$ guix refresh artanis Backtrace: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 13 (primitive-loa= d "/home/sdb/.config/guix/current/bin/guix") In guix/ui.scm: =C2=A0 1578:12 12 (run-guix-command _ . _) In ice-9/boot-9.scm: =C2=A0=C2=A0=C2=A0 829:9 11 (catch srfi-34 # =E2=80=A6) =C2=A0=C2=A0=C2=A0 829:9 10 (catch system-error # =E2=80=A6) In guix/scripts/refresh.scm: =C2=A0=C2=A0 449:12=C2=A0 9 (_) In srfi/srfi-1.scm: =C2=A0=C2=A0=C2=A0 640:9=C2=A0 8 (for-each # =E2=80=A6) In guix/scripts/refresh.scm: =C2=A0=C2=A0=C2=A0 236:2=C2=A0 7 (check-for-package-update # =E2=80=A6) In guix/gnu-maintenance.scm: =C2=A0=C2=A0 472:21=C2=A0 6 (latest-gnu-release _) =C2=A0=C2=A0 457:16=C2=A0 5 (_) In ice-9/boot-9.scm: =C2=A0=C2=A0=C2=A0 829:9=C2=A0 4 (catch srfi-34 # =E2=80=A6) In guix/http-client.scm: =C2=A0=C2=A0 182:20=C2=A0 3 (_) =C2=A0=C2=A0=C2=A0 88:25=C2=A0 2 (http-fetch _ #:port _ #:text? _ #:buff= ered? _ # _ # _ # =E2=80=A6) In guix/build/download.scm: =C2=A0=C2=A0=C2=A0 398:4=C2=A0 1 (open-connection-for-uri _ #:timeout _ = # _) =C2=A0=C2=A0=C2=A0 296:6=C2=A0 0 (tls-wrap # _ # _= ) guix/build/download.scm:296:6: In procedure tls-wrap: X.509 certificate of 'ftp.gnu.org' could not be verified: =C2=A0 signer-not-found =C2=A0 invalid I suggest we change it to fail nicely. I am willing to create a patch.=20 Would somebody be willing to mentor me? As a start: How do I check if nss-certs is installed? This is the first thing we should do when handling https-URIs (define tls-wrap is a quite complicated procedure, maybe an extra (if at=20 the body (of the let) will do? something like (if package-available? nss-certs =C2=A0=C2=A0=C2=A0 true; continue =C2=A0=C2=A0=C2=A0 false-> error nicely --=20 Cheers Swedebugia