[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#38857: X.509 certificate of 'crates.io' could not be verified during
|
From: |
Valentin Ignatev |
|
Subject: |
bug#38857: X.509 certificate of 'crates.io' could not be verified during a recursive import from crates.io |
|
Date: |
Thu, 2 Jan 2020 22:20:52 +0300 |
I don't think that it's related, but who knows. I only have a
certificate issue when I'm using recursive crates import. I am able to
import packages from crates one by one without an issue as well as
doing other tls-sensitive stuff.
Regards,
Valentin
On 1/2/20, Bengt Richter <address@hidden> wrote:
> Hi Guix,
>
> On +2020-01-02 09:12:43 +0200, Efraim Flashner wrote:
>> On Thu, Jan 02, 2020 at 01:45:35AM +0300, Valentin Ignatev wrote:
>> > Hi! I'm trying to recursively import a package from crates.io like
>> > this:
>> >
>> > guix import crate notify@4.0.14 --recursive
>> >
>> > It follows redirections for a while untill at some point throws this:
>> >
>> > Backtrace:
>> > 12 (primitive-load "/home/vj/.config/guix/current/bin/guix")
>> > In guix/ui.scm:
>> > 1806:12 11 (run-guix-command _ . _)
>> > In guix/scripts/import.scm:
>> > 116:11 10 (guix-import . _)
>> > In guix/scripts/import/crate.scm:
>> > 103:16 9 (guix-import-crate . _)
>> > In guix/import/utils.scm:
>> > 425:7 8 (recursive-import _ _ #:repo->guix-package _ #:guix-name
>> > …)
>> > 397:31 7 (topological-sort _ #<procedure 7f9a59729630 at guix/i…>
>> > …)
>> > In srfi/srfi-1.scm:
>> > 592:17 6 (map1 ("tempfile"))
>> > In guix/import/utils.scm:
>> > 421:36 5 (lookup-node "tempfile")
>> > In guix/import/crate.scm:
>> > 222:10 4 (crate->guix-package "tempfile" _)
>> > 150:15 3 (make-crate-sexp #:name _ #:version _ #:cargo-inputs _ #
>> > …)
>> > In guix/http-client.scm:
>> > 88:25 2 (http-fetch _ #:port _ #:text? _ #:buffered? _ # _ # _ #
>> > …)
>> > In guix/build/download.scm:
>> > 419:4 1 (open-connection-for-uri _ #:timeout _ # _)
>> > 306:6 0 (tls-wrap #<closed: file 7f9a564b3a10> _ # _)
>> >
>> > guix/build/download.scm:306:6: In procedure tls-wrap:
>> > X.509 certificate of 'crates.io' could not be verified:
>> > signer-not-found
>> > invalid
>> >
>> > I suspect that it happens after the importer hits
>> > "wasm-bindgen-webidl" and starts going circles. Maybe there's some
>> > circullar dependencies going on, but I'm not sure. I'm attaching a
>> > full log for convenience.
>> >
>> > For additional info: I'm running Guix on Arch Linux. I've also
>> > installed nss-certs package, exported all neeeded variables
>> > (SSL_CERT_DIR, SSL_CERT_FILE and GIT_SSL_CAINFO) before running guix
>> > import and also made sure nscd.service is running.
>> >
>> > Regards,
>> > Valentin Ignatev
>>
>> I've had it happen to me also sometimes. It's like it forgets that it
>> just successfully connected 100+ times and then fails.
>>
>>
>> --
>> Efraim Flashner <address@hidden> אפרים פלשנר
>> GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
>> Confidentiality cannot be guaranteed on emails sent or received
>> unencrypted
>
> I don't know if this could be related, but...
> I am also running guix on Archlinux and experienced a TLS problem
> after doing pacman -Syu.
>
> Mutt got updated and I could no longer get my pop mail.
> I reverted the last mutt update:
>
> --8<---------------cut here---------------start------------->8---
> [2020-01-01T15:53:13-0800] [ALPM] downgraded mutt (1.13.2-1 -> 1.12.2-1)
> --8<---------------cut here---------------end--------------->8---
>
> And am writing this with the reverted verssion.
> (So BTW this may be a heads-up not to package 1.13.2-1 until the problem
> is resolved, to avoid similar breakage for other Arch users, and perhaps
> others?)
>
> BTW2, if you are using pacman on arch, this little snippet is handy to list
> what your last pacman {up,down}grade did:
>
> I do listing variants as ls-whatever -- this one is ls-pacupd:
> --8<---------------cut here---------------start------------->8---
> #!/usr/bin/bash
> # ~/bin/ls-pacupd -- list latest pacman Syu upgrades
> latest="$(stat -c '%y' /var/log/pacman.log|cut -d ' ' -f1)"
> egrep "$latest.* (up|down)graded " /var/log/pacman.log
> --8<---------------cut here---------------end--------------->8---
>
> I found that the guix-installed version of mutt worked for getting mail,
> and saw that it used the prior version.
>
> However, emacs is mutt's configured editor, and after some longish time
> editing
> the entire system would freeze and not respond to ANY key input, and I had
> to
> power down physically (5-sec press of power button).
> So I had to go back to the old Arch version.
>
> I am still mystified by this freeze-up. It's possible that I am typing some
> fatal
> combination of keys on this keyboard or that my migration from a dying
> laptop to
> an SSD in a USB3 cassette booted with UEFI on a Lenovo Swift did not
> entirely succeed.
>
> My context:
>
> I am running on tty1 with guix "disabled" by not setting up its paths etc
> in
> ~/.bash_profile at login, so this is my current boot context here:
> ┌─────────────────────────────────────────────────────────────────────────────────┐
> │ Booted at 2020-01-02 08:50 -0800 (PST) and logged in as as
> bokr@Evo25c2ArchGx4 │
> ├─────────────────────────────────────────────────────────────────────────────────┤
> │ HW host: Acer Swift SF113-31/ASAHI_AP_S, BIOS V1.08 11/22/2017
> │
> │ MOUNTPOINT KNAME LABEL SIZE FSAVAIL FSUSE%
> │
> │ /boot sda1 Evo25c2EFI1 1G 461.9M 55%
> │
> │ / sda4 Evo25c2ArchGx4 167.9G 73.5G 50%
> │
> │ Kernel: 5.4.6-arch3-1 #1 SMP PREEMPT Tue, 24 Dec 2019 04:36:53 +0000
> │
> │ CPU: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
> │
> └─────────────────────────────────────────────────────────────────────────────────┘
>
> Whereas on tty4 I logged in with a config value that my ~/.bash_profile
> uses
> to set MY_GUIX_MODE=enabled at the top and do further enabled/disabled
> specializations
> after that, so e.g. guix is found in $PATH and currently that makes
> (captured on tty4 and and retrieved here on tty1)
>
> guix describe:
> --8<---------------cut here---------------start------------->8---
> Generation 27 Dec 29 2019 18:49:23 (current)
> guix 996182a
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: 996182a84bafb4c4982dcb36c2c54b350c16629a
> --8<---------------cut here---------------end--------------->8---
>
> Editing context in emacs here and now:
> --8<---------------cut here---------------start------------->8---
> pidparents ? 8747 Ss /usr/bin/bash
> /home/bokr/bin/pidparents
> emacs tty1 2420 Sl+ emacs
> /home/bokr/.mutt/temp/mutt-Evo25c2ArchGx4-1000-861-11810734661506241046
> mutt tty1 861 S mutt
> bash tty1 461 Ss -bash
> login ? 447 Ss login -- bokr
> systemd ? 1 Ss /sbin/init
> \EFI\Evo25c2ArchGx4\vmlinuz-linux
> --8<---------------cut here---------------end--------------->8---
>
> Regards,
> Bengt Richter
>