[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#74711: Certificate issues with ‘guix pull’ when system clock is in t
|
From: |
Ludovic Courtès |
|
Subject: |
bug#74711: Certificate issues with ‘guix pull’ when system clock is in the past |
|
Date: |
Tue, 10 Dec 2024 23:23:27 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi,
ngraves@ngraves.fr skribis:
> I've found the reason behind the extremely annoying SSL certification
> refusals.
>
> When I use an installation image, the date is not necessarily set at
> the real date. In my case, `date` was set in 2019, and triggered the
> SSL verification refusal (not yet valid).
Could it be that the clock battery of that computer is dead? Otherwise
it’s not supposed to happen.
> I don't know why it sometimes doesn't happen. If we can't
> fix/automate it at the time we boot in the installation medium, we
> should probably add a warning in the manual / a hint in guix pull / a
> proper error in guile-git (that could provide more information than
> just Git failing) ?
The error I see is:
--8<---------------cut here---------------start------------->8---
$ guix shell libfaketime -- faketime 2019-01-01 guix pull -p /tmp/p
Updating channel 'shepherd' from Git repository at
'https://git.savannah.gnu.org/git/shepherd.git'...
guix pull: error: Git error: the SSL certificate is invalid
--8<---------------cut here---------------end--------------->8---
I agree it could give more details, but that’s all we get from libgit2 I
believe. Worth investigating how this can be improved.
That said, what we could/should do is add a ‘--no-check-certificate’
option to ‘pull’ and ‘time-machine’; it would be handy in emergency
situations like you described.
It should be possible to implement that with the ‘certificate_check’
callback in ‘git_remote_callbacks’. I’ll see what can be done in this
area.
Thanks,
Ludo’.