[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#54101: SSL_CERT_DIR is not always unary
From: |
David Arroyo |
Subject: |
bug#54101: SSL_CERT_DIR is not always unary |
Date: |
Mon, 21 Feb 2022 23:47:20 -0500 |
User-agent: |
Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997 |
The guix shell profile, at least on non-guix SD systems, contains the line
export
SSL_CERT_DIR="${GUIX_PROFILE:-/gnu/store/xxxx-profile}/etc/ssl/certs${SSL_CERT_DIR:+:}$SSL_CERT_DIR"
Since it prepends to the SSL_CERT_DIR variable, if a silly user were to
accidentally source this file twice, say, to pick up changes they've made to a
file that sources this file, the variable will contain duplicate paths.
However, several locations in the guix source assume SSL_CERT_DIR is a single
directory. As an example, I ran into this issue when attempting to use `guix
import opam -r faraday`:
Starting download of /tmp/guix-file.XFPss4
From https://github.com/inhabitedtype/faraday/archive/0.8.1.tar.gz...
X.509 certificate of 'github.com' could not be verified:
signer-not-found
invalid
Running the command with `strace -f` showed that guix was attempting to open
$SSL_CERT_DIR, rather than the first colon-delimited item in $SSL_CERT_DIR.
It might be better to clobber this variable in the guix shell profile, rather
than render it unusable for some subcommands. If not that, then we should
remove the assumption that it contains a single path element.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#54101: SSL_CERT_DIR is not always unary,
David Arroyo <=