Hi!
Leo Famulari <[email protected]> skribis:
> Recently, Guix started to set the environment GIT_SSL_CAINFO like a
> search path, instead of pointing to single file, which is what it should
> be.
I don’t think anything has changed, maybe it’s just that your profile
now includes ‘ssl/certs’?
On my GuixSD machine, I still have:
$ env |grep GIT_
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
but that’s because ~/.guix-profile does not contain certificates.
At any rate, you are right that GIT_SSL_CAINFO should be a single file.
There’s a note in the code:
(native-search-paths
;; For HTTPS access, Git needs a single-file certificate bundle, specified
;; with $GIT_SSL_CAINFO.
;; FIXME: This variable designates a single file; it is not a search path.
(list (search-path-specification
(variable "GIT_SSL_CAINFO")
(file-type 'regular)
(files '("etc/ssl/certs/ca-certificates.crt")))))
So we’re abusing the search path mechanism here.
A proper fix might be to add an option in ‘search-path-specification’ to
pick only the first match.
WDYT?
Thanks,
Ludo’.
