Re: Fallout from recent nss-certs changes
Ian Eure writes: > The change is mentioned in the channel news, but it says nothing about > needing to remove that part of the config. You are right; I have added more explicit instructions as commit e5c0ea22e68cc8d6f99957295bc9198afb8455df. Users should see it when they guix pull again. Regards, Florian
Re: Fallout from recent nss-certs changes
No, this is not a bug. specification->package always returns the latest version of a package and has no way of knowing what variable(s) that package object is bound to. On April 21, 2024 8:02:50 AM PDT, Felix Lechner wrote: >Hi, > >On Sat, Apr 20 2024, Ian Eure wrote: > >> If an operating-system’s packages includes `(specification->package >> "nss-certs")', this causes breakage, because that form selects version >> 3.98, but %base-packages includes 3.88.1, which causes an error on the >> next `guix system reconfigure' due to conflicting package versions in >> the profile. > >Why does the unversioned stringy selector (specification->package >"nss-certs") resolve to a version different from the unversioned >variable nss-certs? Is that a bug? > >Kind regards >Felix > >P.S. I hoped to use the word "reified" but did not know how it fit in. Thanks, — Ian
Re: Fallout from recent nss-certs changes
The change is mentioned in the channel news, but it says nothing about needing to remove that part of the config. On April 21, 2024 1:32:38 AM PDT, "pelzflorian (Florian Pelz)" wrote: >Hello Ian. My understanding of the nss-certs etc/news.scm item had been >that we should remove (specification->package "nss-certs"), which became >unnecessary and clutters config.scm. From what you write, this was >actually not intended, but it is still not a bug IMHO. > >(I’m not involved with the change, though.) > >Regards, >Florian Thanks, — Ian
Re: Fallout from recent nss-certs changes
Hi, On Sat, Apr 20 2024, Ian Eure wrote: > If an operating-system’s packages includes `(specification->package > "nss-certs")', this causes breakage, because that form selects version > 3.98, but %base-packages includes 3.88.1, which causes an error on the > next `guix system reconfigure' due to conflicting package versions in > the profile. Why does the unversioned stringy selector (specification->package "nss-certs") resolve to a version different from the unversioned variable nss-certs? Is that a bug? Kind regards Felix P.S. I hoped to use the word "reified" but did not know how it fit in.
Re: Fallout from recent nss-certs changes
Hello Ian. My understanding of the nss-certs etc/news.scm item had been that we should remove (specification->package "nss-certs"), which became unnecessary and clutters config.scm. From what you write, this was actually not intended, but it is still not a bug IMHO. (I’m not involved with the change, though.) Regards, Florian
Fallout from recent nss-certs changes
Some recent nss-certs changes have a negative side effects which needs to be fixed. A patch of mine was pushed recently (commit 0920693381d9f6b7923e69fe00be5de8621ddb6f), which adds nss-certs 3.98 to (gnu packages certs), under the nss-certs-3.98 variable. Then, commit fdfd7667c66cf9ce746330f39bcd366e124460e1 was pushed, which adds nss-certs to %base-packages-networking. This references the nss-certs variable, which is version 3.88.1. If an operating-system’s packages includes `(specification->package "nss-certs")', this causes breakage, because that form selects version 3.98, but %base-packages includes 3.88.1, which causes an error on the next `guix system reconfigure' due to conflicting package versions in the profile. Prior to commit 65e8472a4b6fc6f66871ba0dad518b7d4c63595e, the graphical installer would ask users if they wanted to install nss-certs, and put this form into the operating-system’s packages, so there are likely many users affected -- it bit me, and I’ve seen a couple in IRC as well. I think the options to fix this are: 1. Removing (specification->package "nss-certs") from one’s operating-system. 2. Grafting nss-certs 3.98 onto nss-certs 3.88.1. 3. Replacing nss-certs 3.88.1 with 3.98. The most expedient option is 1, as it can be applied by users -- but there’s probably not a good way to communicate that this needs to happen. There was some talk in IRC about grafting nss/nss-certs, but it looks like this didn’t happen. An upgrade is the best path, but would probably need to happen in core-updates, since this rebuilds a large number of packages. Thoughts on this? Thanks, — Ian
