Re: are gnutls binaries available in guix?

[Giovanni Biscuolo]

Hi Tobias

Tobias Geerinckx-Rice  writes:

[...]

> ‘guix environment gnutls’ doesn't provide gnutls; ‘gnu environment 
> --ad-hoc gnutls’ does.

Oh my… "guix environment " provides an augmented environment
needed TO BUILD , it DOES NOT add the package to the
environment: I should self-repeat that 42 times more. 

Thanks! Gio' aka "Guix Fu Panda" :grin:

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature

Re: are gnutls binaries available in guix?

[Tobias Geerinckx-Rice]

Gio',

Giovanni Biscuolo 写道：

I see gnutls package have 3 outputs: out (default)


That's the one.

I tried "guix environment gnutls" and ""guix environment 
gnutls:debug"

but I cannot find the binaries.


‘guix environment gnutls’ doesn't provide gnutls; ‘gnu environment 
--ad-hoc gnutls’ does.


Kind regards,

T G-R


signature.asc
Description: PGP signature

are gnutls binaries available in guix?

[Giovanni Biscuolo]

Hello guix,

please how can I install the binary utilities included in gnutls?

I see gnutls package have 3 outputs: out (default), debug and doc: I
tried "guix environment gnutls" and ""guix environment gnutls:debug" but
I cannot find the binaries.

Any hint please?

Thanks, Gio'

-- 
Giovanni Biscuolo


signature.asc
Description: PGP signature

Re: Certificate problem with curl, though icecat works

[Giovanni Biscuolo]

Hi Totor,

Todor Kondić  writes:

[...]

>> I'm going to open a bug report upstream (gnutls), thanks for your
>> report.

This is the bug report https://gitlab.com/gnutls/gnutls/-/issues/1062

I checked other OCSP issues and I did not understand if this is already
fixed in latest GnuTLS releases

> Thanks for confirming this!

(Y)

> I pulled the newest Guix and updated gnutls and that did not solve the
> issue.

Me too, but…

I'm not explicitly installing gnutls in my profile (via manifest), I'm just 
installing
curl and in that profile I get:

--8<---cut here---start->8---

giovanni@roquette: gnutls-cli --version
gnutls-cli 3.6.7
Copyright (C) 2000-2020 Free Software Foundation, and others, all rights 
reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later 


Please send bug reports to:  

--8<---cut here---end--->8---

But:

--8<---cut here---start->8---

giovanni@roquette: curl --version
curl 7.71.0 (x86_64-unknown-linux-gnu) libcurl/7.71.0 GnuTLS/3.6.14 zlib/1.2.11 
libidn2/2.3.0 nghttp2/1.41.0
Release-Date: 2020-06-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 
pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz 
NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets

--8<---cut here---end--->8---

curl should use gnutls 3.6.14... I should double check my profile update

I'll report as soon as I understand what's happening

Thanks, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature

Re: Problems with McCLIM (Common Lisp)

[Guillaume Le Vaillant]

Hi,

Ricardo Wurmus  skribis:

> I’d like to play with McCLIM, but I don’t know enough about Common Lisp
> to understand how to launch the examples.

When I packaged McCLIM, I only made the packages for the main McCLIM
library. IIRC the examples also use some extra extensions that I have
not packaged, so they might not work out of the box (even if the error
with mcclim-layouts/tab had not happened).

> Here’s what I’ve done:
>
> guix install sbcl sbcl-mcclim sbcl-slime-swank
>
> This is the first question, actually: if I don’t manually install
> sbcl-slime-swank I get errors complaining about swank being absent.
> Should sbcl-mcclim propagate sbcl-slime-swank?

sbcl-slime-swank is actually an alias for cl-slime-swank because,
according to a comment in lisp-xyz.scm, "SLIME does not have a ASDF
system definition to build all of Swank". So in fact there is no
pre-compiled package for Swank, and this is why it needs to be 
available to packages that depend on it (directly or indirectly) so that
they can compile it before using it.


Pierre Neidhardt  skribis:

> Hi Ricardo,
> [...]
>> Then I tried
>>
>> (require :clim-examples)
>>
>> but it fails with “Don't know how to REQUIRE CLIM-EXAMPLES.”.  So I
>> loaded the asd file manually:
>>
>> (load 
>> "/home/rekado/.guix-profile/share/common-lisp/sbcl-source/mcclim/Examples/clim-examples.asd")
>
> Only the .asd files in the well known locations are recognized by ASDF
> if I'm not mistaken.
>
> Note that an .asd can forward to another.  So here the problem seems to
> be with the main McCLIM .asd file.  This could be a Guix problem, see below.
>
>> Now at least clim-examples appears to be found:
>>
>>(asdf:load-system "clim-examples")
>>
>> This fails with this error:
>>
>> --8<---cut here---start->8---
>> debugger invoked on a ASDF/FIND-COMPONENT:MISSING-DEPENDENCY in thread
>> #:
>>   Component #:MCCLIM-LAYOUTS/TAB not found, required by
>>   #
>> --8<---cut here---end--->8---
>>
>> I see that “lib/sbcl/mcclim-layouts-tab.asd” exists, but loading it
>> doesn’t help.
>
> What's the error then?
>
> Try
>
> --8<---cut here---start->8---
> (asdf:locate-system :mcclim-layouts/tab)
> --8<---cut here---end--->8---
>
> It will tell you where the system is.
> If it does not find it, it means the .asd file did not do  the job.

The SBCL build system currently doesn't accept pre-compiled sbcl-*
packages having a slash in their name. Slashes are replaced with
hyphens, and the ASDF system name for the pre-compiled package for
"mcclim-layouts/tab" is in fact "mcclim-layouts-tab". Some package
definitions have a phase changing slashes to hyphens in asd files when
necessary (see for example the package definition for
sbcl-mcclim-extensions), however the asd files in
"share/common-lisp/sbcl-source/mcclim/" still use the system names with
slashes, this is why when loading the "clim-examples.asd" file by hand
you get an error saying that "mcclim-layouts/tab" would not be found.

> With all that said, here comes the most important piece of information:
> our SBCL build system has some serious flaws, most importantly because
> it _rewrites_ the .asd files.  This could be why the examples cannot be
> found or why mcclim-layouts/tab causes problem.
>
> Personally I've stopped using sbcl- packages altogether.  I'm not
> exclusively using cl-* packages.  The drawback is that the .fasl must be
> built the first time, but then you get the smoothest experience just
> like with Quicklisp.
>
> The only exception to this, in my experience, is Osicat (the POSIX
> library): the cl-* version does not work but that's an upstream issue.
> For this one I use sbcl-osicat.
>
> Hope that helps! :)

I agree that the asdf-build-system could need an overhaul.

Currently the sbcl-xxx package is the base definition and the cl-xxx and
ecl-xxx packages are derived from it, I think it would make more sense
make cl-xxx the base definition and derive sbcl-xxx and ecl-xxx from it.

The "deliver-asd" operation has been fixed in recent versions of ASDF,
so maybe it would be possible to use it instead of our home-made
functions to create asd files for the bundles.

Another approach could be not to use ASDF bundles at all, and just use
the regular compilation operation of ASDF, except the fasl files would
be put it "/gnu/store/..." instead of "$HOME/.cache/common-lisp/...",
and our asdf-build-system would indicate to ASDF where to search for the
files.


signature.asc
Description: PGP signature

Re: Certificate problem with curl, though icecat works

[Todor Kondić]

‐‐‐ Original Message ‐‐‐
On Thursday, 13 August 2020 08:55, Giovanni Biscuolo  wrote:

> Giovanni Biscuolo g...@xelera.eu writes:
>
> [...]
>
> > > $ curl 
> > > https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
> > > curl: (60) server certificate verification failed. CAfile: 
> > > /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt 
> > > CRLfile: none
> > > More details here: https://curl.haxx.se/docs/sslcerts.html
> > > ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is 
> > > set properly.
> >
> > This is similar to
> > https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html
>
> No, this is a different issue:
>
> --8<---cut here---start->8---
>
> gnutls-cliactorws.epa.gov
>
> Processed 128 CA certificate(s).
> Resolving 'actorws.epa.gov:443'...
> Connecting to '134.67.99.60:443'...
>
> -   Certificate type: X.509
>
> -   Got a certificate list of 2 certificates.
>
> -   Certificate[0] info:
>
> -   subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection 
> Agency,L=Durham,ST=North Carolina,C=US', issuer`CN=DigiCert SHA2 Secure 
> Server CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, 
> RSA key 2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 
> UTC', expires`2021-04-19 12:00:00 UTC', 
> pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
> Public Key ID:
> sha1:884a27ada33cc533411036cde08f7c83bee2580e
> sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
> Public Key PIN:
> pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=
>
> -   Certificate[1] info:
>
> -   subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', 
> issuer`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', 
> serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using 
> RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires`2023-03-08 12:00:00 
> UTC', pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
> |<1>| Got OCSP response with an unrelated certificate.
>
> -   Status: The certificate is NOT trusted. The received OCSP status response 
> is invalid.
> *** PKI verification of server certificate failed...
> *** Fatal error: Error in the certificate.
> [~]-
>
> --8<---cut here---end--->8---
>
>
> I'm going to open a bug report upstream (gnutls), thanks for your
> report.
>
> Best regards, Gio'
>
> 
>
> Giovanni Biscuolo
>
> Xelera IT Infrastructures


Thanks for confirming this! I pulled the newest Guix and updated gnutls and 
that did not solve the issue. Please let me know when you post the issue, so I 
can track it.

Re: Why the static library will delete after the package installation of dlib?

[Efraim Flashner]

On Wed, Aug 12, 2020 at 05:48:29PM +0430, Hamzeh Nasajpour wrote:
> Hi,
> 
> I'm using `dlib` in a project and I found that the static library will be 
> deleted in the `delete-static-library` phase in the package installation. 
> Why? 
> 
> https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/machine-learning.scm#n814
> 
> Is there any problem to comment these lines for using the `dlib` as library? 
> (line 814 - 817)
> 
> Regards,
> Hamzeh

We normally try to delete the static library so the shared library is
available and overall the package takes less space. I see, however, that
dlib defaults to static and doesn't build both by default, leaving out
package without any library installed.

This should be fixed shortly, with a shared library now in the lib
directory.

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature

Re: Certificate problem with curl, though icecat works

[Giovanni Biscuolo]

Giovanni Biscuolo  writes:

[...]

>> $ curl 
>> https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
>>
>> curl: (60) server certificate verification failed. CAfile: 
>> /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: 
>> none
>> More details here: https://curl.haxx.se/docs/sslcerts.html
>>
>> ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set 
>> properly.
>
> This is similar to
> https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html

No, this is a different issue:

--8<---cut here---start->8---

gnutls-cli actorws.epa.gov

Processed 128 CA certificate(s).
Resolving 'actorws.epa.gov:443'...
Connecting to '134.67.99.60:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection 
Agency,L=Durham,ST=North Carolina,C=US', issuer `CN=DigiCert SHA2 Secure Server 
CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, RSA key 
2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 UTC', 
expires `2021-04-19 12:00:00 UTC', 
pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
Public Key ID:
sha1:884a27ada33cc533411036cde08f7c83bee2580e

sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
Public Key PIN:
pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=

- Certificate[1] info:
 - subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', issuer 
`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 
0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256, 
activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', 
pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
|<1>| Got OCSP response with an unrelated certificate.
- Status: The certificate is NOT trusted. The received OCSP status response is 
invalid. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
[~]-

--8<---cut here---end--->8---

I'm going to open a bug report upstream (gnutls), thanks for your
report.

Best regards, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature