Re: Guix and clamav, freshclam doesn't dowload

[白い熊]

Apr 5, 2020 07:29:53 白い熊 :

> Apr 4, 2020 19:36:19 Marius Bakke :
>
>
> > This was actually a bug in Guix that was fixed just now:
> > . Please try again after a 'guix pull', it
> > should work better now! :-)
> >
>
> Yes — it works now! Many thanks. :@)

I'm trying to build on aarch64, it fails while building git-minimal, my 
question is — I don't understand how these inferiors work — why is it building 
git-minimal to download the git checkout?

I have git installed in the profile, shouldn't it just be relying on the full 
git to do the repo pull? Should it be specified somehow in the manifest?

-- 
Best regards / 宜しく御願い致します / S pozdravem / C уважением / Z poważaniem /
Mit freundlichen Grüßen
白い熊

Re: Guix and clamav, freshclam doesn't dowload

[白い熊]

Apr 4, 2020 19:36:19 Marius Bakke :

> This was actually a bug in Guix that was fixed just now:
> . Please try again after a 'guix pull', it
> should work better now! :-)

Yes — it works now! Many thanks. :@)

-- 
Best regards / 宜しく御願い致します / S pozdravem / C уважением / Z poważaniem /
Mit freundlichen Grüßen
白い熊

Re: Guix and clamav, freshclam doesn't dowload

[Marius Bakke]

Hi 白い熊,

白い熊  writes:

> Unfortunately, this fails to install with:
>
> Updating channel 'guix' from Git repository at 
> 'https://git.savannah.gnu.org/git/guix.git'...
> substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
> 1.2 MB will be downloaded:
> /gnu/store/p5qdvijyl3vmq2phzmbgcka6jk7pbmmm-module-import
> /gnu/store/adkz4x95qy12z7d0s4146prx2hcz46y4-module-import-compiled
> /gnu/store/y2q7305gyh01nmngkfkq9gdz8zs3zfi1-compute-guix-derivation
> Backtrace:
> 1 (primitive-load "/home/shiroikuma/.config/guix/current/bin/guix")
> In guix/ui.scm:
> 1936:12 0 (run-guix-command _ . _)
>
> guix/ui.scm:1936:12: In procedure run-guix-command:
> In procedure put-bytevector: Wrong type argument in position 1 (expecting 
> open output port): #

This was actually a bug in Guix that was fixed just now:
.  Please try again after a 'guix pull', it
should work better now!  :-)


signature.asc
Description: PGP signature

Re: Guix and clamav, freshclam doesn't dowload

[白い熊]

Apr 4, 2020 13:53:51 Marius Bakke :

> You will have to use an "inferior"[0]. Here is an untested manifest

Thank you!

Unfortunately, this fails to install with:

Updating channel 'guix' from Git repository at 
'https://git.savannah.gnu.org/git/guix.git'...
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
1.2 MB will be downloaded:
/gnu/store/p5qdvijyl3vmq2phzmbgcka6jk7pbmmm-module-import
/gnu/store/adkz4x95qy12z7d0s4146prx2hcz46y4-module-import-compiled
/gnu/store/y2q7305gyh01nmngkfkq9gdz8zs3zfi1-compute-guix-derivation
Backtrace:
1 (primitive-load "/home/shiroikuma/.config/guix/current/bin/guix")
In guix/ui.scm:
1936:12 0 (run-guix-command _ . _)

guix/ui.scm:1936:12: In procedure run-guix-command:
In procedure put-bytevector: Wrong type argument in position 1 (expecting open 
output port): #


-- 
Best regards / 宜しく御願い致します / S pozdravem / C уважением / Z poważaniem /
Mit freundlichen Grüßen
白い熊

Re: Guix and clamav, freshclam doesn't dowload

[Marius Bakke]

白い熊  writes:

> Apr 3, 2020 18:53:25 Marius Bakke :
>
>
>> ClamAV can be pulled from that branch through an inferior or with
>> 'guix time-machine --branch=core-updates -- install clamav'.
>> 
>> 
>
> I have clamav installed in its own profile using a manifest file. How can I 
> specify the above in the manifest?

You will have to use an "inferior"[0].  Here is an untested manifest
that should create a profile where HTTPS is working (note that you need
to source the /etc/profile script).

(use-modules (guix inferior)
 (guix channels))

(define channels
  ;; A channel with the "core-updates" branch.
  (list (channel
 (name 'guix)
 (url "https://git.savannah.gnu.org/git/guix.git;)
 (branch "core-updates"

(define inferior
  ;; An inferior representing the above channel.
  (inferior-for-channels channels))

;; Create a manifest with ClamAV from the 'core-updates' branch, and
;; cURL + nss-certs to access HTTPS URLs.
(packages->manifest
 (append (lookup-inferior-packages inferior "clamav")
 (map specification->package
  '("curl"   ;to get the SSL_CERT_DIR variable
"nss-certs"  ;to verify TLS certificates


0: https://guix.gnu.org/manual/en/guix.html#Inferiors


signature.asc
Description: PGP signature

Re: Guix and clamav, freshclam doesn't dowload

[白い熊]

Apr 3, 2020 19:51:25 白い熊 :

> Apr 3, 2020 18:53:25 Marius Bakke :
>
> > ClamAV can be pulled from that branch through an inferior or with
> > 'guix time-machine --branch=core-updates -- install clamav'.
> >
> I have clamav installed in its own profile using a manifest file. How can I 
> specify the above in the manifest?

It seems to me that I need to somehow specify the git branch along the 
guidelines example in ¹, however I'm not advanced enough to do this.

Can anyone help me write the manifest file to specify clamav from the above?
—
[1] http://guix.gnu.org/manual/en/html_node/Version-Numbers.html#Version-Numbers


-- 
Best regards / 宜しく御願い致します / S pozdravem / C уважением / Z poważaniem /
Mit freundlichen Grüßen
白い熊

Re: Guix and clamav, freshclam doesn't dowload

[白い熊]

Apr 3, 2020 18:53:25 Marius Bakke :


> ClamAV can be pulled from that branch through an inferior or with
> 'guix time-machine --branch=core-updates -- install clamav'.
> 
> 

I have clamav installed in its own profile using a manifest file. How can I 
specify the above in the manifest?


-- 
Best regards / 宜しく御願い致します / S pozdravem / C уважением / Z poważaniem /
Mit freundlichen Grüßen
白い熊

Re: Guix and clamav, freshclam doesn't dowload

[Tobias Geerinckx-Rice]

Marius,

Marius Bakke 写道：
FWIW this problem has been fixed on the 'core-updates' branch 
with
commit a76a343082d61d5303b61a9e4cbde4ab8515a1e7.  Now all 
libcurl users

will respect the same search paths.

ClamAV can be pulled from that branch through an inferior or 
with

'guix time-machine --branch=core-updates -- install clamav'.


Wond'rous news!  Thanks for saving me from reading C today ♥

Kind regards,

T G-R


signature.asc
Description: PGP signature

Re: Guix and clamav, freshclam doesn't dowload

[Marius Bakke]

Tobias Geerinckx-Rice  writes:

> Let's see how we can patch freshclam to point libcurl in the right 
> direction…

FWIW this problem has been fixed on the 'core-updates' branch with
commit a76a343082d61d5303b61a9e4cbde4ab8515a1e7.  Now all libcurl users
will respect the same search paths.

ClamAV can be pulled from that branch through an inferior or with
'guix time-machine --branch=core-updates -- install clamav'.


signature.asc
Description: PGP signature

Re: Guix and clamav, freshclam doesn't dowload

[Tobias Geerinckx-Rice]

白い熊,

白い熊 写道：

Now, running freshclam, I get:

ClamAV update process started at Fri Apr 3 14:28:23 2020
daily database available for download (remote version: 25770)
WARNING: Download failed (60) WARNING: Message: SSL peer 
certificate or SSH remote key was not OK


This means that (lib)curl couldn't local trust store against which 
to verify the server's certificate.


freshclam uses libcurl to download files, and the libcurl authors 
have for better or worse decreed that every user has to take care 
of pointing libcurl to the local store (instead of honouring 
CURL_CA_BUNDLE in the library).


On most systems this isn't a problem because the default (/etc/…) 
location exists.  Not so on Guix: we rely entirely on 
CURL_CA_BUNDLE being set to the correct location in /gnu/store.


Let's see how we can patch freshclam to point libcurl in the right 
direction…


Kind regards,

T G-R


signature.asc
Description: PGP signature

Guix and clamav, freshclam doesn't dowload

[白い熊]

Hi Guix:

Anyone using clamav? I installed it, edited the config files copied them to 
location where “clamconf” sees them.

Now, running freshclam, I get:

ClamAV update process started at Fri Apr 3 14:28:23 2020
daily database available for download (remote version: 25770)
WARNING: Download failed (60) WARNING: Message: SSL peer certificate or SSH 
remote key was not OK
WARNING: getcvd: Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Trying again in 5 secs...
daily database available for download (remote version: 25770)
WARNING: Download failed (60) WARNING: Message: SSL peer certificate or SSH 
remote key was not OK
WARNING: getcvd: Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Trying again in 5 secs...
daily database available for download (remote version: 25770)
ERROR: Download failed (60) ERROR: Message: SSL peer certificate or SSH remote 
key was not OK
ERROR: getcvd: Can't download daily.cvd from 
https://database.clamav.net/daily.cvd
Giving up on https://database.clamav.net...
ERROR: Update failed for database: daily
WARNING: fc_update_databases: fc_update_database failed: Connection failed (5)
ERROR: Database update process failed: Connection failed (5)
ERROR: Update failed.

The only page I've found with a relevant similar situation is here¹. It's on 
Windows — but similar SSL error. I tried sending a HEAD request as he comments:

curl -I https://database.clamav.net

Completes fine, but freshclam won't download anyway.

Anyone using clamav successfully? What could this be?
—
[1] 
https://serverfault.com/questions/1007935/why-does-calling-head-on-this-url-prevent-the-following-error-error-message-s


-- 
Best regards / 宜しく御願い致します / S pozdravem / C уважением / Z poważaniem /
Mit freundlichen Grüßen
白い熊