Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst.
Ricardo Wurmuswrites: > ng0 writes: > >> Ludovic Courtès writes: >> >>> Hi, >>> >>> ng0 skribis: >>> > The ‘nss-certs’ package provides X.509 certificates: > > > https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html I commented nss-certs, enabled or disabled it made no difference to the resulting binary. >>> >>> You need to have ‘nss-certs’ installed, *and* set the environment >>> variables mentioned above (depending on whether you use OpenSSL, GnuTLS, >>> Git, etc.; for GnuTLS, I think there’s no such environment variable.) >>> >>> HTH! >>> Ludo’. >> >> Thanks. >> >> Can you be more specific on why it could fail when all of this is set in >> the user environment? I did all of this, and it still fails. environment >> values exported in my user profile, nss-certs installed in user profile >> and system wide, set nss-certs as an input of pbpst, still: > > What environment variables did you set? The patch for pbpst is very > hard to read, so it’s not obvious what you tried. > > If this tool just shells out to “curl” then it might respect > “CURL_CA_BUNDLE” as per the Curl documentation. > > ~~ Ricardo I had CURL_CA_BUNDLE set, in my profile. This is what I assume I need to do, I've done so and yet it failed. nss-certs is in my profile. I don't know what else I should try. ng0@shadowwalker ~$ echo $CURL_CA_BUNDLE /home/ng0/.guix-profile/etc/ssl/certs/ca-certificates.crt -- ng0
Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst.
ng0writes: > Ludovic Courtès writes: > >> Hi, >> >> ng0 skribis: >> The ‘nss-certs’ package provides X.509 certificates: https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html >>> >>> I commented nss-certs, enabled or disabled it made no difference to the >>> resulting binary. >> >> You need to have ‘nss-certs’ installed, *and* set the environment >> variables mentioned above (depending on whether you use OpenSSL, GnuTLS, >> Git, etc.; for GnuTLS, I think there’s no such environment variable.) >> >> HTH! >> Ludo’. > > Thanks. > > Can you be more specific on why it could fail when all of this is set in > the user environment? I did all of this, and it still fails. environment > values exported in my user profile, nss-certs installed in user profile > and system wide, set nss-certs as an input of pbpst, still: What environment variables did you set? The patch for pbpst is very hard to read, so it’s not obvious what you tried. If this tool just shells out to “curl” then it might respect “CURL_CA_BUNDLE” as per the Curl documentation. ~~ Ricardo
Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst.
Ludovic Courtèswrites: > Hi, > > ng0 skribis: > >>> The ‘nss-certs’ package provides X.509 certificates: >>> >>> >>> https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html >> >> I commented nss-certs, enabled or disabled it made no difference to the >> resulting binary. > > You need to have ‘nss-certs’ installed, *and* set the environment > variables mentioned above (depending on whether you use OpenSSL, GnuTLS, > Git, etc.; for GnuTLS, I think there’s no such environment variable.) > > HTH! > Ludo’. Thanks. Can you be more specific on why it could fail when all of this is set in the user environment? I did all of this, and it still fails. environment values exported in my user profile, nss-certs installed in user profile and system wide, set nss-certs as an input of pbpst, still: ng0@shadowwalker /gnu/store/1ciyxbyciasmdgmad3p2qmp9c3qnrc8i-pbpst-1.2.0-1.e58e573/bin$ ./pbpst --help Usage: pbpst [option ...] pbpst -- a simple tool to pastebin from the command-line Operations: -S, --sync Create a paste -s, --shorten=URLCreate a redirect to URL -R, --remove Delete a paste -U, --update Update a paste -D, --database Operate on the database Options: -h, --help List this help and exit -b, --dbpath=PATHUse the database at PATH -P, --provider=HOST Use HOST as the pb provider -V, --verboseOutput verbosely --list-lexersList available lexers and exit --list-themesList available themes and exit --list-formats List available formatters and exit --versionList the version and exit Run `pbpst -h` with an operation for help with that operation ng0@shadowwalker /gnu/store/1ciyxbyciasmdgmad3p2qmp9c3qnrc8i-pbpst-1.2.0-1.e58e573/bin$ ./pbpst --list-lexers pbpst: Could not create the swap db: File exists pbpst: Ensure no other instances of pbpst are running and that all pastes have been saved pbpst: Then manually remove: /home/ng0/.config/pbpst/.db.json.swp ng0@shadowwalker /gnu/store/1ciyxbyciasmdgmad3p2qmp9c3qnrc8i-pbpst-1.2.0-1.e58e573/bin$ rm /home/ng0/.config/pbpst/.db.json.swp ng0@shadowwalker /gnu/store/1ciyxbyciasmdgmad3p2qmp9c3qnrc8i-pbpst-1.2.0-1.e58e573/bin$ ./pbpst --list-lexers pbpst: Listing failed: Peer certificate cannot be authenticated with given CA certificates -- ng0 For non-prism friendly talk find me on http://www.psyced.org
Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst.
Hi, ng0skribis: >> The ‘nss-certs’ package provides X.509 certificates: >> >> >> https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html > > I commented nss-certs, enabled or disabled it made no difference to the > resulting binary. You need to have ‘nss-certs’ installed, *and* set the environment variables mentioned above (depending on whether you use OpenSSL, GnuTLS, Git, etc.; for GnuTLS, I think there’s no such environment variable.) HTH! Ludo’.
Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst.
Hi, Ludovic Courtèswrites: > ng0 skribis: > >> First things first: Corrections will happen, this is not what I ask >> for. I need help with getting pbpst (which just uses curl for this) to >> learn about the certificates on the system. > > [...] > >> + (modify-phases %standard-phases >> + (replace 'configure >> + (lambda _ >> + (substitute* "Makefile" >> + (("@./make.sh") "") >> + ;; XXX: Because this is a drop-in replacement build >> system, there are >> + ;; some unexplainable special behaviors introduced. One of >> them is that >> + ;; building pbpst binary out to ../dist/pbpst fails, but >> inside cwd >> + ;; "src/" succeeds. I blame dark matter. Fix this if you >> feel the >> + ;; desire for a headache. >> + (("dist/\\$\\(PROGNM\\)") "src/$(PROGNM)") >> + (("src/\\$\\(PROGNM\\)\\.1") "dist/$(PROGNM).1")) >> + (substitute* "Tuprules.tup" >> + (("`git describe --long --tags`") ,version >> + ;;(setenv "SSL_CERT_FILE" "/dev/null"))) ; I have no idea. >> + ;;(setenv "SSL_CERT_DIR" "/etc/ssl/certs") >> + ;;(setenv "SSL_CERT_FILE" >> "/etc/ssl/certs/ca-certificates.crt"))) > > I’m not sure what problem you’re experiencing here. A build environment + log can be viewed at https://dl.n0.is/debug/ or https://tor.n0.is for the onion (we are working on getting a .gnu for gnunet access). > However, note that the build environment lacks /etc/ssl as discussed here: > > > https://www.gnu.org/software/guix/manual/html_node/Build-Environment-Setup.html#index-chroot That is the build environment, the problem appears after the build. The application itselfs just uses curl and the abilities of curl I was assured by the developer, so there has to be something, but as I never encountered this before on Guix I don't know where to start. strace wasn't insightful either, neither gdb. > The ‘nss-certs’ package provides X.509 certificates: > > > https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html I commented nss-certs, enabled or disabled it made no difference to the resulting binary. > HTH! > > Ludo’. Thanks for the feedback, -- ng0 For non-prism friendly talk find me on http://www.psyced.org
Re: HELP needed with CA certificates! [PATCH] gnu: Add tup, Add pbpst.
ng0skribis: > First things first: Corrections will happen, this is not what I ask > for. I need help with getting pbpst (which just uses curl for this) to > learn about the certificates on the system. [...] > + (modify-phases %standard-phases > + (replace 'configure > + (lambda _ > + (substitute* "Makefile" > + (("@./make.sh") "") > + ;; XXX: Because this is a drop-in replacement build system, > there are > + ;; some unexplainable special behaviors introduced. One of > them is that > + ;; building pbpst binary out to ../dist/pbpst fails, but > inside cwd > + ;; "src/" succeeds. I blame dark matter. Fix this if you > feel the > + ;; desire for a headache. > + (("dist/\\$\\(PROGNM\\)") "src/$(PROGNM)") > + (("src/\\$\\(PROGNM\\)\\.1") "dist/$(PROGNM).1")) > + (substitute* "Tuprules.tup" > + (("`git describe --long --tags`") ,version > + ;;(setenv "SSL_CERT_FILE" "/dev/null"))) ; I have no idea. > + ;;(setenv "SSL_CERT_DIR" "/etc/ssl/certs") > + ;;(setenv "SSL_CERT_FILE" > "/etc/ssl/certs/ca-certificates.crt"))) I’m not sure what problem you’re experiencing here. However, note that the build environment lacks /etc/ssl as discussed here: https://www.gnu.org/software/guix/manual/html_node/Build-Environment-Setup.html#index-chroot The ‘nss-certs’ package provides X.509 certificates: https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html HTH! Ludo’.