Marius Bakke <mba...@fastmail.com> skribis: >>> guix/build/download.scm:383:6: In procedure tls-wrap: >>> guix/build/download.scm:383:6: X.509 certificate of 'static.nvd.nist.gov' >>> could not be verified: >>> signer-not-found >>> invalid > > That's interesting, I have a similar problem after rebuilding my GuixSD > system from latest git and rebooting. The substituter consistently fails > to verify mirror.hydra.gnu.org. Passing --no-substitutes works, however. > > substitute: Backtrace: > substitute: In ice-9/boot-9.scm: > substitute: 157: 9 [catch #t #<catch-closure 187c840> ...] > substitute: In unknown file: > substitute: ?: 8 [apply-smob/1 #<catch-closure 187c840>] > substitute: In ice-9/boot-9.scm: > substitute: 63: 7 [call-with-prompt prompt0 ...] > substitute: In ice-9/eval.scm: > substitute: 432: 6 [eval # #] > substitute: In ice-9/boot-9.scm: > substitute: 2401: 5 [save-module-excursion #<procedure 1899940 at > ice-9/boot-9.scm:4045:3 ()>] > substitute: 4050: 4 [#<procedure 1899940 at ice-9/boot-9.scm:4045:3 ()>] > substitute: 1724: 3 [%start-stack load-stack ...] > substitute: 1729: 2 [#<procedure 18b1ea0 ()>] > substitute: In unknown file: > substitute: ?: 1 [primitive-load > "/gnu/store/84favpg3n9wxx3sv7v3sd6y0s8722p35-guix-0.11.0-1.324a/bin/.guix-real"] > substitute: In guix/ui.scm: > substitute: 1220: 0 [run-guix-command substitute "--query"] > substitute: > substitute: guix/ui.scm:1220:8: In procedure run-guix-command: > substitute: guix/ui.scm:1220:8: X.509 certificate of 'mirror.hydra.gnu.org' > could not be verified: > substitute: signer-not-found > substitute: invalid > substitute: > guix package: error: build failed: substituter `substitute' died unexpectedly > > Rebuilding Guix from source did not help, but booting into an older > generation works. I'm guessing the daemon needs SSL_CERT_DIR, or call > `guix download` without verifying TLS certificates.
Oh, I had overlooked that, indeed. I’ll disable certificate verification in ‘guix substitute’: it doesn’t provide any additional guarantee since we authenticate narinfos and nars. Done in commits 166ba5b10207f44360e218d9e3f00772d09bc7cd and 998f9ac56df6c8cc2ca383c0309f394b262d7f6a. You should now be able to reconfigure GuixSD with --no-substitute to get the fix. Thank you! Ludo’.