Re: Errors Linting Package Definition for New Package ruby-net-http-digest-auth
Marius Bakke skribis: >>> guix/build/download.scm:383:6: In procedure tls-wrap: >>> guix/build/download.scm:383:6: X.509 certificate of 'static.nvd.nist.gov' >>> could not be verified: >>> signer-not-found >>> invalid > > That's interesting, I have a similar problem after rebuilding my GuixSD > system from latest git and rebooting. The substituter consistently fails > to verify mirror.hydra.gnu.org. Passing --no-substitutes works, however. > > substitute: Backtrace: > substitute: In ice-9/boot-9.scm: > substitute: 157: 9 [catch #t # ...] > substitute: In unknown file: > substitute:?: 8 [apply-smob/1 #] > substitute: In ice-9/boot-9.scm: > substitute: 63: 7 [call-with-prompt prompt0 ...] > substitute: In ice-9/eval.scm: > substitute: 432: 6 [eval # #] > substitute: In ice-9/boot-9.scm: > substitute: 2401: 5 [save-module-excursion # ice-9/boot-9.scm:4045:3 ()>] > substitute: 4050: 4 [#] > substitute: 1724: 3 [%start-stack load-stack ...] > substitute: 1729: 2 [#] > substitute: In unknown file: > substitute:?: 1 [primitive-load > "/gnu/store/84favpg3n9wxx3sv7v3sd6y0s8722p35-guix-0.11.0-1.324a/bin/.guix-real"] > substitute: In guix/ui.scm: > substitute: 1220: 0 [run-guix-command substitute "--query"] > substitute: > substitute: guix/ui.scm:1220:8: In procedure run-guix-command: > substitute: guix/ui.scm:1220:8: X.509 certificate of 'mirror.hydra.gnu.org' > could not be verified: > substitute: signer-not-found > substitute: invalid > substitute: > guix package: error: build failed: substituter `substitute' died unexpectedly > > Rebuilding Guix from source did not help, but booting into an older > generation works. I'm guessing the daemon needs SSL_CERT_DIR, or call > `guix download` without verifying TLS certificates. Oh, I had overlooked that, indeed. I’ll disable certificate verification in ‘guix substitute’: it doesn’t provide any additional guarantee since we authenticate narinfos and nars. Done in commits 166ba5b10207f44360e218d9e3f00772d09bc7cd and 998f9ac56df6c8cc2ca383c0309f394b262d7f6a. You should now be able to reconfigure GuixSD with --no-substitute to get the fix. Thank you! Ludo’.
Re: Errors Linting Package Definition for New Package ruby-net-http-digest-auth
>> guix/build/download.scm:383:6: In procedure tls-wrap: >> guix/build/download.scm:383:6: X.509 certificate of 'static.nvd.nist.gov' >> could not be verified: >> signer-not-found >> invalid That's interesting, I have a similar problem after rebuilding my GuixSD system from latest git and rebooting. The substituter consistently fails to verify mirror.hydra.gnu.org. Passing --no-substitutes works, however. substitute: Backtrace: substitute: In ice-9/boot-9.scm: substitute: 157: 9 [catch #t # ...] substitute: In unknown file: substitute:?: 8 [apply-smob/1 #] substitute: In ice-9/boot-9.scm: substitute: 63: 7 [call-with-prompt prompt0 ...] substitute: In ice-9/eval.scm: substitute: 432: 6 [eval # #] substitute: In ice-9/boot-9.scm: substitute: 2401: 5 [save-module-excursion #] substitute: 4050: 4 [#] substitute: 1724: 3 [%start-stack load-stack ...] substitute: 1729: 2 [#] substitute: In unknown file: substitute:?: 1 [primitive-load "/gnu/store/84favpg3n9wxx3sv7v3sd6y0s8722p35-guix-0.11.0-1.324a/bin/.guix-real"] substitute: In guix/ui.scm: substitute: 1220: 0 [run-guix-command substitute "--query"] substitute: substitute: guix/ui.scm:1220:8: In procedure run-guix-command: substitute: guix/ui.scm:1220:8: X.509 certificate of 'mirror.hydra.gnu.org' could not be verified: substitute: signer-not-found substitute: invalid substitute: guix package: error: build failed: substituter `substitute' died unexpectedly Rebuilding Guix from source did not help, but booting into an older generation works. I'm guessing the daemon needs SSL_CERT_DIR, or call `guix download` without verifying TLS certificates. signature.asc Description: PGP signature
Re: Errors Linting Package Definition for New Package ruby-net-http-digest-auth
I deleted my local copy of the guix repository and rebuilt it guix from source again, and somehow, this fixed the issue with the X.509 certificates. I can't really explain what was causing the issue, seeing as I'd even installed nss-certs, but it was still failing. I guess this is one way to solve the issue - recompile guix from scratch. -- Frederick M. Muriithi
Re: Errors Linting Package Definition for New Package ruby-net-http-digest-auth
Hello, Leo Famulari skribis: > On Tue, Nov 08, 2016 at 08:41:51PM +0300, Frederick Muriithi wrote: [...] >> Running "./pre-inst-env guix lint ruby-net-http-digest-auth" fails >> with the errors indicated in the attached file lint_log > >> gnu/packages/ruby.scm:4182:2: ruby-net-http-digest-auth-1.4: TLS certificate >> error: ERROR: X.509 certificate of 'github.com' could not be verified: >> signer-not-found >> invalid > > There are two TLS errors (here, for GitHub, and below, for NIST). I'm > not sure but I'd guess that the linter is unable to find your > certificate store, or it lacks the GnuTLS client. Exactly: you need to tell ‘guix lint’ where to find X.509 certificates. This comes from: http://git.savannah.gnu.org/cgit/guix.git/commit/?id=bc3c41ce36349ed4ec758c70b48a7059e363043a For background info, see: https://www.gnu.org/software/guix/manual/html_node/Application-Setup.html#X_002e509-Certificates-1 That said, ‘guix lint’ shouldn’t print an ugly backtrace when that happens. I’ll push a commit that fixes that. Thanks for your report, Frederick! Ludo’.
Re: Errors Linting Package Definition for New Package ruby-net-http-digest-auth
> There are two TLS errors (here, for GitHub, and below, for NIST). I'm > not sure but I'd guess that the linter is unable to find your > certificate store, or it lacks the GnuTLS client. How about if you try > invoking the linter in an environment where you have all of Guix's > dependencies available? Like this: > > $ guix environment guix --pure -- ./pre-inst-env guilx lint > ruby-net-http-digest-auth I tried that and still my system can't seem to find the X.509 certificates. I then hit up the manuals some more to read up on certificates (https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html#X_002e509-Certificates) and tried the same command after setting up as show in the link. Still, my system couldn't find the certificates. So I decided to try and lint an already accepted package, for the fun of it, in this case ruby-concurrent by running: $ guix environment guix --pure -- ./pre-inst-env guilx lint ruby-concurrent The same 2 failing certs, github and static.nvd.nist.gov failed, even in the case of the accepted packages. At this point I am stumped. For more troubleshooting information, I am running Debian 8 "Jessie" $ uname -a Linux localhost 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u2 (2016-10-19) x86_64 GNU/Linux I will keep looking, and should I find out what the issue is on my own, I will update this thread with the results. If anyone has an idea, I'd be grateful for pointers on what I am doing wrong. -- Frederick M. Muriithi
Re: Errors Linting Package Definition for New Package ruby-net-http-digest-auth
On Tue, Nov 08, 2016 at 08:41:51PM +0300, Frederick Muriithi wrote: > I'm new to guix and was trying to contribute a new package, for the > ruby gem net-http-digest_auth > > Running "./pre-inst-env guix build ruby-net-http-digest-auth" runs > with seemingly no errors (I've attached the build log). Yes, that looks fine. > Running "./pre-inst-env guix lint ruby-net-http-digest-auth" fails > with the errors indicated in the attached file lint_log > gnu/packages/ruby.scm:4182:2: ruby-net-http-digest-auth-1.4: TLS certificate > error: ERROR: X.509 certificate of 'github.com' could not be verified: > signer-not-found > invalid There are two TLS errors (here, for GitHub, and below, for NIST). I'm not sure but I'd guess that the linter is unable to find your certificate store, or it lacks the GnuTLS client. How about if you try invoking the linter in an environment where you have all of Guix's dependencies available? Like this: $ guix environment guix --pure -- ./pre-inst-env guilx lint ruby-net-http-digest-auth > gnu/packages/ruby.scm:4207:4: ruby-net-http-digest-auth-1.4: invalid license > field This will need to be corrected as well. > substitute: warning: failed to install locale: Invalid argument > Backtrace: > In ice-9/boot-9.scm: > 1729: 19 [#] > In unknown file: >?: 18 [primitive-load > "/home/frederick/repositories/projects/pjotrp_projects/guix/scripts/guix"] > In guix/ui.scm: > 1220: 17 [run-guix-command lint "ruby-net-http-digest-auth"] > In srfi/srfi-1.scm: > 619: 16 [for-each # (spec)> #] > In guix/scripts/lint.scm: > 882: 15 [run-checkers # #] > In srfi/srfi-1.scm: > 619: 14 [for-each # (checker)> #] > In guix/scripts/lint.scm: > 712: 13 [check-vulnerabilities #] > 707: 12 [# #] > In unknown file: >?: 11 [force # ()>>] > In guix/scripts/lint.scm: > 696: 10 [#] > In ice-9/boot-9.scm: > 157: 9 [catch srfi-34 # > ...] > 157: 8 [catch getaddrinfo-error ...] > In srfi/srfi-1.scm: > 646: 7 [append-map # # #] > 601: 6 [map # (2016 2015 2014 > ...) ...] > In ice-9/boot-9.scm: > 157: 5 [catch system-error # ...] > In guix/cve.scm: > 217: 4 [#] > 79: 3 [call-with-cve-port # 10800 ...] > In guix/http-client.scm: > 238: 2 [loop #] > In guix/build/download.scm: > 483: 1 [open-connection-for-uri # # #f ...] > 383: 0 [tls-wrap # "static.nvd.nist.gov" > #:verify-certificate? #t] > > guix/build/download.scm:383:6: In procedure tls-wrap: > guix/build/download.scm:383:6: X.509 certificate of 'static.nvd.nist.gov' > could not be verified: > signer-not-found > invalid
