[bug#55297,0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones

Message ID	dd38681508c8f591655f17171d573d448a9982ce.camel@telenet.be
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones Resent-From: Maxime Devos <maximedevos@telenet.be> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 07 May 2022 08:36:02 +0000 Resent-Message-ID: <handler.55297.B.165191251914389@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: 55297@debbugs.gnu.org Message-ID: <dd38681508c8f591655f17171d573d448a9982ce.camel@telenet.be> From: Maxime Devos <maximedevos@telenet.be> Date: Sat, 07 May 2022 10:35:00 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-dfVwmHv0LQwfDUiVD9lE" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 Received-SPF: pass client-ip=2a02:1800:110:4::f00:1a; envelope-from=maximedevos@telenet.be; helo=albert.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches
Series	Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones \| expand [bug#55297,0/10] Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones [bug#55297,01/10] search-paths: Define $SSL_CERT_DIR and $SSL_CERT_FILE. [bug#55297,02/10] gnu: openssl: Use $SSL_CERT_DIR/$SSL_CERT_FILE. [bug#55297,03/10] gnu: cuirass: Use $SSL_CERT_DIR. [bug#55297,04/10] gnu: cmake-bootstrap: Use $SSL_CERT_DIR/$SSL_CERT_FILE. [bug#55297,05/10] gnu: curl: Use $SSL_CERT_DIR/$SSL_CERT_FILE. [bug#55297,06/10] gnu: guix: Use $SSL_CERT_DIR. [bug#55297,07/10] gnu: youtube-dl: Add missing $SSL_CERT_DIR/FILE search paths. [bug#55297,08/10] gnu: youtube-dl-gui: Add search paths of 'youtube-dl'. [bug#55297,09/10] gnu: youtube-viewer: Add search paths of 'youtube-dl'. [bug#55297,10/10] gnu: w3m: Add $SSL_CERT_DIR/$SSL_CERT_FILE search paths..

Message ID

dd38681508c8f591655f17171d573d448a9982ce.camel@telenet.be

Headers

Subject: [bug#55297] [PATCH 0/10] Make adding SSL_CERT_FILE/DIR search paths
 easier and add some missing ones
Resent-From: Maxime Devos <maximedevos@telenet.be>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 07 May 2022 08:36:02 +0000
Resent-Message-ID: <handler.55297.B.165191251914389@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: 55297@debbugs.gnu.org
Message-ID: <dd38681508c8f591655f17171d573d448a9982ce.camel@telenet.be>
From: Maxime Devos <maximedevos@telenet.be>
Date: Sat, 07 May 2022 10:35:00 +0200
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-dfVwmHv0LQwfDUiVD9lE"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
Received-SPF: pass client-ip=2a02:1800:110:4::f00:1a;
 envelope-from=maximedevos@telenet.be; helo=albert.telenet-ops.be
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
 <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-getmail-retrieved-from-mailbox: Patches

Series

Make adding SSL_CERT_FILE/DIR search paths easier and add some missing ones | expand

Message

M May 7, 2022, 8:35 a.m. UTC

Hi,

This patch series adds $SSL_CERT_DIR/$SSL_CERT_FILE to youtube-dl, some
dependents and w3m, as they respect $SSL_CERT_DIR/$SSL_CERT_FILE.

To make this easier (e.g. less duplication), I moved the definition of
$SSL_CERT_DIR/$SSL_CERT_FILE to a single location (guix search-paths)
instead of many separate packages.

This moving was previously rejected by Ludo, but that was in a
different context, maybe in this context it's considered ok?

TODO:

 * [ ] build dependents

Greetings,
Maxime.

Comments

M May 7, 2022, 8:48 a.m. UTC | #1

Maxime Devos schreef op za 07-05-2022 om 10:35 [+0200]:
> 
> TODO:
> 
>  * [ ] build dependents

Looks like data.guix-patches.cbaines.net will do so:
https://data.guix-patches.cbaines.net/revision/5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4
(in-progress at time of writing, not yet completed).

Greetings,
Maxime

M May 7, 2022, 1:38 p.m. UTC | #2

Maxime Devos schreef op za 07-05-2022 om 10:48 [+0200]:
> Maxime Devos schreef op za 07-05-2022 om 10:35 [+0200]:
> > 
> > TODO:
> > 
> >  * [ ] build dependents
> 
> Looks like data.guix-patches.cbaines.net will do so:
> https://data.guix-patches.cbaines.net/revision/5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4
> (in-progress at time of writing, not yet completed).

According to <https://data.guix-patches.cbaines.net/compare/package-derivations?base_commit=312879fddcf0713c0f1dafcc6faa089edbbb6e04&target_commit=5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4&build_change=broken&after_name=&limit_results=40>,
there are no new build failures.


However, according to
<https://data.guix-patches.cbaines.net/compare/package-derivations?base_commit=312879fddcf0713c0f1dafcc6faa089edbbb6e04&target_commit=5e5fafa3cd6e6d9b8674081a6e43ff2a95d096c4&build_change=still-working&after_name=&limit_results=40>,
there are no ‘still working’ builds either, so maybe I'm misinterpreting things?

Greetings,
Maxime.

Ludovic Courtès May 13, 2022, 3:32 p.m. UTC | #3

Hi!

Maxime Devos <maximedevos@telenet.be> skribis:

> This patch series adds $SSL_CERT_DIR/$SSL_CERT_FILE to youtube-dl, some
> dependents and w3m, as they respect $SSL_CERT_DIR/$SSL_CERT_FILE.
>
> To make this easier (e.g. less duplication), I moved the definition of
> $SSL_CERT_DIR/$SSL_CERT_FILE to a single location (guix search-paths)
> instead of many separate packages.
>
> This moving was previously rejected by Ludo, but that was in a
> different context, maybe in this context it's considered ok?

I don’t remember the previous discussion, but here I think it’s
reasonable.  It’s a case where, effectively, those variables that were
initially OpenSSL-specific are now honored by other pieces of software.

However, the last few patches are incorrect in that, for example, w3m
does not honor these variables by itself (its code doesn’t call getenv):

--8<---------------cut here---------------start------------->8---
$ grep -r SSL_CERT_ $(guix build -S w3m)
/gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:#define CMT_SSL_CERT_FILE N_("PEM encoded certificate file of client")
/gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:     CMT_SSL_CERT_FILE, NULL},
--8<---------------cut here---------------end--------------->8---

Instead, it honors them because it’s linked against OpenSSL.

Likewise for youtube-dl & co.

So I’m omitting the last few patches that add search paths.

I hope that makes sense.

Thanks!

Ludo’.

M May 13, 2022, 3:39 p.m. UTC | #4

Ludovic Courtès schreef op vr 13-05-2022 om 17:32 [+0200]:
> However, the last few patches are incorrect in that, for example, w3m
> does not honor these variables by itself (its code doesn’t call getenv):
> 
> --8<---------------cut here---------------start------------->8---
> $ grep -r SSL_CERT_ $(guix build -S w3m)
> /gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:#define CMT_SSL_CERT_FILE N_("PEM encoded certificate file of client")
> /gnu/store/aqdk56qa1lssjs50gvrii47ccc7ibmkp-w3m-0.5.3+git20210102-checkout/rc.c:     CMT_SSL_CERT_FILE, NULL},
> --8<---------------cut here---------------end--------------->8---
> 
> Instead, it honors them because it’s linked against OpenSSL.
> 
> Likewise for youtube-dl & co.
> 
> So I’m omitting the last few patches that add search paths.

<https://issues.guix.gnu.org/22138> has not been resolved yet though,
so it's still necessary (see experiment in commit message of patch
10/10), though perhaps it could have been worded more precisely.

Greetings,
Maxime.