GNU bug report logs -
#49508
Implement --allow-insecure-transport for `guix pull`
Previous Next
To reply to this bug, email your comments to 49508 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#49508
; Package
guix
.
(Sat, 10 Jul 2021 17:29:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Sat, 10 Jul 2021 17:29:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
As discussed in #46829, `guix pull` needs an option like
--allow-insecure-transport so that users can continue to pull from the
same channel even when their local certificate store has expired or is
otherwise invalid.
[0] <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=46829#114>
Added indication that bug 49508 blocks53214
Request was from
Leo Famulari <leo <at> famulari.name>
to
control <at> debbugs.gnu.org
.
(Thu, 03 Feb 2022 17:45:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#49508
; Package
guix
.
(Tue, 08 Feb 2022 10:19:01 GMT)
Full text and
rfc822 format available.
Message #10 received at 49508 <at> debbugs.gnu.org (full text, mbox):
Hi,
Leo Famulari <leo <at> famulari.name> skribis:
> As discussed in #46829, `guix pull` needs an option like
> --allow-insecure-transport so that users can continue to pull from the
> same channel even when their local certificate store has expired or is
> otherwise invalid.
Agreed.
Unfortunately it seems that libgit2 doesn’t let us turn off certificate
verification:
https://libgit2.org/libgit2/#HEAD/group/libgit2
‘verify_server_cert’ in src/streams/openssl.c is called
unconditionally. So it seems that the first thing to do would be to
submit a patch upstream that would allow users to disable certificate
checks via ‘git_libgit2_opts’.
Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are
up-to-date, it should be fine, right?
Thanks,
Ludo’.
Severity set to 'important' from 'normal'
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org
.
(Tue, 08 Feb 2022 10:19:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#49508
; Package
guix
.
(Tue, 08 Feb 2022 17:12:01 GMT)
Full text and
rfc822 format available.
Message #15 received at 49508 <at> debbugs.gnu.org (full text, mbox):
On Tue, Feb 08, 2022 at 11:18:08AM +0100, Ludovic Courtès wrote:
> Unfortunately it seems that libgit2 doesn’t let us turn off certificate
> verification:
>
> https://libgit2.org/libgit2/#HEAD/group/libgit2
>
> ‘verify_server_cert’ in src/streams/openssl.c is called
> unconditionally.
Ah, that's not surprising.
> So it seems that the first thing to do would be to
> submit a patch upstream that would allow users to disable certificate
> checks via ‘git_libgit2_opts’.
Right, but it might not be accepted.
> Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are
> up-to-date, it should be fine, right?
Yeah, I think so.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#49508
; Package
guix
.
(Tue, 01 Nov 2022 17:32:02 GMT)
Full text and
rfc822 format available.
Message #18 received at 49508 <at> debbugs.gnu.org (full text, mbox):
Hello,
> ‘verify_server_cert’ in src/streams/openssl.c is called
> unconditionally. So it seems that the first thing to do would be to
> submit a patch upstream that would allow users to disable certificate
> checks via ‘git_libgit2_opts’.
While this seems like something that we definitely want, I think we
shouldn't block the release with a contribution that can take time to be
upstreamed in libgit2.
Unblocking #53214.
Mathieu
Removed indication that bug 49508 blocks
Request was from
Mathieu Othacehe <mathieu <at> meije.mail-host-address-is-not-set>
to
control <at> debbugs.gnu.org
.
(Tue, 01 Nov 2022 17:33:02 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 183 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.