Am Montag, dem 13.05.2024 um 22:38 +0100 schrieb Christopher Baines: > I've seen this when updating systems, but it seems like something is > wrong with the handling of nss-certs. > > I'm on a guix revision with nss-certs by default, and when I add > nss-certs to my system packages (to simulate not removing it when > upgrading), it breaks certificates (e.g. wget https://guix.gnu.org/ > doesn't work). I can confirm this on three machines (two of my own, one from a relative): Having nss-certs in the packages field unexpectedly breaks all known certificates.
> My reading of the operating-system-packages code suggests that adding > nss-certs shouldn't have any effect, but this doesn't seem to be > working. It would be really nice to detect the mismatching versions if it's based on that. IIUC we graft nss-certs now, so that we can hot-swap stuff like pythons certifi package. Is this use case broken by any chance? Cheers
