Hi, ngra...@ngraves.fr skribis:
> I've found the reason behind the extremely annoying SSL certification > refusals. > > When I use an installation image, the date is not necessarily set at > the real date. In my case, `date` was set in 2019, and triggered the > SSL verification refusal (not yet valid). Could it be that the clock battery of that computer is dead? Otherwise it’s not supposed to happen. > I don't know why it sometimes doesn't happen. If we can't > fix/automate it at the time we boot in the installation medium, we > should probably add a warning in the manual / a hint in guix pull / a > proper error in guile-git (that could provide more information than > just Git failing) ? The error I see is: --8<---------------cut here---------------start------------->8--- $ guix shell libfaketime -- faketime 2019-01-01 guix pull -p /tmp/p Updating channel 'shepherd' from Git repository at 'https://git.savannah.gnu.org/git/shepherd.git'... guix pull: error: Git error: the SSL certificate is invalid --8<---------------cut here---------------end--------------->8--- I agree it could give more details, but that’s all we get from libgit2 I believe. Worth investigating how this can be improved. That said, what we could/should do is add a ‘--no-check-certificate’ option to ‘pull’ and ‘time-machine’; it would be handy in emergency situations like you described. It should be possible to implement that with the ‘certificate_check’ callback in ‘git_remote_callbacks’. I’ll see what can be done in this area. Thanks, Ludo’.
