When trying to use (web client) Guile module, one gets the following error:
--8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs -- guile -c '((@ (web client) http-get) "https://gnu.org";)' Backtrace: In ice-9/boot-9.scm: 1752:10 7 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 6 (apply-smob/0 #<thunk 7f625f6c1300>) In ice-9/boot-9.scm: 724:2 5 (call-with-prompt _ _ #<procedure default-prompt-handle?>) In ice-9/eval.scm: 619:8 4 (_ #(#(#<directory (guile-user) 7f625f6c4c80>))) In ice-9/command-line.scm: 185:19 3 (_ #<input: string 7f625f6be850>) In unknown file: 2 (eval ((@ (web client) http-get) "https://gnu.org";) #<d?>) In web/client.scm: 576:0 1 (http-get "https://gnu.org"; #:body _ # _ #:port _ # #<?> ?) 286:6 0 (tls-wrap #<closed: file 7f6256da2c40> _ # _) web/client.scm:286:6: In procedure tls-wrap: X.509 certificate of 'gnu.org' could not be verified: signer-not-found invalid --8<---------------cut here---------------end--------------->8--- It seems that guile-gnutls fails to find the certificates, which is unexpected. Adding `curl' into the list of packages works around the problem: --8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs curl -- guile -c '((@ (web client) http-get) "https://gnu.org";)' --8<---------------cut here---------------end--------------->8--- We can see the difference boils down to different search paths: --8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs --search-paths export PATH="/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${PATH:+:}$PATH" export GUILE_LOAD_PATH="/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" export GUILE_LOAD_COMPILED_PATH="/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH" --8<---------------cut here---------------end--------------->8--- and --8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs curl --search-paths export PATH="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/bin${PATH:+:}$PATH" export SSL_CERT_DIR="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/etc/ssl/certs" export SSL_CERT_FILE="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/etc/ssl/certs/ca-certificates.crt" export CURL_CA_BUNDLE="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/etc/ssl/certs/ca-certificates.crt" export GUILE_LOAD_PATH="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" export GUILE_LOAD_COMPILED_PATH="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/lib/guile/3.0/site-ccache:/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH" --8<---------------cut here---------------end--------------->8--- I think guile-gnutls should also declare the SSL_* variables, since it needs the certificates for vast majority of things one could want to do with it.. Have a nice day, Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
