bug#26948: gnutls errors on multiple guix commands

[Ludovic Courtès]

Hi Mark,

Mark H Weaver <address@hidden> skribis:

>> In the meantime we can work around it this way:
>>
>> diff --git a/guix/build/download.scm b/guix/build/download.scm
>> index ce4708a87..6ef623334 100644
>> --- a/guix/build/download.scm
>> +++ b/guix/build/download.scm
>> @@ -296,6 +296,13 @@ session record port using PORT as its underlying 
>> communication port."
>>    (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
>>                        (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
>>  
>> +(define (set-certificate-credentials-x509-trust-file!* cred file format)
>> +  "Like 'set-certificate-credentials-x509-trust-file!', but without the file
>> +name decoding bug described at
>> +<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
>> +  (let ((data (call-with-input-file file get-bytevector-all)))
>> +    (set-certificate-credentials-x509-trust-data! cred data format)))
>> +
>>  (define (make-credendials-with-ca-trust-files directory)
>>    "Return certificate credentials with X.509 authority certificates read 
>> from
>>  DIRECTORY.  Those authority certificates are checked when
>> @@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked when
>>                  (let ((file (string-append directory "/" file)))
>>                    ;; Protect against dangling symlinks.
>>                    (when (file-exists? file)
>> -                    (set-certificate-credentials-x509-trust-file!
>> +                    (set-certificate-credentials-x509-trust-file!*
>>                       cred file
>>                       x509-certificate-format/pem))))
>>                (or files '()))
>>
>>
>> WDYT?  I’ll commit it if that’s fine with you.
>
> I'm not sufficiently familiar with GnuTLS to properly review this, but I
> trust your judgement.

Pushed as 27fd13c3c2701204f48fe0012438edbb91957dfc.

Thanks,
Ludo’.