[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25422: GIT_SSL_CAINFO set incorrectly
From: |
Ludovic Courtès |
Subject: |
bug#25422: GIT_SSL_CAINFO set incorrectly |
Date: |
Sat, 14 Jan 2017 22:20:59 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi!
Leo Famulari <address@hidden> skribis:
> Recently, Guix started to set the environment GIT_SSL_CAINFO like a
> search path, instead of pointing to single file, which is what it should
> be.
I don’t think anything has changed, maybe it’s just that your profile
now includes ‘ssl/certs’?
On my GuixSD machine, I still have:
$ env |grep GIT_
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
but that’s because ~/.guix-profile does not contain certificates.
At any rate, you are right that GIT_SSL_CAINFO should be a single file.
There’s a note in the code:
(native-search-paths
;; For HTTPS access, Git needs a single-file certificate bundle, specified
;; with $GIT_SSL_CAINFO.
;; FIXME: This variable designates a single file; it is not a search path.
(list (search-path-specification
(variable "GIT_SSL_CAINFO")
(file-type 'regular)
(files '("etc/ssl/certs/ca-certificates.crt")))))
So we’re abusing the search path mechanism here.
A proper fix might be to add an option in ‘search-path-specification’ to
pick only the first match.
WDYT?
Thanks,
Ludo’.