<Svetlana>i got stuck as i dont fancy buying things like the thingpenguin wifi adapter online and i couldnt find it in local stores (i plan to either install guix on a vps or get ethernet, i dont know what would happen earlier)
<DusXMT>The easiest solution would just be to let it know where to look for the openssl forler on startup, but looking at the web and documentation, it seems to be hardcoded in.
<mark_weaver>DusXMT: if your system has /etc/ssl/certs/ca-certificates.crt (as on Debian derivatives), then you can set SSL_CERT_FILE to that. that's only for openssl though.
<mark_weaver>DusXMT: programs that use gnutls each have their own way of configuring this.
<civodul>we should create /etc/ssl/certs in the OS
<mark_weaver>I have a patch to make gnutls look in /etc/ssl/certs for the system-wide CA trust store, but Andreas didn't like it so I never ended up pushing it. I run it locally on my own system though.
<DusXMT>mark_weaver: Excelent, thank you, at least this is something
<mark_weaver>also, for git, you need to set GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
<mark_weaver>I also have SSL_CERT_DIR=/etc/ssl/certs which assumes a Debian layout, but it might be unnecessary as long as SSL_CERT_FILE is set.
<civodul>mark_weaver: please re-ping for the GnuTLS patch
<mark_weaver>okay, I'll try to remember. I'm a bit overloaded at the moment.
<DusXMT>I'm curious, is there a licensing problem of some sort that we don't include ca-certs in Guix, is it difficult to package, or is there some other reason?
<mark_weaver>well, there's no single official upstream ca-certs package to add, and we have to decide which CAs to include.
<mark_weaver>so, we'd essentially have to choose some other organization to follow (mozilla, debian, icecat), or compile/maintain our own set of CA certs to include.
<mark_weaver>well, yes :) but if jxself felt that wildebeest should be removed from machines.scm while he works on building/debugging icecat-31, it would be well worth it IMO. (but I'm not sure it's necessary)
<jxself>I imagine TOR needs packaging as a dependency?
<mark_weaver>jxself: I would be most grateful if you would be willing to do this. My biggest machine has only 2GB of RAM, and besides I'm swamped with Guile work. and I have no graphical browser on my Guix system currently :-(
<jxself>I'm not sure of my ability to complete it though...
<jxself>It's nice that you seem to have more faith in that though.
<mark_weaver>I don't think any of us is particular familiar with the Mozilla code. I would just read the build instructions and hunt on mozilla.org for security fixes for version 31.
<mark_weaver>and then fail to build it because I don't have enough RAM.
<mark_weaver>whatever you come up with would be far better than what we have now.
<mark_weaver>civodul: what about from the (get-bytevector-n p (- 8 m)) at the end of 'read-string' and 'read-latin1-string'? might the padding be missing if the string is at the end of the stream or file?
<mark_weaver>it still might be worth trying to failing test with a breakpoint on 'scm_c_shrink_bytevector', just in case some other module that you're not familiar with is using it (e.g. gnutls bindings)