Nixpkgs: RescueTime doesn't work due to SSL CA certificates
Issue description
When rescuetime is launched, it fails to check the status. The error message is:
Problem with network, please contact RescueTime Support. (77): Problem with reading the SSL CA cert (path? access rights?).
Steps to reproduce
$ nix-env -iA rescuetime
$ rescuetime
Technical details
- Nixpkgs version: Git revision
fa3062d1ef7802fc38ecb6a5b1e2748620c8b860
ocharles
All 11 comments
strace -f -eopen and a bunch of filtering shows:
open("/home/timbeaudet/rescuetime-dependencies/openssl/openssl.cnf", O_RDONLY) = -1 ENOENT (No such file or directory)
Which looks suspcious (I am not timbeaudet!)
ocharles
on 6 Sep 2016
Ok, that was a red herring. It seems that RescueTime works if you have /usr/share/rescuetime/curl-ca-bundle.crt, but I'm not sure how to best fix this problem.
ocharles
on 6 Sep 2016
Patch it to find certificates the same as most of other nixpkgs? IIRC it's /etc/ssl/certs/ca-certificates.crt and overridable by $SSL_CERT_FILE.
vcunat
on 11 Sep 2016
Oh, I didn't notice it's a binary package.
vcunat
on 11 Sep 2016
@ocharles did you fix this? Or just symlink the crt file?
edit I did:
mkdir -p /usr/share/rescuetime/
cd /usr/share/rescuetime
ln -s /etc/ssl/certs/ca-bundle.crt curl-ca-bundle.crt
commandodev
on 14 Oct 2016
So far I have created the sym link from /usr that Rescue Time is expecting.
On 14 Oct 2016 4:42 a.m., "Ben Ford" [email protected] wrote:
@ocharles https://github.com/ocharles did you fix this? Of just symlink
the crt file?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/NixOS/nixpkgs/issues/18314#issuecomment-253742649,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABRjliVbZEDnMl65BNp6c7ZdRplYp7wks5qz0BvgaJpZM4J0_PO
.
ocharles
on 18 Oct 2016
I ran into this same issue, and the above didn't fix it. The below did:
Found this in the strace:
[dnelson@sulaco ~]$ strace /usr/bin/rescuetime |& grep crt
open("/etc/ssl/certs/ca-certificates.crt", O_RDONLY) = -1 ENOENT (No such file or directory)
And then ran:
[dnelson@sulaco ~]$ sudo ln -s /usr/share/rescuetime/curl-ca-bundle.crt /etc/ssl/certs/ca-certificates.crt
Which solved the problem in Fedora 25.
DakotaNelson
on 4 Dec 2016
Thanks @DakotaNelson. I can confirm your suggestion works in openSUSE Tumbleweed 20161014.
chocoelho
on 19 Jan 2017
I've just stumbled upon this from a support ticket, and indeed have had a few issues supporting Linux securely, I have this stackoverflow question which I'm trying to get answered and maybe someone here can help out or at least up vote for more visibility.
ghost
on 30 Jan 2017
Are there any updates to this issue, please?
mmahut
on 10 Aug 2019
Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:
- Search for maintainers and people that previously touched the related code and @ mention them in a comment.
- Ask on the NixOS Discourse.
- Ask on the #nixos channel on irc.freenode.net.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 2 Jun 2020
Related issues
vaibhavsagar
·
3Comments
ghost
·
3Comments
retrry
·
3Comments
tomberek
·
3Comments
teto
·
3Comments
Most helpful comment
I ran into this same issue, and the above didn't fix it. The below did:
Found this in the strace:
And then ran:
Which solved the problem in Fedora 25.