Nixpkgs: SSL Issues prevent Racket package installation

Created on 24 Jul 2019  路  5Comments  路  Source: NixOS/nixpkgs

Describe the bug
Cannot install a racket pkg because of ssl issues

To Reproduce
Steps to reproduce the behavior:

  1. start a shell with the racket-minimal package
  2. raco pkg install --auto beautiful-racket

Expected behavior
Package should be installed

Additional context

jurpeedurps-MacBook-Pro:banal-olive jurpeedurp$ raco pkg install --auto beautiful-racket
openssl: x509-root-sources: cert sources do not exist: "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt", "/nix/store/p8mij6v6gnzz8hb3ksz49hnyf5l5ql1q-openssl-1.0.2s/etc/ssl/certs"; override using SSL_CERT_FILE, SSL_CERT_DIR
Resolving "beautiful-racket" via https://download.racket-lang.org/releases/7.3/catalog/
ssl-connect: connect failed (error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed)
  context...:
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/openssl/mzssl.rkt:1472:8: loop
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/openssl/../racket/private/more-scheme.rkt:261:28
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/net/http-client.rkt:67:0: http-conn-open!10
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/net/http-client.rkt:272:0
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/racket/contract/private/arrow-val-first.rkt:430:3
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/net/url.rkt:195:0: http://getpost-impure-port
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/net/url.rkt:302:2: redirection-loop
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/racket/contract/private/arrow-val-first.rkt:430:3
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/network.rkt:59:3
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/catalog.rkt:218:0: read-from-server
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/catalog.rkt:138:9: for-loop
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/catalog.rkt:135:2: lookup-normally
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/../../racket/private/more-scheme.rkt:261:28
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/prefetch.rkt:128:2
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/catalog.rkt:132:0: package-catalog-lookup9
   /nix/store/12bg2d16bw95g27gk52p385k9ha9gd6h-racket-minimal-7.3/share/racket/collects/pkg/private/catalog.rkt:200:0: package-catalog-lookup-source19
   ...

Metadata

  • system: "x86_64-darwin"
  • host os: Darwin 18.6.0, macOS 10.14.5
  • multi-user?: no
  • sandbox: no
  • version: nix-env (Nix) 2.2.2
  • channels(jurpeedurp): "nixpkgs-19.09pre183693.baa75f0c25a"
  • nixpkgs: /Users/jurpeedurp/.nix-defexpr/channels/nixpkgs
bug stale
Source
picture jurpeedurp

All 5 comments

Manually exporting SSL_CERT_FILE=/Users/jurpeedurp/.nix-profile/etc/ssl/certs/ca-bundle.crt is a temporary workaround.

jurpeedurp picture jurpeedurp on 25 Jul 2019
👍1

@jurpeedurp That worked for me. Is there way to circumvent the manual set-up?

BonfaceKilz picture BonfaceKilz on 12 Mar 2020

Doesn't reproduce on NixOS; suspecting that this is Darwin-specific. I also installed the herbie package, which I needed for unrelated reasons, without problems. Hope this helps narrow it down.

MostAwesomeDude picture MostAwesomeDude on 16 Apr 2020
👍1

@MostAwesomeDude that also affects FreeBSD. At the time of writing https://github.com/NixOS/nixpkgs/issues/65337#issuecomment-598412788, I was running one.

BonfaceKilz picture BonfaceKilz on 16 Apr 2020

Hello, I'm a bot and I thank you in the name of the community for opening this issue.

To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.

The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.

If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them.

Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel.

stale[bot] picture stale[bot] on 14 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  路  3Comments
ob7 picture ob7  路  3Comments
retrry picture retrry  路  3Comments
edolstra picture edolstra  路  3Comments
spacekitteh picture spacekitteh  路  3Comments