New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Julia 1.0.2 fails to check certificate on guixsd system #30157
Comments
Just to be sure, are you using the official binaries? |
Hi, fps@guixsd15 ~/guix-packages$ sha256sum /gnu/store/7p52g50d0nsmvwydz8gqdkdfrjh0jvj8-julia-1.0.2-linux-x86_64.tar.gz e0e93949753cc4ac46d5f27d7ae213488b3fef5f8e766794df0058e1b3d2f142 /gnu/store/7p52g50d0nsmvwydz8gqdkdfrjh0jvj8-julia-1.0.2-linux-x86_64.tar.gz Note. The package definition is here: https://github.com/fps/guix-packages/blob/master/julia-hack.scm |
I should add: I'm not really sure that my opinionated title for this issue report is really accurate. SSL-certificate checks are a complex issue and there might be something else going wrong. I'll change the title to be less opinionated :) |
I'm having the same issue. @fps which lib did you check the hex? copying to |
I actually found this line in |
Sorry, didn't see the comment earlier. Yes, libgit. |
@fps It solved the problem for me too! Could you please explain how you came to the conclusion that you had to "dug around in the shipped libraries with a hex editor" ? And how you did it ? Many thanks !
|
Hi @phfrohring, it's been quite a while since I looked at this so I don't remember it clearly anymore. I think I used maybe an strace on the julia binary which prompted me to see the |
Sooo, @phfrohring, what kind of system do you see the problem on? It seems it's not guix? |
Ok thx ! yes it's guix ! These things directed me to your post and kind help from the Julia slack channel:
|
Is this still an issue? @staticfloat can we close this, since we seem to have done a bunch of work on making sure certificates well over the last few months? |
I can try a newer build in a guix system. I'll try right now. Possibly I'll have to setup a new guix system to check. Should be a couple of hours max. |
Something's still weird: fps@guix101 ~$ julia _ _ _ _(_)_ | Documentation: https://docs.julialang.org (_) | (_) (_) | _ _ _| |_ __ _ | Type "?" for help, "]?" for Pkg help. | | | | | | |/ _` | | | | |_| | | | (_| | | Version 1.1.1 (2019-05-16) _/ |\__'_|_|_|\__'_| | Official https://julialang.org/ release |__/ | (v1.1) pkg> add Flux Cloning default registries into `~/.julia` Cloning registry from "https://github.com/JuliaRegistries/General.git" ERROR: failed to clone from https://github.com/JuliaRegistries/General.git, error: GitError(Code:ECERTIFICATE, Class:SSL, the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA) https://github.com/fps/guix-packages/blob/master/julia-hack.scm Note that guix now includes a "native" julia package, so this package has really lost all reason to exist. And I don't know enough about the used TLS packages to judge wether the problem with this patched up binary release of julia is with guix or with julia. |
And yep. Copying over cert.pem to /etc/pki/tls still fixes it.. |
I'm getting a cert error when following the install instructions for IJulia here: https://github.com/JuliaLang/IJulia.jl System
JuliaDownloaded and installed: https://julialang-s3.julialang.org/bin/linux/aarch64/1.2/julia-1.2.0-linux-aarch64.tar.gz
Repro and error outputGitHub gist with terminal output of error: https://gist.github.com/dgnorton/b667bca40409233014070178767a0d8c |
2019-12-05 update: I am running into the same error too. Unluckily, the error is still there after I copied usr/share/julia/cert.pem to /etc/pki/tls and to /etc/ssl/cert.pem and to append /etc/ssl/certs/ca-certificates.crt. I also tried these environments: $ export|grep SSL Thanks. |
@fps I encountered the same problem as you in version 1.3.0, how did you solve it |
Hi,
I'm bundling a quick and dirty hacked version of a package for julia 1.0.2 (using the binary release) for GuixSD and in the process I stumbled over this problem:
I dug around in the shipped libraries with a hex editor and found this:
prompting me to copy the shipped cert.pem to that location in /etc/pki/tls/cert.pem
Et voila! Julia works now! but that's a dirty hack and julia's libgit2 should use the shipped cert.pem really..
EDIT: The previous paragraph might be completely wrong. Maybe the issue is that the certificates installed in guixsd's /etc/ssl/certs are symlinks to a store item under /gnu/store/...../ca-certificate-bundle/... is a problem?
Thanks
The text was updated successfully, but these errors were encountered: