Intro

I am trying to ease my way into GUIX by starting with just using it as a package manager, but my effort was stalled early. I’m getting:

$ guix pull Updating channel ‘nonguix’ from Git repository at ‘https://gitlab.com/nonguix/nonguix'… guix pull: error: Git error: the SSL certificate is invalid

This is occurring after adding a couple to channels.scm:

(cons* 
 (channel
  (name 'nonguix)
  (url "https://gitlab.com/nonguix/nonguix")
  (introduction
   (make-channel-introduction
    "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
    (openpgp-fingerprint
     "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
 (channel
  (name 'flat)
  (url "https://github.com/flatwhatson/guix-channel.git")
  (introduction
    (make-channel-introduction
      "33f86a4b48205c0dc19d7c036c85393f0766f806"
      (openpgp-fingerprint
       "736A C00E 1254 378B A982  7AF6 9DBE 8265 81B6 4490"))))
  %default-channels)

I feel like I’m missing something obvious here, but I have seen a few others with this problem. What am I missing?

Solution

The solution came from the official docs¹, thanks to a link from TunaCowbay@reddit² .

guix install nss-certs
export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
export GIT_SSL_CAINFO="$SSL_CERT_FILE"

After this I was able to run a successful guix pull.

Saving settings

For now I’ve put those export settings into my ~/.bash_profile, which will load when a prompt login is started. I’m not sure if that is the best place for them, so I expect that to change as I learn more.

Footnotes

¹ I have not yet read the official docs thoroughly, so I hadn’t seen this: https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html

² Original reddit question, and the path to the answer, here: https://www.reddit.com/r/GUIX/comments/pzvt3n/guix_pull_error_git_error_the_ssl_certificate_is/