[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/04: system: Add 'x509-certificates' field, and populate /etc/ssl/cert

From: Ludovic Courtès
Subject: 03/04: system: Add 'x509-certificates' field, and populate /etc/ssl/certs.
Date: Mon, 02 Mar 2015 22:06:36 +0000

civodul pushed a commit to branch master
in repository guix.

commit e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d
Author: Ludovic Courtès <address@hidden>
Date:   Mon Mar 2 22:25:53 2015 +0100

    system: Add 'x509-certificates' field, and populate /etc/ssl/certs.
    * gnu/system.scm (<operating-system>)[x509-certificates]: New field.
      (etc-directory): Add #:x509-certificates parameter and honor it.
      (operating-system-etc-directory): Pass #:x509-certificates in
      'etc-directory' call.
    * doc/guix.texi (operating-system Reference): Document
 doc/guix.texi  |   13 +++++++++++++
 gnu/system.scm |    8 ++++++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index bd8091a..4be545e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3882,6 +3882,19 @@ Configuration of libc's name service switch (NSS)---a
 @code{<name-service-switch>} object.  @xref{Name Service Switch}, for
address@hidden @code{x509-certificates} (default: @var{nss-certs})
+This field's value must be a package containing X.509 certificates for
+so-called ``Certification Authorities'' (CAs) that is made available in
+the @file{/etc/ssl/certs} directory.  Currently this directory is
+accessed by applications using either the GnuTLS library or the OpenSSL
+By default, certificates from
+Mozilla's Network Security Services} are used.  These are the
+certificates shipped by Mozilla browsers and derivatives such as
 @item @code{services} (default: @var{%base-services})
 A list of monadic values denoting system services.  @xref{Services}.
diff --git a/gnu/system.scm b/gnu/system.scm
index 3fe7833..1c2c986 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -42,6 +42,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages firmware)
   #:autoload   (gnu packages cryptsetup) (cryptsetup)
+  #:use-module (gnu packages certs)
   #:use-module (gnu services)
   #:use-module (gnu services dmd)
   #:use-module (gnu services base)
@@ -77,6 +78,7 @@
+            operating-system-x509-certificates
@@ -140,6 +142,8 @@
                       (default %default-locale-definitions))
   (name-service-switch operating-system-name-service-switch ; 
                        (default %default-nss))
+  (x509-certificates operating-system-x509-certificates     ; package
+                     (default nss-certs))
   (services operating-system-user-services        ; list of monadic services
             (default %base-services))
@@ -412,6 +416,7 @@ settings for 'guix.el' to work out-of-the-box."
                         (pam-services '())
                         (profile "/run/current-system/profile")
                         hosts-file nss
+                        x509-certificates
                         (sudoers ""))
   "Return a derivation that builds the static part of the /etc directory."
   (mlet* %store-monad
@@ -461,6 +466,8 @@ export ASPELL_CONF=\"dict-dir 
                 `(("services" ,#~(string-append #$net-base "/etc/services"))
                   ("protocols" ,#~(string-append #$net-base "/etc/protocols"))
                   ("rpc" ,#~(string-append #$net-base "/etc/rpc"))
+                  ("ssl" ,#~(string-append #$x509-certificates
+                                           "/etc/ssl")) ;for OpenSSL & co.
                   ("emacs" ,#~#$emacs)
                   ("pam.d" ,#~#$pam.d)
                   ("login.defs" ,#~#$login.defs)
@@ -523,6 +530,7 @@ export ASPELL_CONF=\"dict-dir 
                   #:timezone (operating-system-timezone os)
                   #:hosts-file /etc/hosts
                   #:sudoers (operating-system-sudoers os)
+                  #:x509-certificates (operating-system-x509-certificates os)
                   #:profile profile-drv)))
 (define %setuid-programs

reply via email to

[Prev in Thread] Current Thread [Next in Thread]