guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs.

From: pukkamustard
Subject: [bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs.
Date: Sun, 08 Aug 2021 12:36:27 +0000 

Xinglu Chen <public@yoctocell.xyz> writes:
+ ;; Tests are failing as they require certificates to be in /etc/ssl/certs 
+                 #:tests? #f))


The same issue has been mentioned by NixOS people on their bug
tracker[1], they solved[2] it by reading the NIX_SSL_CERT_FILE
environment variable, which automatically gets set in the build
environment if the ‘cacert’ package is specified as an input. I don’t 
know if Guix does something similar.

[1]: <https://github.com/mirage/ca-certs/issues/16>
[2]: <https://github.com/mirage/ca-certs/pull/17>



Thanks for the pointers.
Inspired by the package definition for curl, I tried setting NIX_SSL_CERT_FILE with native-search-paths: 

```
   (native-search-paths
    (list
     (search-path-specification
      (variable "NIX_SSL_CERT_FILE")
      (file-type 'regular)
      (separator #f)                   ;single entry
      (files '("/etc/ssl/certs/ca-certificates.crt")))))
```

and adding `nss-certs` to the native-inputs.

However, this does not work. Some observations/questions:
- The NIX_SSL_CERT_FILE does not appear in the `environment-variables` file when running `guix build -K`. I would have expected it to be set there. - `nss-certs` does not provide the `ca-certificates.crt` file. It is built when creating a profile with the `ca-certificate-bundle` hook. Is this run when creating a build environment?
I seem to be not understanding a lot of things about the build environment ... Pointers very welcome! 


+    (propagated-inputs
+     `(("ocaml-astring" ,ocaml-astring)
+       ("ocaml-bos" ,ocaml-bos)
+       ("ocaml-fpath" ,ocaml-fpath)
+       ("ocaml-rresult" ,ocaml-rresult)
+       ("ocaml-ptime" ,ocaml-ptime)
+       ("ocaml-logs" ,ocaml-logs)
+       ("ocaml-mirage-crypto" ,ocaml-mirage-crypto)
+       ("ocaml-x509" ,ocaml-x509)))
+    (native-inputs
+     `(("ocaml-alcotest" ,ocaml-alcotest)))
+    (synopsis
+     "Detect root CA certificates from the operating system")
+    (description
+ "TLS requires a set of root anchors (Certificate Authorities) to +authenticate servers. This library exposes this list so that it can be 
                        ^
Double spacing.


Fixed in V2.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]