guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: glib-networking: Prefer 'SSL_CERT_FILE' as TLS CA file.

From: ???
Subject: 01/01: gnu: glib-networking: Prefer 'SSL_CERT_FILE' as TLS CA file.
Date: Fri, 14 Aug 2015 10:33:17 +0000 
iyzsong pushed a commit to branch wip-glib-networking-tls
in repository guix.

commit 8a10487cf11a516a51eb99461200d4fe8489e655
Author: 宋文武 <address@hidden>
Date:   Fri Aug 14 18:10:10 2015 +0800

    gnu: glib-networking: Prefer 'SSL_CERT_FILE' as TLS CA file.
    
    This is an improvement over commit af6100f.
    
    * gnu/packages/gnome.scm (glib-networking)[source](patches): New field.
      [arguments]: Pass '/etc/ssl/certs/ca-certificates.crt' to configure.
      Set 'SSL_CERT_FILE' to '/dev/null' in 'use-empty-ssl-cert-file' phase.
      (libsoup)[arguments]: Set 'SSL_CERT_FILE' to '/dev/null' in
      'pre-check' phase.
    * gnu/packages/patches/glib-networking-ssl-cert-file.patch: New patch.
    * gnu-system.am (dist_patch_DATA): Add it.
---
 gnu-system.am                                      |    1 +
 gnu/packages/gnome.scm                             |   24 +++++++++++-----
 .../patches/glib-networking-ssl-cert-file.patch    |   29 ++++++++++++++++++++
 3 files changed, 47 insertions(+), 7 deletions(-)

diff --git a/gnu-system.am b/gnu-system.am
index f9db6ac..acf9a24 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -455,6 +455,7 @@ dist_patch_DATA =                                           
\
   gnu/packages/patches/ghostscript-CVE-2015-3228.patch         \
   gnu/packages/patches/ghostscript-runpath.patch               \
   gnu/packages/patches/gitolite-openssh-6.8-compat.patch       \
+  gnu/packages/patches/glib-networking-ssl-cert-file.patch     \
   gnu/packages/patches/glib-tests-desktop.patch                        \
   gnu/packages/patches/glib-tests-homedir.patch                        \
   gnu/packages/patches/glib-tests-prlimit.patch                        \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index e510eb5..80c13dc 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1872,12 +1872,13 @@ library.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ij33bhvn7y5gagx4sbrw906dsjjjs9dllxn73pzv6x97c6k92lg"))))
+                "0ij33bhvn7y5gagx4sbrw906dsjjjs9dllxn73pzv6x97c6k92lg"))
+              (patches
+               (list (search-patch "glib-networking-ssl-cert-file.patch")))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
-       ;; FIXME: ca-certificates.crt is not available in the build environment.
-       '("--with-ca-certificates=no")
+       '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-giomoduledir
@@ -1886,7 +1887,13 @@ library.")
                        (substitute* "configure"
                          (("GIO_MODULE_DIR=.*")
                           (string-append "GIO_MODULE_DIR=" %output
-                                         "/lib/gio/modules\n"))))))))
+                                         "/lib/gio/modules\n")))))
+         (add-before 'check 'use-empty-ssl-cert-file
+                     (lambda _
+                       ;; The ca-certificates.crt is not available in the build
+                       ;; environment.
+                       (setenv "SSL_CERT_FILE" "/dev/null")
+                       #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)))
@@ -1968,11 +1975,14 @@ libxml to ease remote use of the RESTful API.")
                        (substitute* "tests/socket-test.c"
                          ((".*/sockets/unconnected.*") ""))
                        #t))
-         (add-before 'check 'unset-LC_ALL
-                     ;; The 'check-local' target runs 'env LANG=C sort -u',
-                     ;; unset 'LC_ALL' to make 'LANG' working.
+         (add-before 'check 'pre-check
                      (lambda _
+                       ;; The 'check-local' target runs 'env LANG=C sort -u',
+                       ;; unset 'LC_ALL' to make 'LANG' working.
                        (unsetenv "LC_ALL")
+                       ;; The ca-certificates.crt is not available in the build
+                       ;; environment.
+                       (setenv "SSL_CERT_FILE" "/dev/null")
                        #t)))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-mkenums
diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch 
b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
new file mode 100644
index 0000000..32bdd07
--- /dev/null
+++ b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
@@ -0,0 +1,29 @@
+From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <address@hidden>
+Date: Fri, 14 Aug 2015 17:28:36 +0800
+Subject: [PATCH] gnutls: Allow overriding the anchor file location by
+ 'SSL_CERT_FILE'
+
+---
+ tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
+index 55ec1a5..217d3c8 100644
+--- a/tls/gnutls/gtlsbackend-gnutls.c
++++ b/tls/gnutls/gtlsbackend-gnutls.c
+@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database 
(GTlsBackendGnutls  *self,
+                                            GError            **error)
+ {
+   const gchar *anchor_file = NULL;
++  anchor_file = g_getenv ("SSL_CERT_FILE");
+ #ifdef GTLS_SYSTEM_CA_FILE
+-  anchor_file = GTLS_SYSTEM_CA_FILE;
++  if (!anchor_file)
++    anchor_file = GTLS_SYSTEM_CA_FILE;
+ #endif
+   return g_tls_file_database_new (anchor_file, error);
+ }
+-- 
+2.4.3
+
reply via email to
[Prev in Thread] Current Thread [Next in Thread]