guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/05: Revert "system: Create a single-file certificate bundle in /etc/s


From: Mark H. Weaver
Subject: 01/05: Revert "system: Create a single-file certificate bundle in /etc/ssl/certs."
Date: Tue, 03 Mar 2015 18:49:22 +0000

mhw pushed a commit to branch master
in repository guix.

commit bd4c47a47e3d2245970fb7895f50167426b73dbc
Author: Mark H Weaver <address@hidden>
Date:   Tue Mar 3 02:06:22 2015 -0500

    Revert "system: Create a single-file certificate bundle in /etc/ssl/certs."
    
    This reverts commit 993300f6ccfbc9cbe628978690fc98eb63365dbd.
---
 gnu/system.scm |   49 +------------------------------------------------
 1 files changed, 1 insertions(+), 48 deletions(-)

diff --git a/gnu/system.scm b/gnu/system.scm
index 7bcd9b1..1c2c986 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -409,47 +409,6 @@ settings for 'guix.el' to work out-of-the-box."
                           (chdir #$output)
                           (symlink #$file "site-start.el")))))
 
-(define (certificate-bundle certificates)
-  "Produce a single-file certificate bundle by concatenating the certificates
-found in CERTIFICATES' /etc/ssl/certs sub-directory.  Single-file bundles are
-required by applications such as Git and Lynx."
-  ;; See <http://lists.gnu.org/archive/html/guix-devel/2015-02/msg00429.html>
-  ;; for a discussion.
-  ;; TODO: Do something similar in user profiles.
-
-  (define build
-    #~(begin
-        (use-modules (guix build utils)
-                     (rnrs io ports)
-                     (srfi srfi-26))
-
-        (define (concatenate-files files result)
-          "Make RESULT the concatenation of all of FILES."
-          (define (dump file port)
-            (display (call-with-input-file file get-string-all)
-                     port)
-            (newline port))    ;required, see <https://bugs.debian.org/635570>
-
-          (call-with-output-file result
-            (lambda (port)
-              (for-each (cut dump <> port) files))))
-
-        ;; Some file names in the NSS certificates are UTF-8 encoded so
-        ;; install a UTF-8 locale.
-        (setenv "LOCPATH" (string-append #$glibc-utf8-locales "/lib/locale"))
-        (setlocale LC_ALL "en_US.UTF-8")
-
-        (let ((files  (find-files #$certificates "\\.pem$"))
-              (result (string-append #$output "/etc/ssl/certs")))
-          (mkdir-p result)
-          (concatenate-files files
-                             (string-append result
-                                            "/ca-certificates.crt")))))
-
-  (gexp->derivation "certificate-bundle" build
-                    #:modules '((guix build utils))
-                    #:local-build? #t))
-
 (define* (etc-directory #:key
                         (locale "C") (timezone "Europe/Paris")
                         (issue "Hello!\n")
@@ -473,7 +432,6 @@ required by applications such as Git and Lynx."
        (issue      (text-file "issue" issue))
        (nsswitch   (text-file "nsswitch.conf"
                               (name-service-switch->string nss)))
-       (certs      (certificate-bundle x509-certificates))
 
        ;; Startup file for POSIX-compliant login shells, which set system-wide
        ;; environment variables.
@@ -500,11 +458,6 @@ export EMACSLOADPATH=:/etc/emacs
 # when /etc/machine-id is missing.  Make sure these warnings are non-fatal.
 export DBUS_FATAL_WARNINGS=0
 
-# These variables are honored by OpenSSL (libssl) and Git.
-export SSL_CERT_DIR=/etc/ssl/certs
-export SSL_CERT_FILE=\"$SSL_CERT_DIR/ca-certificates.crt\"
-export GIT_SSL_CAINFO=\"$SSL_CERT_FILE\"
-
 # Allow Aspell to find dictionaries installed in the user profile.
 export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\"
 "))
@@ -513,7 +466,7 @@ export ASPELL_CONF=\"dict-dir 
$HOME/.guix-profile/lib/aspell\"
                 `(("services" ,#~(string-append #$net-base "/etc/services"))
                   ("protocols" ,#~(string-append #$net-base "/etc/protocols"))
                   ("rpc" ,#~(string-append #$net-base "/etc/rpc"))
-                  ("ssl" ,#~(string-append #$certs
+                  ("ssl" ,#~(string-append #$x509-certificates
                                            "/etc/ssl")) ;for OpenSSL & co.
                   ("emacs" ,#~#$emacs)
                   ("pam.d" ,#~#$pam.d)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]