[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/05: Revert "system: Create a single-file certificate bundle in /etc/s
From: |
Mark H. Weaver |
Subject: |
01/05: Revert "system: Create a single-file certificate bundle in /etc/ssl/certs." |
Date: |
Tue, 03 Mar 2015 18:49:22 +0000 |
mhw pushed a commit to branch master
in repository guix.
commit bd4c47a47e3d2245970fb7895f50167426b73dbc
Author: Mark H Weaver <address@hidden>
Date: Tue Mar 3 02:06:22 2015 -0500
Revert "system: Create a single-file certificate bundle in /etc/ssl/certs."
This reverts commit 993300f6ccfbc9cbe628978690fc98eb63365dbd.
---
gnu/system.scm | 49 +------------------------------------------------
1 files changed, 1 insertions(+), 48 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index 7bcd9b1..1c2c986 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -409,47 +409,6 @@ settings for 'guix.el' to work out-of-the-box."
(chdir #$output)
(symlink #$file "site-start.el")))))
-(define (certificate-bundle certificates)
- "Produce a single-file certificate bundle by concatenating the certificates
-found in CERTIFICATES' /etc/ssl/certs sub-directory. Single-file bundles are
-required by applications such as Git and Lynx."
- ;; See <http://lists.gnu.org/archive/html/guix-devel/2015-02/msg00429.html>
- ;; for a discussion.
- ;; TODO: Do something similar in user profiles.
-
- (define build
- #~(begin
- (use-modules (guix build utils)
- (rnrs io ports)
- (srfi srfi-26))
-
- (define (concatenate-files files result)
- "Make RESULT the concatenation of all of FILES."
- (define (dump file port)
- (display (call-with-input-file file get-string-all)
- port)
- (newline port)) ;required, see <https://bugs.debian.org/635570>
-
- (call-with-output-file result
- (lambda (port)
- (for-each (cut dump <> port) files))))
-
- ;; Some file names in the NSS certificates are UTF-8 encoded so
- ;; install a UTF-8 locale.
- (setenv "LOCPATH" (string-append #$glibc-utf8-locales "/lib/locale"))
- (setlocale LC_ALL "en_US.UTF-8")
-
- (let ((files (find-files #$certificates "\\.pem$"))
- (result (string-append #$output "/etc/ssl/certs")))
- (mkdir-p result)
- (concatenate-files files
- (string-append result
- "/ca-certificates.crt")))))
-
- (gexp->derivation "certificate-bundle" build
- #:modules '((guix build utils))
- #:local-build? #t))
-
(define* (etc-directory #:key
(locale "C") (timezone "Europe/Paris")
(issue "Hello!\n")
@@ -473,7 +432,6 @@ required by applications such as Git and Lynx."
(issue (text-file "issue" issue))
(nsswitch (text-file "nsswitch.conf"
(name-service-switch->string nss)))
- (certs (certificate-bundle x509-certificates))
;; Startup file for POSIX-compliant login shells, which set system-wide
;; environment variables.
@@ -500,11 +458,6 @@ export EMACSLOADPATH=:/etc/emacs
# when /etc/machine-id is missing. Make sure these warnings are non-fatal.
export DBUS_FATAL_WARNINGS=0
-# These variables are honored by OpenSSL (libssl) and Git.
-export SSL_CERT_DIR=/etc/ssl/certs
-export SSL_CERT_FILE=\"$SSL_CERT_DIR/ca-certificates.crt\"
-export GIT_SSL_CAINFO=\"$SSL_CERT_FILE\"
-
# Allow Aspell to find dictionaries installed in the user profile.
export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\"
"))
@@ -513,7 +466,7 @@ export ASPELL_CONF=\"dict-dir
$HOME/.guix-profile/lib/aspell\"
`(("services" ,#~(string-append #$net-base "/etc/services"))
("protocols" ,#~(string-append #$net-base "/etc/protocols"))
("rpc" ,#~(string-append #$net-base "/etc/rpc"))
- ("ssl" ,#~(string-append #$certs
+ ("ssl" ,#~(string-append #$x509-certificates
"/etc/ssl")) ;for OpenSSL & co.
("emacs" ,#~#$emacs)
("pam.d" ,#~#$pam.d)
- branch master updated (00e6509 -> 41ce460), Mark H. Weaver, 2015/03/03
- 01/05: Revert "system: Create a single-file certificate bundle in /etc/ssl/certs.",
Mark H. Weaver <=
- 04/05: system: Add /etc/ssl symlink; set needed variables in /etc/profile., Mark H. Weaver, 2015/03/03
- 05/05: gnu: nss-certs: Install only trusted CA certificates., Mark H. Weaver, 2015/03/03
- 02/05: Revert "system: Add 'x509-certificates' field, and populate /etc/ssl/certs.", Mark H. Weaver, 2015/03/03
- 03/05: profiles: Produce a single-file CA certificate bundle., Mark H. Weaver, 2015/03/03