M gnu-system.am => gnu-system.am +1 -0
@@ 456,6 456,7 @@ dist_patch_DATA = \
gnu/packages/patches/ghostscript-CVE-2015-3228.patch \
gnu/packages/patches/ghostscript-runpath.patch \
gnu/packages/patches/gitolite-openssh-6.8-compat.patch \
+ gnu/packages/patches/glib-networking-ssl-cert-file.patch \
gnu/packages/patches/glib-tests-desktop.patch \
gnu/packages/patches/glib-tests-homedir.patch \
gnu/packages/patches/glib-tests-prlimit.patch \
M gnu/packages/gnome.scm => gnu/packages/gnome.scm +17 -7
@@ 1872,12 1872,13 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0ij33bhvn7y5gagx4sbrw906dsjjjs9dllxn73pzv6x97c6k92lg"))))
+ "0ij33bhvn7y5gagx4sbrw906dsjjjs9dllxn73pzv6x97c6k92lg"))
+ (patches
+ (list (search-patch "glib-networking-ssl-cert-file.patch")))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
- ;; FIXME: ca-certificates.crt is not available in the build environment.
- '("--with-ca-certificates=no")
+ '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
#:phases
(modify-phases %standard-phases
(add-before 'configure 'patch-giomoduledir
@@ 1886,7 1887,13 @@ library.")
(substitute* "configure"
(("GIO_MODULE_DIR=.*")
(string-append "GIO_MODULE_DIR=" %output
- "/lib/gio/modules\n"))))))))
+ "/lib/gio/modules\n")))))
+ (add-before 'check 'use-empty-ssl-cert-file
+ (lambda _
+ ;; The ca-certificates.crt is not available in the build
+ ;; environment.
+ (setenv "SSL_CERT_FILE" "/dev/null")
+ #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
@@ 1968,11 1975,14 @@ libxml to ease remote use of the RESTful API.")
(substitute* "tests/socket-test.c"
((".*/sockets/unconnected.*") ""))
#t))
- (add-before 'check 'unset-LC_ALL
- ;; The 'check-local' target runs 'env LANG=C sort -u',
- ;; unset 'LC_ALL' to make 'LANG' working.
+ (add-before 'check 'pre-check
(lambda _
+ ;; The 'check-local' target runs 'env LANG=C sort -u',
+ ;; unset 'LC_ALL' to make 'LANG' working.
(unsetenv "LC_ALL")
+ ;; The ca-certificates.crt is not available in the build
+ ;; environment.
+ (setenv "SSL_CERT_FILE" "/dev/null")
#t)))))
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-mkenums
A gnu/packages/patches/glib-networking-ssl-cert-file.patch => gnu/packages/patches/glib-networking-ssl-cert-file.patch +29 -0
@@ 0,0 1,29 @@
+From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
+Date: Fri, 14 Aug 2015 17:28:36 +0800
+Subject: [PATCH] gnutls: Allow overriding the anchor file location by
+ 'SSL_CERT_FILE'
+
+---
+ tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
+index 55ec1a5..217d3c8 100644
+--- a/tls/gnutls/gtlsbackend-gnutls.c
++++ b/tls/gnutls/gtlsbackend-gnutls.c
+@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls *self,
+ GError **error)
+ {
+ const gchar *anchor_file = NULL;
++ anchor_file = g_getenv ("SSL_CERT_FILE");
+ #ifdef GTLS_SYSTEM_CA_FILE
+- anchor_file = GTLS_SYSTEM_CA_FILE;
++ if (!anchor_file)
++ anchor_file = GTLS_SYSTEM_CA_FILE;
+ #endif
+ return g_tls_file_database_new (anchor_file, error);
+ }
+--
+2.4.3
+