From b4b4be47cba3066d3ab5de7dbc6cb0ee3803e237 Mon Sep 17 00:00:00 2001 From: Trevor Arjeski Date: Mon, 29 Sep 2025 09:18:26 +0300 Subject: [PATCH] services: tor: Add nss-certs. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using a tor-transport-plugin, namely a webtunnel with lyrebird, it is necessary to have access to ssl certs to establish a connection to the bridge over https. * gnu/services/networking.scm (tor-shepherd-service): add nss-certs file-sytem-mapping Change-Id: Ifb7488d406cc6300eb6ac95e7dc0dfef0ff571db Signed-off-by: Ludovic Courtès Modified-by: Ludovic Courtès --- gnu/services/networking.scm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 646c86204098117a7c68b69925890dde261f6454..c15adc23baa28546e239e31fe8fe1789b2aa17a2 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -64,6 +64,7 @@ #:use-module (gnu packages usb-modeswitch) #:use-module (gnu packages messaging) #:use-module (gnu packages networking) + #:use-module (gnu packages nss) #:use-module (gnu packages ntp) #:use-module (gnu packages gnome) #:use-module (gnu packages ipfs) @@ -1307,7 +1308,13 @@ HiddenServicePort ~a ~a~%" (writable? #t)) (file-system-mapping (source torrc) - (target source))) + (target source)) + + ;; Transport plugins like the lyrebird + ;; webtunnel need X.509 certificates. + (file-system-mapping + (source (file-append nss-certs "/etc/ssl/certs")) + (target "/etc/ssl/certs"))) (map (lambda (plugin) (file-system-mapping (source (tor-plugin-program plugin))