~ruther/guix-local

e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d — Ludovic Courtès 11 years ago d6d9f1f 
system: Add 'x509-certificates' field, and populate /etc/ssl/certs.

* gnu/system.scm (<operating-system>)[x509-certificates]: New field.
  (etc-directory): Add #:x509-certificates parameter and honor it.
  (operating-system-etc-directory): Pass #:x509-certificates in
  'etc-directory' call.
* doc/guix.texi (operating-system Reference): Document
  'x509-certificates'.
patch browse .tar.gz 
2 files changed, 21 insertions(+), 0 deletions(-)

M doc/guix.texi
M gnu/system.scm

M doc/guix.texi => doc/guix.texi +13 -0
@@ 3882,6 3882,19 @@ Configuration of libc's name service switch (NSS)---a
@code{<name-service-switch>} object.  @xref{Name Service Switch}, for
details.

@item @code{x509-certificates} (default: @var{nss-certs})
This field's value must be a package containing X.509 certificates for
so-called ``Certification Authorities'' (CAs) that is made available in
the @file{/etc/ssl/certs} directory.  Currently this directory is
accessed by applications using either the GnuTLS library or the OpenSSL
library.

By default, certificates from
@uref{https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS,
Mozilla's Network Security Services} are used.  These are the
certificates shipped by Mozilla browsers and derivatives such as
GNU@tie{}IceCat.

@item @code{services} (default: @var{%base-services})
A list of monadic values denoting system services.  @xref{Services}.



M gnu/system.scm => gnu/system.scm +8 -0
@@ 42,6 42,7 @@
  #:use-module (gnu packages compression)
  #:use-module (gnu packages firmware)
  #:autoload   (gnu packages cryptsetup) (cryptsetup)
  #:use-module (gnu packages certs)
  #:use-module (gnu services)
  #:use-module (gnu services dmd)
  #:use-module (gnu services base)


@@ 77,6 78,7 @@
            operating-system-locale-definitions
            operating-system-mapped-devices
            operating-system-file-systems
            operating-system-x509-certificates
            operating-system-activation-script

            operating-system-derivation


@@ 140,6 142,8 @@
                      (default %default-locale-definitions))
  (name-service-switch operating-system-name-service-switch ; <name-service-switch>
                       (default %default-nss))
  (x509-certificates operating-system-x509-certificates     ; package
                     (default nss-certs))

  (services operating-system-user-services        ; list of monadic services
            (default %base-services))


@@ 412,6 416,7 @@ settings for 'guix.el' to work out-of-the-box."
                        (pam-services '())
                        (profile "/run/current-system/profile")
                        hosts-file nss
                        x509-certificates
                        (sudoers ""))
  "Return a derivation that builds the static part of the /etc directory."
  (mlet* %store-monad


@@ 461,6 466,8 @@ export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\"
                `(("services" ,#~(string-append #$net-base "/etc/services"))
                  ("protocols" ,#~(string-append #$net-base "/etc/protocols"))
                  ("rpc" ,#~(string-append #$net-base "/etc/rpc"))
                  ("ssl" ,#~(string-append #$x509-certificates
                                           "/etc/ssl")) ;for OpenSSL & co.
                  ("emacs" ,#~#$emacs)
                  ("pam.d" ,#~#$pam.d)
                  ("login.defs" ,#~#$login.defs)


@@ 523,6 530,7 @@ export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\"
                  #:timezone (operating-system-timezone os)
                  #:hosts-file /etc/hosts
                  #:sudoers (operating-system-sudoers os)
                  #:x509-certificates (operating-system-x509-certificates os)
                  #:profile profile-drv)))

(define %setuid-programs