diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2016-04-20 18:53:28 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2016-04-20 18:54:39 +0200 |
| commit | b3129f2b761a371105e6d213519e5c71930cb419 (patch) | |
| tree | b217cdc83a9b6313fb8e4d768583ac2a23a0c1a0 /doc | |
| parent | f8f83e9d219a8cf1d99749b81b06a4710ad5f09c (diff) | |
| download | guix-b3129f2b761a371105e6d213519e5c71930cb419.tar guix-b3129f2b761a371105e6d213519e5c71930cb419.tar.gz | |
doc: Add "X.509 Certificates" section under "Application Setup".
Reported by Roel Janssen <roel@gnu.org>.
* doc/guix.texi (Application Setup)[X.509 Certificates]: New section.
(X.509 Certificates): Add an example of certificates in the profile.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guix.texi | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 54dc7061e8..859db2be12 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1159,6 +1159,16 @@ for Chinese languages: guix package -i font-adobe-source-han-sans:cn @end example +@subsection X.509 Certificates + +The @code{nss-certs} package provides X.509 certificates, which allow +programs to authenticate Web servers accessed over HTTPS. + +When using Guix on a foreign distro, you can install this package and +define the relevant environment variables so that packages know where to +look for certificates. @pxref{X.509 Certificates}, for detailed +information. + @subsection Emacs Packages When you install Emacs packages with Guix, the elisp files may be placed @@ -9359,14 +9369,22 @@ explicitly add it. The @file{/etc/ssl/certs} directory, which is where most applications and libraries look for certificates by default, points to the certificates installed globally. -Unprivileged users can also install their own certificate package in +Unprivileged users, including users of Guix on a foreign distro, +can also install their own certificate package in their profile. A number of environment variables need to be defined so that applications and libraries know where to find them. Namely, the OpenSSL library honors the @code{SSL_CERT_DIR} and @code{SSL_CERT_FILE} variables. Some applications add their own environment variables; for instance, the Git version control system honors the certificate bundle -pointed to by the @code{GIT_SSL_CAINFO} environment variable. +pointed to by the @code{GIT_SSL_CAINFO} environment variable. Thus, you +would typically run something like: +@example +$ guix package -i nss-certs +$ export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs" +$ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt" +$ export GIT_SSL_CAINFO="$SSL_CERT_FILE" +@end example @node Name Service Switch @subsection Name Service Switch |