summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-03-02 22:25:53 +0100
committerLudovic Courtès <ludo@gnu.org>2015-03-02 22:32:54 +0100
commite979e6dd523acaa2a089f1b8f44e34c1e5b7d32d (patch)
tree94139c84478a1849dcc77b2425337d4d1806e43e
parentd6d9f1f715a727e23412fc9339eb2c5358d5a6ce (diff)
downloadpatches-e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d.tar
patches-e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d.tar.gz
system: Add 'x509-certificates' field, and populate /etc/ssl/certs.
* gnu/system.scm (<operating-system>)[x509-certificates]: New field. (etc-directory): Add #:x509-certificates parameter and honor it. (operating-system-etc-directory): Pass #:x509-certificates in 'etc-directory' call. * doc/guix.texi (operating-system Reference): Document 'x509-certificates'.
-rw-r--r--doc/guix.texi13
-rw-r--r--gnu/system.scm8
2 files changed, 21 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index bd8091ae51..4be545ea79 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3882,6 +3882,19 @@ Configuration of libc's name service switch (NSS)---a
@code{<name-service-switch>} object. @xref{Name Service Switch}, for
details.
+@item @code{x509-certificates} (default: @var{nss-certs})
+This field's value must be a package containing X.509 certificates for
+so-called ``Certification Authorities'' (CAs) that is made available in
+the @file{/etc/ssl/certs} directory. Currently this directory is
+accessed by applications using either the GnuTLS library or the OpenSSL
+library.
+
+By default, certificates from
+@uref{https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS,
+Mozilla's Network Security Services} are used. These are the
+certificates shipped by Mozilla browsers and derivatives such as
+GNU@tie{}IceCat.
+
@item @code{services} (default: @var{%base-services})
A list of monadic values denoting system services. @xref{Services}.
diff --git a/gnu/system.scm b/gnu/system.scm
index 3fe78339b7..1c2c986436 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -42,6 +42,7 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages firmware)
#:autoload (gnu packages cryptsetup) (cryptsetup)
+ #:use-module (gnu packages certs)
#:use-module (gnu services)
#:use-module (gnu services dmd)
#:use-module (gnu services base)
@@ -77,6 +78,7 @@
operating-system-locale-definitions
operating-system-mapped-devices
operating-system-file-systems
+ operating-system-x509-certificates
operating-system-activation-script
operating-system-derivation
@@ -140,6 +142,8 @@
(default %default-locale-definitions))
(name-service-switch operating-system-name-service-switch ; <name-service-switch>
(default %default-nss))
+ (x509-certificates operating-system-x509-certificates ; package
+ (default nss-certs))
(services operating-system-user-services ; list of monadic services
(default %base-services))
@@ -412,6 +416,7 @@ settings for 'guix.el' to work out-of-the-box."
(pam-services '())
(profile "/run/current-system/profile")
hosts-file nss
+ x509-certificates
(sudoers ""))
"Return a derivation that builds the static part of the /etc directory."
(mlet* %store-monad
@@ -461,6 +466,8 @@ export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\"
`(("services" ,#~(string-append #$net-base "/etc/services"))
("protocols" ,#~(string-append #$net-base "/etc/protocols"))
("rpc" ,#~(string-append #$net-base "/etc/rpc"))
+ ("ssl" ,#~(string-append #$x509-certificates
+ "/etc/ssl")) ;for OpenSSL & co.
("emacs" ,#~#$emacs)
("pam.d" ,#~#$pam.d)
("login.defs" ,#~#$login.defs)
@@ -523,6 +530,7 @@ export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\"
#:timezone (operating-system-timezone os)
#:hosts-file /etc/hosts
#:sudoers (operating-system-sudoers os)
+ #:x509-certificates (operating-system-x509-certificates os)
#:profile profile-drv)))
(define %setuid-programs