diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-03-02 22:25:53 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-03-02 22:32:54 +0100 |
commit | e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d (patch) | |
tree | 94139c84478a1849dcc77b2425337d4d1806e43e | |
parent | d6d9f1f715a727e23412fc9339eb2c5358d5a6ce (diff) | |
download | patches-e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d.tar patches-e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d.tar.gz |
system: Add 'x509-certificates' field, and populate /etc/ssl/certs.
* gnu/system.scm (<operating-system>)[x509-certificates]: New field.
(etc-directory): Add #:x509-certificates parameter and honor it.
(operating-system-etc-directory): Pass #:x509-certificates in
'etc-directory' call.
* doc/guix.texi (operating-system Reference): Document
'x509-certificates'.
-rw-r--r-- | doc/guix.texi | 13 | ||||
-rw-r--r-- | gnu/system.scm | 8 |
2 files changed, 21 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index bd8091ae51..4be545ea79 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3882,6 +3882,19 @@ Configuration of libc's name service switch (NSS)---a @code{<name-service-switch>} object. @xref{Name Service Switch}, for details. +@item @code{x509-certificates} (default: @var{nss-certs}) +This field's value must be a package containing X.509 certificates for +so-called ``Certification Authorities'' (CAs) that is made available in +the @file{/etc/ssl/certs} directory. Currently this directory is +accessed by applications using either the GnuTLS library or the OpenSSL +library. + +By default, certificates from +@uref{https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS, +Mozilla's Network Security Services} are used. These are the +certificates shipped by Mozilla browsers and derivatives such as +GNU@tie{}IceCat. + @item @code{services} (default: @var{%base-services}) A list of monadic values denoting system services. @xref{Services}. diff --git a/gnu/system.scm b/gnu/system.scm index 3fe78339b7..1c2c986436 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -42,6 +42,7 @@ #:use-module (gnu packages compression) #:use-module (gnu packages firmware) #:autoload (gnu packages cryptsetup) (cryptsetup) + #:use-module (gnu packages certs) #:use-module (gnu services) #:use-module (gnu services dmd) #:use-module (gnu services base) @@ -77,6 +78,7 @@ operating-system-locale-definitions operating-system-mapped-devices operating-system-file-systems + operating-system-x509-certificates operating-system-activation-script operating-system-derivation @@ -140,6 +142,8 @@ (default %default-locale-definitions)) (name-service-switch operating-system-name-service-switch ; <name-service-switch> (default %default-nss)) + (x509-certificates operating-system-x509-certificates ; package + (default nss-certs)) (services operating-system-user-services ; list of monadic services (default %base-services)) @@ -412,6 +416,7 @@ settings for 'guix.el' to work out-of-the-box." (pam-services '()) (profile "/run/current-system/profile") hosts-file nss + x509-certificates (sudoers "")) "Return a derivation that builds the static part of the /etc directory." (mlet* %store-monad @@ -461,6 +466,8 @@ export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\" `(("services" ,#~(string-append #$net-base "/etc/services")) ("protocols" ,#~(string-append #$net-base "/etc/protocols")) ("rpc" ,#~(string-append #$net-base "/etc/rpc")) + ("ssl" ,#~(string-append #$x509-certificates + "/etc/ssl")) ;for OpenSSL & co. ("emacs" ,#~#$emacs) ("pam.d" ,#~#$pam.d) ("login.defs" ,#~#$login.defs) @@ -523,6 +530,7 @@ export ASPELL_CONF=\"dict-dir $HOME/.guix-profile/lib/aspell\" #:timezone (operating-system-timezone os) #:hosts-file /etc/hosts #:sudoers (operating-system-sudoers os) + #:x509-certificates (operating-system-x509-certificates os) #:profile profile-drv))) (define %setuid-programs |