Message ID | 20160611205128.GA23445@khazad-dum |
---|---|
State | Dropped |
Headers |
Received: (qmail 118783 invoked by uid 89); 11 Jun 2016 20:52:01 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.1 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 spammy=talk X-Spam-Status: No, score=-3.1 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: lists.gnu.org Received: from lists.gnu.org (HELO lists.gnu.org) (208.118.235.17) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Sat, 11 Jun 2016 20:51:49 +0000 Received: from localhost ([::1]:48525 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <guix-devel-bounces+patchwork=sourceware.org@gnu.org>) id 1bBpsh-0000yV-Ah for patchwork@sourceware.org; Sat, 11 Jun 2016 16:51:47 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32865) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <ng0@we.make.ritual.n0.is>) id 1bBpsc-0000y5-9V for guix-devel@gnu.org; Sat, 11 Jun 2016 16:51:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <ng0@we.make.ritual.n0.is>) id 1bBpsY-0007be-2d for guix-devel@gnu.org; Sat, 11 Jun 2016 16:51:41 -0400 Received: from 93-95-228-168.1984.is ([93.95.228.168]:45574 helo=beleriand.n0.is) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ng0@we.make.ritual.n0.is>) id 1bBpsX-0007b0-Jm for guix-devel@gnu.org; Sat, 11 Jun 2016 16:51:38 -0400 Received: by beleriand.n0.is (OpenSMTPD) with ESMTPSA id dadba4cd TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO for <guix-devel@gnu.org>; Sat, 11 Jun 2016 20:51:31 +0000 (UTC) Date: Sat, 11 Jun 2016 20:51:28 +0000 From: ng0 <ng0@we.make.ritual.n0.is> To: guix-devel@gnu.org Subject: [PATCH] gnurl: add CA path to configure-flags Message-ID: <20160611205128.GA23445@khazad-dum> Mail-Followup-To: guix-devel@gnu.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0eh6TmSyL6TZE2Uz" Content-Disposition: inline X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 93.95.228.168 X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." <guix-devel.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>, <mailto:guix-devel-request@gnu.org?subject=unsubscribe> List-Archive: <http://lists.gnu.org/archive/html/guix-devel/> List-Post: <mailto:guix-devel@gnu.org> List-Help: <mailto:guix-devel-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>, <mailto:guix-devel-request@gnu.org?subject=subscribe> Errors-To: guix-devel-bounces+patchwork=sourceware.org@gnu.org Sender: "Guix-devel" <guix-devel-bounces+patchwork=sourceware.org@gnu.org> |
Commit Message
non such
June 11, 2016, 8:51 p.m. UTC
From 4d5661ac66940e2583c5bef07bc6a8832af92208 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@we.make.ritual.n0.is>
Date: Sat, 11 Jun 2016 20:44:31 +0000
Subject: [PATCH] gnu: gnurl: Add CA path.
* gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
---
gnu/packages/gnunet.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.7.3
--
♥Ⓐ ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion
Comments
Hello,
On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote:
> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
my impression is that this absolute path does not do what we would like
it to. Optimally, the user would decide, by installing a certificate bundle
into the profile, which certificates to use. And on a foreign distro, the
random certificate bundle in /etc/ssl/certs, which does not come from Guix,
would be used by the Guix gnurl, which would be surprising.
Andreas
On 2016-06-12(04:22:15+0200), Andreas Enge wrote: > Hello, > > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: > > * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/ > > my impression is that this absolute path does not do what we would like > it to. Optimally, the user would decide, by installing a certificate bundle > into the profile, which certificates to use. And on a foreign distro, the > random certificate bundle in /etc/ssl/certs, which does not come from Guix, > would be used by the Guix gnurl, which would be surprising. > > Andreas It is not entirely clear to me anymore why this was suggested to me in the past 4 months. I am aware of the differences, so maybe this could point to where ever the /ssl/certs/ are? When you know that gnurl does not need this, we're all good without this change. Gnurl so far is just curl with some project recommended build switches, so if guix' curl detects the ssl/certs/ dir, gnurl should too. -- ♥Ⓐ ng0 For non-prism friendly talk find me on psyced.org / loupsycedyglgamf.onion
Hi, Andreas Enge <andreas@enge.fr> skribis: > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: >> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/ > > my impression is that this absolute path does not do what we would like > it to. Optimally, the user would decide, by installing a certificate bundle > into the profile, which certificates to use. And on a foreign distro, the > random certificate bundle in /etc/ssl/certs, which does not come from Guix, > would be used by the Guix gnurl, which would be surprising. Besides, our cURL and Gnurl packages are linked against GnuTLS, which is itself configured with ‘--with-default-trust-store-dir=/etc/ssl/certs’. Does ‘--with-ca-path’ change anything to that? Thanks, Ludo’.
On 2016-06-13(04:43:32+0200), Ludovic Courtès wrote: > Hi, > > Andreas Enge <andreas@enge.fr> skribis: > > > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: > >> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/ > > > > my impression is that this absolute path does not do what we would like > > it to. Optimally, the user would decide, by installing a certificate bundle > > into the profile, which certificates to use. And on a foreign distro, the > > random certificate bundle in /etc/ssl/certs, which does not come from Guix, > > would be used by the Guix gnurl, which would be surprising. > > Besides, our cURL and Gnurl packages are linked against GnuTLS, which is > itself configured with ‘--with-default-trust-store-dir=/etc/ssl/certs’. > > Does ‘--with-ca-path’ change anything to that? > > Thanks, > Ludo’. > I strongly assume that with those set, --with-ca-path is unnecessary. This is something which Jookia came up with, I had it sitting in the work in progress patches. I know patches are now tracked in patchworks, can they be closed via Email, or do I have to sign up? Else someone who already is signed up can close this, as from my perspective this is done. -- ♥Ⓐ ng0 For non-prism friendly talk find me on psyced.org / loupsycedyglgamf.onion
ng0 <ng0@we.make.ritual.n0.is> skribis: > On 2016-06-13(04:43:32+0200), Ludovic Courtès wrote: >> Hi, >> >> Andreas Enge <andreas@enge.fr> skribis: >> >> > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: >> >> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/ >> > >> > my impression is that this absolute path does not do what we would like >> > it to. Optimally, the user would decide, by installing a certificate bundle >> > into the profile, which certificates to use. And on a foreign distro, the >> > random certificate bundle in /etc/ssl/certs, which does not come from Guix, >> > would be used by the Guix gnurl, which would be surprising. >> >> Besides, our cURL and Gnurl packages are linked against GnuTLS, which is >> itself configured with ‘--with-default-trust-store-dir=/etc/ssl/certs’. >> >> Does ‘--with-ca-path’ change anything to that? >> >> Thanks, >> Ludo’. >> > > I strongly assume that with those set, --with-ca-path is unnecessary. Fine. :-) > I know patches are now tracked in patchworks, can they be closed via > Email, or do I have to sign up? Else someone who already is signed up > can close this, as from my perspective this is done. I think one has to login, which is quite inconvenient. Ludo’.
From 4d5661ac66940e2583c5bef07bc6a8832af92208 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@we.make.ritual.n0.is> Date: Sat, 11 Jun 2016 20:44:31 +0000 Subject: [PATCH] gnu: gnurl: Add CA path. * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/ --- gnu/packages/gnunet.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index c4e2a37..6b7fb65 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -181,7 +181,8 @@ and support for SSL3 and TLS.") "--disable-ldap" "--disable-rtsp" "--disable-dict" "--disable-telnet" "--disable-tftp" "--disable-pop3" "--disable-imap" "--disable-smtp" "--disable-gopher" - "--disable-file" "--disable-ftp") + "--disable-file" "--disable-ftp" + "--with-ca-path=/etc/ssl/certs/") #:test-target "test" #:parallel-tests? #f ;; We have to patch runtests.pl in tests/ directory -- 2.7.3