[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#32530] [PATCH] gnu: octave: Fix CA certificate use.
From: |
Kei Kebreau |
Subject: |
[bug#32530] [PATCH] gnu: octave: Fix CA certificate use. |
Date: |
Thu, 13 Sep 2018 19:44:12 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> Hi,
>
> Kei Kebreau <address@hidden> skribis:
>
>> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to
>> wrap
>> Octave with the path to system CA certificates.
>
> [...]
>
>> + (add-after 'install 'wrap-program
>> + (lambda* (#:key outputs #:allow-other-keys)
>> + (let ((out (assoc-ref outputs "out")))
>> + (wrap-program (string-append out "/bin/octave")
>> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs")))
>
> Users might want to ignore /etc/ssl/certs altogether and instead only
> use their own set of certificates, so I’m rather reluctant to such a
> change.
>
> Now, I agree that there’s a usability problem: we don’t want every
> Octave user to stumble upon a certificate error message. I can think of
> several solutions:
>
> 1. We could add CURLOPT_CAPATH to the ‘native-search-paths’ of ‘curl’,
> assuming that variable is honored by libcurl itself. It won’t
> solve this immediate issue, but it sounds like “the right way.”
>
> 2. On GuixSD, we could define CURLOPT_CAPATH=/etc/ssl/certs in
> /etc/profile, like we already do for other variables.
>
> 3. We could document this variable under “X.509 Certificates” in the
> manual.
>
> #1 would have to go to ‘core-updates’. WDYT?
>
> Thanks,
> Ludo’.
I don't mind putting #1 on 'core-updates' assuming it works. I will test
it locally first. Also, thanks for looking at this!