[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#32530] [PATCH] gnu: octave: Fix CA certificate use.

From: Ludovic Courtès
Subject: [bug#32530] [PATCH] gnu: octave: Fix CA certificate use.
Date: Thu, 13 Sep 2018 10:43:24 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)


Kei Kebreau <address@hidden> skribis:

> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap
> Octave with the path to system CA certificates.


> +         (add-after 'install 'wrap-program
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (let ((out (assoc-ref outputs "out")))
> +               (wrap-program (string-append out "/bin/octave")
> +                 '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs")))

Users might want to ignore /etc/ssl/certs altogether and instead only
use their own set of certificates, so I’m rather reluctant to such a

Now, I agree that there’s a usability problem: we don’t want every
Octave user to stumble upon a certificate error message.  I can think of
several solutions:

  1. We could add CURLOPT_CAPATH to the ‘native-search-paths’ of ‘curl’,
     assuming that variable is honored by libcurl itself.  It won’t
     solve this immediate issue, but it sounds like “the right way.”

  2. On GuixSD, we could define CURLOPT_CAPATH=/etc/ssl/certs in
     /etc/profile, like we already do for other variables.

  3. We could document this variable under “X.509 Certificates” in the

#1 would have to go to ‘core-updates’.  WDYT?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]