[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs.
From: |
Xinglu Chen |
Subject: |
[bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs. |
Date: |
Mon, 09 Aug 2021 11:30:50 +0200 |
On Sun, Aug 08 2021, pukkamustard wrote:
> Xinglu Chen <public@yoctocell.xyz> writes:
>
>>> + ;; Tests are failing as they require
>>> certificates to be in /etc/ssl/certs
>>> + #:tests? #f))
>>
>> The same issue has been mentioned by NixOS people on their bug
>> tracker[1], they solved[2] it by reading the NIX_SSL_CERT_FILE
>> environment variable, which automatically gets set in the build
>> environment if the ‘cacert’ package is specified as an input. I
>> don’t
>> know if Guix does something similar.
>>
>> [1]: <https://github.com/mirage/ca-certs/issues/16>
>> [2]: <https://github.com/mirage/ca-certs/pull/17>
>>
>
> Thanks for the pointers.
>
> Inspired by the package definition for curl, I tried setting
> NIX_SSL_CERT_FILE with native-search-paths:
>
> ```
> (native-search-paths
> (list
> (search-path-specification
> (variable "NIX_SSL_CERT_FILE")
> (file-type 'regular)
> (separator #f) ;single entry
> (files '("/etc/ssl/certs/ca-certificates.crt")))))
> ```
>
> and adding `nss-certs` to the native-inputs.
>
> However, this does not work. Some observations/questions:
>
> - The NIX_SSL_CERT_FILE does not appear in the
> `environment-variables` file when running `guix build -K`. I
> would have expected it to be set there.
> - `nss-certs` does not provide the `ca-certificates.crt` file. It
> is built when creating a profile with the
> `ca-certificate-bundle` hook. Is this run when creating a build
> environment?
>
> I seem to be not understanding a lot of things about the build
> environment ... Pointers very welcome!
Maybe the environment variables in ‘native-search-paths’ are only set if
the package is installed in a profile (in ~/.guix-profile/etc/profile)?
I don’t think profile hooks are run in the build environment, so that’s
probably why.
In Nix, the bundle is created during the build phase[1], not sure if we
should do this too.
I think it’s fine to disable tests for now, but it would be great to see
what other people think too.
[1]:
https://github.com/nixos/nixpkgs/blob/master/pkgs/data/misc/cacert/default.nix#L53
signature.asc
Description: PGP signature
- [bug#49867] [PATCH 25/29] gnu: Add ocaml-lwt-log., (continued)
[bug#49867] [PATCH 28/29] gnu: Add ocaml-magic-mime., pukkamustard, 2021/08/04
[bug#49867] [PATCH 27/29] gnu: Add ocaml-conduit-lwt-unix., pukkamustard, 2021/08/04
[bug#49867] [PATCH 24/29] gnu: Add ocaml-ca-certs., pukkamustard, 2021/08/04
[bug#49867] [PATCH 20/29] gnu: Add ocaml-gmap., pukkamustard, 2021/08/04
[bug#49867] [PATCH 23/29] gnu: Add ocaml-x509., pukkamustard, 2021/08/04
[bug#49867] [PATCH 26/29] gnu: Add ocaml-lwt-ssl., pukkamustard, 2021/08/04
[bug#49867] [PATCH 29/29] gnu: Add ocaml-cohttp-lwt-unix, pukkamustard, 2021/08/04