From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@libertad.pw>
Subject: (unknown)
Date: Mon,  5 Dec 2016 18:20:12 +0000
Message-ID: <20161205182014.5155-1-ng0@libertad.pw>
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46051)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1cDxsZ-0008II-NC
	for guix-devel@gnu.org; Mon, 05 Dec 2016 13:20:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1cDxsW-0001L8-EY
	for guix-devel@gnu.org; Mon, 05 Dec 2016 13:20:43 -0500
Received: from aibo.runbox.com ([91.220.196.211]:60896)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <ng0@we.make.ritual.n0.is>)
	id 1cDxsW-0001HJ-80
	for guix-devel@gnu.org; Mon, 05 Dec 2016 13:20:40 -0500
Received: from [10.9.9.211] (helo=mailfront11.runbox.com)
	by bars.runbox.com with esmtp (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1cDxsS-0007p8-OY
	for guix-devel@gnu.org; Mon, 05 Dec 2016 19:20:36 +0100
Received: from x5d83f2e9.dyn.telefonica.de ([93.131.242.233] helo=localhost)
	by mailfront11.runbox.com with esmtpsa (uid:892961 )
	(TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1cDxsJ-0003wy-3E
	for guix-devel@gnu.org; Mon, 05 Dec 2016 19:20:27 +0100
Subject: 
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

[PATCH 1/2] gnu: tlsdate: Use the system provided certificate store.

So far it looks like we are using the application bundled certificates.
This should fix it to use the system provided certificates.

[PATCH 2/2] services: Add tlsdate-service.

Because I still need to learn how make network bridges and make the "guix vm" generated qemu machine use that to call outside, this is tested in theory:
The service spawns, complains about certificates, and quits because it was called with too many ssl connection failures. This is expected in the state the vm is in.
I used tlsdate and not sbin/tlsdated because tlsdate is a one-time, at boot only, setting of time while tlsdated does it periodically.
This can be changed, but I really need the "one time on boot only" service and find it reasonable not to query servers for time too often.