Ludovic Courtès writes: > Hello! > > Marius Bakke skribis: > >> Marius Bakke writes: >> >>> ng0 writes: >>> >>>> * gnu/packages/curl.scm (curl)[arguments]: Add "--with-ca-bundle" configure flag. > > [...] > >> I realized shortly after posting why this wasn't done already. Curl has >> 1403 dependent packages, which would apply for "nss-certs" as well if >> that is added as input. Obviously we want to be able to update TLS >> certificates quickly without rebuilding ~1/4 of the tree. > > Indeed. It’s a situation where we do not want to have a static binding > between cURL and nss-certs; instead, they should be composed > dynamically, along the lines of what we already recommend at: > > https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html Curl respects the variable "CURL_CA_BUNDLE". I think we could add a "native-search-path" for that, similar to how it's done for "git". ng0, can you try that?