From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: `guix pull` over HTTPS Date: Tue, 28 Feb 2017 21:44:02 +0100 Message-ID: <87k28a11wt.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> References: <20170209155512.GA11291@jasmine> <20170210003054.GA12412@jasmine> <87fujmcb6w.fsf@gnu.org> <87lgte10eu.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <87inoh660r.fsf@gnu.org> <874m011xb2.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <871sv44x97.fsf@gnu.org> <20170228054616.GA28504@jasmine> <87shmy1hup.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170228162919.GA10253@jasmine> <87mvd61cxv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49946) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ciod0-00043q-BH for guix-devel@gnu.org; Tue, 28 Feb 2017 15:44:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ciocv-0002KW-F4 for guix-devel@gnu.org; Tue, 28 Feb 2017 15:44:10 -0500 In-Reply-To: <87mvd61cxv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable >> I want to bundle a 'le-certs' package with GNU Guix, and change `guix >> pull` to know to use the le-certs bundle when pulling from >> %snapshot-url. For other URLs, users will have to take care of it >> themselves.=20 > > This sounds like a better approach. Also, I did not see this email > before sending the patch! If you package it up, I can look into > realizing the package in `guix pull` directly. I gave this a go using "nss-certs", but can't figure out how to set SSL_CERT_DIR (or GUIX_TLS_CERTIFICATE_DIRECTORY) in `guix pull`. The naive approach of setting the variable before calling "download-to-store" does not work because %x509-certificate-directory has already been evaluated. I wonder what's the best approach here. Parameterizing this and propagating it all the way down to (tls-wrap) similar to #:verify-certificate? could work, but seems awkward. Any suggestions? --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAli14RMACgkQoqBt8qM6 VPrBzwf9FMncjalzPJoX0eyqCwylwG2XawPb3bIw9zA1XsbBy0K8wsWIVv6Ye1fo efkvP0E2WAA5Q5ORDK2yV2ks3Au+W7tQV2JtebhEldw6xR2eQrQpqgJxAy+VfgRg JzdSMUAa5F7E/Md5nre+q7Kqe5/sq0BfHVTV9K1DxkxvSh+jxduWX5ioZVcyzogM SZSjAcJo9SB6lQZ+MypIxqlcB+pXyKYQ5JmXIa2d8o3/KAdf+b9PuiuyFLzzIoc/ WAczVc5QlBDGJH0m3LB+f3SxsycK2fq6RIP7hjDdQyfhVqNSoG2PWcZ1InCNlG8l dhXHZFn/LCtjQpCVWUAmv8IYk2TKGw== =mxf9 -----END PGP SIGNATURE----- --=-=-=--