From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pierre Neidhardt <mail@ambrevar.xyz>
Subject: Re: TLS certificates for web browsers in guix environment --container
Date: Tue, 21 Apr 2020 18:17:58 +0200
Message-ID: <87o8rkq0cp.fsf@ambrevar.xyz>
References: <874ktdrnww.fsf@ambrevar.xyz>
 <94FBCA48-A4AC-4340-B9E3-DA6CEB333545@asu.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:53502)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <mail@ambrevar.xyz>) id 1jQvbF-00075K-Dg
 for guix-devel@gnu.org; Tue, 21 Apr 2020 12:18:18 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1)
 (envelope-from <mail@ambrevar.xyz>) id 1jQvbE-0002LG-Eu
 for guix-devel@gnu.org; Tue, 21 Apr 2020 12:18:17 -0400
Received: from relay5-d.mail.gandi.net ([217.70.183.197]:36999)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mail@ambrevar.xyz>) id 1jQvbD-0002ER-TG
 for guix-devel@gnu.org; Tue, 21 Apr 2020 12:18:16 -0400
In-Reply-To: <94FBCA48-A4AC-4340-B9E3-DA6CEB333545@asu.edu>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org
Sender: "Guix-devel"
 <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
To: John Soo <jsoo1@asu.edu>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

It works!

=2D-8<---------------cut here---------------start------------->8---
guix environment -C -N --expose=3D/etc/machine-id --expose=3D/etc/ssl/certs=
/ \
  --share=3D$HOME/.local/share/eolie/=3D$HOME/.local/share/eolie/ \
  --ad-hoc dbus eolie coreutils nss-certs -- \
  env DISPLAY=3D$DISPLAY eolie
=2D-8<---------------cut here---------------end--------------->8---

Note that the "--expose=3D/etc/ssl/certs/" is important.

Should we consider this a bug?  If not, then should we document
it?

Maybe this could be automated a bit.

=2D-8<---------------cut here---------------start------------->8---
guix size webkitgtk glib-networking
=2D-8<---------------cut here---------------end--------------->8---

does not return nss-certs.  So if we made nss-certs an input of
webkitgtk (or glib-networking?), we would not need nss-certs in the guix
environment invocation.

Finally, I'm not sure how to fix the /etc/ssl/certs issue.  Why do we
have to put it under /etc/ in the first place?

=2D-=20
Pierre Neidhardt
https://ambrevar.xyz/

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl6fHLYACgkQm9z0l6S7
zH8oygf+ILVUjJ848jhw5yskt4a32ekVCE7LKE2Jx0KU9DGTaxDTquv0xdpTkoCA
xfQ4wmOlZTIjNav8mlrYEA9izpFIHKBtQUDhxCFy07jTC5aSpEo+rRfzR8R/+AmA
PBrpDyrEWJuT9I8y0dFHfAqDiAwrTxMwhGLPeuqXsJe2P1vui1DyLo1Z3H2ivczz
YTCDh4xKdtUvWDKfEJYVjLKwNB3IVzsH1aCaD4cmr3lRrlwIaDsYUEIpW85HF645
7/Nqg31nx3Ova78aJ4Pxl5rAEVZyqkxb0+IfPq4y2jd5GvA+bCy3/Z4xab1FdDpX
tvWnCdDo8zYTrtnClhCRzX6hGh4Yhw==
=GLse
-----END PGP SIGNATURE-----
--=-=-=--