From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: [PATCH] gnu: gnutls: Configure location of system-wide trust store
Date: Tue, 18 Feb 2014 21:47:18 -0500
Message-ID: <87ppmjn7ih.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56813)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1WFxCr-0007XE-SI
	for guix-devel@gnu.org; Tue, 18 Feb 2014 21:48:23 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1WFxCm-0004qb-H3
	for guix-devel@gnu.org; Tue, 18 Feb 2014 21:48:17 -0500
Received: from world.peace.net ([96.39.62.75]:41554)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1WFxCm-0004qS-CL
	for guix-devel@gnu.org; Tue, 18 Feb 2014 21:48:12 -0500
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain

This patch is needed to allow gnutls to find the system-wide trust store
(trusted CA certificates).

      Mark



--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0001-gnu-gnutls-Configure-location-of-system-wide-trust-s.patch
Content-Description: [PATCH] gnu: gnutls: Configure location of system-wide
 trust store

>From 51fdea28198bd284949c98bc423e5fcef6169068 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 18 Feb 2014 21:30:53 -0500
Subject: [PATCH] gnu: gnutls: Configure location of system-wide trust store.

* gnu/packages/gnutls.scm (gnutls): Configure the location of the system-wide
  trust store.
---
 gnu/packages/gnutls.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/gnu/packages/gnutls.scm b/gnu/packages/gnutls.scm
index 915f6f8..dde4416 100644
--- a/gnu/packages/gnutls.scm
+++ b/gnu/packages/gnutls.scm
@@ -87,6 +87,17 @@ specifications.")
      `(("libtasn1" ,libtasn1)
        ("nettle" ,nettle)
        ("which" ,which)))
+    (arguments
+     `(#:configure-flags
+       '(;; GnuTLS doesn't consult any environment variables to specify the
+         ;; location of the system-wide trust store.  Instead it has a
+         ;; configure-time option.  Unless specified, its configure script
+         ;; attempts to auto-detect the location by looking for common places
+         ;; in the filesystem, none of which are present in our chroot build
+         ;; environment.  If not found, then no default trust store is used,
+         ;; so each program has to provide its own fallback, and users have to
+         ;; configure each program independently.  This seems suboptimal.
+         "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt")))
     (home-page "http://www.gnu.org/software/gnutls/")
     (synopsis "Transport layer security library")
     (description
-- 
1.8.4


--=-=-=--