[PATCH] gnurl: add CA path to configure-flags

[PATCH] gnurl: add CA path to configure-flags

[ng0]

[-- Attachment #1.1: Type: text/plain, Size: 1203 bytes --]

From 4d5661ac66940e2583c5bef07bc6a8832af92208 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@we.make.ritual.n0.is>
Date: Sat, 11 Jun 2016 20:44:31 +0000
Subject: [PATCH] gnu: gnurl: Add CA path.

* gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
---
 gnu/packages/gnunet.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index c4e2a37..6b7fb65 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -181,7 +181,8 @@ and support for SSL3 and TLS.")
                           "--disable-ldap" "--disable-rtsp" "--disable-dict"
                           "--disable-telnet" "--disable-tftp" "--disable-pop3"
                           "--disable-imap" "--disable-smtp" "--disable-gopher"
-                          "--disable-file" "--disable-ftp")
+                          "--disable-file" "--disable-ftp"
+                          "--with-ca-path=/etc/ssl/certs/")
      #:test-target "test"
      #:parallel-tests? #f
      ;; We have to patch runtests.pl in tests/ directory
--
2.7.3



--
♥Ⓐ ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion

[-- Attachment #1.2: 0001-gnu-gnurl-Add-CA-path.patch --]
[-- Type: text/x-diff, Size: 1107 bytes --]

From 4d5661ac66940e2583c5bef07bc6a8832af92208 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@we.make.ritual.n0.is>
Date: Sat, 11 Jun 2016 20:44:31 +0000
Subject: [PATCH] gnu: gnurl: Add CA path.

* gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
---
 gnu/packages/gnunet.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index c4e2a37..6b7fb65 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -181,7 +181,8 @@ and support for SSL3 and TLS.")
                           "--disable-ldap" "--disable-rtsp" "--disable-dict"
                           "--disable-telnet" "--disable-tftp" "--disable-pop3"
                           "--disable-imap" "--disable-smtp" "--disable-gopher"
-                          "--disable-file" "--disable-ftp")
+                          "--disable-file" "--disable-ftp"
+                          "--with-ca-path=/etc/ssl/certs/")
      #:test-target "test"
      #:parallel-tests? #f
      ;; We have to patch runtests.pl in tests/ directory
-- 
2.7.3


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [PATCH] gnurl: add CA path to configure-flags

[Andreas Enge]

Hello,

On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote:
> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/

my impression is that this absolute path does not do what we would like
it to. Optimally, the user would decide, by installing a certificate bundle
into the profile, which certificates to use. And on a foreign distro, the
random certificate bundle in /etc/ssl/certs, which does not come from Guix,
would be used by the Guix gnurl, which would be surprising.

Andreas

Re: [PATCH] gnurl: add CA path to configure-flags

[ng0]

[-- Attachment #1: Type: text/plain, Size: 1077 bytes --]

On 2016-06-12(04:22:15+0200), Andreas Enge wrote:
> Hello,
>
> On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote:
> > * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
>
> my impression is that this absolute path does not do what we would like
> it to. Optimally, the user would decide, by installing a certificate bundle
> into the profile, which certificates to use. And on a foreign distro, the
> random certificate bundle in /etc/ssl/certs, which does not come from Guix,
> would be used by the Guix gnurl, which would be surprising.
>
> Andreas

It is not entirely clear to me anymore why this was suggested to me
in the past 4 months.
I am aware of the differences, so maybe this could point to where
ever the /ssl/certs/ are?

When you know that gnurl does not need this, we're all good without
this change.
Gnurl so far is just curl with some project recommended build switches,
so if guix' curl detects the ssl/certs/ dir, gnurl should too.

--
♥Ⓐ ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [PATCH] gnurl: add CA path to configure-flags

[Ludovic Courtès]

Hi,

Andreas Enge <andreas@enge.fr> skribis:

> On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote:
>> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
>
> my impression is that this absolute path does not do what we would like
> it to. Optimally, the user would decide, by installing a certificate bundle
> into the profile, which certificates to use. And on a foreign distro, the
> random certificate bundle in /etc/ssl/certs, which does not come from Guix,
> would be used by the Guix gnurl, which would be surprising.

Besides, our cURL and Gnurl packages are linked against GnuTLS, which is
itself configured with ‘--with-default-trust-store-dir=/etc/ssl/certs’.

Does ‘--with-ca-path’ change anything to that?

Thanks,
Ludo’.

Re: [PATCH] gnurl: add CA path to configure-flags

[ng0]

[-- Attachment #1: Type: text/plain, Size: 1330 bytes --]

On 2016-06-13(04:43:32+0200), Ludovic Courtès wrote:
> Hi,
>
> Andreas Enge <andreas@enge.fr> skribis:
>
> > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote:
> >> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
> >
> > my impression is that this absolute path does not do what we would like
> > it to. Optimally, the user would decide, by installing a certificate bundle
> > into the profile, which certificates to use. And on a foreign distro, the
> > random certificate bundle in /etc/ssl/certs, which does not come from Guix,
> > would be used by the Guix gnurl, which would be surprising.
>
> Besides, our cURL and Gnurl packages are linked against GnuTLS, which is
> itself configured with ‘--with-default-trust-store-dir=/etc/ssl/certs’.
>
> Does ‘--with-ca-path’ change anything to that?
>
> Thanks,
> Ludo’.
>

I strongly assume that with those set, --with-ca-path is unnecessary.

This is something which Jookia came up with, I had it sitting in the
work in progress patches.


I know patches are now tracked in patchworks, can they be closed via
Email, or do I have to sign up? Else someone who already is signed up
can close this, as from my perspective this is done.

--
♥Ⓐ ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [PATCH] gnurl: add CA path to configure-flags

[Ludovic Courtès]

ng0 <ng0@we.make.ritual.n0.is> skribis:

> On 2016-06-13(04:43:32+0200), Ludovic Courtès wrote:
>> Hi,
>>
>> Andreas Enge <andreas@enge.fr> skribis:
>>
>> > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote:
>> >> * gnurl(configure-flags): --with-ca-path=/etc/ssl/certs/
>> >
>> > my impression is that this absolute path does not do what we would like
>> > it to. Optimally, the user would decide, by installing a certificate bundle
>> > into the profile, which certificates to use. And on a foreign distro, the
>> > random certificate bundle in /etc/ssl/certs, which does not come from Guix,
>> > would be used by the Guix gnurl, which would be surprising.
>>
>> Besides, our cURL and Gnurl packages are linked against GnuTLS, which is
>> itself configured with ‘--with-default-trust-store-dir=/etc/ssl/certs’.
>>
>> Does ‘--with-ca-path’ change anything to that?
>>
>> Thanks,
>> Ludo’.
>>
>
> I strongly assume that with those set, --with-ca-path is unnecessary.

Fine.  :-)

> I know patches are now tracked in patchworks, can they be closed via
> Email, or do I have to sign up? Else someone who already is signed up
> can close this, as from my perspective this is done.

I think one has to login, which is quite inconvenient.

Ludo’.