From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Marusich <cmmarusich@gmail.com>
Subject: Re: root certificate
Date: Wed, 13 Jun 2018 23:15:38 -0700
Message-ID: <87muvx3ncl.fsf@gmail.com>
References: <87y3flo3rc.fsf@santanas.co.za> <87d0wuv0nv.fsf@netris.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41258)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cmmarusich@gmail.com>) id 1fTLXv-0000uz-BA
	for help-guix@gnu.org; Thu, 14 Jun 2018 02:15:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cmmarusich@gmail.com>) id 1fTLXr-000368-B9
	for help-guix@gnu.org; Thu, 14 Jun 2018 02:15:47 -0400
Received: from mail-pl0-x22c.google.com ([2607:f8b0:400e:c01::22c]:40434)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <cmmarusich@gmail.com>)
	id 1fTLXr-00034w-4r
	for help-guix@gnu.org; Thu, 14 Jun 2018 02:15:43 -0400
Received: by mail-pl0-x22c.google.com with SMTP id t12-v6so2919489plo.7
	for <help-guix@gnu.org>; Wed, 13 Jun 2018 23:15:42 -0700 (PDT)
In-Reply-To: <87d0wuv0nv.fsf@netris.org> (Mark H. Weaver's message of "Wed, 13
	Jun 2018 17:25:56 -0400")
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: help-guix@gnu.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Mark H Weaver <mhw@netris.org> writes:

>            ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' a=
nd
>            ;; similar.)
>            (chdir (string-append %output "/etc/ssl/certs"))
>            (invoke (string-append perl "/bin/perl")
>                    (string-append openssl "/bin/c_rehash")
>                    ".")))))

I didn't know about c_rehash until now.  Interesting!  In the past, I've
defined my own certificate packages as described in my own separate
replies to this thread, and they worked even though I didn't invoke
c_rehash.  Could this simply have been because the software I use
happens to work even when the symlinks created by c_rehash don't exist?

It looks like the ca-certificate-bundle profile hook (defined in
guix/profiles.scm) doesn't currently invoke c_rehash.  Should it?

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlsiCAoACgkQ3UCaFdgi
Rp1TkxAAnGjQz6rs2FF8Cvz9Z7+khujp6cpY0BaBeP2k1rodA2Yocj4CrTe+jg76
W9JX2sqpsOPICq+3NneKe8E61kPauBibA/M1AmIVZI1KcB+iKkhAx7U8V46TGIyu
Ewx+pbjbyRw32sJiuwrwoiqVZn/dS5NANkKau+dbW+Zclou1bxBZEK/1+065wZwW
whIR9kJFmeLJQrORMHgaYhUV9h+83abCnn4+oW0TLOrvgABY5PPHRHDFoxQjkh/C
ceeQx7T0TbLs8JuhnVSVQRWbVK0Vul7kfViPuBONahASZng9+OfSismMkAIEK/0R
daTmw8kCp0IBnVyTuQliOBBR94tB5JrYGbHE+0NZMYaHAHB7ssNV1jiiThtK26Zz
U2UXo67NwV8PDzhSRb7++xxrEHfZse2K6QrL1hKn4HGfxlgJasiy28iAHqWNxDlE
lyAZG8s3nxcE/p/HOKuXeVs7Rdk4ZF10+4mgs8zFWQnAD7oIflw2STagi8Av3Vnk
cGmbCt5oZFXWPxSEv2t5XyhCsclv/bHQgCRX743tQ6FskfooW5pi66Rjl0pfwRUE
W3Rhyr5Pr/CClKo/a7CQvRwFKr9KCFzEfDfSEGlsE1VW5mMQAXWOMJ0fzCw+bUS6
+sB0nLG4WFnc0zzLRbIYU2yQwxntgK4OrubSPaFKr70XTGhCDio=
=OfeQ
-----END PGP SIGNATURE-----
--=-=-=--