From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: (unknown) Date: Mon, 5 Dec 2016 18:20:12 +0000 Message-ID: <20161205182014.5155-1-ng0@libertad.pw> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46051) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cDxsZ-0008II-NC for guix-devel@gnu.org; Mon, 05 Dec 2016 13:20:44 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cDxsW-0001L8-EY for guix-devel@gnu.org; Mon, 05 Dec 2016 13:20:43 -0500 Received: from aibo.runbox.com ([91.220.196.211]:60896) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cDxsW-0001HJ-80 for guix-devel@gnu.org; Mon, 05 Dec 2016 13:20:40 -0500 Received: from [10.9.9.211] (helo=mailfront11.runbox.com) by bars.runbox.com with esmtp (Exim 4.71) (envelope-from ) id 1cDxsS-0007p8-OY for guix-devel@gnu.org; Mon, 05 Dec 2016 19:20:36 +0100 Received: from x5d83f2e9.dyn.telefonica.de ([93.131.242.233] helo=localhost) by mailfront11.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1cDxsJ-0003wy-3E for guix-devel@gnu.org; Mon, 05 Dec 2016 19:20:27 +0100 Subject: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org [PATCH 1/2] gnu: tlsdate: Use the system provided certificate store. So far it looks like we are using the application bundled certificates. This should fix it to use the system provided certificates. [PATCH 2/2] services: Add tlsdate-service. Because I still need to learn how make network bridges and make the "guix vm" generated qemu machine use that to call outside, this is tested in theory: The service spawns, complains about certificates, and quits because it was called with too many ssl connection failures. This is expected in the state the vm is in. I used tlsdate and not sbin/tlsdated because tlsdate is a one-time, at boot only, setting of time while tlsdated does it periodically. This can be changed, but I really need the "one time on boot only" service and find it reasonable not to query servers for time too often.