From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: [PATCH] gnu: curl: Add ca-bundle to config. Date: Wed, 04 Jan 2017 17:37:12 +0100 Message-ID: <871swizsqv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> References: <20170104144655.12321-1-ng0@libertad.pw> <20170104144655.12321-2-ng0@libertad.pw> <874m1ezugu.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42285) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cOoYw-000091-G5 for guix-devel@gnu.org; Wed, 04 Jan 2017 11:37:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cOoYt-0006XO-8O for guix-devel@gnu.org; Wed, 04 Jan 2017 11:37:18 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:54037) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cOoYt-0006WP-3O for guix-devel@gnu.org; Wed, 04 Jan 2017 11:37:15 -0500 In-Reply-To: <874m1ezugu.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: ng0 , guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Marius Bakke writes: > ng0 writes: > >> * gnu/packages/curl.scm (curl)[arguments]: Add "--with-ca-bundle" config= ure flag. >> [arguments]: Disable failing test number 324. >> --- >> gnu/packages/curl.scm | 13 ++++++++++++- >> 1 file changed, 12 insertions(+), 1 deletion(-) >> >> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm >> index 7329d870d..3473055b8 100644 >> --- a/gnu/packages/curl.scm >> +++ b/gnu/packages/curl.scm >> @@ -4,6 +4,7 @@ >> ;;; Copyright =C2=A9 2015 Tom=C3=A1=C5=A1 =C4=8Cech >> ;;; Copyright =C2=A9 2015 Ludovic Court=C3=A8s >> ;;; Copyright =C2=A9 2016 Leo Famulari >> +;;; Copyright =C2=A9 2017 ng0 >> ;;; >> ;;; This file is part of GNU Guix. >> ;;; >> @@ -65,7 +66,8 @@ >> ("pkg-config" ,pkg-config) >> ("python" ,python-2))) >> (arguments >> - `(#:configure-flags '("--with-gnutls" "--with-gssapi") >> + `(#:configure-flags '("--with-gnutls" "--with-gssapi" >> + "--with-ca-bundle=3D/etc/ssl/certs/ca-certifi= cates.crt") > > This may not work on all distros, and is "impure" since this path is not > managed by Guix. If we are doing this, it should be referring to > (string-append (assoc-ref %build-inputs "nss-certs") "/etc/ssl/..."). > That will likely fix the test as well. I realized shortly after posting why this wasn't done already. Curl has 1403 dependent packages, which would apply for "nss-certs" as well if that is added as input. Obviously we want to be able to update TLS certificates quickly without rebuilding ~1/4 of the tree. Perhaps it could be added as a separate package, or by e.g. renaming the current curl package to "curl-minimal". --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlhtJLgACgkQoqBt8qM6 VPpYgQgAxVNPp0RoIidPd6gktwh1OYJEjrArXR+jbeE2kZhvRSRFar3VJTD2JNEb tJxk6LB+IkNMhXFcjxiuCunnrgZKlWA15NToXnuVX2EYq6aQhMpgNvdMQHhZ0+F1 kr+uEVT09uUy3lGY5DEOYyR2L//5wynPob4ZgwZmADZkseP598VH9ks/jYHeA/zl LMkcfUNrKmYAQ1m0KNt8cQj4mG/d7rSW9YNgxMIdM6kdIu1BNlxQKJAlHyKSIl0a Ew8HhLi02RzNBPiinfMHfD1N2S+82Efgqj2q9IiUzWByQCrX6Jh9+X4yWdi9JGwD DpV/1wwGSlCDaTnKOLSISN5v7JrZVw== =XEik -----END PGP SIGNATURE----- --=-=-=--