From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@libertad.pw>
Subject: Re: [PATCH] gnu: curl: Add ca-bundle to config.
Date: Wed, 04 Jan 2017 17:23:44 +0000
Message-ID: <8737gyoi1r.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me>
References: <20170104144655.12321-1-ng0@libertad.pw>
	<20170104144655.12321-2-ng0@libertad.pw>
	<874m1ezugu.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<871swizsqv.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
	<8760luoie6.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56738)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@libertad.pw>) id 1cOpHT-0002Ap-B4
	for guix-devel@gnu.org; Wed, 04 Jan 2017 12:23:20 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@libertad.pw>) id 1cOpHQ-0003OF-2q
	for guix-devel@gnu.org; Wed, 04 Jan 2017 12:23:19 -0500
Received: from aibo.runbox.com ([91.220.196.211]:59426)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <ng0@libertad.pw>) id 1cOpHP-0003Ni-Mw
	for guix-devel@gnu.org; Wed, 04 Jan 2017 12:23:15 -0500
In-Reply-To: <8760luoie6.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: guix-devel@gnu.org

ng0 <ng0@libertad.pw> writes:

> Marius Bakke <mbakke@fastmail.com> writes:
>
>> Marius Bakke <mbakke@fastmail.com> writes:
>>
>>> ng0 <ng0@libertad.pw> writes:
>>>
>>>> * gnu/packages/curl.scm (curl)[arguments]: Add "--with-ca-bundle" configure flag.
>>>> [arguments]: Disable failing test number 324.
>>>> ---
>>>>  gnu/packages/curl.scm | 13 ++++++++++++-
>>>>  1 file changed, 12 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>>>> index 7329d870d..3473055b8 100644
>>>> --- a/gnu/packages/curl.scm
>>>> +++ b/gnu/packages/curl.scm
>>>> @@ -4,6 +4,7 @@
>>>>  ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
>>>>  ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
>>>>  ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
>>>> +;;; Copyright © 2017 ng0 <ng0@libertad.pw>
>>>>  ;;;
>>>>  ;;; This file is part of GNU Guix.
>>>>  ;;;
>>>> @@ -65,7 +66,8 @@
>>>>         ("pkg-config" ,pkg-config)
>>>>         ("python" ,python-2)))
>>>>     (arguments
>>>> -    `(#:configure-flags '("--with-gnutls" "--with-gssapi")
>>>> +    `(#:configure-flags '("--with-gnutls" "--with-gssapi"
>>>> +                          "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt")
>>>
>>> This may not work on all distros, and is "impure" since this path is not
>>> managed by Guix. If we are doing this, it should be referring to
>>> (string-append (assoc-ref %build-inputs "nss-certs") "/etc/ssl/...").
>>> That will likely fix the test as well.
>>
>> I realized shortly after posting why this wasn't done already. Curl has
>> 1403 dependent packages, which would apply for "nss-certs" as well if
>> that is added as input. Obviously we want to be able to update TLS
>> certificates quickly without rebuilding ~1/4 of the tree.
>>
>> Perhaps it could be added as a separate package, or by e.g. renaming the
>> current curl package to "curl-minimal".
>
> Appending to my last message:
> how can I make this valid:
>
>    (arguments
>     `(#:configure-flags '("--enable-ipv6" "--with-gnutls" "--without-libssh2"
>                           "--without-libmetalink" "--without-winidn"
>                           "--without-librtmp" "--without-nghttp2"
>                           "--without-nss" "--without-cyassl"
>                           "--without-polarssl" "--without-ssl"
>                           "--without-winssl" "--without-darwinssl"
>                           "--disable-sspi" "--disable-ntlm-wb"
>                           "--disable-ldap" "--disable-rtsp" "--disable-dict"
>                           "--disable-telnet" "--disable-tftp" "--disable-pop3"
>                           "--disable-imap" "--disable-smtp" "--disable-gopher"
>                           "--disable-file" "--disable-ftp" "--disable-smb"
>                           (string-append
>                            "--with-ca-bundle="
>                            (string-append (assoc-ref %build-inputs "nss-certs")
>                                           "/etc/ssl/certs/ca-certificates.crt")))
>
> The string-append is not valid here.

Solved, by using "(list" here.

-- 
♥Ⓐ  ng0
PGP keys and more: https://n0is.noblogs.org/ http://ng0.chaosnet.org