From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: root certificate Date: Wed, 13 Jun 2018 23:15:38 -0700 Message-ID: <87muvx3ncl.fsf@gmail.com> References: <87y3flo3rc.fsf@santanas.co.za> <87d0wuv0nv.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41258) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fTLXv-0000uz-BA for help-guix@gnu.org; Thu, 14 Jun 2018 02:15:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fTLXr-000368-B9 for help-guix@gnu.org; Thu, 14 Jun 2018 02:15:47 -0400 Received: from mail-pl0-x22c.google.com ([2607:f8b0:400e:c01::22c]:40434) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fTLXr-00034w-4r for help-guix@gnu.org; Thu, 14 Jun 2018 02:15:43 -0400 Received: by mail-pl0-x22c.google.com with SMTP id t12-v6so2919489plo.7 for ; Wed, 13 Jun 2018 23:15:42 -0700 (PDT) In-Reply-To: <87d0wuv0nv.fsf@netris.org> (Mark H. Weaver's message of "Wed, 13 Jun 2018 17:25:56 -0400") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Mark H Weaver Cc: help-guix@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Mark H Weaver writes: > ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' a= nd > ;; similar.) > (chdir (string-append %output "/etc/ssl/certs")) > (invoke (string-append perl "/bin/perl") > (string-append openssl "/bin/c_rehash") > "."))))) I didn't know about c_rehash until now. Interesting! In the past, I've defined my own certificate packages as described in my own separate replies to this thread, and they worked even though I didn't invoke c_rehash. Could this simply have been because the software I use happens to work even when the symlinks created by c_rehash don't exist? It looks like the ca-certificate-bundle profile hook (defined in guix/profiles.scm) doesn't currently invoke c_rehash. Should it? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlsiCAoACgkQ3UCaFdgi Rp1TkxAAnGjQz6rs2FF8Cvz9Z7+khujp6cpY0BaBeP2k1rodA2Yocj4CrTe+jg76 W9JX2sqpsOPICq+3NneKe8E61kPauBibA/M1AmIVZI1KcB+iKkhAx7U8V46TGIyu Ewx+pbjbyRw32sJiuwrwoiqVZn/dS5NANkKau+dbW+Zclou1bxBZEK/1+065wZwW whIR9kJFmeLJQrORMHgaYhUV9h+83abCnn4+oW0TLOrvgABY5PPHRHDFoxQjkh/C ceeQx7T0TbLs8JuhnVSVQRWbVK0Vul7kfViPuBONahASZng9+OfSismMkAIEK/0R daTmw8kCp0IBnVyTuQliOBBR94tB5JrYGbHE+0NZMYaHAHB7ssNV1jiiThtK26Zz U2UXo67NwV8PDzhSRb7++xxrEHfZse2K6QrL1hKn4HGfxlgJasiy28iAHqWNxDlE lyAZG8s3nxcE/p/HOKuXeVs7Rdk4ZF10+4mgs8zFWQnAD7oIflw2STagi8Av3Vnk cGmbCt5oZFXWPxSEv2t5XyhCsclv/bHQgCRX743tQ6FskfooW5pi66Rjl0pfwRUE W3Rhyr5Pr/CClKo/a7CQvRwFKr9KCFzEfDfSEGlsE1VW5mMQAXWOMJ0fzCw+bUS6 +sB0nLG4WFnc0zzLRbIYU2yQwxntgK4OrubSPaFKr70XTGhCDio= =OfeQ -----END PGP SIGNATURE----- --=-=-=--