From 02bdf748b4c515d6dfc9c264fd48936bd29e04cb Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 18 Feb 2014 21:30:53 -0500
Subject: [PATCH] gnu: gnutls: Configure location of system-wide trust store.

* gnu/packages/gnutls.scm (gnutls): Configure the location of the system-wide
  trust store.
---
 gnu/packages/gnutls.scm | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gnutls.scm b/gnu/packages/gnutls.scm
index 4f6bd22..d7eeaa8 100644
--- a/gnu/packages/gnutls.scm
+++ b/gnu/packages/gnutls.scm
@@ -80,7 +80,17 @@ specifications.")
      '(#:configure-flags
        (list (string-append "--with-guile-site-dir="
                             (assoc-ref %outputs "out")
-                            "/share/guile/site/2.0"))))
+                            "/share/guile/site/2.0")
+             ;; GnuTLS doesn't consult any environment variables to specify
+             ;; the location of the system-wide trust store.  Instead it has a
+             ;; configure-time option.  Unless specified, its configure script
+             ;; attempts to auto-detect the location by looking for common
+             ;; places in the filesystem, none of which are present in our
+             ;; chroot build environment.  If not found, then no default trust
+             ;; store is used, so each program has to provide its own
+             ;; fallback, and users have to configure each program
+             ;; independently.  This seems suboptimal.
+             "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt")))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-- 
2.2.1