From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel@gnu.org, Efraim Flashner <efraim@flashner.co.il>
Subject: Re: [core-updates] Setting SSL_CERT_FILE in the build environment
Date: Tue, 16 Jul 2024 01:20:44 +0800 [thread overview]
Message-ID: <87ttgqfu6r.fsf@iscas.ac.cn> (raw)
In-Reply-To: <87o76y39s1.fsf@elephly.net> (Ricardo Wurmus's message of "Mon, 15 Jul 2024 18:22:22 +0200")
[-- Attachment #1.1: Type: text/plain, Size: 936 bytes --]
Ricardo Wurmus <rekado@elephly.net> writes:
> Zheng Junjie <zhengjunjie@iscas.ac.cn> writes:
>
>> This patch should fix it.
>
> Thank you for the patch!
>
>> From f41bf905cfb1395a53cfc0d79315148ac9ba0a79 Mon Sep 17 00:00:00 2001
>> Message-ID: <f41bf905cfb1395a53cfc0d79315148ac9ba0a79.1721059686.git.zhengjunjie@iscas.ac.cn>
>> From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
>> Date: Tue, 16 Jul 2024 00:06:39 +0800
>> Subject: [PATCH] gnu: python-requests-next: Fix build.
>>
>> * gnu/packages/python-web.scm (python-requests-next): Fix build.
>> [native-inputs]: Add nss-certs.
>> [arguments]: Add set-SSL_CERT_FILE phase.
>> <#:modules>: Adjust it.
>
> This seems rather complicated for something that may have to be added to
> a number of packages. Would it make sense to create a package
> containing this bundle file, set a search path specification, and add
> that to the packages needing it?
Indeed, please try these patches
[-- Attachment #1.2: 0001-gnu-Add-nss-certs-for-test.patch --]
[-- Type: text/x-patch, Size: 3429 bytes --]
From 0ad24103d82147eece6bd546fc31a9f81e2d17fd Mon Sep 17 00:00:00 2001
Message-ID: <0ad24103d82147eece6bd546fc31a9f81e2d17fd.1721063765.git.zhengjunjie@iscas.ac.cn>
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
Date: Tue, 16 Jul 2024 01:13:35 +0800
Subject: [PATCH 1/2] gnu: Add nss-certs-for-test.
* gnu/packages/certs.scm (nss-certs-for-test): New variable.
Change-Id: Id808e058835556717a6585ecd86dd14d0d2a5039
---
gnu/packages/certs.scm | 45 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 449be0b35a..e2de6b168b 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2021 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2021 Raghav Gururajan <rg@raghavgururajan.name>
+;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -25,6 +26,7 @@
(define-module (gnu packages certs)
#:use-module ((guix licenses) #:prefix license:)
+ #:use-module ((guix search-paths) #:select ($SSL_CERT_DIR $SSL_CERT_FILE))
#:use-module (guix packages)
#:use-module (guix utils)
#:use-module (guix download)
@@ -188,6 +190,49 @@ (define-public nss-certs
(home-page "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
(license license:mpl2.0)))
+(define-public nss-certs-for-test
+ (hidden-package
+ (package
+ (inherit nss-certs)
+ (name "nss-certs-for-test")
+ (source #f)
+ (build-system trivial-build-system)
+ (native-inputs (list nss-certs))
+ (inputs '())
+ (propagated-inputs '())
+ (arguments
+ (list #:modules '((guix build utils)
+ (rnrs io ports)
+ (srfi srfi-26))
+ #:builder
+ #~(begin
+ (use-modules (guix build utils)
+ (rnrs io ports)
+ (srfi srfi-26))
+ (define certs-dir (string-append #$output "/etc/ssl/certs/"))
+ (define ca-files
+ (find-files (string-append #+(this-package-native-input
+ "nss-certs")
+ "/etc/ssl/certs")
+ (lambda (file stat)
+ (string-suffix? ".pem" file))))
+ (define (concatenate-files files result)
+ "Make RESULT the concatenation of all of FILES."
+ (define (dump file port)
+ (display (call-with-input-file file get-string-all) port)
+ (newline port))
+ (call-with-output-file result
+ (lambda (port)
+ (for-each (cut dump <> port) files))))
+
+ (mkdir-p certs-dir)
+ (concatenate-files
+ ca-files (string-append certs-dir "/ca-certificates.crt"))
+ (for-each (cut install-file <> certs-dir) ca-files))))
+ (native-search-paths
+ (list $SSL_CERT_DIR
+ $SSL_CERT_FILE)))))
+
(define-public le-certs
(package
(name "le-certs")
base-commit: 05e6bd3efe1b03190839d2b91b09fa768c4ef83c
--
2.45.2
[-- Attachment #1.3: 0002-gnu-python-requests-next-Fix-build.patch --]
[-- Type: text/x-patch, Size: 1937 bytes --]
From 5417197e22dd7efa6732ea8de188f2f94bfc3ccc Mon Sep 17 00:00:00 2001
Message-ID: <5417197e22dd7efa6732ea8de188f2f94bfc3ccc.1721063765.git.zhengjunjie@iscas.ac.cn>
In-Reply-To: <0ad24103d82147eece6bd546fc31a9f81e2d17fd.1721063765.git.zhengjunjie@iscas.ac.cn>
References: <0ad24103d82147eece6bd546fc31a9f81e2d17fd.1721063765.git.zhengjunjie@iscas.ac.cn>
From: Zheng Junjie <zhengjunjie@iscas.ac.cn>
Date: Tue, 16 Jul 2024 00:06:39 +0800
Subject: [PATCH 2/2] gnu: python-requests-next: Fix build.
* gnu/packages/python-web.scm (python-requests-next): Fix build.
[native-inputs]: Add nss-certs-for-test.
Change-Id: I1592ef3329fdcd681df618bb12fbc205aa028be3
---
gnu/packages/python-web.scm | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index bca7da9139..9367dfba34 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -65,6 +65,7 @@
;;; Copyright © 2024 Sharlatan Hellseher <sharlatanus@gmail.com>
;;; Copyright © 2024 normally_js <normally_js@posteo.net>
;;; Copyright © 2024 Markku Korkeala <markku.korkeala@iki.fi>
+;;; Copyright © 2024 Zheng Junjie <873216071@qq.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -94,6 +95,7 @@ (define-module (gnu packages python-web)
#:use-module (gnu packages admin)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
+ #:use-module (gnu packages certs)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
@@ -3614,6 +3616,8 @@ (define-public python-requests-next
(base32
"0q5742pnibwy74169kacin3dmqg9jzmzk7qab5aq5caffcbm8djm"))))
(build-system python-build-system)
+ (native-inputs
+ (list nss-certs-for-test))
(propagated-inputs
(list python-certifi
python-charset-normalizer
--
2.45.2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2024-07-15 17:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-15 10:43 [core-updates] Setting SSL_CERT_FILE in the build environment Ricardo Wurmus
2024-07-15 14:00 ` Ricardo Wurmus
2024-07-15 14:40 ` Ricardo Wurmus
2024-07-15 16:08 ` Zheng Junjie
2024-07-15 16:22 ` Ricardo Wurmus
2024-07-15 17:20 ` Zheng Junjie [this message]
2024-07-16 7:37 ` Zheng Junjie
2024-07-18 19:35 ` Ricardo Wurmus
2024-07-22 9:50 ` Ricardo Wurmus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ttgqfu6r.fsf@iscas.ac.cn \
--to=zhengjunjie@iscas.ac.cn \
--cc=efraim@flashner.co.il \
--cc=guix-devel@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.