CACerts now populate correctly

author: Ryan Schanzenbacher <ryan@rschanz.org> 2023-05-16 23:52:36 -0400
committer: Ryan Schanzenbacher <ryan@rschanz.org> 2023-05-16 23:52:36 -0400
commit: 4fe3a734d104fa1836255b18f8d8bcf4aeaa407f (patch)
tree: 6e26d0b474a1d26ecf60d3dfea51c2f0e5afa7e5 /system.scm
parent: b081473eaa08537dee157d6810de49ca71adf0e1 (diff)
1 files changed, 39 insertions, 52 deletions
diff --git a/system.scm b/system.scm
index 7a9cfb4..c4114be 100644
--- a/system.scm
+++ b/system.scm
@@ -15,9 +15,9 @@
 (use-modules (guix packages))
 (use-modules (gnu services authentication))
 (use-modules (gnu packages shells))
-(use-modules (gnu packages perl))
 (use-modules (guix build-system trivial))
 (use-modules (guix licenses))
+(use-modules (gnu packages tls))
 (use-modules (srfi srfi-1))
 (use-package-modules security-token)
 (use-service-modules cups desktop networking ssh xorg sound security-token docker)
@@ -25,57 +25,44 @@
 ; Define package that installs my root ca public keys
 (define my-ca-certs
  (package
-   (name "my-ca-certs")
+    (name "my-ca-certs")
-   (version "1")
+    (version "1")
-   (source (local-file "./CACerts/"
+    (source (local-file "./CACerts"
-                       #:recursive? #t))
+                        #:recursive? #t))
-   (home-page "https://rschanz.org")
+    (build-system trivial-build-system)
-   (license agpl3+)
+    (license mpl2.0)
-   (build-system trivial-build-system)
+    (home-page "https://rschanz.org")
-   (arguments
+    (arguments
-    `(#:modules
+      `(#:modules
-      ((guix build utils))
+        ((guix build utils))
-      #:builder
+        #:builder
-      (begin
+        (begin
-        (use-modules (guix build utils)
+          (use-modules (guix build utils)
-                     (srfi srfi-1)
+                       (srfi srfi-1)
-                     (srfi srfi-26)
+                       (srfi srfi-26)
-                     (ice-9 ftw))
+                       (ice-9 ftw))
-        (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
-               (crt-suffix ".crt")
+                 (crt-suffix ".crt")
-               (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
-               (certificates (filter is-certificate?
+                 (certificates (filter is-certificate?
-                                     (scandir ca-certificates)))
+                                       (scandir ca-certificates)))
-               (out (assoc-ref %outputs "out"))
+                 (out (assoc-ref %outputs "out"))
-               (certificate-directory (string-append out
+                 (certificate-directory (string-append out "/etc/ssl/certs"))
-                                                     "/etc/ssl/certs"))
+                 (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
-               (openssl (string-append (assoc-ref %build-inputs
+            (mkdir-p certificate-directory)
-                                                  "openssl")
+            (for-each
-                                       "/bin/openssl")))
+              (lambda (cert)
-          (mkdir-p certificate-directory)
+                (invoke
-          ;; When this package is installed into a profile, any files in the
+                  openssl "x509"
-          ;; package output's etc/ssl/certs directory ending in ".pem" will
+                  "-in" (string-append ca-certificates "/" cert)
-          ;; also be put into a ca-certificates.crt bundle.  In the case of a
+                  "-outform" "PEM"
-          ;; system profile, this bundle will be made available to the system
+                  "-out" (string-append certificate-directory "/" cert ".pem")))
-          ;; at activation time.  See the profile hooks defined in (guix
+              certificates)
-          ;; profiles) and the etc-service-type define in (gnu services) for
+            #t))))
-          ;; details.
+    (native-inputs
-          (for-each
+      (list openssl))
-           ;; Ensure the certificate is in an appropriate format.
+    (synopsis "My CA Certs")
-           (lambda (certificate)
+    (description synopsis)))
-             (invoke
-              openssl "x509"
-              "-in" (string-append ca-certificates "/" certificate)
-              "-outform" "PEM"
-              "-out" (string-append
-                      certificate-directory "/"
-                      (basename certificate crt-suffix) ".pem")))
-           certificates)
-          #t))))
-   (inputs
-    (list openssl))
-   (synopsis "My certificate authority certificates")
-   (description synopsis)))
 ; Re-define the base packages to remove sudo
 (define %my-base-packages
author	Ryan Schanzenbacher <ryan@rschanz.org>	2023-05-16 23:52:36 -0400
committer	Ryan Schanzenbacher <ryan@rschanz.org>	2023-05-16 23:52:36 -0400
commit	4fe3a734d104fa1836255b18f8d8bcf4aeaa407f (patch)
tree	6e26d0b474a1d26ecf60d3dfea51c2f0e5afa7e5 /system.scm
parent	b081473eaa08537dee157d6810de49ca71adf0e1 (diff)

diff --git a/system.scm b/system.scm index 7a9cfb4..c4114be 100644 --- a/system.scm +++ b/system.scm
@@ -15,9 +15,9 @@
15	(use-modules (guix packages))	15	(use-modules (guix packages))
16	(use-modules (gnu services authentication))	16	(use-modules (gnu services authentication))
17	(use-modules (gnu packages shells))	17	(use-modules (gnu packages shells))
18	(use-modules (gnu packages perl))
19	(use-modules (guix build-system trivial))	18	(use-modules (guix build-system trivial))
20	(use-modules (guix licenses))	19	(use-modules (guix licenses))
		20	(use-modules (gnu packages tls))
21	(use-modules (srfi srfi-1))	21	(use-modules (srfi srfi-1))
22	(use-package-modules security-token)	22	(use-package-modules security-token)
23	(use-service-modules cups desktop networking ssh xorg sound security-token docker)	23	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
@@ -25,57 +25,44 @@
25	; Define package that installs my root ca public keys	25	; Define package that installs my root ca public keys
26	(define my-ca-certs	26	(define my-ca-certs
27	(package	27	(package
28	(name "my-ca-certs")	28	(name "my-ca-certs")
29	(version "1")	29	(version "1")
30	(source (local-file "./CACerts/"	30	(source (local-file "./CACerts"
31	#:recursive? #t))	31	#:recursive? #t))
32	(home-page "https://rschanz.org")	32	(build-system trivial-build-system)
33	(license agpl3+)	33	(license mpl2.0)
34	(build-system trivial-build-system)	34	(home-page "https://rschanz.org")
35	(arguments	35	(arguments
36	`(#:modules	36	`(#:modules
37	((guix build utils))	37	((guix build utils))
38	#:builder	38	#:builder
39	(begin	39	(begin
40	(use-modules (guix build utils)	40	(use-modules (guix build utils)
41	(srfi srfi-1)	41	(srfi srfi-1)
42	(srfi srfi-26)	42	(srfi srfi-26)
43	(ice-9 ftw))	43	(ice-9 ftw))
44	(let* ((ca-certificates (assoc-ref %build-inputs "source"))	44	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
45	(crt-suffix ".crt")	45	(crt-suffix ".crt")
46	(is-certificate? (cut string-suffix? crt-suffix <>))	46	(is-certificate? (cut string-suffix? crt-suffix <>))
47	(certificates (filter is-certificate?	47	(certificates (filter is-certificate?
48	(scandir ca-certificates)))	48	(scandir ca-certificates)))
49	(out (assoc-ref %outputs "out"))	49	(out (assoc-ref %outputs "out"))
50	(certificate-directory (string-append out	50	(certificate-directory (string-append out "/etc/ssl/certs"))
51	"/etc/ssl/certs"))	51	(openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
52	(openssl (string-append (assoc-ref %build-inputs	52	(mkdir-p certificate-directory)
53	"openssl")	53	(for-each
54	"/bin/openssl")))	54	(lambda (cert)
55	(mkdir-p certificate-directory)	55	(invoke
56	;; When this package is installed into a profile, any files in the	56	openssl "x509"
57	;; package output's etc/ssl/certs directory ending in ".pem" will	57	"-in" (string-append ca-certificates "/" cert)
58	;; also be put into a ca-certificates.crt bundle. In the case of a	58	"-outform" "PEM"
59	;; system profile, this bundle will be made available to the system	59	"-out" (string-append certificate-directory "/" cert ".pem")))
60	;; at activation time. See the profile hooks defined in (guix	60	certificates)
61	;; profiles) and the etc-service-type define in (gnu services) for	61	#t))))
62	;; details.	62	(native-inputs
63	(for-each	63	(list openssl))
64	;; Ensure the certificate is in an appropriate format.	64	(synopsis "My CA Certs")
65	(lambda (certificate)	65	(description synopsis)))
66	(invoke
67	openssl "x509"
68	"-in" (string-append ca-certificates "/" certificate)
69	"-outform" "PEM"
70	"-out" (string-append
71	certificate-directory "/"
72	(basename certificate crt-suffix) ".pem")))
73	certificates)
74	#t))))
75	(inputs
76	(list openssl))
77	(synopsis "My certificate authority certificates")
78	(description synopsis)))
79		66
80	; Re-define the base packages to remove sudo	67	; Re-define the base packages to remove sudo
81	(define %my-base-packages	68	(define %my-base-packages