1 files changed, 59 insertions, 0 deletions
diff --git a/system.scm b/system.scm
index 649146b..7a9cfb4 100644
--- a/system.scm
+++ b/system.scm
@@ -15,10 +15,68 @@
 (use-modules (guix packages))
 (use-modules (gnu services authentication))
 (use-modules (gnu packages shells))
+(use-modules (gnu packages perl))
+(use-modules (guix build-system trivial))
+(use-modules (guix licenses))
 (use-modules (srfi srfi-1))
 (use-package-modules security-token)
 (use-service-modules cups desktop networking ssh xorg sound security-token docker)
+; Define package that installs my root ca public keys
+(define my-ca-certs
+  (package
+   (name "my-ca-certs")
+   (version "1")
+   (source (local-file "./CACerts/"
+                       #:recursive? #t))
+   (home-page "https://rschanz.org")
+   (license agpl3+)
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules
+      ((guix build utils))
+      #:builder
+      (begin
+        (use-modules (guix build utils)
+                     (srfi srfi-1)
+                     (srfi srfi-26)
+                     (ice-9 ftw))
+        (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+               (crt-suffix ".crt")
+               (is-certificate? (cut string-suffix? crt-suffix <>))
+               (certificates (filter is-certificate?
+                                     (scandir ca-certificates)))
+               (out (assoc-ref %outputs "out"))
+               (certificate-directory (string-append out
+                                                     "/etc/ssl/certs"))
+               (openssl (string-append (assoc-ref %build-inputs
+                                                  "openssl")
+                                       "/bin/openssl")))
+          (mkdir-p certificate-directory)
+          ;; When this package is installed into a profile, any files in the
+          ;; package output's etc/ssl/certs directory ending in ".pem" will
+          ;; also be put into a ca-certificates.crt bundle.  In the case of a
+          ;; system profile, this bundle will be made available to the system
+          ;; at activation time.  See the profile hooks defined in (guix
+          ;; profiles) and the etc-service-type define in (gnu services) for
+          ;; details.
+          (for-each
+           ;; Ensure the certificate is in an appropriate format.
+           (lambda (certificate)
+             (invoke
+              openssl "x509"
+              "-in" (string-append ca-certificates "/" certificate)
+              "-outform" "PEM"
+              "-out" (string-append
+                      certificate-directory "/"
+                      (basename certificate crt-suffix) ".pem")))
+           certificates)
+          #t))))
+   (inputs
+    (list openssl))
+   (synopsis "My certificate authority certificates")
+   (description synopsis)))
 ; Re-define the base packages to remove sudo
 (define %my-base-packages
  (remove (lambda (package)
@@ -84,6 +142,7 @@
                                                        "docker"
                                                        "wireplumber"
                                                        "zsh"))
+                         (list my-ca-certs)
                         %my-base-packages ))
  ;; Below is the list of system services.  To search for available

diff --git a/system.scm b/system.scm index 649146b..7a9cfb4 100644 --- a/system.scm +++ b/system.scm
@@ -15,10 +15,68 @@
15	(use-modules (guix packages))	15	(use-modules (guix packages))
16	(use-modules (gnu services authentication))	16	(use-modules (gnu services authentication))
17	(use-modules (gnu packages shells))	17	(use-modules (gnu packages shells))
		18	(use-modules (gnu packages perl))
		19	(use-modules (guix build-system trivial))
		20	(use-modules (guix licenses))
18	(use-modules (srfi srfi-1))	21	(use-modules (srfi srfi-1))
19	(use-package-modules security-token)	22	(use-package-modules security-token)
20	(use-service-modules cups desktop networking ssh xorg sound security-token docker)	23	(use-service-modules cups desktop networking ssh xorg sound security-token docker)
21		24
		25	; Define package that installs my root ca public keys
		26	(define my-ca-certs
		27	(package
		28	(name "my-ca-certs")
		29	(version "1")
		30	(source (local-file "./CACerts/"
		31	#:recursive? #t))
		32	(home-page "https://rschanz.org")
		33	(license agpl3+)
		34	(build-system trivial-build-system)
		35	(arguments
		36	`(#:modules
		37	((guix build utils))
		38	#:builder
		39	(begin
		40	(use-modules (guix build utils)
		41	(srfi srfi-1)
		42	(srfi srfi-26)
		43	(ice-9 ftw))
		44	(let* ((ca-certificates (assoc-ref %build-inputs "source"))
		45	(crt-suffix ".crt")
		46	(is-certificate? (cut string-suffix? crt-suffix <>))
		47	(certificates (filter is-certificate?
		48	(scandir ca-certificates)))
		49	(out (assoc-ref %outputs "out"))
		50	(certificate-directory (string-append out
		51	"/etc/ssl/certs"))
		52	(openssl (string-append (assoc-ref %build-inputs
		53	"openssl")
		54	"/bin/openssl")))
		55	(mkdir-p certificate-directory)
		56	;; When this package is installed into a profile, any files in the
		57	;; package output's etc/ssl/certs directory ending in ".pem" will
		58	;; also be put into a ca-certificates.crt bundle. In the case of a
		59	;; system profile, this bundle will be made available to the system
		60	;; at activation time. See the profile hooks defined in (guix
		61	;; profiles) and the etc-service-type define in (gnu services) for
		62	;; details.
		63	(for-each
		64	;; Ensure the certificate is in an appropriate format.
		65	(lambda (certificate)
		66	(invoke
		67	openssl "x509"
		68	"-in" (string-append ca-certificates "/" certificate)
		69	"-outform" "PEM"
		70	"-out" (string-append
		71	certificate-directory "/"
		72	(basename certificate crt-suffix) ".pem")))
		73	certificates)
		74	#t))))
		75	(inputs
		76	(list openssl))
		77	(synopsis "My certificate authority certificates")
		78	(description synopsis)))
		79
22	; Re-define the base packages to remove sudo	80	; Re-define the base packages to remove sudo
23	(define %my-base-packages	81	(define %my-base-packages
24	(remove (lambda (package)	82	(remove (lambda (package)
@@ -84,6 +142,7 @@
84	"docker"	142	"docker"
85	"wireplumber"	143	"wireplumber"
86	"zsh"))	144	"zsh"))
		145	(list my-ca-certs)
87	%my-base-packages ))	146	%my-base-packages ))
88		147
89	;; Below is the list of system services. To search for available	148	;; Below is the list of system services. To search for available