From 4fe3a734d104fa1836255b18f8d8bcf4aeaa407f Mon Sep 17 00:00:00 2001 From: Ryan Schanzenbacher Date: Tue, 16 May 2023 23:52:36 -0400 Subject: CACerts now populate correctly --- system.scm | 91 +++++++++++++++++++++++++++----------------------------------- 1 file changed, 39 insertions(+), 52 deletions(-) (limited to 'system.scm') diff --git a/system.scm b/system.scm index 7a9cfb4..c4114be 100644 --- a/system.scm +++ b/system.scm @@ -15,9 +15,9 @@ (use-modules (guix packages)) (use-modules (gnu services authentication)) (use-modules (gnu packages shells)) -(use-modules (gnu packages perl)) (use-modules (guix build-system trivial)) (use-modules (guix licenses)) +(use-modules (gnu packages tls)) (use-modules (srfi srfi-1)) (use-package-modules security-token) (use-service-modules cups desktop networking ssh xorg sound security-token docker) @@ -25,57 +25,44 @@ ; Define package that installs my root ca public keys (define my-ca-certs (package - (name "my-ca-certs") - (version "1") - (source (local-file "./CACerts/" - #:recursive? #t)) - (home-page "https://rschanz.org") - (license agpl3+) - (build-system trivial-build-system) - (arguments - `(#:modules - ((guix build utils)) - #:builder - (begin - (use-modules (guix build utils) - (srfi srfi-1) - (srfi srfi-26) - (ice-9 ftw)) - (let* ((ca-certificates (assoc-ref %build-inputs "source")) - (crt-suffix ".crt") - (is-certificate? (cut string-suffix? crt-suffix <>)) - (certificates (filter is-certificate? - (scandir ca-certificates))) - (out (assoc-ref %outputs "out")) - (certificate-directory (string-append out - "/etc/ssl/certs")) - (openssl (string-append (assoc-ref %build-inputs - "openssl") - "/bin/openssl"))) - (mkdir-p certificate-directory) - ;; When this package is installed into a profile, any files in the - ;; package output's etc/ssl/certs directory ending in ".pem" will - ;; also be put into a ca-certificates.crt bundle. In the case of a - ;; system profile, this bundle will be made available to the system - ;; at activation time. See the profile hooks defined in (guix - ;; profiles) and the etc-service-type define in (gnu services) for - ;; details. - (for-each - ;; Ensure the certificate is in an appropriate format. - (lambda (certificate) - (invoke - openssl "x509" - "-in" (string-append ca-certificates "/" certificate) - "-outform" "PEM" - "-out" (string-append - certificate-directory "/" - (basename certificate crt-suffix) ".pem"))) - certificates) - #t)))) - (inputs - (list openssl)) - (synopsis "My certificate authority certificates") - (description synopsis))) + (name "my-ca-certs") + (version "1") + (source (local-file "./CACerts" + #:recursive? #t)) + (build-system trivial-build-system) + (license mpl2.0) + (home-page "https://rschanz.org") + (arguments + `(#:modules + ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils) + (srfi srfi-1) + (srfi srfi-26) + (ice-9 ftw)) + (let* ((ca-certificates (assoc-ref %build-inputs "source")) + (crt-suffix ".crt") + (is-certificate? (cut string-suffix? crt-suffix <>)) + (certificates (filter is-certificate? + (scandir ca-certificates))) + (out (assoc-ref %outputs "out")) + (certificate-directory (string-append out "/etc/ssl/certs")) + (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl"))) + (mkdir-p certificate-directory) + (for-each + (lambda (cert) + (invoke + openssl "x509" + "-in" (string-append ca-certificates "/" cert) + "-outform" "PEM" + "-out" (string-append certificate-directory "/" cert ".pem"))) + certificates) + #t)))) + (native-inputs + (list openssl)) + (synopsis "My CA Certs") + (description synopsis))) ; Re-define the base packages to remove sudo (define %my-base-packages -- cgit v1.2.3