ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 07:26:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

system: Remove nss-certs from OS templates, adjust doc.

Browse source 
This is a follow-up to commit 86afaadb51 ("system: Add 'nss-certs' to
%base-packages-networking.")

* doc/guix-cookbook.texi (Running Guix on a Linode Server): Remove nss-certs
from operating system's packages field.
(Running Guix on a Kimsufi Server): Likewise.
* doc/guix.texi (Using the Configuration System): Likewise.
(X.509 Certificates): Adjust to mention nss-certs *is* part of %base-packages.
* gnu/installer/services.scm (%system-services): Remove recommendation to
install nss-certs.
* gnu/system/examples/bare-bones.tmpl (host-name): Remove obsolete comments.
* gnu/system/examples/desktop.tmpl (packages): Remove nss-certs.
* gnu/system/examples/lightweight-desktop.tmpl (packages): Likewise.
* gnu/system/examples/plasma.tmpl (packages): Likewise.
* gnu/system/examples/raspberry-pi-64-nfs-root.tmpl (packages): Likewise.
* gnu/system/examples/raspberry-pi-64.tmpl (packages): Likewise.
* gnu/system/examples/vm-image.tmpl (packages): Likewise.
* gnu/system/images/orangepi-r1-plus-lts-rk3328.scm (packages): Likewise.
* gnu/system/images/pine64.scm (packages): Likewise.
* gnu/system/install.scm (installation-os) [packages]: Likewise.

Change-Id: If09123a69b987178bcb0aab61c4570c14fc1286f
This commit is contained in:
Maxim Cournoyer 2024-04-18 09:33:19 -04:00
parent a69e5e5e47
commit 65e8472a4b
No known key found for this signature in database
GPG key ID: 1260E46482E63562
13 changed files with 20 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/guix-cookbook.texi
View file

@ -2548,7 +2548,6 @@ is below. Save the resulting file as @file{guix-config.scm}.
(use-service-modules networking (use-service-modules networking
ssh) ssh)
(use-package-modules admin (use-package-modules admin
certs
package-management package-management
ssh ssh
tls) tls)
@ -2586,8 +2585,7 @@ is below. Save the resulting file as @file{guix-config.scm}.
(home-directory "/home/janedoe")) (home-directory "/home/janedoe"))
%base-user-accounts)) %base-user-accounts))
(packages (cons* nss-certs ;for HTTPS access (packages (cons* openssh-sans-x
openssh-sans-x
%base-packages)) %base-packages))
(services (cons* (services (cons*
@ -2796,7 +2794,7 @@ here is a sample:
@lisp @lisp
(use-modules (gnu) (guix)) (use-modules (gnu) (guix))
(use-service-modules networking ssh vpn virtualization sysctl admin mcron) (use-service-modules networking ssh vpn virtualization sysctl admin mcron)
(use-package-modules ssh certs tls tmux vpn virtualization) (use-package-modules ssh tls tmux vpn virtualization)
(operating-system (operating-system
(host-name "kimsufi") (host-name "kimsufi")
@ -2848,7 +2846,7 @@ root ALL=(ALL) ALL
guix ALL=(ALL) NOPASSWD:ALL\n")) guix ALL=(ALL) NOPASSWD:ALL\n"))
;; Globally-installed packages. ;; Globally-installed packages.
(packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages)) (packages (cons* tmux gnutls wireguard-tools %base-packages))
(services (services
(cons* (cons*
(service static-networking-service-type (service static-networking-service-type

4
doc/guix.texi
View file

@ -17152,7 +17152,7 @@ the @code{(gnu packages)} module. For example:
(operating-system (operating-system
;; ... ;; ...
(packages (append (map specification->package+output (packages (append (map specification->package+output
'("nss-certs" "git" "git:send-email")) '("git" "git:send-email"))
%base-packages))) %base-packages)))
@end lisp @end lisp
@ -41006,7 +41006,7 @@ Reference}). Guix includes one such package, @code{nss-certs}, which
is a set of CA certificates provided as part of Mozilla's Network is a set of CA certificates provided as part of Mozilla's Network
Security Services. Security Services.
Note that it is @emph{not} part of @code{%base-packages}, so you need to This package is part of @code{%base-packages}, so there is no need to
explicitly add it. The @file{/etc/ssl/certs} directory, which is where explicitly add it. The @file{/etc/ssl/certs} directory, which is where
most applications and libraries look for certificates by default, points most applications and libraries look for certificates by default, points
to the certificates installed globally. to the certificates installed globally.

5
gnu/installer/services.scm
View file

@ -110,11 +110,6 @@ (define %system-services
(name (G_ "Tor anonymous network router")) (name (G_ "Tor anonymous network router"))
(type 'networking) (type 'networking)
(snippet '((service tor-service-type)))) (snippet '((service tor-service-type))))
(system-service
(name (G_ "Mozilla NSS certificates, for HTTPS access"))
(type 'networking)
(packages '((specification->package "nss-certs")))
(recommended? #t))
;; Miscellaneous system administration services. ;; Miscellaneous system administration services.
(system-service (system-service

5
gnu/system/examples/bare-bones.tmpl
View file

@ -4,9 +4,6 @@
(use-modules (gnu)) (use-modules (gnu))
(use-service-modules networking ssh) (use-service-modules networking ssh)
;; If you want to use HTTPS, you most likely want to include
;; "certs" in the line below. Also read the comment about
;; "nss-certs" later in this file.
(use-package-modules screen ssh) (use-package-modules screen ssh)
(operating-system (operating-system
@ -46,8 +43,6 @@
%base-user-accounts)) %base-user-accounts))
;; Globally-installed packages. ;; Globally-installed packages.
;; Add "nss-certs" for Mozilla's approved CA certs. You would
;; have to have included "certs" in use-package-modules above.
(packages (cons screen %base-packages)) (packages (cons screen %base-packages))
;; Add services to the baseline: a DHCP client and an SSH ;; Add services to the baseline: a DHCP client and an SSH

4
gnu/system/examples/desktop.tmpl
View file

@ -5,7 +5,7 @@
(use-modules (gnu) (gnu system nss) (guix utils)) (use-modules (gnu) (gnu system nss) (guix utils))
(use-service-modules desktop sddm xorg) (use-service-modules desktop sddm xorg)
(use-package-modules certs gnome) (use-package-modules gnome)
(operating-system (operating-system
(host-name "antelope") (host-name "antelope")
@ -65,8 +65,6 @@
;; This is where we specify system-wide packages. ;; This is where we specify system-wide packages.
(packages (append (list (packages (append (list
;; for HTTPS access
nss-certs
;; for user mounts ;; for user mounts
gvfs) gvfs)
%base-packages)) %base-packages))

6
gnu/system/examples/lightweight-desktop.tmpl
View file

@ -5,7 +5,7 @@
(use-modules (gnu) (gnu system nss)) (use-modules (gnu) (gnu system nss))
(use-service-modules desktop) (use-service-modules desktop)
(use-package-modules bootloaders certs emacs emacs-xyz ratpoison suckless wm (use-package-modules bootloaders emacs emacs-xyz ratpoison suckless wm
xorg) xorg)
(operating-system (operating-system
@ -47,9 +47,7 @@
ratpoison i3-wm i3status dmenu ratpoison i3-wm i3status dmenu
emacs emacs-exwm emacs-desktop-environment emacs emacs-exwm emacs-desktop-environment
;; terminal emulator ;; terminal emulator
xterm xterm)
;; for HTTPS access
nss-certs)
%base-packages)) %base-packages))
;; Use the "desktop" services, which include the X11 ;; Use the "desktop" services, which include the X11

5
gnu/system/examples/plasma.tmpl
View file

@ -3,7 +3,7 @@
(use-modules (gnu) (gnu system nss) (srfi srfi-1)) (use-modules (gnu) (gnu system nss) (srfi srfi-1))
(use-service-modules desktop sddm xorg ssh) (use-service-modules desktop sddm xorg ssh)
(use-package-modules certs gnome ssh admin fonts) (use-package-modules gnome ssh admin fonts)
(use-package-modules qt xorg tmux linux) (use-package-modules qt xorg tmux linux)
(operating-system (operating-system
@ -32,8 +32,7 @@
%base-user-accounts)) %base-user-accounts))
;; This is where we specify system-wide packages. ;; This is where we specify system-wide packages.
(packages (cons* nss-certs ;for HTTPS access (packages (cons* neofetch
neofetch
htop htop
tmux tmux
xprop xprop

6
gnu/system/examples/raspberry-pi-64-nfs-root.tmpl
View file

@ -17,8 +17,7 @@
avahi avahi
networking networking
ssh) ssh)
(use-package-modules certs (use-package-modules linux
linux
raspberry-pi raspberry-pi
ssh) ssh)
@ -56,8 +55,7 @@
(supplementary-groups '("wheel" "netdev" "audio" "video")) (supplementary-groups '("wheel" "netdev" "audio" "video"))
(home-directory "/home/pi")) (home-directory "/home/pi"))
%base-user-accounts)) %base-user-accounts))
(packages (cons* nss-certs (packages (cons* openssh
openssh
%base-packages)) %base-packages))
(services (cons* (service avahi-service-type) (services (cons* (service avahi-service-type)
(service dhcp-client-service-type) (service dhcp-client-service-type)

6
gnu/system/examples/raspberry-pi-64.tmpl
View file

@ -16,8 +16,7 @@
avahi avahi
networking networking
ssh) ssh)
(use-package-modules certs (use-package-modules linux
linux
raspberry-pi raspberry-pi
ssh) ssh)
@ -60,8 +59,7 @@
(supplementary-groups '("wheel" "netdev" "audio" "video")) (supplementary-groups '("wheel" "netdev" "audio" "video"))
(home-directory "/home/pi")) (home-directory "/home/pi"))
%base-user-accounts)) %base-user-accounts))
(packages (cons* nss-certs (packages (cons* openssh
openssh
%base-packages)) %base-packages))
(services (cons* (service avahi-service-type) (services (cons* (service avahi-service-type)
(service dhcp-client-service-type) (service dhcp-client-service-type)

4
gnu/system/examples/vm-image.tmpl
View file

@ -7,7 +7,7 @@
(use-modules (gnu) (guix) (srfi srfi-1)) (use-modules (gnu) (guix) (srfi srfi-1))
(use-service-modules desktop mcron networking spice ssh xorg sddm) (use-service-modules desktop mcron networking spice ssh xorg sddm)
(use-package-modules bootloaders certs fonts (use-package-modules bootloaders fonts
package-management xdisorg xorg) package-management xdisorg xorg)
(define vm-image-motd (plain-file "motd" " (define vm-image-motd (plain-file "motd" "
@ -66,7 +66,7 @@ root ALL=(ALL) ALL
%wheel ALL=NOPASSWD: ALL\n")) %wheel ALL=NOPASSWD: ALL\n"))
(packages (packages
(append (list font-bitstream-vera nss-certs (append (list font-bitstream-vera
;; Auto-started script providing SPICE dynamic resizing for ;; Auto-started script providing SPICE dynamic resizing for
;; Xfce (see: ;; Xfce (see:
;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142). ;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142).

4
gnu/system/images/orangepi-r1-plus-lts-rk3328.scm
View file

@ -21,7 +21,6 @@ (define-module (gnu system images orangepi-r1-plus-lts-rk3328)
#:use-module (gnu bootloader u-boot) #:use-module (gnu bootloader u-boot)
#:use-module (gnu image) #:use-module (gnu image)
#:use-module (gnu packages linux) #:use-module (gnu packages linux)
#:use-module (gnu packages certs)
#:use-module (guix platforms arm) #:use-module (guix platforms arm)
#:use-module (gnu services) #:use-module (gnu services)
#:use-module (gnu services base) #:use-module (gnu services base)
@ -55,8 +54,7 @@ (define orangepi-r1-plus-lts-rk3328-barebones-os
(term "vt100") (term "vt100")
(tty "ttyS2"))) (tty "ttyS2")))
(service dhcp-client-service-type) (service dhcp-client-service-type)
(service ntp-service-type) %base-services)) (service ntp-service-type) %base-services))))
(packages (cons nss-certs %base-packages))))
(define orangepi-r1-plus-lts-rk3328-image-type (define orangepi-r1-plus-lts-rk3328-image-type
(image-type (name 'orangepi-r1-plus-lts-rk3328-raw) (image-type (name 'orangepi-r1-plus-lts-rk3328-raw)

3
gnu/system/images/pine64.scm
View file

@ -59,8 +59,7 @@ (define pine64-barebones-os
(tty "ttyS0"))) (tty "ttyS0")))
(service dhcp-client-service-type) (service dhcp-client-service-type)
(service ntp-service-type) (service ntp-service-type)
%base-services)) %base-services))))
(packages (cons nss-certs %base-packages))))
(define pine64-image-type (define pine64-image-type
(image-type (image-type

5
gnu/system/install.scm
View file

@ -548,11 +548,10 @@ (define installation-os
(base-pam-services #:allow-empty-passwords? #t)) (base-pam-services #:allow-empty-passwords? #t))
(packages (append (packages (append
(list glibc ; for 'tzselect' & co. (list glibc ; for 'tzselect' & co.
fontconfig fontconfig
font-dejavu font-gnu-unifont font-dejavu font-gnu-unifont
grub ; mostly so xrefs to its manual work grub) ; mostly so xrefs to its manual work
nss-certs) ; To access HTTPS, use git, etc.
%installer-disk-utilities %installer-disk-utilities
%base-packages)))) %base-packages))))