From a9128eac414e56882a12571e4856873a19ff6ec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 12 Dec 2012 15:32:35 +0100 Subject: [PATCH] daemon: Use `openssl' from $PATH. * daemon.am (-DOPENSSL_PATH): Default to "openssl". * TODO: Mention removal of OpenSSL dependency. --- TODO | 9 +++++++++ daemon.am | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index 1579504ea5..5510ee8c76 100644 --- a/TODO +++ b/TODO @@ -14,6 +14,15 @@ and GC-related tasks. The daemon mainly uses ‘libstore’ from Nix. Integrating it in Guix itself will make Guix self-contained, thereby simplifying our users’ lives. +** Remove dependency on OpenSSL + +The ‘openssl’ command-line tool is used in libstore to sign store paths +to be exported, and to check such signatures. The signing keys are +usually in /etc/nix/signing-key.{pub,sec}. They are a PKCS#8-encoded +X.509 SubjectPublicKeyInfo. These can be decoded with the [[http://lists.gnu.org/archive/html/help-gnutls/2012-12/msg00012.html][C API of +GnuTLS]], but not yet with its Guile bindings. There’s also +‘gnutls_privkey_sign_data’ to sign, and related functions. + * infrastructure ** have a Hydra instance build Guix packages diff --git a/daemon.am b/daemon.am index b2c0e649eb..aa75c6ed29 100644 --- a/daemon.am +++ b/daemon.am @@ -114,7 +114,7 @@ libstore_a_CPPFLAGS = \ -DNIX_CONF_DIR=\"$(sysconfdir)/nix\" \ -DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \ -DNIX_BIN_DIR=\"$(bindir)\" \ - -DOPENSSL_PATH="\"FIXME--no OpenSSL support\"" + -DOPENSSL_PATH="\"openssl\"" libstore_a_CFLAGS = \ $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS)