summary refs log tree commit diff
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2024-04-18 09:33:19 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2024-04-18 10:43:06 -0400
commit65e8472a4b6fc6f66871ba0dad518b7d4c63595e (patch)
tree120893f7655172dda27e9be19209b018df6f756c
parenta69e5e5e47b70e3fe14040142544147fbd9239a1 (diff)
downloadguix-65e8472a4b6fc6f66871ba0dad518b7d4c63595e.tar.gz
system: Remove nss-certs from OS templates, adjust doc.
This is a follow-up to commit 86afaadb51 ("system: Add 'nss-certs' to
%base-packages-networking.")

* doc/guix-cookbook.texi (Running Guix on a Linode Server): Remove nss-certs
from operating system's packages field.
(Running Guix on a Kimsufi Server): Likewise.
* doc/guix.texi (Using the Configuration System): Likewise.
(X.509 Certificates): Adjust to mention nss-certs *is* part of %base-packages.
* gnu/installer/services.scm (%system-services): Remove recommendation to
install nss-certs.
* gnu/system/examples/bare-bones.tmpl (host-name): Remove obsolete comments.
* gnu/system/examples/desktop.tmpl (packages): Remove nss-certs.
* gnu/system/examples/lightweight-desktop.tmpl (packages): Likewise.
* gnu/system/examples/plasma.tmpl (packages): Likewise.
* gnu/system/examples/raspberry-pi-64-nfs-root.tmpl (packages): Likewise.
* gnu/system/examples/raspberry-pi-64.tmpl (packages): Likewise.
* gnu/system/examples/vm-image.tmpl (packages): Likewise.
* gnu/system/images/orangepi-r1-plus-lts-rk3328.scm (packages): Likewise.
* gnu/system/images/pine64.scm (packages): Likewise.
* gnu/system/install.scm (installation-os) [packages]: Likewise.

Change-Id: If09123a69b987178bcb0aab61c4570c14fc1286f
-rw-r--r--doc/guix-cookbook.texi8
-rw-r--r--doc/guix.texi4
-rw-r--r--gnu/installer/services.scm5
-rw-r--r--gnu/system/examples/bare-bones.tmpl5
-rw-r--r--gnu/system/examples/desktop.tmpl4
-rw-r--r--gnu/system/examples/lightweight-desktop.tmpl6
-rw-r--r--gnu/system/examples/plasma.tmpl5
-rw-r--r--gnu/system/examples/raspberry-pi-64-nfs-root.tmpl6
-rw-r--r--gnu/system/examples/raspberry-pi-64.tmpl6
-rw-r--r--gnu/system/examples/vm-image.tmpl4
-rw-r--r--gnu/system/images/orangepi-r1-plus-lts-rk3328.scm4
-rw-r--r--gnu/system/images/pine64.scm3
-rw-r--r--gnu/system/install.scm5
13 files changed, 20 insertions, 45 deletions
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 62efc73fc3..3bc63cba7a 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -2548,7 +2548,6 @@ is below. Save the resulting file as @file{guix-config.scm}.
 (use-service-modules networking
                      ssh)
 (use-package-modules admin
-                     certs
                      package-management
                      ssh
                      tls)
@@ -2586,8 +2585,7 @@ is below. Save the resulting file as @file{guix-config.scm}.
                 (home-directory "/home/janedoe"))
                %base-user-accounts))
 
-  (packages (cons* nss-certs            ;for HTTPS access
-                   openssh-sans-x
+  (packages (cons* openssh-sans-x
                    %base-packages))
 
   (services (cons*
@@ -2796,7 +2794,7 @@ here is a sample:
 @lisp
 (use-modules (gnu) (guix))
 (use-service-modules networking ssh vpn virtualization sysctl admin mcron)
-(use-package-modules ssh certs tls tmux vpn virtualization)
+(use-package-modules ssh tls tmux vpn virtualization)
 
 (operating-system
   (host-name "kimsufi")
@@ -2848,7 +2846,7 @@ root ALL=(ALL) ALL
 guix ALL=(ALL) NOPASSWD:ALL\n"))
 
   ;; Globally-installed packages.
-  (packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages))
+  (packages (cons* tmux gnutls wireguard-tools %base-packages))
   (services
    (cons*
     (service static-networking-service-type
diff --git a/doc/guix.texi b/doc/guix.texi
index f4f21c4744..22caa984ad 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -17152,7 +17152,7 @@ the @code{(gnu packages)} module.  For example:
 (operating-system
   ;; ...
   (packages (append (map specification->package+output
-                         '("nss-certs" "git" "git:send-email"))
+                         '("git" "git:send-email"))
                     %base-packages)))
 
 @end lisp
@@ -41006,7 +41006,7 @@ Reference}).  Guix includes one such package, @code{nss-certs}, which
 is a set of CA certificates provided as part of Mozilla's Network
 Security Services.
 
-Note that it is @emph{not} part of @code{%base-packages}, so you need to
+This package is part of @code{%base-packages}, so there is no need to
 explicitly add it.  The @file{/etc/ssl/certs} directory, which is where
 most applications and libraries look for certificates by default, points
 to the certificates installed globally.
diff --git a/gnu/installer/services.scm b/gnu/installer/services.scm
index 4dfed78785..1cb9dc579c 100644
--- a/gnu/installer/services.scm
+++ b/gnu/installer/services.scm
@@ -110,11 +110,6 @@
       (name (G_ "Tor anonymous network router"))
       (type 'networking)
       (snippet '((service tor-service-type))))
-     (system-service
-      (name (G_ "Mozilla NSS certificates, for HTTPS access"))
-      (type 'networking)
-      (packages '((specification->package "nss-certs")))
-      (recommended? #t))
 
      ;; Miscellaneous system administration services.
      (system-service
diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl
index dc6aff5273..7b6a4b09b0 100644
--- a/gnu/system/examples/bare-bones.tmpl
+++ b/gnu/system/examples/bare-bones.tmpl
@@ -4,9 +4,6 @@
 
 (use-modules (gnu))
 (use-service-modules networking ssh)
-;; If you want to use HTTPS, you most likely want to include
-;; "certs" in the line below.  Also read the comment about
-;; "nss-certs" later in this file.
 (use-package-modules screen ssh)
 
 (operating-system
@@ -46,8 +43,6 @@
                %base-user-accounts))
 
   ;; Globally-installed packages.
-  ;; Add "nss-certs" for Mozilla's approved CA certs.  You would
-  ;; have to have included "certs" in use-package-modules above.
   (packages (cons screen %base-packages))
 
   ;; Add services to the baseline: a DHCP client and an SSH
diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl
index 10d0e54fa7..2d65f22294 100644
--- a/gnu/system/examples/desktop.tmpl
+++ b/gnu/system/examples/desktop.tmpl
@@ -5,7 +5,7 @@
 
 (use-modules (gnu) (gnu system nss) (guix utils))
 (use-service-modules desktop sddm xorg)
-(use-package-modules certs gnome)
+(use-package-modules gnome)
 
 (operating-system
   (host-name "antelope")
@@ -65,8 +65,6 @@
 
   ;; This is where we specify system-wide packages.
   (packages (append (list
-                     ;; for HTTPS access
-                     nss-certs
                      ;; for user mounts
                      gvfs)
                     %base-packages))
diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl
index 4cb3c38311..c061284ba8 100644
--- a/gnu/system/examples/lightweight-desktop.tmpl
+++ b/gnu/system/examples/lightweight-desktop.tmpl
@@ -5,7 +5,7 @@
 
 (use-modules (gnu) (gnu system nss))
 (use-service-modules desktop)
-(use-package-modules bootloaders certs emacs emacs-xyz ratpoison suckless wm
+(use-package-modules bootloaders emacs emacs-xyz ratpoison suckless wm
                      xorg)
 
 (operating-system
@@ -47,9 +47,7 @@
                      ratpoison i3-wm i3status dmenu
                      emacs emacs-exwm emacs-desktop-environment
                      ;; terminal emulator
-                     xterm
-                     ;; for HTTPS access
-                     nss-certs)
+                     xterm)
                     %base-packages))
 
   ;; Use the "desktop" services, which include the X11
diff --git a/gnu/system/examples/plasma.tmpl b/gnu/system/examples/plasma.tmpl
index 6395991125..c3850ffe37 100644
--- a/gnu/system/examples/plasma.tmpl
+++ b/gnu/system/examples/plasma.tmpl
@@ -3,7 +3,7 @@
 
 (use-modules (gnu) (gnu system nss) (srfi srfi-1))
 (use-service-modules desktop sddm xorg ssh)
-(use-package-modules certs gnome ssh admin fonts)
+(use-package-modules gnome ssh admin fonts)
 (use-package-modules qt xorg tmux linux)
 
 (operating-system
@@ -32,8 +32,7 @@
                %base-user-accounts))
 
   ;; This is where we specify system-wide packages.
-  (packages (cons* nss-certs         ;for HTTPS access
-                   neofetch
+  (packages (cons* neofetch
                    htop
                    tmux
                    xprop
diff --git a/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl b/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl
index 2203375270..1baca02491 100644
--- a/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl
+++ b/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl
@@ -17,8 +17,7 @@
                      avahi
                      networking
                      ssh)
-(use-package-modules certs
-                     linux
+(use-package-modules linux
                      raspberry-pi
                      ssh)
 
@@ -56,8 +55,7 @@
                    (supplementary-groups '("wheel" "netdev" "audio" "video"))
                    (home-directory "/home/pi"))
                   %base-user-accounts))
-    (packages (cons* nss-certs
-                     openssh
+    (packages (cons* openssh
                      %base-packages))
     (services (cons* (service avahi-service-type)
                      (service dhcp-client-service-type)
diff --git a/gnu/system/examples/raspberry-pi-64.tmpl b/gnu/system/examples/raspberry-pi-64.tmpl
index 185d25c412..414d8ac7a5 100644
--- a/gnu/system/examples/raspberry-pi-64.tmpl
+++ b/gnu/system/examples/raspberry-pi-64.tmpl
@@ -16,8 +16,7 @@
                      avahi
                      networking
                      ssh)
-(use-package-modules certs
-                     linux
+(use-package-modules linux
                      raspberry-pi
                      ssh)
 
@@ -60,8 +59,7 @@
                    (supplementary-groups '("wheel" "netdev" "audio" "video"))
                    (home-directory "/home/pi"))
                   %base-user-accounts))
-    (packages (cons* nss-certs
-                     openssh
+    (packages (cons* openssh
                      %base-packages))
     (services (cons* (service avahi-service-type)
                      (service dhcp-client-service-type)
diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl
index dc9a7542a5..589de493b1 100644
--- a/gnu/system/examples/vm-image.tmpl
+++ b/gnu/system/examples/vm-image.tmpl
@@ -7,7 +7,7 @@
 
 (use-modules (gnu) (guix) (srfi srfi-1))
 (use-service-modules desktop mcron networking spice ssh xorg sddm)
-(use-package-modules bootloaders certs fonts
+(use-package-modules bootloaders fonts
                      package-management xdisorg xorg)
 
 (define vm-image-motd (plain-file "motd" "
@@ -66,7 +66,7 @@ root ALL=(ALL) ALL
 %wheel ALL=NOPASSWD: ALL\n"))
 
   (packages
-   (append (list font-bitstream-vera nss-certs
+   (append (list font-bitstream-vera
                  ;; Auto-started script providing SPICE dynamic resizing for
                  ;; Xfce (see:
                  ;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142).
diff --git a/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm b/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm
index eaaa12ba78..6ec644f113 100644
--- a/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm
+++ b/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm
@@ -21,7 +21,6 @@
   #:use-module (gnu bootloader u-boot)
   #:use-module (gnu image)
   #:use-module (gnu packages linux)
-  #:use-module (gnu packages certs)
   #:use-module (guix platforms arm)
   #:use-module (gnu services)
   #:use-module (gnu services base)
@@ -55,8 +54,7 @@
                                            (term "vt100")
                                            (tty "ttyS2")))
             (service dhcp-client-service-type)
-            (service ntp-service-type) %base-services))
-    (packages (cons nss-certs %base-packages))))
+            (service ntp-service-type) %base-services))))
 
 (define orangepi-r1-plus-lts-rk3328-image-type
   (image-type (name 'orangepi-r1-plus-lts-rk3328-raw)
diff --git a/gnu/system/images/pine64.scm b/gnu/system/images/pine64.scm
index 3feb69764d..457ff4345f 100644
--- a/gnu/system/images/pine64.scm
+++ b/gnu/system/images/pine64.scm
@@ -59,8 +59,7 @@
                          (tty "ttyS0")))
                (service dhcp-client-service-type)
                (service ntp-service-type)
-               %base-services))
-    (packages (cons nss-certs %base-packages))))
+               %base-services))))
 
 (define pine64-image-type
   (image-type
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 371bfc2a63..0195a0804d 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -548,11 +548,10 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m
      (base-pam-services #:allow-empty-passwords? #t))
 
     (packages (append
-                (list glibc         ; for 'tzselect' & co.
+                (list glibc             ; for 'tzselect' & co.
                       fontconfig
                       font-dejavu font-gnu-unifont
-                      grub          ; mostly so xrefs to its manual work
-                      nss-certs)    ; To access HTTPS, use git, etc.
+                      grub)             ; mostly so xrefs to its manual work
                 %installer-disk-utilities
                 %base-packages))))