summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2018-09-06 13:49:06 +0200
committerLudovic Courtès <ludo@gnu.org>2018-09-06 13:49:06 +0200
commit7df945656cd448b13969f90a7a95d8a4e9d442f7 (patch)
tree176e21f6e6c59859561d3d8d7e80f4c123d279f4 /doc
parent3ffcad7df3ab8947010814f61b32ce14ea80e780 (diff)
downloadguix-7df945656cd448b13969f90a7a95d8a4e9d442f7.tar.gz
services: hpcguix-web: Set SSL_CERT_DIR.
Previously Git pulls over HTTPS would fail with:

  guix/git.scm:132:7: In procedure update-cached-checkout:
  Throw to key `git-error' with args `(#<<git-error> code: -17 message: "the SSL certificate is invalid" class: 16>)'.

* gnu/services/web.scm (hpcguix-web-shepherd-service): Pass
"SSL_CERT_DIR=/etc/ssl/certs".
* doc/guix.texi (Web Services): Mention certificates.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi11
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 9375aac30c..c328af40cd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16848,6 +16848,17 @@ A typical hpcguix-web service declaration looks like this:
                 (menu '(("/about" "ABOUT"))))))))
 @end example
 
+@quotation Note
+The hpcguix-web service periodically updates the package list it publishes by
+pulling channels from Git.  To that end, it needs to access X.509 certificates
+so that it can authenticate Git servers when communicating over HTTPS, and it
+assumes that @file{/etc/ssl/certs} contains those certificates.
+
+Thus, make sure to add @code{nss-certs} or another certificate package to the
+@code{packages} field of your configuration.  @ref{X.509 Certificates}, for
+more information on X.509 certificates.
+@end quotation
+
 @node Certificate Services
 @subsubsection Certificate Services