summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorAndreas Enge <andreas@enge.fr>2015-02-10 20:55:53 +0100
committerAndreas Enge <andreas@enge.fr>2015-02-13 11:19:45 +0100
commit6e6e241409aa8cf072df3aca7d012186feb81972 (patch)
tree95b56a12107581a3c48f0881d3ebbf723489720f /gnu
parentcf053a4f0664e2bc2d8a7ba894c6e571f82e37d9 (diff)
downloadguix-6e6e241409aa8cf072df3aca7d012186feb81972.tar.gz
gnu: Add nss-certs, certificates extracted from nss.
* gnu/packages/certs.scm (nss-certs): New variable.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/certs.scm53
1 files changed, 53 insertions, 0 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 1d06ab1933..ab46143202 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -20,8 +20,11 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages gnuzilla)
+  #:use-module (gnu packages openssl)
   #:use-module (gnu packages python))
 
 (define certdata2pem
@@ -63,3 +66,53 @@
 .pem formatted certificates.")
    (license license:gpl2+)
    (home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))
+
+(define-public nss-certs
+  (package (inherit nss) ; to reuse the source, version and some metadata
+    (name "nss-certs")
+    (build-system gnu-build-system)
+    (outputs '("out"))
+    (native-inputs
+     `(("certdata2pem" ,certdata2pem)
+       ("openssl" ,openssl)))
+    (inputs '())
+    (propagated-inputs '())
+    (arguments
+     `(#:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-26))
+       #:imported-modules ((guix build gnu-build-system)
+                           (guix build utils))
+       #:phases
+         (alist-cons-after
+           'unpack 'install
+           (lambda _
+             (let ((certsdir (string-append %output "/etc/ssl/certs/")))
+               (mkdir-p certsdir)
+               (with-directory-excursion "nss/lib/ckfw/builtins/"
+                 ;; extract single certificates from blob
+                 (system* "certdata2pem.py" "certdata.txt")
+                 ;; copy the .pem files into the output
+                 (for-each
+                   (lambda (file)
+                     (copy-file file (string-append certsdir file)))
+                   ;; FIXME: Some of the file names are UTF8 (?) and cause an
+                   ;; error message such as 
+                   ;; find-files:
+                   ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem:
+                   ;; No such file or directory
+                   (find-files "." ".*\\.pem")))
+                 (with-directory-excursion certsdir
+                   ;; create symbolic links for and by openssl
+                   ;; Strangely, the call (system* "c_rehash" certsdir)
+                   ;; from inside the build dir fails with
+                   ;; "Usage error; try -help."
+                   ;; This looks like a bug in openssl-1.0.2, but we can also
+                   ;; switch into the target directory.
+                   (system* "c_rehash" "."))))
+           (map (cut assq <> %standard-phases)
+                '(set-paths unpack)))))
+    (synopsis "CA certificates from Mozilla")
+    (description
+      "This package provides certificates for Certification Authorities (CA)
+taken from the NSS package and thus ultimately from the Mozilla project.")))