diff options
author | Andreas Enge <andreas@enge.fr> | 2015-02-10 20:55:53 +0100 |
---|---|---|
committer | Andreas Enge <andreas@enge.fr> | 2015-02-13 11:19:45 +0100 |
commit | 6e6e241409aa8cf072df3aca7d012186feb81972 (patch) | |
tree | 95b56a12107581a3c48f0881d3ebbf723489720f /gnu | |
parent | cf053a4f0664e2bc2d8a7ba894c6e571f82e37d9 (diff) | |
download | guix-6e6e241409aa8cf072df3aca7d012186feb81972.tar.gz |
gnu: Add nss-certs, certificates extracted from nss.
* gnu/packages/certs.scm (nss-certs): New variable.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/certs.scm | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm index 1d06ab1933..ab46143202 100644 --- a/gnu/packages/certs.scm +++ b/gnu/packages/certs.scm @@ -20,8 +20,11 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (gnu packages) + #:use-module (gnu packages gnuzilla) + #:use-module (gnu packages openssl) #:use-module (gnu packages python)) (define certdata2pem @@ -63,3 +66,53 @@ .pem formatted certificates.") (license license:gpl2+) (home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/"))) + +(define-public nss-certs + (package (inherit nss) ; to reuse the source, version and some metadata + (name "nss-certs") + (build-system gnu-build-system) + (outputs '("out")) + (native-inputs + `(("certdata2pem" ,certdata2pem) + ("openssl" ,openssl))) + (inputs '()) + (propagated-inputs '()) + (arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) + #:imported-modules ((guix build gnu-build-system) + (guix build utils)) + #:phases + (alist-cons-after + 'unpack 'install + (lambda _ + (let ((certsdir (string-append %output "/etc/ssl/certs/"))) + (mkdir-p certsdir) + (with-directory-excursion "nss/lib/ckfw/builtins/" + ;; extract single certificates from blob + (system* "certdata2pem.py" "certdata.txt") + ;; copy the .pem files into the output + (for-each + (lambda (file) + (copy-file file (string-append certsdir file))) + ;; FIXME: Some of the file names are UTF8 (?) and cause an + ;; error message such as + ;; find-files: + ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem: + ;; No such file or directory + (find-files "." ".*\\.pem"))) + (with-directory-excursion certsdir + ;; create symbolic links for and by openssl + ;; Strangely, the call (system* "c_rehash" certsdir) + ;; from inside the build dir fails with + ;; "Usage error; try -help." + ;; This looks like a bug in openssl-1.0.2, but we can also + ;; switch into the target directory. + (system* "c_rehash" ".")))) + (map (cut assq <> %standard-phases) + '(set-paths unpack))))) + (synopsis "CA certificates from Mozilla") + (description + "This package provides certificates for Certification Authorities (CA) +taken from the NSS package and thus ultimately from the Mozilla project."))) |