summary refs log tree commit diff
path: root/gnu/packages/certs.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/certs.scm')
-rw-r--r--gnu/packages/certs.scm19
1 files changed, 16 insertions, 3 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index c7242dea92..31ffa54d87 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -155,13 +155,26 @@ taken from the NSS package and thus ultimately from the Mozilla project.")
          (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
                (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem"))
                (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem"))
-               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs")))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs"))
+               (openssl (assoc-ref %build-inputs "openssl"))
+               (perl (assoc-ref %build-inputs "perl")))
            (mkdir-p out)
            (for-each
              (lambda (cert)
                (copy-file cert (string-append out "/"
                                               (strip-store-file-name cert))))
-             (list root intermediate backup))))))
+             (list root intermediate backup))
+
+           ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' and
+           ;; similar.)
+           (chdir (string-append %output "/etc/ssl/certs"))
+           (unless (zero? (system* (string-append perl "/bin/perl")
+                                   (string-append openssl "/bin/c_rehash")
+                                   "."))
+             (error "'c_rehash' failed" openssl))))))
+    (native-inputs
+     `(("openssl" ,openssl)
+       ("perl" ,perl)))                           ;for 'c_rehash'
     (inputs
      `(; The Let's Encrypt root certificate, "ISRG Root X1".
        ("isrgrootx1.pem"