From e979e6dd523acaa2a089f1b8f44e34c1e5b7d32d Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 2 Mar 2015 22:25:53 +0100 Subject: system: Add 'x509-certificates' field, and populate /etc/ssl/certs. * gnu/system.scm ()[x509-certificates]: New field. (etc-directory): Add #:x509-certificates parameter and honor it. (operating-system-etc-directory): Pass #:x509-certificates in 'etc-directory' call. * doc/guix.texi (operating-system Reference): Document 'x509-certificates'. --- doc/guix.texi | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index bd8091ae51..4be545ea79 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3882,6 +3882,19 @@ Configuration of libc's name service switch (NSS)---a @code{} object. @xref{Name Service Switch}, for details. +@item @code{x509-certificates} (default: @var{nss-certs}) +This field's value must be a package containing X.509 certificates for +so-called ``Certification Authorities'' (CAs) that is made available in +the @file{/etc/ssl/certs} directory. Currently this directory is +accessed by applications using either the GnuTLS library or the OpenSSL +library. + +By default, certificates from +@uref{https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS, +Mozilla's Network Security Services} are used. These are the +certificates shipped by Mozilla browsers and derivatives such as +GNU@tie{}IceCat. + @item @code{services} (default: @var{%base-services}) A list of monadic values denoting system services. @xref{Services}. -- cgit 1.4.1