[PATCH] gnu: gnutls: Configure location of system-wide trust store

[Mark H Weaver]

This patch is needed to allow gnutls to find the system-wide trust store
(trusted CA certificates).

      Mark


>From 51fdea28198bd284949c98bc423e5fcef6169068 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <address@hidden>
Date: Tue, 18 Feb 2014 21:30:53 -0500
Subject: [PATCH] gnu: gnutls: Configure location of system-wide trust store.

* gnu/packages/gnutls.scm (gnutls): Configure the location of the system-wide
  trust store.
---
 gnu/packages/gnutls.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/gnu/packages/gnutls.scm b/gnu/packages/gnutls.scm
index 915f6f8..dde4416 100644
--- a/gnu/packages/gnutls.scm
+++ b/gnu/packages/gnutls.scm
@@ -87,6 +87,17 @@ specifications.")
      `(("libtasn1" ,libtasn1)
        ("nettle" ,nettle)
        ("which" ,which)))
+    (arguments
+     `(#:configure-flags
+       '(;; GnuTLS doesn't consult any environment variables to specify the
+         ;; location of the system-wide trust store.  Instead it has a
+         ;; configure-time option.  Unless specified, its configure script
+         ;; attempts to auto-detect the location by looking for common places
+         ;; in the filesystem, none of which are present in our chroot build
+         ;; environment.  If not found, then no default trust store is used,
+         ;; so each program has to provide its own fallback, and users have to
+         ;; configure each program independently.  This seems suboptimal.
+         
"--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt")))
     (home-page "http://www.gnu.org/software/gnutls/";)
     (synopsis "Transport layer security library")
     (description
-- 
1.8.4