Re: [PATCH] gnu: curl: Add ca-bundle to config.

[Marius Bakke]

Marius Bakke <address@hidden> writes:

> ng0 <address@hidden> writes:
>
>> * gnu/packages/curl.scm (curl)[arguments]: Add "--with-ca-bundle" configure 
>> flag.
>> [arguments]: Disable failing test number 324.
>> ---
>>  gnu/packages/curl.scm | 13 ++++++++++++-
>>  1 file changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index 7329d870d..3473055b8 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -4,6 +4,7 @@
>>  ;;; Copyright © 2015 Tomáš Čech <address@hidden>
>>  ;;; Copyright © 2015 Ludovic Courtès <address@hidden>
>>  ;;; Copyright © 2016 Leo Famulari <address@hidden>
>> +;;; Copyright © 2017 ng0 <address@hidden>
>>  ;;;
>>  ;;; This file is part of GNU Guix.
>>  ;;;
>> @@ -65,7 +66,8 @@
>>         ("pkg-config" ,pkg-config)
>>         ("python" ,python-2)))
>>     (arguments
>> -    `(#:configure-flags '("--with-gnutls" "--with-gssapi")
>> +    `(#:configure-flags '("--with-gnutls" "--with-gssapi"
>> +                          
>> "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt")
>
> This may not work on all distros, and is "impure" since this path is not
> managed by Guix. If we are doing this, it should be referring to
> (string-append (assoc-ref %build-inputs "nss-certs") "/etc/ssl/...").
> That will likely fix the test as well.

I realized shortly after posting why this wasn't done already. Curl has
1403 dependent packages, which would apply for "nss-certs" as well if
that is added as input. Obviously we want to be able to update TLS
certificates quickly without rebuilding ~1/4 of the tree.

Perhaps it could be added as a separate package, or by e.g. renaming the
current curl package to "curl-minimal".

signature.asc
Description: PGP signature