01/02: services: hpcguix-web: Set SSL_CERT

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: services: hpcguix-web: Set SSL_CERT_DIR.

From:	Ludovic Court�s
Subject:	01/02: services: hpcguix-web: Set SSL_CERT_DIR.
Date:	Thu, 6 Sep 2018 07:53:33 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit 7df945656cd448b13969f90a7a95d8a4e9d442f7
Author: Ludovic Courtès <address@hidden>
Date:   Thu Sep 6 13:49:06 2018 +0200

    services: hpcguix-web: Set SSL_CERT_DIR.
    
    Previously Git pulls over HTTPS would fail with:
    
      guix/git.scm:132:7: In procedure update-cached-checkout:
      Throw to key `git-error' with args `(#<<git-error> code: -17 message: 
"the SSL certificate is invalid" class: 16>)'.
    
    * gnu/services/web.scm (hpcguix-web-shepherd-service): Pass
    "SSL_CERT_DIR=/etc/ssl/certs".
    * doc/guix.texi (Web Services): Mention certificates.
---
 doc/guix.texi        | 11 +++++++++++
 gnu/services/web.scm |  3 ++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 9375aac..c328af4 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16848,6 +16848,17 @@ A typical hpcguix-web service declaration looks like 
this:
                 (menu '(("/about" "ABOUT"))))))))
 @end example
 
address@hidden Note
+The hpcguix-web service periodically updates the package list it publishes by
+pulling channels from Git.  To that end, it needs to access X.509 certificates
+so that it can authenticate Git servers when communicating over HTTPS, and it
+assumes that @file{/etc/ssl/certs} contains those certificates.
+
+Thus, make sure to add @code{nss-certs} or another certificate package to the
address@hidden field of your configuration.  @ref{X.509 Certificates}, for
+more information on X.509 certificates.
address@hidden quotation
+
 @node Certificate Services
 @subsubsection Certificate Services
 
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4676564..3778efd 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -967,7 +967,8 @@ a webserver.")
                  #:user "hpcguix-web"
                  #:group "hpcguix-web"
                  #:environment-variables
-                 (list "XDG_CACHE_HOME=/var/cache")))
+                 (list "XDG_CACHE_HOME=/var/cache"
+                       "SSL_CERT_DIR=/etc/ssl/certs")))
        (stop #~(make-kill-destructor))))))
 
 (define hpcguix-web-service-type

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (3ffcad7 -> fd3a643), Ludovic Court�s, 2018/09/06
- 02/02: doc: Update hpcguix-web configuration documentation., Ludovic Court�s, 2018/09/06
- 01/02: services: hpcguix-web: Set SSL_CERT_DIR., Ludovic Court�s <=

Prev by Date: branch master updated (3ffcad7 -> fd3a643)
Next by Date: branch master updated (fd3a643 -> 21f5f35)
Previous by thread: 02/02: doc: Update hpcguix-web configuration documentation.
Next by thread: branch master updated (fd3a643 -> 21f5f35)
Index(es):
- Date
- Thread