summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Enge <andreas@enge.fr>2015-02-10 20:55:53 +0100
committerAndreas Enge <andreas@enge.fr>2015-02-13 11:19:45 +0100
commit6e6e241409aa8cf072df3aca7d012186feb81972 (patch)
tree95b56a12107581a3c48f0881d3ebbf723489720f
parentcf053a4f0664e2bc2d8a7ba894c6e571f82e37d9 (diff)
gnu: Add nss-certs, certificates extracted from nss.
* gnu/packages/certs.scm (nss-certs): New variable.
-rw-r--r--gnu/packages/certs.scm53
1 files changed, 53 insertions, 0 deletions
diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 1d06ab1933..ab46143202 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -20,8 +20,11 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages)
+ #:use-module (gnu packages gnuzilla)
+ #:use-module (gnu packages openssl)
#:use-module (gnu packages python))
(define certdata2pem
@@ -63,3 +66,53 @@
.pem formatted certificates.")
(license license:gpl2+)
(home-page "http://pkgs.fedoraproject.org/cgit/ca-certificates.git/")))
+
+(define-public nss-certs
+ (package (inherit nss) ; to reuse the source, version and some metadata
+ (name "nss-certs")
+ (build-system gnu-build-system)
+ (outputs '("out"))
+ (native-inputs
+ `(("certdata2pem" ,certdata2pem)
+ ("openssl" ,openssl)))
+ (inputs '())
+ (propagated-inputs '())
+ (arguments
+ `(#:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-26))
+ #:imported-modules ((guix build gnu-build-system)
+ (guix build utils))
+ #:phases
+ (alist-cons-after
+ 'unpack 'install
+ (lambda _
+ (let ((certsdir (string-append %output "/etc/ssl/certs/")))
+ (mkdir-p certsdir)
+ (with-directory-excursion "nss/lib/ckfw/builtins/"
+ ;; extract single certificates from blob
+ (system* "certdata2pem.py" "certdata.txt")
+ ;; copy the .pem files into the output
+ (for-each
+ (lambda (file)
+ (copy-file file (string-append certsdir file)))
+ ;; FIXME: Some of the file names are UTF8 (?) and cause an
+ ;; error message such as
+ ;; find-files:
+ ;; ./EBG_Elektronik_Sertifika_Hizmet_Sa??lay??c??s??:2.8.76.175.115.66.28.142.116.2.pem:
+ ;; No such file or directory
+ (find-files "." ".*\\.pem")))
+ (with-directory-excursion certsdir
+ ;; create symbolic links for and by openssl
+ ;; Strangely, the call (system* "c_rehash" certsdir)
+ ;; from inside the build dir fails with
+ ;; "Usage error; try -help."
+ ;; This looks like a bug in openssl-1.0.2, but we can also
+ ;; switch into the target directory.
+ (system* "c_rehash" "."))))
+ (map (cut assq <> %standard-phases)
+ '(set-paths unpack)))))
+ (synopsis "CA certificates from Mozilla")
+ (description
+ "This package provides certificates for Certification Authorities (CA)
+taken from the NSS package and thus ultimately from the Mozilla project.")))