search-paths: Define $SSL_CERT_DIR and $SSL_CERT_FILE.

For the ‘why’, see the docstring next to $SSL_CERT_DIR. In later commits, packages will be changed to use these variables and the variables will be added to more packages. * guix/search-paths.scm ($SSL_CERT_DIR, $SSL_CERT_FILE): New variables. * doc/guix.texi (Search Paths): Document them. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-05-07 08:37:31 +00:00 · 2022-05-07 08:37:31 +00:00 · 89a2eb25c3
parent 2f812bfa38
commit 89a2eb25c3
2 changed files with 46 additions and 1 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -88,7 +88,7 @@ Copyright @copyright{} 2020 Daniel Brooks@*
 Copyright @copyright{} 2020 John Soo@*
 Copyright @copyright{} 2020 Jonathan Brielmaier@*
 Copyright @copyright{} 2020 Edgar Vincent@*
-Copyright @copyright{} 2021 Maxime Devos@*
+Copyright @copyright{} 2021, 2022 Maxime Devos@*
 Copyright @copyright{} 2021 B. Wilson@*
 Copyright @copyright{} 2021 Xinglu Chen@*
 Copyright @copyright{} 2021 Raghav Gururajan@*
@ -10127,6 +10127,25 @@ Again, the libxml2 example shows a situation where this is needed.
@end table
@end deftp

+Some search paths are not tied by a single package but to many packages.
+To reduce duplications, some of them are pre-defined in @code{(guix
+search-paths)}.
+
+@defvr {Scheme Variable} $SSL_CERT_DIR
+@defvrx {Scheme Variable} $SSL_CERT_FILE
+These two search paths indicate where X.509 certificates can be found
+(@pxref{X.509 Certificates}).
+@end defvr
+
+These pre-defined search paths can be used as in the following example:
+
+@lisp
+(package
+  (name "curl")
+  ;; some fields omitted ...
+  (native-search-paths (list $SSL_CERT_DIR $SSL_CERT_FILE)))
+@end lisp
+
 How do you turn search path specifications on one hand and a bunch of
 directories on the other hand in a set of environment variable
 definitions?  That's the job of @code{evaluate-search-paths}.
--- a/guix/search-paths.scm
+++ b/guix/search-paths.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022 Maxime Devos <maximedevos@telenet.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -32,6 +33,8 @@
            search-path-specification-file-pattern

            $PATH
+            $SSL_CERT_DIR
+            $SSL_CERT_FILE

            search-path-specification->sexp
            sexp->search-path-specification
@ -70,6 +73,29 @@
   (variable "PATH")
   (files '("bin" "sbin"))))

+;; Two variables for certificates (see (guix)X.509 Certificates),
+;; respected by 'openssl', possibly GnuTLS in the future
+;; (https://gitlab.com/gnutls/gnutls/-/merge_requests/1541)
+;; and many of their dependents -- even some GnuTLS depepdents
+;; like Guile.  As they are not tied to a single package, define
+;; them here to avoid duplication.
+;;
+;; Additionally, the 'native-search-paths' field is not thunked,
+;; so doing (package-native-search-paths openssl)
+;; could cause import cycle issues.
+(define-public $SSL_CERT_DIR
+  (search-path-specification
+   (variable "SSL_CERT_DIR")
+   (separator #f)              ;single entry
+   (files '("etc/ssl/certs"))))
+
+(define-public $SSL_CERT_FILE
+  (search-path-specification
+   (variable "SSL_CERT_FILE")
+   (file-type 'regular)
+   (separator #f)              ;single entry
+   (files '("etc/ssl/certs/ca-certificates.crt"))))
+
 (define (search-path-specification->sexp spec)
  "Return an sexp representing SPEC, a <search-path-specification>.  The sexp
 corresponds to the arguments expected by `set-path-environment-variable'."