Andreas Enge <[email protected]> skribis: > the cuirass service requires TLS certificates to do continuous integration > of guix (or more generally, git repositories served over https). This works > when nss-certs is installed as a global package in the system. > > Should the service depend on the nss-certs package? Or maybe take as an > optional configuration parameter a certificate package?
I thought that, instead of assuming /etc/ssl/certs exists, the Cuirass service could use (file-append nss-certs "/etc/ssl/certs/ca-certificates.crt"). That would make it self-contained. That’s currently not possible though because this certificate bundle is built as a profile hook. We would first need to export the procedure that creates bundles, possibly by moving it to a new (guix x509-certificates) module. Thoughts? Ludo’.
