Let's make a basic Singularity file system containing certificates at
the place many programs expect them to be, i.e. /etc/ssl:
$ guix pack -S /etc/ssl=etc/ssl --format=squashfs bash nss-certs
/gnu/store/mxyc56nsrcgcclvm5qsz5c9fkqwdswpw-bash-nss-certs-squashfs-pack.gz.squashfs
There is no error
Hello André,
On Tue, Jan 30 2024, André Batista wrote:
> Hi guix!
>
> It seems that 'make-icecat-extension' is not sufficiently kosher. When
> torbrowser and icecat are both installed to the same user profile,
> noscript gets picked up by icecat too. The same also happens when
> mullvadbrowser
Hi Guix!
> ./etc/teams.scm cc core
- g...@cbaines.net
- d...@jpoiret.xyz
- l...@gnu.org
- othac...@gnu.org
- rek...@elephly.net
- zimon.touto...@gmail.com
- m...@tobias.gr
Long story short, how to resolve package inheritance which would not
break CI ;-) ?
While reviewing and amending patch
Removing guix-devel.
On Tue, Jan 30 2024, Carlo Zancanaro wrote:
> +(define (file-contains? file string)
> + (string-contains (call-with-input-file file
> + get-string-all)
> + string))
> +
> +
I removed guix-devel, not sure we need to spam it.
On Tue, Jan 30 2024, Carlo Zancanaro wrote:
> +(define %default-deploy-hook
> + (program-file
> + "reload-nginx.scm"
> + (with-imported-modules '((gnu services herd))
> + #~(begin
> + (use-modules (gnu services herd))
> +
I sympathize with your approach (I, too, have been supplementing
Certbot with self-signed certs for some time).
What would also be cool is not to have `certbot-service-type` depend on
`nginx-service-type` in the first place. So that one can more easily
use another HTTP server. It can of course
Hi guix!
It seems that 'make-icecat-extension' is not sufficiently kosher. When
torbrowser and icecat are both installed to the same user profile,
noscript gets picked up by icecat too. The same also happens when
mullvadbrowser is installed: ublock extension is picked up by torbrowser.
Hi Josselin,
Alas, the problem persists ~.~
Device A:
~ $ guix time-machine --commit=deeb7d1f53d7ddfa977b3eadd760312bbd0a2509 --
build qtwebengine --derivations --system=aarch64-linux --no-grafts --dry-run
/gnu/store/gnrk76mlrv3ipm2k3lpmy1533mn9dqc3-qtwebengine-6.5.2.drv
Device B:
~ $ guix
Hi Felix,
On Tue, Jan 30 2024, Felix Lechner wrote:
On Tue, Jan 30 2024, Carlo Zancanaro wrote:
certbot can't produce certificates without a functional nginx
Yes, it can. The option is called --standalone. [1]
You are correct, of course. If I had been more precise I would
have said "with
Hi Maxim,
I guess this is not explained that well, but the service-extension
snippet is supposed to go under the (extensions ...) field of a
record. If you want to extend this in your system
config, you want (simple-service ...) instead, with e.g.
--8<---cut
Hi,
jbranso--- via Bug reports for GNU Guix writes:
> message: "error parsing derivation
> `/gnu/store/3nppfdxy9vgg9ls6qi8j8pkzw2khi98h-git-minimal-2.41.0.drv':
> expected string `Derive(['"
> status: 1
> guix pull: error: You found a bug: the program
>
Hi Zacchaeus,
Can you try the same, but this time with the --no-grafts option? That
could be a source of issues.
Best,
--
Josselin Poiret
signature.asc
Description: PGP signature
On Tue, Jan 30 2024, Felix Lechner via Bug reports for GNU Guix wrote:
> Hi Carlo,
>
> On Tue, Jan 30 2024, Carlo Zancanaro wrote:
>
>> certbot can't produce certificates without a functional nginx
>
> Yes, it can. The option is called --standalone. [1]
>
> Maybe another way to bootstrap the
Saku Laesvuori writes:
> Those hashes are not comparable: i9ir..nd (A) is the hash of the built
> store item and 6n9aq..qn (B) is the hash of the derivation that builds
> the store item.
Ah, rookie mistake :|
> But I do think it is weird if the derivation is not present on the
> machine that
Hi,
Jean-Pierre De Jesus Diaz skribis:
> And the from the error file that the test writes:
>
> $ cat /tmp/guix-build-openssl-1.0.2u.drv-0/openssl-1.0.2u/test/cms.err
> Verification failure
> 140737353281920:error:21075075:PKCS7 routines:PKCS7_verify:certificate
> verify
When a channel is specified both implicitly, as the dependency of
another channel, and explicitly, in the user-provided channels file, the
“most specific” one wins—the one that has a non-#f ‘commit’ field.
However, the dependencies of that channel may be read from the wrong
one—the least-specific
I’m closing this because we now have “guix locate”.
--
Ricardo
This was obsoleted by commit 5528123265f9, "gnu: flite: Disable parallel
build."
--
Simon South
si...@simonsouth.net
Hi Carlo,
On Tue, Jan 30 2024, Carlo Zancanaro wrote:
> certbot can't produce certificates without a functional nginx
Yes, it can. The option is called --standalone. [1]
Maybe another way to bootstrap the certificates would be to hold off on
starting Nginx or Apache until all certificates are
* gnu/services/certbot.scm (): Add
start-self-signed? field.
(generate-certificate-gexp): New procedure.
(certbot-activation): Generate self-signed certificates when
start-self-signed? is #t.
* doc/guix.texi (Certificate services): Document start-self-signed?.
Change-Id:
* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure.
(certbot-service-type)[extensions]: Add it to shepherd-root extension.
(certbot-command): Make connection errors return a different exit code.
(certbot-activation): Remove message with certificate renewal instructions.
* gnu/services/certbot.scm (certbot-deploy-hook): New procedure.
(certbot-command): Pass new deploy hook to certbot.
* doc/guix.texi: Replace "letsencrypt/live" with "certs" throughout.
Change-Id: I2ba5e4903d1e293e566b732a84b07d5a134b697d
---
doc/guix.texi| 26
Hi Guix,
This patch series is a few changes to make certbot default to doing
"the right thing" in the common case of wanting certificates for an
nginx web server.
The initial change (in v1 of these patches) was to solve the certbot
bootstrapping problem. Nginx won't start without valid
* gnu/services/certbot.scm (%default-deploy-hook): New variable.
()[deploy-hook]: Use it as default deploy hook.
* doc/guix.texi (Certificate services): Document new default deploy hook.
Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176
---
doc/guix.texi| 6 +-
24 matches
Mail list logo