From 7df945656cd448b13969f90a7a95d8a4e9d442f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 6 Sep 2018 13:49:06 +0200 Subject: [PATCH] services: hpcguix-web: Set SSL_CERT_DIR. Previously Git pulls over HTTPS would fail with: guix/git.scm:132:7: In procedure update-cached-checkout: Throw to key `git-error' with args `(#< code: -17 message: "the SSL certificate is invalid" class: 16>)'. * gnu/services/web.scm (hpcguix-web-shepherd-service): Pass "SSL_CERT_DIR=/etc/ssl/certs". * doc/guix.texi (Web Services): Mention certificates. --- doc/guix.texi | 11 +++++++++++ gnu/services/web.scm | 3 ++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 9375aac30c..c328af40cd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16848,6 +16848,17 @@ A typical hpcguix-web service declaration looks like this: (menu '(("/about" "ABOUT")))))))) @end example +@quotation Note +The hpcguix-web service periodically updates the package list it publishes by +pulling channels from Git. To that end, it needs to access X.509 certificates +so that it can authenticate Git servers when communicating over HTTPS, and it +assumes that @file{/etc/ssl/certs} contains those certificates. + +Thus, make sure to add @code{nss-certs} or another certificate package to the +@code{packages} field of your configuration. @ref{X.509 Certificates}, for +more information on X.509 certificates. +@end quotation + @node Certificate Services @subsubsection Certificate Services diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 467656444e..3778efd048 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -967,7 +967,8 @@ a webserver.") #:user "hpcguix-web" #:group "hpcguix-web" #:environment-variables - (list "XDG_CACHE_HOME=/var/cache"))) + (list "XDG_CACHE_HOME=/var/cache" + "SSL_CERT_DIR=/etc/ssl/certs"))) (stop #~(make-kill-destructor)))))) (define hpcguix-web-service-type