From b3129f2b761a371105e6d213519e5c71930cb419 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 20 Apr 2016 18:53:28 +0200 Subject: [PATCH] doc: Add "X.509 Certificates" section under "Application Setup". Reported by Roel Janssen . * doc/guix.texi (Application Setup)[X.509 Certificates]: New section. (X.509 Certificates): Add an example of certificates in the profile. --- doc/guix.texi | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 54dc7061e8..859db2be12 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1159,6 +1159,16 @@ for Chinese languages: guix package -i font-adobe-source-han-sans:cn @end example +@subsection X.509 Certificates + +The @code{nss-certs} package provides X.509 certificates, which allow +programs to authenticate Web servers accessed over HTTPS. + +When using Guix on a foreign distro, you can install this package and +define the relevant environment variables so that packages know where to +look for certificates. @pxref{X.509 Certificates}, for detailed +information. + @subsection Emacs Packages When you install Emacs packages with Guix, the elisp files may be placed @@ -9359,14 +9369,22 @@ explicitly add it. The @file{/etc/ssl/certs} directory, which is where most applications and libraries look for certificates by default, points to the certificates installed globally. -Unprivileged users can also install their own certificate package in +Unprivileged users, including users of Guix on a foreign distro, +can also install their own certificate package in their profile. A number of environment variables need to be defined so that applications and libraries know where to find them. Namely, the OpenSSL library honors the @code{SSL_CERT_DIR} and @code{SSL_CERT_FILE} variables. Some applications add their own environment variables; for instance, the Git version control system honors the certificate bundle -pointed to by the @code{GIT_SSL_CAINFO} environment variable. +pointed to by the @code{GIT_SSL_CAINFO} environment variable. Thus, you +would typically run something like: +@example +$ guix package -i nss-certs +$ export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs" +$ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt" +$ export GIT_SSL_CAINFO="$SSL_CERT_FILE" +@end example @node Name Service Switch @subsection Name Service Switch