doc: Add "X.509 Certificates" section under "Application Setup".

Reported by Roel Janssen <roel@gnu.org>.

* doc/guix.texi (Application Setup)[X.509 Certificates]: New section.
(X.509 Certificates): Add an example of certificates in the profile.
This commit is contained in:
Ludovic Courtès 2016-04-20 18:53:28 +02:00
parent f8f83e9d21
commit b3129f2b76
1 changed files with 20 additions and 2 deletions

View File

@ -1159,6 +1159,16 @@ for Chinese languages:
guix package -i font-adobe-source-han-sans:cn guix package -i font-adobe-source-han-sans:cn
@end example @end example
@subsection X.509 Certificates
The @code{nss-certs} package provides X.509 certificates, which allow
programs to authenticate Web servers accessed over HTTPS.
When using Guix on a foreign distro, you can install this package and
define the relevant environment variables so that packages know where to
look for certificates. @pxref{X.509 Certificates}, for detailed
information.
@subsection Emacs Packages @subsection Emacs Packages
When you install Emacs packages with Guix, the elisp files may be placed When you install Emacs packages with Guix, the elisp files may be placed
@ -9359,14 +9369,22 @@ explicitly add it. The @file{/etc/ssl/certs} directory, which is where
most applications and libraries look for certificates by default, points most applications and libraries look for certificates by default, points
to the certificates installed globally. to the certificates installed globally.
Unprivileged users can also install their own certificate package in Unprivileged users, including users of Guix on a foreign distro,
can also install their own certificate package in
their profile. A number of environment variables need to be defined so their profile. A number of environment variables need to be defined so
that applications and libraries know where to find them. Namely, the that applications and libraries know where to find them. Namely, the
OpenSSL library honors the @code{SSL_CERT_DIR} and @code{SSL_CERT_FILE} OpenSSL library honors the @code{SSL_CERT_DIR} and @code{SSL_CERT_FILE}
variables. Some applications add their own environment variables; for variables. Some applications add their own environment variables; for
instance, the Git version control system honors the certificate bundle instance, the Git version control system honors the certificate bundle
pointed to by the @code{GIT_SSL_CAINFO} environment variable. pointed to by the @code{GIT_SSL_CAINFO} environment variable. Thus, you
would typically run something like:
@example
$ guix package -i nss-certs
$ export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
$ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
$ export GIT_SSL_CAINFO="$SSL_CERT_FILE"
@end example
@node Name Service Switch @node Name Service Switch
@subsection Name Service Switch @subsection Name Service Switch