GNU bug report logs - #48985
[PATCH] gnu: libressl: Remove search paths.

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Brice Waegeneire <brice <at> waegenei.re>
Cc: 48985 <at> debbugs.gnu.org
Subject: [bug#48985] [PATCH] gnu: libressl: Remove search paths.
Date: Wed, 16 Jun 2021 22:57:46 +0200

Brice Waegeneire <brice <at> waegenei.re> skribis:

> Unlike OpenSSL, LibreSSL hardcode it's certificate bundle and doesn't
> allow to specify it through a environment variable.
>
> * gnu/packages/tls.scm (libressl)[configure-flags]: Specify OpenSSL
> configuration directory.
> [native-search-paths]: Remove it.
> * gnu/packages/ntp.scm (openntpd)[configure-flags]: Adjust CAcert
> location.

[...]

> -                            ,(string-append "--with-cacert="
> -                                            (assoc-ref %build-inputs "libressl")
> -                                            "/etc/ssl/cert.pem"))
> +     `(#:configure-flags (list "--with-privsep-user=ntpd"
> +                               "--localstatedir=/var"
> +                               (string-append "--with-cacert="
> +                                              (assoc-ref %build-inputs "libressl")
> +                                              "/share/libressl-"
> +                                              ,(package-version libressl)
> +                                              "/cert.pem"))

So the etc/ssl/cert.pm file name was wrong for a while?

Note: instead of (package-version libressl), we should look at the
libressl input of ‘this-package’, though it’s probably not big deal
here.

Otherwise LGTM, thanks!

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.