GNU bug report logs - #63877
[PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment.

Reported by: Timo Wilken <guix <at> twilken.net>

Date: Sat, 3 Jun 2023 18:26:02 UTC

Severity: normal

Tags: moreinfo, patch

Message #8 received at 63877 <at> debbugs.gnu.org (full text, mbox):

From: Bruno Victal <mirai <at> makinata.eu>
To: Timo Wilken <guix <at> twilken.net>
Cc: 63877 <at> debbugs.gnu.org
Subject: Re: [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in
 php-fpm environment.
Date: Sat, 3 Jun 2023 23:18:51 +0100

Hi Timo,

On 2023-06-03 19:25, Timo Wilken wrote:
> Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For
> this, they need to know where the system CA certificates are.
> 
> * gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR
>   environment variable.
> ---
> 
> This solution adds a dependency from the resulting Shepherd service to the
> nss-certs package, which weighs 0.3 MiB. An alternative solution might be to
> set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed
> system-wide.

How about exposing this as a new environment-variable record field à
la mpd-configuration (gnu services audio)?
Forcing the service to use a specific package seems overly rigid since
it would make it impossible to specify alternate/custom certificates or
nss-certs package variants.

-- 
Furthermore, I consider that nonfree software must be eradicated.

Cheers,
Bruno.

This bug report was last modified 1 year and 119 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #63877 [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment.

GNU bug report logs - #63877
[PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment.