system: Remove nss-certs from OS templates, adjust doc.
This is a follow-up to commit 86afaadb51 ("system: Add 'nss-certs' to %base-packages-networking.") * doc/guix-cookbook.texi (Running Guix on a Linode Server): Remove nss-certs from operating system's packages field. (Running Guix on a Kimsufi Server): Likewise. * doc/guix.texi (Using the Configuration System): Likewise. (X.509 Certificates): Adjust to mention nss-certs *is* part of %base-packages. * gnu/installer/services.scm (%system-services): Remove recommendation to install nss-certs. * gnu/system/examples/bare-bones.tmpl (host-name): Remove obsolete comments. * gnu/system/examples/desktop.tmpl (packages): Remove nss-certs. * gnu/system/examples/lightweight-desktop.tmpl (packages): Likewise. * gnu/system/examples/plasma.tmpl (packages): Likewise. * gnu/system/examples/raspberry-pi-64-nfs-root.tmpl (packages): Likewise. * gnu/system/examples/raspberry-pi-64.tmpl (packages): Likewise. * gnu/system/examples/vm-image.tmpl (packages): Likewise. * gnu/system/images/orangepi-r1-plus-lts-rk3328.scm (packages): Likewise. * gnu/system/images/pine64.scm (packages): Likewise. * gnu/system/install.scm (installation-os) [packages]: Likewise. Change-Id: If09123a69b987178bcb0aab61c4570c14fc1286fmaster
parent
a69e5e5e47
commit
65e8472a4b
|
@ -2548,7 +2548,6 @@ is below. Save the resulting file as @file{guix-config.scm}.
|
||||||
(use-service-modules networking
|
(use-service-modules networking
|
||||||
ssh)
|
ssh)
|
||||||
(use-package-modules admin
|
(use-package-modules admin
|
||||||
certs
|
|
||||||
package-management
|
package-management
|
||||||
ssh
|
ssh
|
||||||
tls)
|
tls)
|
||||||
|
@ -2586,8 +2585,7 @@ is below. Save the resulting file as @file{guix-config.scm}.
|
||||||
(home-directory "/home/janedoe"))
|
(home-directory "/home/janedoe"))
|
||||||
%base-user-accounts))
|
%base-user-accounts))
|
||||||
|
|
||||||
(packages (cons* nss-certs ;for HTTPS access
|
(packages (cons* openssh-sans-x
|
||||||
openssh-sans-x
|
|
||||||
%base-packages))
|
%base-packages))
|
||||||
|
|
||||||
(services (cons*
|
(services (cons*
|
||||||
|
@ -2796,7 +2794,7 @@ here is a sample:
|
||||||
@lisp
|
@lisp
|
||||||
(use-modules (gnu) (guix))
|
(use-modules (gnu) (guix))
|
||||||
(use-service-modules networking ssh vpn virtualization sysctl admin mcron)
|
(use-service-modules networking ssh vpn virtualization sysctl admin mcron)
|
||||||
(use-package-modules ssh certs tls tmux vpn virtualization)
|
(use-package-modules ssh tls tmux vpn virtualization)
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
(host-name "kimsufi")
|
(host-name "kimsufi")
|
||||||
|
@ -2848,7 +2846,7 @@ root ALL=(ALL) ALL
|
||||||
guix ALL=(ALL) NOPASSWD:ALL\n"))
|
guix ALL=(ALL) NOPASSWD:ALL\n"))
|
||||||
|
|
||||||
;; Globally-installed packages.
|
;; Globally-installed packages.
|
||||||
(packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages))
|
(packages (cons* tmux gnutls wireguard-tools %base-packages))
|
||||||
(services
|
(services
|
||||||
(cons*
|
(cons*
|
||||||
(service static-networking-service-type
|
(service static-networking-service-type
|
||||||
|
|
|
@ -17152,7 +17152,7 @@ the @code{(gnu packages)} module. For example:
|
||||||
(operating-system
|
(operating-system
|
||||||
;; ...
|
;; ...
|
||||||
(packages (append (map specification->package+output
|
(packages (append (map specification->package+output
|
||||||
'("nss-certs" "git" "git:send-email"))
|
'("git" "git:send-email"))
|
||||||
%base-packages)))
|
%base-packages)))
|
||||||
|
|
||||||
@end lisp
|
@end lisp
|
||||||
|
@ -41006,7 +41006,7 @@ Reference}). Guix includes one such package, @code{nss-certs}, which
|
||||||
is a set of CA certificates provided as part of Mozilla's Network
|
is a set of CA certificates provided as part of Mozilla's Network
|
||||||
Security Services.
|
Security Services.
|
||||||
|
|
||||||
Note that it is @emph{not} part of @code{%base-packages}, so you need to
|
This package is part of @code{%base-packages}, so there is no need to
|
||||||
explicitly add it. The @file{/etc/ssl/certs} directory, which is where
|
explicitly add it. The @file{/etc/ssl/certs} directory, which is where
|
||||||
most applications and libraries look for certificates by default, points
|
most applications and libraries look for certificates by default, points
|
||||||
to the certificates installed globally.
|
to the certificates installed globally.
|
||||||
|
|
|
@ -110,11 +110,6 @@
|
||||||
(name (G_ "Tor anonymous network router"))
|
(name (G_ "Tor anonymous network router"))
|
||||||
(type 'networking)
|
(type 'networking)
|
||||||
(snippet '((service tor-service-type))))
|
(snippet '((service tor-service-type))))
|
||||||
(system-service
|
|
||||||
(name (G_ "Mozilla NSS certificates, for HTTPS access"))
|
|
||||||
(type 'networking)
|
|
||||||
(packages '((specification->package "nss-certs")))
|
|
||||||
(recommended? #t))
|
|
||||||
|
|
||||||
;; Miscellaneous system administration services.
|
;; Miscellaneous system administration services.
|
||||||
(system-service
|
(system-service
|
||||||
|
|
|
@ -4,9 +4,6 @@
|
||||||
|
|
||||||
(use-modules (gnu))
|
(use-modules (gnu))
|
||||||
(use-service-modules networking ssh)
|
(use-service-modules networking ssh)
|
||||||
;; If you want to use HTTPS, you most likely want to include
|
|
||||||
;; "certs" in the line below. Also read the comment about
|
|
||||||
;; "nss-certs" later in this file.
|
|
||||||
(use-package-modules screen ssh)
|
(use-package-modules screen ssh)
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
|
@ -46,8 +43,6 @@
|
||||||
%base-user-accounts))
|
%base-user-accounts))
|
||||||
|
|
||||||
;; Globally-installed packages.
|
;; Globally-installed packages.
|
||||||
;; Add "nss-certs" for Mozilla's approved CA certs. You would
|
|
||||||
;; have to have included "certs" in use-package-modules above.
|
|
||||||
(packages (cons screen %base-packages))
|
(packages (cons screen %base-packages))
|
||||||
|
|
||||||
;; Add services to the baseline: a DHCP client and an SSH
|
;; Add services to the baseline: a DHCP client and an SSH
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
(use-modules (gnu) (gnu system nss) (guix utils))
|
(use-modules (gnu) (gnu system nss) (guix utils))
|
||||||
(use-service-modules desktop sddm xorg)
|
(use-service-modules desktop sddm xorg)
|
||||||
(use-package-modules certs gnome)
|
(use-package-modules gnome)
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
(host-name "antelope")
|
(host-name "antelope")
|
||||||
|
@ -65,8 +65,6 @@
|
||||||
|
|
||||||
;; This is where we specify system-wide packages.
|
;; This is where we specify system-wide packages.
|
||||||
(packages (append (list
|
(packages (append (list
|
||||||
;; for HTTPS access
|
|
||||||
nss-certs
|
|
||||||
;; for user mounts
|
;; for user mounts
|
||||||
gvfs)
|
gvfs)
|
||||||
%base-packages))
|
%base-packages))
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
(use-modules (gnu) (gnu system nss))
|
(use-modules (gnu) (gnu system nss))
|
||||||
(use-service-modules desktop)
|
(use-service-modules desktop)
|
||||||
(use-package-modules bootloaders certs emacs emacs-xyz ratpoison suckless wm
|
(use-package-modules bootloaders emacs emacs-xyz ratpoison suckless wm
|
||||||
xorg)
|
xorg)
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
|
@ -47,9 +47,7 @@
|
||||||
ratpoison i3-wm i3status dmenu
|
ratpoison i3-wm i3status dmenu
|
||||||
emacs emacs-exwm emacs-desktop-environment
|
emacs emacs-exwm emacs-desktop-environment
|
||||||
;; terminal emulator
|
;; terminal emulator
|
||||||
xterm
|
xterm)
|
||||||
;; for HTTPS access
|
|
||||||
nss-certs)
|
|
||||||
%base-packages))
|
%base-packages))
|
||||||
|
|
||||||
;; Use the "desktop" services, which include the X11
|
;; Use the "desktop" services, which include the X11
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
|
|
||||||
(use-modules (gnu) (gnu system nss) (srfi srfi-1))
|
(use-modules (gnu) (gnu system nss) (srfi srfi-1))
|
||||||
(use-service-modules desktop sddm xorg ssh)
|
(use-service-modules desktop sddm xorg ssh)
|
||||||
(use-package-modules certs gnome ssh admin fonts)
|
(use-package-modules gnome ssh admin fonts)
|
||||||
(use-package-modules qt xorg tmux linux)
|
(use-package-modules qt xorg tmux linux)
|
||||||
|
|
||||||
(operating-system
|
(operating-system
|
||||||
|
@ -32,8 +32,7 @@
|
||||||
%base-user-accounts))
|
%base-user-accounts))
|
||||||
|
|
||||||
;; This is where we specify system-wide packages.
|
;; This is where we specify system-wide packages.
|
||||||
(packages (cons* nss-certs ;for HTTPS access
|
(packages (cons* neofetch
|
||||||
neofetch
|
|
||||||
htop
|
htop
|
||||||
tmux
|
tmux
|
||||||
xprop
|
xprop
|
||||||
|
|
|
@ -17,8 +17,7 @@
|
||||||
avahi
|
avahi
|
||||||
networking
|
networking
|
||||||
ssh)
|
ssh)
|
||||||
(use-package-modules certs
|
(use-package-modules linux
|
||||||
linux
|
|
||||||
raspberry-pi
|
raspberry-pi
|
||||||
ssh)
|
ssh)
|
||||||
|
|
||||||
|
@ -56,8 +55,7 @@
|
||||||
(supplementary-groups '("wheel" "netdev" "audio" "video"))
|
(supplementary-groups '("wheel" "netdev" "audio" "video"))
|
||||||
(home-directory "/home/pi"))
|
(home-directory "/home/pi"))
|
||||||
%base-user-accounts))
|
%base-user-accounts))
|
||||||
(packages (cons* nss-certs
|
(packages (cons* openssh
|
||||||
openssh
|
|
||||||
%base-packages))
|
%base-packages))
|
||||||
(services (cons* (service avahi-service-type)
|
(services (cons* (service avahi-service-type)
|
||||||
(service dhcp-client-service-type)
|
(service dhcp-client-service-type)
|
||||||
|
|
|
@ -16,8 +16,7 @@
|
||||||
avahi
|
avahi
|
||||||
networking
|
networking
|
||||||
ssh)
|
ssh)
|
||||||
(use-package-modules certs
|
(use-package-modules linux
|
||||||
linux
|
|
||||||
raspberry-pi
|
raspberry-pi
|
||||||
ssh)
|
ssh)
|
||||||
|
|
||||||
|
@ -60,8 +59,7 @@
|
||||||
(supplementary-groups '("wheel" "netdev" "audio" "video"))
|
(supplementary-groups '("wheel" "netdev" "audio" "video"))
|
||||||
(home-directory "/home/pi"))
|
(home-directory "/home/pi"))
|
||||||
%base-user-accounts))
|
%base-user-accounts))
|
||||||
(packages (cons* nss-certs
|
(packages (cons* openssh
|
||||||
openssh
|
|
||||||
%base-packages))
|
%base-packages))
|
||||||
(services (cons* (service avahi-service-type)
|
(services (cons* (service avahi-service-type)
|
||||||
(service dhcp-client-service-type)
|
(service dhcp-client-service-type)
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
(use-modules (gnu) (guix) (srfi srfi-1))
|
(use-modules (gnu) (guix) (srfi srfi-1))
|
||||||
(use-service-modules desktop mcron networking spice ssh xorg sddm)
|
(use-service-modules desktop mcron networking spice ssh xorg sddm)
|
||||||
(use-package-modules bootloaders certs fonts
|
(use-package-modules bootloaders fonts
|
||||||
package-management xdisorg xorg)
|
package-management xdisorg xorg)
|
||||||
|
|
||||||
(define vm-image-motd (plain-file "motd" "
|
(define vm-image-motd (plain-file "motd" "
|
||||||
|
@ -66,7 +66,7 @@ root ALL=(ALL) ALL
|
||||||
%wheel ALL=NOPASSWD: ALL\n"))
|
%wheel ALL=NOPASSWD: ALL\n"))
|
||||||
|
|
||||||
(packages
|
(packages
|
||||||
(append (list font-bitstream-vera nss-certs
|
(append (list font-bitstream-vera
|
||||||
;; Auto-started script providing SPICE dynamic resizing for
|
;; Auto-started script providing SPICE dynamic resizing for
|
||||||
;; Xfce (see:
|
;; Xfce (see:
|
||||||
;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142).
|
;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142).
|
||||||
|
|
|
@ -21,7 +21,6 @@
|
||||||
#:use-module (gnu bootloader u-boot)
|
#:use-module (gnu bootloader u-boot)
|
||||||
#:use-module (gnu image)
|
#:use-module (gnu image)
|
||||||
#:use-module (gnu packages linux)
|
#:use-module (gnu packages linux)
|
||||||
#:use-module (gnu packages certs)
|
|
||||||
#:use-module (guix platforms arm)
|
#:use-module (guix platforms arm)
|
||||||
#:use-module (gnu services)
|
#:use-module (gnu services)
|
||||||
#:use-module (gnu services base)
|
#:use-module (gnu services base)
|
||||||
|
@ -55,8 +54,7 @@
|
||||||
(term "vt100")
|
(term "vt100")
|
||||||
(tty "ttyS2")))
|
(tty "ttyS2")))
|
||||||
(service dhcp-client-service-type)
|
(service dhcp-client-service-type)
|
||||||
(service ntp-service-type) %base-services))
|
(service ntp-service-type) %base-services))))
|
||||||
(packages (cons nss-certs %base-packages))))
|
|
||||||
|
|
||||||
(define orangepi-r1-plus-lts-rk3328-image-type
|
(define orangepi-r1-plus-lts-rk3328-image-type
|
||||||
(image-type (name 'orangepi-r1-plus-lts-rk3328-raw)
|
(image-type (name 'orangepi-r1-plus-lts-rk3328-raw)
|
||||||
|
|
|
@ -59,8 +59,7 @@
|
||||||
(tty "ttyS0")))
|
(tty "ttyS0")))
|
||||||
(service dhcp-client-service-type)
|
(service dhcp-client-service-type)
|
||||||
(service ntp-service-type)
|
(service ntp-service-type)
|
||||||
%base-services))
|
%base-services))))
|
||||||
(packages (cons nss-certs %base-packages))))
|
|
||||||
|
|
||||||
(define pine64-image-type
|
(define pine64-image-type
|
||||||
(image-type
|
(image-type
|
||||||
|
|
|
@ -548,11 +548,10 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m
|
||||||
(base-pam-services #:allow-empty-passwords? #t))
|
(base-pam-services #:allow-empty-passwords? #t))
|
||||||
|
|
||||||
(packages (append
|
(packages (append
|
||||||
(list glibc ; for 'tzselect' & co.
|
(list glibc ; for 'tzselect' & co.
|
||||||
fontconfig
|
fontconfig
|
||||||
font-dejavu font-gnu-unifont
|
font-dejavu font-gnu-unifont
|
||||||
grub ; mostly so xrefs to its manual work
|
grub) ; mostly so xrefs to its manual work
|
||||||
nss-certs) ; To access HTTPS, use git, etc.
|
|
||||||
%installer-disk-utilities
|
%installer-disk-utilities
|
||||||
%base-packages))))
|
%base-packages))))
|
||||||
|
|
||||||
|
|
Reference in New Issue