services: hpcguix-web: Set SSL_CERT_DIR.
Previously Git pulls over HTTPS would fail with: guix/git.scm:132:7: In procedure update-cached-checkout: Throw to key `git-error' with args `(#<<git-error> code: -17 message: "the SSL certificate is invalid" class: 16>)'. * gnu/services/web.scm (hpcguix-web-shepherd-service): Pass "SSL_CERT_DIR=/etc/ssl/certs". * doc/guix.texi (Web Services): Mention certificates.master
parent
3ffcad7df3
commit
7df945656c
|
@ -16848,6 +16848,17 @@ A typical hpcguix-web service declaration looks like this:
|
|||
(menu '(("/about" "ABOUT"))))))))
|
||||
@end example
|
||||
|
||||
@quotation Note
|
||||
The hpcguix-web service periodically updates the package list it publishes by
|
||||
pulling channels from Git. To that end, it needs to access X.509 certificates
|
||||
so that it can authenticate Git servers when communicating over HTTPS, and it
|
||||
assumes that @file{/etc/ssl/certs} contains those certificates.
|
||||
|
||||
Thus, make sure to add @code{nss-certs} or another certificate package to the
|
||||
@code{packages} field of your configuration. @ref{X.509 Certificates}, for
|
||||
more information on X.509 certificates.
|
||||
@end quotation
|
||||
|
||||
@node Certificate Services
|
||||
@subsubsection Certificate Services
|
||||
|
||||
|
|
|
@ -967,7 +967,8 @@ a webserver.")
|
|||
#:user "hpcguix-web"
|
||||
#:group "hpcguix-web"
|
||||
#:environment-variables
|
||||
(list "XDG_CACHE_HOME=/var/cache")))
|
||||
(list "XDG_CACHE_HOME=/var/cache"
|
||||
"SSL_CERT_DIR=/etc/ssl/certs")))
|
||||
(stop #~(make-kill-destructor))))))
|
||||
|
||||
(define hpcguix-web-service-type
|
||||
|
|
Reference in New Issue