me/guix
Archived
1
0
Fork 0
Code Activity

pull: Try harder to use the host's X.509 certificates.

Browse source 
* guix/scripts/pull.scm (honor-x509-certificates): Use commonly-found
certificate bundles.
This commit is contained in:
Ludovic Courtès 2018-09-25 18:44:38 +02:00
parent f85dbc4f3b
commit 88268a34bc
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
guix/scripts/pull.scm
View file

@ -180,9 +180,25 @@ Download and deploy the latest version of Guix.\n"))
(define (honor-x509-certificates store) (define (honor-x509-certificates store)
"Use the right X.509 certificates for Git checkouts over HTTPS." "Use the right X.509 certificates for Git checkouts over HTTPS."
(let ((file (getenv "SSL_CERT_FILE")) ;; On distros such as CentOS 7, /etc/ssl/certs contains only a couple of
;; files (instead of all the certificates) among which "ca-bundle.crt". On
;; other distros /etc/ssl/certs usually contains the whole set of
;; certificates along with "ca-certificates.crt". Try to choose the right
;; one.
(let ((file (letrec-syntax ((choose
(syntax-rules ()
((_ file rest ...)
(let ((f file))
(if (and f (file-exists? f))
f
(choose rest ...))))
((_)
#f))))
(choose (getenv "SSL_CERT_FILE")
"/etc/ssl/certs/ca-certificates.crt"
"/etc/ssl/certs/ca-bundle.crt")))
(directory (or (getenv "SSL_CERT_DIR") "/etc/ssl/certs"))) (directory (or (getenv "SSL_CERT_DIR") "/etc/ssl/certs")))
(if (or (and file (file-exists? file)) (if (or file
(and=> (stat directory #f) (and=> (stat directory #f)
(lambda (st) (lambda (st)
(> (stat:nlink st) 2)))) (> (stat:nlink st) 2))))