>> I want to bundle a 'le-certs' package with GNU Guix, and change `guix >> pull` to know to use the le-certs bundle when pulling from >> %snapshot-url. For other URLs, users will have to take care of it >> themselves. > > This sounds like a better approach. Also, I did not see this email > before sending the patch! If you package it up, I can look into > realizing the package in `guix pull` directly.
I gave this a go using "nss-certs", but can't figure out how to set SSL_CERT_DIR (or GUIX_TLS_CERTIFICATE_DIRECTORY) in `guix pull`. The naive approach of setting the variable before calling "download-to-store" does not work because %x509-certificate-directory has already been evaluated. I wonder what's the best approach here. Parameterizing this and propagating it all the way down to (tls-wrap) similar to #:verify-certificate? could work, but seems awkward. Any suggestions?
signature.asc
Description: PGP signature