Re: ‘nss-certs’ missing in the installation image
Pierre Neidhardt skribis: > From 082f569611a889ef0e852263b5ba23373936b422 Mon Sep 17 00:00:00 2001 > From: Pierre Neidhardt > Date: Fri, 8 Feb 2019 15:30:08 +0100 > Subject: [PATCH] install: Add nss-certs to the image. > > * gnu/system/install.scm (installation-os)[packages]: Add nss-certs. LGTM, thanks! Ludo'.
Re: ‘nss-certs’ missing in the installation image
None! :) -- Pierre Neidhardt https://ambrevar.xyz/ signature.asc Description: PGP signature
Re: ‘nss-certs’ missing in the installation image
Pierre Neidhardt skribis: >> I’m not sure it belongs in “System Installation”. After all, it’s >> already under “System Configuration” and in several OS config examples. > > Here the issue is not with system configuration, but with the live install > image. Oh OK. For the install image, maybe it’s OK to add ‘nss-certs’ to the base package set after all, if that helps minimize friction. Objections? Ludo’.
Re: ‘nss-certs’ missing in the installation image
I suggest the following patch: diff --git a/doc/guix.texi b/doc/guix.texi index 972a6a776..3f148e390 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -2071,6 +2071,10 @@ ping -c 3 gnu.org Setting up network access is almost always a requirement because the image does not contain all the software and tools that may be needed. +If you require web access over HTTPS with tools such as @command{wget} or +@command{git}, see @xref{X.509 Certificates} for details on how to set up the +certificates. + @cindex installing over SSH If you want to, you can continue the installation remotely by starting an SSH server: -- Pierre Neidhardt https://ambrevar.xyz/ signature.asc Description: PGP signature
Re: ‘nss-certs’ missing in the installation image
> Any other opinion? I’d personally prefer if nss-certs were already available during installation; but if not, having a link in “System Installation” to instructions on how to safely install and set it up seems like a fair compromise. My 2¢.
Re: ‘nss-certs’ missing in the installation image
Pierre Neidhardt skribis: > Indeed, it's all in the X.509 section. My problem is that it's not mentioned > in > "6.1 System Installation". > > I'll add a link to the X.509 node if no one disagrees. I’m not sure it belongs in “System Installation”. After all, it’s already under “System Configuration” and in several OS config examples. Ludo’.
Re: ‘nss-certs’ missing in the installation image
Indeed, it's all in the X.509 section. My problem is that it's not mentioned in "6.1 System Installation". I'll add a link to the X.509 node if no one disagrees. -- Pierre Neidhardt https://ambrevar.xyz/ signature.asc Description: PGP signature
Re: ‘nss-certs’ missing in the installation image
Hi Pierre, Pierre Neidhardt writes: > What's the procedure to install nss-certs then? > Will a simple `guix package -i nss-certs` do? no, a number of environment variables need to be defined, depending on applications > I think we should document this in the installation manual. it's all documented in "@node X.509 Certificates" ;-) >> Someone following the normal installation procedure shouldn’t need those >> certificates though. WDYT? > > HTTPS access is a fairly common requirement for a lot of people I > think. there's a "@cindex HTTPS, certificates" in that node: do you think we need another one? do we need a guix-faq.texi ala "Emacs FAQ"? (IMHO we need it, I can help maintaining it but sorry I cannot "bootstrap" it since I still lack needed knowledge) WDYT? Ciao, Giovanni -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
‘nss-certs’ missing in the installation image
Hi, Pierre Neidhardt skribis: > Wait, what about this: > >> - I was surprised to see that from the install image, curl, git, etc. would >> fail >> with an SSL error. It's annoying because I really needed to get my >> config.scm >> from an online source. >> >> I only briefly investigated: the environment has >> >> --8<---cut here---start->8--- >> SSL_CERT_DIR=/etc/ssl/certs >> SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt >> --8<---cut here---end--->8--- >> >> but the install image only has a /etc/ssl file. > > Is this broken or intentional? Can you point me at where this is defined? ‘nss-certs’ is intentionally not in %base-packages nor in the installation image. The rationale is that the package contains X.509 certificates bundled together by Mozilla and when we discussed it there was a rough consensus that it should be the user’s decision to trust these. One could object that IceCat comes with its own copy of these certificates anyway… Someone following the normal installation procedure shouldn’t need those certificates though. WDYT? Ludo’.
Re: ‘nss-certs’ missing in the installation image
What's the procedure to install nss-certs then? Will a simple `guix package -i nss-certs` do? I think we should document this in the installation manual. > Someone following the normal installation procedure shouldn’t need those > certificates though. WDYT? HTTPS access is a fairly common requirement for a lot of people I think. -- Pierre Neidhardt https://ambrevar.xyz/ signature.asc Description: PGP signature