Re: [Nix-dev] msmtp and certificates
On 22 July 2013 21:43, Bjørn Forsman wrote: > On 22 July 2013 20:37, Eelco Dolstra wrote: >> Hi, >> >> On 20/07/13 20:57, Bjørn Forsman wrote: >> >>> Would it be an idea to rename ca-bundle.crt to ca-certificates.crt? >>> One less (needless?) distro difference? >> >> I don't think the certificate locations are very standardized across >> distributions. AFAIK /etc/ssl/certs/ca-bundle.crt is what Fedora also >> uses... > > You are correct (just checked Fedora 19). Too bad. Thanks. I've sent a pull request that adds /etc/ssl/certs/ca-certificates.crt symlink to be compatible with Ubuntu: https://github.com/NixOS/nixos/pull/224 ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] msmtp and certificates
On 22 July 2013 20:37, Eelco Dolstra wrote: > Hi, > > On 20/07/13 20:57, Bjørn Forsman wrote: > >> Would it be an idea to rename ca-bundle.crt to ca-certificates.crt? >> One less (needless?) distro difference? > > I don't think the certificate locations are very standardized across > distributions. AFAIK /etc/ssl/certs/ca-bundle.crt is what Fedora also uses... You are correct (just checked Fedora 19). Too bad. Thanks. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] msmtp and certificates
Hi, On 20/07/13 20:57, Bjørn Forsman wrote: > Would it be an idea to rename ca-bundle.crt to ca-certificates.crt? > One less (needless?) distro difference? I don't think the certificate locations are very standardized across distributions. AFAIK /etc/ssl/certs/ca-bundle.crt is what Fedora also uses... -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] msmtp and certificates
On 20 July 2013 20:41, Lluís Batlle i Rossell wrote: > On Sat, Jul 20, 2013 at 07:56:45PM +0200, Bjørn Forsman wrote: >> Hi all, >> >> On Ubuntu I've been using msmtp on the command line to send emails >> with my gmail account (handy for cronjobs). But my msmtp configuration >> file includes a "tls_trust_file" directive that points to >> "/etc/ssl/certs/ca-certificates.crt", and that fails on NixOS. >> >> On Debian/Ubuntu, there is a ca-certificates package (seems to be >> installed by default), but /etc/ssl/certs/ca-certificates.crt is >> actually not owned by any package, I think it is generated by a >> post-install script. > > set | grep certs Thanks! So we have /etc/ssl/certs/ca-bundle.crt in NixOS. Now my msmtp works. I cannot believe I didn't look inside /etc/ssl/certs/ before posting :-) Would it be an idea to rename ca-bundle.crt to ca-certificates.crt? One less (needless?) distro difference? Best regards, Bjørn Forsman ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] msmtp and certificates
On Sat, Jul 20, 2013 at 07:56:45PM +0200, Bjørn Forsman wrote: > Hi all, > > On Ubuntu I've been using msmtp on the command line to send emails > with my gmail account (handy for cronjobs). But my msmtp configuration > file includes a "tls_trust_file" directive that points to > "/etc/ssl/certs/ca-certificates.crt", and that fails on NixOS. > > On Debian/Ubuntu, there is a ca-certificates package (seems to be > installed by default), but /etc/ssl/certs/ca-certificates.crt is > actually not owned by any package, I think it is generated by a > post-install script. set | grep certs ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] msmtp and certificates
Hi all, On Ubuntu I've been using msmtp on the command line to send emails with my gmail account (handy for cronjobs). But my msmtp configuration file includes a "tls_trust_file" directive that points to "/etc/ssl/certs/ca-certificates.crt", and that fails on NixOS. On Debian/Ubuntu, there is a ca-certificates package (seems to be installed by default), but /etc/ssl/certs/ca-certificates.crt is actually not owned by any package, I think it is generated by a post-install script. My attempts at locating this file on NixOS: $ sudo find / -iname "*certificate*crt*" /nix/store/q8v3qjqhik3r386lh7ywm11wrwlp38g4-python-tornado-2.4/lib/python2.7/site-packages/tornado-2.4-py2.7.egg/tornado/ca-certificates.crt (That is actually a copy of /etc/ssl/certs/ca-certificates.crt from Ubuntu.) And then: $ nix-env -qaP \* | grep -i certificate nixos.pkgs.haskellPackages.certificate haskell-certificate-ghc7.6.3-1.3.8 nixos.pkgs.haskellPackages_ghc763_no_profiling.certificate haskell-certificate-ghc7.6.3-1.3.8 nixos.pkgs.haskellPackages_ghc763_profiling.certificate haskell-certificate-ghc7.6.3-1.3.8-profiling So I guess we don't have such a package for NixOS yet? Does anyone know how these certificates work and whether we can make a similar ca-certificates package for nixpkgs/NixOS? Here is my ~/.msmtprc config file for gmail: account default host smtp.gmail.com port 587 from bjorn.fors...@gmail.com tls on tls_starttls on # tls_trust_file for Ubuntu (other distros may use different path) tls_trust_file /etc/ssl/certs/ca-certificates.crt auth on user bjorn.forsman password logfile ~/.msmtp.log Best regards, Bjørn Forsman ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
