Ludovic Courtès <l...@gnu.org> writes: > Hi, > > Tomas Volf <~@wolfsden.cz> skribis: > >>> GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. >>> Instead it’s up to applications to set up their certificate search path. >>> >>> See for example the discussion at <https://issues.guix.gnu.org/46779>. >> >> Thank you for the link. However after reading through it, and basing on >> your sentence above, is the guile-gnutls not in a position to be >> considered "application" that should configure the certificate search >> path? > > Well yes, we can do anything we want. My take on this is that bindings > should remain close to the library they’re wrapping, generally speaking, > to avoid bad surprises. > > I think certificate search should either but up to actual applications > (like Guix), as is the case now, or changed in GnuTLS proper. Doing it > in guile-gnutls just because we can easily do so doesn’t sound like a > good idea to me. > > WDYT?
Honestly I am not sure what I think. Since Guile is a Scheme, using it from REPL is fairly common, and wanting to do HTTPS requests is probably (well, at least for me) fairly common as well. And currently I am just not sure how to do that in an intuitive way. The first approach anyone probably tries is: --8<---------------cut here---------------start------------->8--- guix shell -CN guile -- guile --8<---------------cut here---------------end--------------->8--- However we all know that does not work. You need both guile-gnutls and nss-certs to get it working, but you can probably get that far by trial and error: --8<---------------cut here---------------start------------->8--- guix shell -CN guile guile-gnutls nss-certs -- guile --8<---------------cut here---------------end--------------->8--- However this *also* does not work, you need to define the environment variables. My personal solution is to just throw curl into the pile of packages to get them, but that is neither intuitive nor elegant. So while I do understand your point above, I also want to have Guile REPL that is easy to use, including for networking experimentation. Maybe a `guile-full' package that would have wider list of dependencies? I am thinking guile-gnutls, guile-readline, guile-colorized, nss-certs and a command wrapper to set the environment. Opinions? Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
