Concerning yours and Mark's suggestions, I think the best solution would be if GnutTLS looked in the user profile for certificates. As it does not, I still think that my suggestion of considering the certificates as an input is more in style: Admittedly, they are only data, but the functioning of GnuTLS depends on them, as much as texlive carries its own data (not in a separate package, as no other package needs to depend on it).
On Wed, Feb 19, 2014 at 10:52:20PM +0100, Ludovic Courtès wrote: > One way to address that would be to have /etc/ssl/... be a Guix-managed > symlink to /nix/store/...-certificates (this is +/- what NixOS does.) > How does that sound? That is certainly a possibility. On Thu, Feb 20, 2014 at 01:01:56PM -0500, Mark H Weaver wrote: > I think you could make this argument for any program or library that > looks for things in /etc. For example, glibc looks in > /etc/nsswitch.conf, /etc/resolv.conf, /etc/hosts, /etc/passwd, > /etc/group, etc. I did not think about these cases, but I think there are limits... Moreover, these files need to be dynamically changed (adapted to the machine etc.), while certificates are just static data. So the analogy does not hold. > However, one of the great things about Guix is that it's possible to > keep a local branch with your own changes. So, if you want to make a > gnutls package with the trust store in a different location > (/home/andreas/.certs or /nix/store/* or whatever), you can do that > quite easily. (I've started doing that myself, since my xterm changes > were blocked.) Well, it is not that I could not live with one or the other decision; I am just taking part in the discussion and voicing my opinion. Andreas
