Ludovic Courtès <l...@gnu.org> writes:
> Hello!
>
> ng0 <n...@libertad.pw> skribis:
>
>> * gnu/packages/ntp.scm (tlsdate)[arguments]: Configure with unprivileged
>> user and group.
>> [arguments]: Build with the system provided certificates in a new phase.
>
> [...]
>
>> + '(#:configure-flags '("--with-unpriv-user=tlsdate"
>> + "--with-unpriv-group=tlsdate")
>
> Why? I think the default is nobody/nogroup, which is fine no?
I'm not sure if this is still fine when tlsdated is run. But I'll
figure out soon.
>> + #:phases (modify-phases %standard-phases
>> + (add-after 'unpack 'set-cert-path
>> + ;; Use the system certificate store, not the
>> + ;; application bundled certificates.
>> + (lambda _
>> + (substitute* "Makefile.am"
>> +
>> (("$(sysconfdir)/tlsdate/ca-roots/tlsdate-ca-roots.conf")
>> + "/etc/ssl/certs/ca-certificates.crt"))))
>
> I sympathize with this but this may or may not work on foreign distros.
> Still, it’s probably better (this ‘tlsdata-ca-roots.conf’ file seems to
> be a 4-year old copy from Mozilla’s NSS).
>
> WDYT?
>
> Thanks,
> Ludo’.
>
I don't really like the current way to setenv everything, but is
this something we could do here to keep other distros happy? if
so, what's a good suggestion how to apply this?
--
♥Ⓐ ng0 | ng0.chaosnet.org
