Hi, Pierre Neidhardt <m...@ambrevar.xyz> skribis:
> Wait, what about this: > >> - I was surprised to see that from the install image, curl, git, etc. would >> fail >> with an SSL error. It's annoying because I really needed to get my >> config.scm >> from an online source. >> >> I only briefly investigated: the environment has >> >> --8<---------------cut here---------------start------------->8--- >> SSL_CERT_DIR=/etc/ssl/certs >> SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt >> --8<---------------cut here---------------end--------------->8--- >> >> but the install image only has a /etc/ssl file. > > Is this broken or intentional? Can you point me at where this is defined? ‘nss-certs’ is intentionally not in %base-packages nor in the installation image. The rationale is that the package contains X.509 certificates bundled together by Mozilla and when we discussed it there was a rough consensus that it should be the user’s decision to trust these. One could object that IceCat comes with its own copy of these certificates anyway… Someone following the normal installation procedure shouldn’t need those certificates though. WDYT? Ludo’.
