tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: wip/gnurl: Request for review writes:
> Just tried that and it keeps producing negative results.
> What we have on other systems is CURL_CA_BUNDLE as a environment variable.
> in practice this works out rather unreliable, at least the way it is
> approached for curl and gnurl in Guix (ensure that every application packaged
> respects this variable and if not, patch the application to do so if it uses
> curl).

The attached patch seems to do the trick. Can you please test it?
If it works feel free to directly commit it!

> Is setting $sslcert a problem? I'm trying to understand the implications,
> I've packaged software for some time this is just my first with pkgsrc.

Maybe something similarly to SSLCERTS for gnutls can be added but
I do not think it is needed because since gnutls-3.5.6nb1 the CA
fallback mechanisms should work.
gnurl: Use --with-ca-fallback to automatically pickup gnutls CA certificates

Avoid to include openssl bl3 for SSLCERTS, pass --without-ca-{bundle,path}
to avoid possible automagically (and difficult to predict) CA
bundle/paths pick ups and just fallback to preferred gnutls ones
(supported since gnutls-3.6.5nb1).

diff --git a/gnurl/Makefile b/gnurl/Makefile
index 51d92d2ec3..92bf23c52e 100644
--- a/gnurl/Makefile
+++ b/gnurl/Makefile
@@ -27,12 +27,13 @@ TEST_TARGET=		check
 CONFIGURE_ARGS+=	--disable-ntml-wb
 CONFIGURE_ARGS+=	--enable-ipv6
-# We need this for gnurl to know the certificate location out of the box
-CONFIGURE_ARGS+=	--with-ca-path=${SSLCERTS}
-# CONFIGURE_ARGS+=	--with-ssl=${BUILDLINK_PREFIX.openssl}
 # Optionally, We want GnuTLS with Dane.
 CONFIGURE_ARGS+=	--with-gnutls
 CONFIGURE_ARGS+=	--with-libidn2
+# Fallback to gnutls preferred CA certificates
+CONFIGURE_ARGS+=	--without-ca-bundle
+CONFIGURE_ARGS+=	--without-ca-path
+CONFIGURE_ARGS+=	--with-ca-fallback
 # Do not pick up GSS, should be fixed in upstream.
 CONFIGURE_ARGS+=	--without-gssapi
@@ -46,7 +47,6 @@ post-install:
 .include "../../devel/libidn2/"
 .include "../../security/gnutls/"
 .include "../../security/gnutls/"
-.include "../../security/openssl/"
 .include "../../devel/gettext-lib/"
 .include "../../devel/zlib/"
 .include "../../mk/"

Home | Main Index | Thread Index | Old Index