From 89a2eb25c3e9809eb58ce48d4f36bf06bad338dc Mon Sep 17 00:00:00 2001
From: Maxime Devos <maximedevos@telenet.be>
Date: Sat, 7 May 2022 08:37:31 +0000
Subject: search-paths: Define $SSL_CERT_DIR and $SSL_CERT_FILE.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For the ‘why’, see the docstring next to $SSL_CERT_DIR.  In later commits,
packages will be changed to use these variables and the variables will be
added to more packages.

* guix/search-paths.scm ($SSL_CERT_DIR, $SSL_CERT_FILE): New variables.
* doc/guix.texi (Search Paths): Document them.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 guix/search-paths.scm | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'guix')

diff --git a/guix/search-paths.scm b/guix/search-paths.scm
index 002e6342bb..6b13a98946 100644
--- a/guix/search-paths.scm
+++ b/guix/search-paths.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022 Maxime Devos <maximedevos@telenet.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,6 +33,8 @@
             search-path-specification-file-pattern
 
             $PATH
+            $SSL_CERT_DIR
+            $SSL_CERT_FILE
 
             search-path-specification->sexp
             sexp->search-path-specification
@@ -70,6 +73,29 @@
    (variable "PATH")
    (files '("bin" "sbin"))))
 
+;; Two variables for certificates (see (guix)X.509 Certificates),
+;; respected by 'openssl', possibly GnuTLS in the future
+;; (https://gitlab.com/gnutls/gnutls/-/merge_requests/1541)
+;; and many of their dependents -- even some GnuTLS depepdents
+;; like Guile.  As they are not tied to a single package, define
+;; them here to avoid duplication.
+;;
+;; Additionally, the 'native-search-paths' field is not thunked,
+;; so doing (package-native-search-paths openssl)
+;; could cause import cycle issues.
+(define-public $SSL_CERT_DIR
+  (search-path-specification
+   (variable "SSL_CERT_DIR")
+   (separator #f)              ;single entry
+   (files '("etc/ssl/certs"))))
+
+(define-public $SSL_CERT_FILE
+  (search-path-specification
+   (variable "SSL_CERT_FILE")
+   (file-type 'regular)
+   (separator #f)              ;single entry
+   (files '("etc/ssl/certs/ca-certificates.crt"))))
+
 (define (search-path-specification->sexp spec)
   "Return an sexp representing SPEC, a <search-path-specification>.  The sexp
 corresponds to the arguments expected by `set-path-environment-variable'."
-- 
cgit v1.2.3