diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2021-10-25 20:57:15 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2021-10-25 21:01:17 +0200 |
| commit | b4d29851e412c6f4fea5b2d98160258b9768dee3 (patch) | |
| tree | b592def9c5d5c086f25683b2497cc80972a7cc53 | |
| parent | 811b62d8c8fb865d4fc1db2249e6308228bb300e (diff) | |
| download | guix-b4d29851e412c6f4fea5b2d98160258b9768dee3.tar.gz guix-b4d29851e412c6f4fea5b2d98160258b9768dee3.zip | |
gnu: p11-kit@0.24.0: Use certificates from /etc/ssl/certs.
Fixes <https://issues.guix.gnu.org/49957>.
Flatpak has a soft dependency on p11-kit, which was configured without
knowledge of the system-wide CA certificate store. This caused some
flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.
Reported by Andrew Whatson <whatson@gmail.com>.
* gnu/packages/tls.scm (p11-kit-next)[arguments]: New field.
Co-authored-by: Andrew Whatson <whatson@gmail.com>
Co-authored-by: John Kehayias <john.kehayias@protonmail.com>
| -rw-r--r-- | gnu/packages/tls.scm | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 2534d289e3..700897a49b 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -176,7 +176,13 @@ living in the same process.") (uri (string-append "https://github.com/p11-glue/p11-kit/releases/" "download/" version "/p11-kit-" version ".tar.xz")) (sha256 - (base32 "11f6saclxsclc1f3lbavzw8kikws4cr3mfd1avly8dgnhh2i9rl1")))))) + (base32 "11f6saclxsclc1f3lbavzw8kikws4cr3mfd1avly8dgnhh2i9rl1")))) + (arguments + ;; Use the default certificates so that users such as flatpak find them. + ;; See <https://issues.guix.gnu.org/49957>. + (substitute-keyword-arguments (package-arguments p11-kit) + ((#:configure-flags flags ''()) + ''("--with-trust-paths=/etc/ssl/certs/ca-certificates.crt")))))) (define-public gnutls (package |