From 65e8472a4b6fc6f66871ba0dad518b7d4c63595e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 18 Apr 2024 09:33:19 -0400 Subject: system: Remove nss-certs from OS templates, adjust doc. This is a follow-up to commit 86afaadb51 ("system: Add 'nss-certs' to %base-packages-networking.") * doc/guix-cookbook.texi (Running Guix on a Linode Server): Remove nss-certs from operating system's packages field. (Running Guix on a Kimsufi Server): Likewise. * doc/guix.texi (Using the Configuration System): Likewise. (X.509 Certificates): Adjust to mention nss-certs *is* part of %base-packages. * gnu/installer/services.scm (%system-services): Remove recommendation to install nss-certs. * gnu/system/examples/bare-bones.tmpl (host-name): Remove obsolete comments. * gnu/system/examples/desktop.tmpl (packages): Remove nss-certs. * gnu/system/examples/lightweight-desktop.tmpl (packages): Likewise. * gnu/system/examples/plasma.tmpl (packages): Likewise. * gnu/system/examples/raspberry-pi-64-nfs-root.tmpl (packages): Likewise. * gnu/system/examples/raspberry-pi-64.tmpl (packages): Likewise. * gnu/system/examples/vm-image.tmpl (packages): Likewise. * gnu/system/images/orangepi-r1-plus-lts-rk3328.scm (packages): Likewise. * gnu/system/images/pine64.scm (packages): Likewise. * gnu/system/install.scm (installation-os) [packages]: Likewise. Change-Id: If09123a69b987178bcb0aab61c4570c14fc1286f --- doc/guix-cookbook.texi | 8 +++----- doc/guix.texi | 4 ++-- gnu/installer/services.scm | 5 ----- gnu/system/examples/bare-bones.tmpl | 5 ----- gnu/system/examples/desktop.tmpl | 4 +--- gnu/system/examples/lightweight-desktop.tmpl | 6 ++---- gnu/system/examples/plasma.tmpl | 5 ++--- gnu/system/examples/raspberry-pi-64-nfs-root.tmpl | 6 ++---- gnu/system/examples/raspberry-pi-64.tmpl | 6 ++---- gnu/system/examples/vm-image.tmpl | 4 ++-- gnu/system/images/orangepi-r1-plus-lts-rk3328.scm | 4 +--- gnu/system/images/pine64.scm | 3 +-- gnu/system/install.scm | 5 ++--- 13 files changed, 20 insertions(+), 45 deletions(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 62efc73fc3..3bc63cba7a 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -2548,7 +2548,6 @@ is below. Save the resulting file as @file{guix-config.scm}. (use-service-modules networking ssh) (use-package-modules admin - certs package-management ssh tls) @@ -2586,8 +2585,7 @@ is below. Save the resulting file as @file{guix-config.scm}. (home-directory "/home/janedoe")) %base-user-accounts)) - (packages (cons* nss-certs ;for HTTPS access - openssh-sans-x + (packages (cons* openssh-sans-x %base-packages)) (services (cons* @@ -2796,7 +2794,7 @@ here is a sample: @lisp (use-modules (gnu) (guix)) (use-service-modules networking ssh vpn virtualization sysctl admin mcron) -(use-package-modules ssh certs tls tmux vpn virtualization) +(use-package-modules ssh tls tmux vpn virtualization) (operating-system (host-name "kimsufi") @@ -2848,7 +2846,7 @@ root ALL=(ALL) ALL guix ALL=(ALL) NOPASSWD:ALL\n")) ;; Globally-installed packages. - (packages (cons* tmux nss-certs gnutls wireguard-tools %base-packages)) + (packages (cons* tmux gnutls wireguard-tools %base-packages)) (services (cons* (service static-networking-service-type diff --git a/doc/guix.texi b/doc/guix.texi index f4f21c4744..22caa984ad 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17152,7 +17152,7 @@ the @code{(gnu packages)} module. For example: (operating-system ;; ... (packages (append (map specification->package+output - '("nss-certs" "git" "git:send-email")) + '("git" "git:send-email")) %base-packages))) @end lisp @@ -41006,7 +41006,7 @@ Reference}). Guix includes one such package, @code{nss-certs}, which is a set of CA certificates provided as part of Mozilla's Network Security Services. -Note that it is @emph{not} part of @code{%base-packages}, so you need to +This package is part of @code{%base-packages}, so there is no need to explicitly add it. The @file{/etc/ssl/certs} directory, which is where most applications and libraries look for certificates by default, points to the certificates installed globally. diff --git a/gnu/installer/services.scm b/gnu/installer/services.scm index 4dfed78785..1cb9dc579c 100644 --- a/gnu/installer/services.scm +++ b/gnu/installer/services.scm @@ -110,11 +110,6 @@ (define %system-services (name (G_ "Tor anonymous network router")) (type 'networking) (snippet '((service tor-service-type)))) - (system-service - (name (G_ "Mozilla NSS certificates, for HTTPS access")) - (type 'networking) - (packages '((specification->package "nss-certs"))) - (recommended? #t)) ;; Miscellaneous system administration services. (system-service diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl index dc6aff5273..7b6a4b09b0 100644 --- a/gnu/system/examples/bare-bones.tmpl +++ b/gnu/system/examples/bare-bones.tmpl @@ -4,9 +4,6 @@ (use-modules (gnu)) (use-service-modules networking ssh) -;; If you want to use HTTPS, you most likely want to include -;; "certs" in the line below. Also read the comment about -;; "nss-certs" later in this file. (use-package-modules screen ssh) (operating-system @@ -46,8 +43,6 @@ %base-user-accounts)) ;; Globally-installed packages. - ;; Add "nss-certs" for Mozilla's approved CA certs. You would - ;; have to have included "certs" in use-package-modules above. (packages (cons screen %base-packages)) ;; Add services to the baseline: a DHCP client and an SSH diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl index 10d0e54fa7..2d65f22294 100644 --- a/gnu/system/examples/desktop.tmpl +++ b/gnu/system/examples/desktop.tmpl @@ -5,7 +5,7 @@ (use-modules (gnu) (gnu system nss) (guix utils)) (use-service-modules desktop sddm xorg) -(use-package-modules certs gnome) +(use-package-modules gnome) (operating-system (host-name "antelope") @@ -65,8 +65,6 @@ ;; This is where we specify system-wide packages. (packages (append (list - ;; for HTTPS access - nss-certs ;; for user mounts gvfs) %base-packages)) diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl index 4cb3c38311..c061284ba8 100644 --- a/gnu/system/examples/lightweight-desktop.tmpl +++ b/gnu/system/examples/lightweight-desktop.tmpl @@ -5,7 +5,7 @@ (use-modules (gnu) (gnu system nss)) (use-service-modules desktop) -(use-package-modules bootloaders certs emacs emacs-xyz ratpoison suckless wm +(use-package-modules bootloaders emacs emacs-xyz ratpoison suckless wm xorg) (operating-system @@ -47,9 +47,7 @@ ratpoison i3-wm i3status dmenu emacs emacs-exwm emacs-desktop-environment ;; terminal emulator - xterm - ;; for HTTPS access - nss-certs) + xterm) %base-packages)) ;; Use the "desktop" services, which include the X11 diff --git a/gnu/system/examples/plasma.tmpl b/gnu/system/examples/plasma.tmpl index 6395991125..c3850ffe37 100644 --- a/gnu/system/examples/plasma.tmpl +++ b/gnu/system/examples/plasma.tmpl @@ -3,7 +3,7 @@ (use-modules (gnu) (gnu system nss) (srfi srfi-1)) (use-service-modules desktop sddm xorg ssh) -(use-package-modules certs gnome ssh admin fonts) +(use-package-modules gnome ssh admin fonts) (use-package-modules qt xorg tmux linux) (operating-system @@ -32,8 +32,7 @@ %base-user-accounts)) ;; This is where we specify system-wide packages. - (packages (cons* nss-certs ;for HTTPS access - neofetch + (packages (cons* neofetch htop tmux xprop diff --git a/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl b/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl index 2203375270..1baca02491 100644 --- a/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl +++ b/gnu/system/examples/raspberry-pi-64-nfs-root.tmpl @@ -17,8 +17,7 @@ avahi networking ssh) -(use-package-modules certs - linux +(use-package-modules linux raspberry-pi ssh) @@ -56,8 +55,7 @@ (supplementary-groups '("wheel" "netdev" "audio" "video")) (home-directory "/home/pi")) %base-user-accounts)) - (packages (cons* nss-certs - openssh + (packages (cons* openssh %base-packages)) (services (cons* (service avahi-service-type) (service dhcp-client-service-type) diff --git a/gnu/system/examples/raspberry-pi-64.tmpl b/gnu/system/examples/raspberry-pi-64.tmpl index 185d25c412..414d8ac7a5 100644 --- a/gnu/system/examples/raspberry-pi-64.tmpl +++ b/gnu/system/examples/raspberry-pi-64.tmpl @@ -16,8 +16,7 @@ avahi networking ssh) -(use-package-modules certs - linux +(use-package-modules linux raspberry-pi ssh) @@ -60,8 +59,7 @@ (supplementary-groups '("wheel" "netdev" "audio" "video")) (home-directory "/home/pi")) %base-user-accounts)) - (packages (cons* nss-certs - openssh + (packages (cons* openssh %base-packages)) (services (cons* (service avahi-service-type) (service dhcp-client-service-type) diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl index dc9a7542a5..589de493b1 100644 --- a/gnu/system/examples/vm-image.tmpl +++ b/gnu/system/examples/vm-image.tmpl @@ -7,7 +7,7 @@ (use-modules (gnu) (guix) (srfi srfi-1)) (use-service-modules desktop mcron networking spice ssh xorg sddm) -(use-package-modules bootloaders certs fonts +(use-package-modules bootloaders fonts package-management xdisorg xorg) (define vm-image-motd (plain-file "motd" " @@ -66,7 +66,7 @@ root ALL=(ALL) ALL %wheel ALL=NOPASSWD: ALL\n")) (packages - (append (list font-bitstream-vera nss-certs + (append (list font-bitstream-vera ;; Auto-started script providing SPICE dynamic resizing for ;; Xfce (see: ;; https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/142). diff --git a/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm b/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm index eaaa12ba78..6ec644f113 100644 --- a/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm +++ b/gnu/system/images/orangepi-r1-plus-lts-rk3328.scm @@ -21,7 +21,6 @@ (define-module (gnu system images orangepi-r1-plus-lts-rk3328) #:use-module (gnu bootloader u-boot) #:use-module (gnu image) #:use-module (gnu packages linux) - #:use-module (gnu packages certs) #:use-module (guix platforms arm) #:use-module (gnu services) #:use-module (gnu services base) @@ -55,8 +54,7 @@ (define orangepi-r1-plus-lts-rk3328-barebones-os (term "vt100") (tty "ttyS2"))) (service dhcp-client-service-type) - (service ntp-service-type) %base-services)) - (packages (cons nss-certs %base-packages)))) + (service ntp-service-type) %base-services)))) (define orangepi-r1-plus-lts-rk3328-image-type (image-type (name 'orangepi-r1-plus-lts-rk3328-raw) diff --git a/gnu/system/images/pine64.scm b/gnu/system/images/pine64.scm index 3feb69764d..457ff4345f 100644 --- a/gnu/system/images/pine64.scm +++ b/gnu/system/images/pine64.scm @@ -59,8 +59,7 @@ (define pine64-barebones-os (tty "ttyS0"))) (service dhcp-client-service-type) (service ntp-service-type) - %base-services)) - (packages (cons nss-certs %base-packages)))) + %base-services)))) (define pine64-image-type (image-type diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 371bfc2a63..0195a0804d 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -548,11 +548,10 @@ (define installation-os (base-pam-services #:allow-empty-passwords? #t)) (packages (append - (list glibc ; for 'tzselect' & co. + (list glibc ; for 'tzselect' & co. fontconfig font-dejavu font-gnu-unifont - grub ; mostly so xrefs to its manual work - nss-certs) ; To access HTTPS, use git, etc. + grub) ; mostly so xrefs to its manual work %installer-disk-utilities %base-packages)))) -- cgit v1.2.3