| Message ID | 25be4a7ca6f9af888b6a97f6ab03e2e3ae2caaf7.1649436566.git.h.goebel@crazy-compilers.com |
|---|---|
| State | New |
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 86E8F27BBEA; Fri, 8 Apr 2022 18:16:05 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5A55127BBE9 for <patchwork@mira.cbaines.net>; Fri, 8 Apr 2022 18:16:05 +0100 (BST) Received: from localhost ([::1]:55054 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>) id 1ncsDM-0004ex-DK for patchwork@mira.cbaines.net; Fri, 08 Apr 2022 13:16:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53716) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ncs2i-0005qN-2B for guix-patches@gnu.org; Fri, 08 Apr 2022 13:05:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41930) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ncs2h-0005aE-Or for guix-patches@gnu.org; Fri, 08 Apr 2022 13:05:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ncs2h-0001c4-Jb for guix-patches@gnu.org; Fri, 08 Apr 2022 13:05:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54796] [PATCH v3 03/22] gnu: Add erlang-certifi. Resent-From: Hartmut Goebel <h.goebel@crazy-compilers.com> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 08 Apr 2022 17:05:03 +0000 Resent-Message-ID: <handler.54796.B54796.16494374615901@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54796 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54796@debbugs.gnu.org Received: via spool by 54796-submit@debbugs.gnu.org id=B54796.16494374615901 (code B ref 54796); Fri, 08 Apr 2022 17:05:03 +0000 Received: (at 54796) by debbugs.gnu.org; 8 Apr 2022 17:04:21 +0000 Received: from localhost ([127.0.0.1]:35773 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1ncs20-0001Wz-UL for submit@debbugs.gnu.org; Fri, 08 Apr 2022 13:04:21 -0400 Received: from mout.kundenserver.de ([212.227.126.135]:38111) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <h.goebel@crazy-compilers.com>) id 1ncs1o-0001Vk-LY for 54796@debbugs.gnu.org; Fri, 08 Apr 2022 13:04:09 -0400 Received: from hermia.goebel-consult.de ([79.211.184.115]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1M4KFF-1nd90d34Ov-000M8Q for <54796@debbugs.gnu.org>; Fri, 08 Apr 2022 19:04:02 +0200 Received: from lenashee.fritz.box (lenashee.goebel-consult.de [192.168.110.2]) by hermia.goebel-consult.de (Postfix) with ESMTP id 2030B66475; Fri, 8 Apr 2022 19:04:06 +0200 (CEST) From: Hartmut Goebel <h.goebel@crazy-compilers.com> Date: Fri, 8 Apr 2022 19:03:36 +0200 Message-Id: <25be4a7ca6f9af888b6a97f6ab03e2e3ae2caaf7.1649436566.git.h.goebel@crazy-compilers.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <cover.1649436566.git.h.goebel@crazy-compilers.com> References: <cover.1649436566.git.h.goebel@crazy-compilers.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:wVwGv0P6wHm/TEZxfzVAB+tZ5fN691DCCoqlNM9Aqgc4wDV0it0 oaHOyWPgK9Jh2GMj15ONbF4auuHlA4xcueEvlcYqwvPP32id3a4lEKRC4vPwg5foQYrTura 12qQOarGqbecQkKS6+v/Yt0puY9kUpdwxFLNWQ0x/kxB5H2gKqJA8FZVsEYu/lJ9+sT+s/J 46jfIy0eaAANGa2StClaA== X-UI-Out-Filterresults: notjunk:1;V03:K0:SAvZtJG63Eg=:e/zLqaFqcBTkWUDRdUanmv DS+BufF/0bDyQBmhMy0jGpykoj3N4yfZf2t5EedOzGci1eq3TiziZHMrWukX+bjpCDROc53mt KD6Oj0QqlUQZMK3AkEPQv5ANgcQG69Y5grZc1cQWle+8D92mY9q/Lp3CjYeAJEgxByTpBNOHi 8zUo0RwzqDm8mZ4t83Fs2vn0fRi7y/wcu3bStLnRUJupQlCgCLucbMzeQGbaSTTEkeqJWQo6p qsbCrnKGx2Mk8xrRhzVeRcOvHch3aENI0cE2HKqkM7hC9WxleQKtdyGZXxDmMT7EC4O+EhqqH lb30UaUvDFQUt9BMiJPSMovL68kprj7202bc+H4LPxVZFhqgNueOEFqwj3v3MhTvyjZb+WhCe 6vqelplIaJNraEIHtwaE0g4KKUs8c0MR0QJk9+NU7w/jI2bfgw9N9Z6RD+OFZNL/xnwjdJQWY by7BAUsd+hU2ZW7/qXzQpuby+uVgwW1bQuG5t/ZiEkUEYYZQ2wCZYWAmwNZCWCoeQbhpVPvAX xec3XQsCWWBqJ8FKk3ojJChgYa3bo31DzlN1Oi19pskqxjxyPaVmpOphLCJsyvQTXrE4rpmWX y8GI3+yviEjW1NunI6Fh27Tynd9cJ3fo/D7A8bbbblq7pl1O2JPKV8TGDQiRolBxIx3osQBWl K1gQL5KYLLGLTZD+bh6n51ixmqDiTR51AJ8UC6y9GtgzdO7+dTMoOybl0TFSiAwf1op6SKcSF Q0pt8s+S6fpDtDSM X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches |
| Series |
Add importer for hex.pm and rebar3 build-system for Erlang
|
|
Commit Message
Hartmut Goebel
April 8, 2022, 5:03 p.m. UTC
* gnu/packages/erlang.scm (erlang-certifi): New variable. --- gnu/packages/erlang.scm | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
Comments
Hartmut Goebel schreef op vr 08-04-2022 om 19:03 [+0200]: > + (description "This Erlang library contains a CA bundle that you can > +reference in your Erlang application. This is useful for systems that do not > +have CA bundles that Erlang can find itself, or where a uniform set of CAs is > +valuable. > + > +This an Erlang specific port of certifi. The CA bundle is derived from Can this bundle be built from 'nss-certs', such that when nss-certs is updated (e.g. Mozilla revokes a root certificate due to reasons), erlang-certifi is up-to-date as well? Also, if Erlang supports some kind of static linking, then a package like this might be useful for people wanting to make static binaries to distribute to (non-Guix) systems. However, adding packages like nss-certs to the package inputs is avoided in favour of SSL_CERT_DIR/SSL_CERT_FILE / /etc/ssl/certs, to avoid rebuilds (*) when nss-certs is updated and because people might want to use a different set of root certificates (e.g., le-certs, none, or a list of (non-CA) certificates for a few individual sites). As such, can this package be avoided as dependency? Also see: * https://issues.guix.gnu.org/54434#8 (tzdata instead of nss-certs, but same principle) * https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00516.html (about rebuilds) * https://lists.gnu.org/archive/html/guix-devel/2014-02/msg00277.html (some security reasons for not including nss-certs in the inputs or even the user profile) (*) nowaday it is less of a concern because of grafting, but grafting can take a long time. Greetings, Maxime.
Am 09.04.22 um 13:39 schrieb Maxime Devos: > Can this bundle be built from 'nss-certs', such that when nss-certs is > updated (e.g. Mozilla revokes a root certificate due to reasons), > erlang-certifi is up-to-date as well? This package is a sibling of python-certifi [1] and go-github-com-certifi-gocertifi. All these contain a copy of the/a CA bundle — which is the idea of these packages: „useful for systems that do not have CA bundles“. So they intentionally do not honor SSL_CERT_DIR/…. They are meant to be used as fall-back for libraries/applications honoring SSL_CERT_DIR/…. Neither python-certifi nor gocertifi build on nss-cert. Addind some update mechanism into the Guix package is not a good idea IMO: This would make “erlang-certif@2.9.0“ contain different certificates than the release 2.9.0, making debugging a hell. > As such, can this package be avoided as dependency? As of now, rebar3 does not support SSL_CERT_DIR/…. Anyhow there is already an open ticket [3] for. Other libraries/application might still need erlang-certifi, like some need python-certifi or gocertif. So anyhow we should keep this package. [1] https://github.com/certifi/python-certifi [2] https://github.com/certifi/gocertifi [3] https://github.com/erlang/rebar3/issues/2696
diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm index 0b9e89d134..95a18e6f18 100644 --- a/gnu/packages/erlang.scm +++ b/gnu/packages/erlang.scm @@ -206,6 +206,30 @@ built-in support for concurrency, distribution and fault tolerance.") files.") (license license:asl2.0))) +(define-public erlang-certifi + (package + (name "erlang-certifi") + (version "2.9.0") + (source + (origin + (method url-fetch) + (uri (hexpm-uri "certifi" version)) + (sha256 + (base32 "0ha6vmf5p3xlbf5w1msa89frhvfk535rnyfybz9wdmh6vdms8v96")))) + (build-system rebar3-build-system) + (arguments + `(#:tests? #f)) ;; have not been updated for latest cert bundle + (home-page "https://github.com/certifi/erlang-certifi/") + (synopsis "CA bundle adapted from Mozilla for Erlang") + (description "This Erlang library contains a CA bundle that you can +reference in your Erlang application. This is useful for systems that do not +have CA bundles that Erlang can find itself, or where a uniform set of CAs is +valuable. + +This an Erlang specific port of certifi. The CA bundle is derived from +Mozilla's canonical set.") + (license license:bsd-3))) + (define-public erlang-cf (package (name "erlang-cf")