diff mbox series

[bug#66121] system: bare-bones: Add comments about nss-cert and NTP service.

Message ID CAAQmekc+eVy3GT-UPkxgw3A9K80A+obb2SMJe58EizvXY4FAog@mail.gmail.com
State New
Headers show
Series [bug#66121] system: bare-bones: Add comments about nss-cert and NTP service. | expand

Commit Message

Nikolaos Chatzikonstantinou Sept. 20, 2023, 2:36 p.m. UTC 
Just adding some clarifying comments on the bare-bones configuration.
When I first used the bare-bones configuration I had TLS issues, but
thankfully I was aided by the IRC support channel.  On my own I
would've been lost because I wouldn't be able to guess there were CA
certificates I was missing.

Because truly bare-bones setups may want to avoid both an NTP service
and Mozilla's CA certificates, I decided to only add them as comment
suggestions.

Regards,
Nikolaos Chatzikonstantinou

Comments

Ludovic Courtès Oct. 5, 2023, 2:11 p.m. UTC | #1 
Hi,

Nikolaos Chatzikonstantinou <nchatz314@gmail.com> skribis:

> From 7feb542b50ad29e5de5208c503f92993e4b86a01 Mon Sep 17 00:00:00 2001
> From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
> Date: Wed, 20 Sep 2023 17:13:11 +0300
> Subject: [PATCH] system: bare-bones: Add comments about nss-cert and NTP
>  service.
>
> TLS errors may be confusing to some users.  Two comments are added: one
> comment should help clarify the extra step required for root CA certificates
> to be installed, while the other will help users keep their clocks
> synchronized, another source of TLS errors due to clock drift.
>
> * gnu/system/examples/bare-bones.tmpl: Add nss-cert and NTP service comments.
>
> Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>

Applied, thanks!

Ludo’.
diff mbox series

Patch

From 7feb542b50ad29e5de5208c503f92993e4b86a01 Mon Sep 17 00:00:00 2001
From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
Date: Wed, 20 Sep 2023 17:13:11 +0300
Subject: [PATCH] system: bare-bones: Add comments about nss-cert and NTP
 service.

TLS errors may be confusing to some users.  Two comments are added: one
comment should help clarify the extra step required for root CA certificates
to be installed, while the other will help users keep their clocks
synchronized, another source of TLS errors due to clock drift.

* gnu/system/examples/bare-bones.tmpl: Add nss-cert and NTP service comments.

Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>
---
 gnu/system/examples/bare-bones.tmpl | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl
index 45b4995574..dc6aff5273 100644
--- a/gnu/system/examples/bare-bones.tmpl
+++ b/gnu/system/examples/bare-bones.tmpl
@@ -4,6 +4,9 @@ 
 
 (use-modules (gnu))
 (use-service-modules networking ssh)
+;; If you want to use HTTPS, you most likely want to include
+;; "certs" in the line below.  Also read the comment about
+;; "nss-certs" later in this file.
 (use-package-modules screen ssh)
 
 (operating-system
@@ -43,10 +46,12 @@ 
                %base-user-accounts))
 
   ;; Globally-installed packages.
+  ;; Add "nss-certs" for Mozilla's approved CA certs.  You would
+  ;; have to have included "certs" in use-package-modules above.
   (packages (cons screen %base-packages))
 
-  ;; Add services to the baseline: a DHCP client and
-  ;; an SSH server.
+  ;; Add services to the baseline: a DHCP client and an SSH
+  ;; server.  You may wish to add an NTP service here.
   (services (append (list (service dhcp-client-service-type)
                           (service openssh-service-type
                                    (openssh-configuration
-- 
2.39.2