@@ -17152,7 +17152,7 @@ Using the Configuration System
(operating-system
;; ...
(packages (append (map specification->package+output
- '("nss-certs" "git" "git:send-email"))
+ '("git" "git:send-email"))
%base-packages)))
@end lisp
@@ -17240,8 +17240,7 @@ Using the Configuration System
as returned by the @command{blkid} command.
@xref{Desktop Services}, for the exact list of services provided by
-@code{%desktop-services}. @xref{X.509 Certificates}, for background
-information about the @code{nss-certs} package that is used here.
+@code{%desktop-services}.
Again, @code{%desktop-services} is just a list of service objects. If
you want to remove services from there, you can do so using the
@@ -32457,9 +32456,11 @@ Web Services
so that it can authenticate Git servers when communicating over HTTPS, and it
assumes that @file{/etc/ssl/certs} contains those certificates.
-Thus, make sure to add @code{nss-certs} or another certificate package to the
-@code{packages} field of your configuration. @ref{X.509 Certificates}, for
-more information on X.509 certificates.
+The @code{nss-certs} certificate package is provided by default as part
+@code{%base-packages}. Should you not be using @code{%base-packages},
+make sure that @code{nss-certs} (or a similar certificate package) is
+added to the @code{packages} field of your configuration. @ref{X.509
+Certificates}, for more information on X.509 certificates.
@end quotation
@subsubheading gmnisrv
@@ -41006,10 +41007,10 @@ X.509 Certificates
is a set of CA certificates provided as part of Mozilla's Network
Security Services.
-Note that it is @emph{not} part of @code{%base-packages}, so you need to
-explicitly add it. The @file{/etc/ssl/certs} directory, which is where
-most applications and libraries look for certificates by default, points
-to the certificates installed globally.
+This package is part of @code{%base-packages}, so there's usually no
+need to explicitly add it. The @file{/etc/ssl/certs} directory, which
+is where most applications and libraries look for certificates by
+default, points to the certificates installed globally.
Unprivileged users, including users of Guix on a foreign distro,
can also install their own certificate package in
@@ -110,11 +110,6 @@ (define %system-services
(name (G_ "Tor anonymous network router"))
(type 'networking)
(snippet '((service tor-service-type))))
- (system-service
- (name (G_ "Mozilla NSS certificates, for HTTPS access"))
- (type 'networking)
- (packages '((specification->package "nss-certs")))
- (recommended? #t))
;; Miscellaneous system administration services.
(system-service
@@ -50,6 +50,7 @@ (define-module (gnu system)
#:use-module (gnu packages admin)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
+ #:use-module (gnu packages certs)
#:use-module (gnu packages compression)
#:use-module (gnu packages cross-base)
#:use-module (gnu packages firmware)
@@ -925,6 +926,7 @@ (define %base-packages-networking
;; Default set of networking packages.
(list inetutils isc-dhcp
iproute
+ nss-certs
wget
;; wireless-tools is deprecated in favor of iw, but it's still what
;; many people are familiar with, so keep it around.
@@ -4,9 +4,6 @@
(use-modules (gnu))
(use-service-modules networking ssh)
-;; If you want to use HTTPS, you most likely want to include
-;; "certs" in the line below. Also read the comment about
-;; "nss-certs" later in this file.
(use-package-modules screen ssh)
(operating-system
@@ -46,8 +43,6 @@
%base-user-accounts))
;; Globally-installed packages.
- ;; Add "nss-certs" for Mozilla's approved CA certs. You would
- ;; have to have included "certs" in use-package-modules above.
(packages (cons screen %base-packages))
;; Add services to the baseline: a DHCP client and an SSH
@@ -47,9 +47,7 @@
ratpoison i3-wm i3status dmenu
emacs emacs-exwm emacs-desktop-environment
;; terminal emulator
- xterm
- ;; for HTTPS access
- nss-certs)
+ xterm)
%base-packages))
;; Use the "desktop" services, which include the X11
@@ -56,8 +56,7 @@
(supplementary-groups '("wheel" "netdev" "audio" "video"))
(home-directory "/home/pi"))
%base-user-accounts))
- (packages (cons* nss-certs
- openssh
+ (packages (cons* openssh
%base-packages))
(services (cons* (service avahi-service-type)
(service dhcp-client-service-type)
@@ -55,8 +55,7 @@ (define orangepi-r1-plus-lts-rk3328-barebones-os
(term "vt100")
(tty "ttyS2")))
(service dhcp-client-service-type)
- (service ntp-service-type) %base-services))
- (packages (cons nss-certs %base-packages))))
+ (service ntp-service-type) %base-services))))
(define orangepi-r1-plus-lts-rk3328-image-type
(image-type (name 'orangepi-r1-plus-lts-rk3328-raw)
@@ -59,8 +59,7 @@ (define pine64-barebones-os
(tty "ttyS0")))
(service dhcp-client-service-type)
(service ntp-service-type)
- %base-services))
- (packages (cons nss-certs %base-packages))))
+ %base-services))))
(define pine64-image-type
(image-type
@@ -551,8 +551,7 @@ (define installation-os
(list glibc ; for 'tzselect' & co.
fontconfig
font-dejavu font-gnu-unifont
- grub ; mostly so xrefs to its manual work
- nss-certs) ; To access HTTPS, use git, etc.
+ grub) ; mostly so xrefs to its manual work
%installer-disk-utilities
%base-packages))))