services: hpcguix-web: Set SSL_CERT_DIR.

Previously Git pulls over HTTPS would fail with:

  guix/git.scm:132:7: In procedure update-cached-checkout:
  Throw to key `git-error' with args `(#<<git-error> code: -17 message: "the SSL certificate is invalid" class: 16>)'.

* gnu/services/web.scm (hpcguix-web-shepherd-service): Pass
"SSL_CERT_DIR=/etc/ssl/certs".
* doc/guix.texi (Web Services): Mention certificates.
This commit is contained in:
Ludovic Courtès 2018-09-06 13:49:06 +02:00
parent 3ffcad7df3
commit 7df945656c
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 13 additions and 1 deletions

View file

@ -16848,6 +16848,17 @@ A typical hpcguix-web service declaration looks like this:
(menu '(("/about" "ABOUT"))))))))
@end example
@quotation Note
The hpcguix-web service periodically updates the package list it publishes by
pulling channels from Git. To that end, it needs to access X.509 certificates
so that it can authenticate Git servers when communicating over HTTPS, and it
assumes that @file{/etc/ssl/certs} contains those certificates.
Thus, make sure to add @code{nss-certs} or another certificate package to the
@code{packages} field of your configuration. @ref{X.509 Certificates}, for
more information on X.509 certificates.
@end quotation
@node Certificate Services
@subsubsection Certificate Services

View file

@ -967,7 +967,8 @@ (define (hpcguix-web-shepherd-service config)
#:user "hpcguix-web"
#:group "hpcguix-web"
#:environment-variables
(list "XDG_CACHE_HOME=/var/cache")))
(list "XDG_CACHE_HOME=/var/cache"
"SSL_CERT_DIR=/etc/ssl/certs")))
(stop #~(make-kill-destructor))))))
(define hpcguix-web-service-type