Makefile: Use ssl certificates from within the container by default
When a guix-builder container runs without the store attached, it should still be able to use ssl certificates. This was not possible prior to this change without adjusting the SSL_CERT_FILE and SSL_CERT_DIR environment variables to be prefixed with '/guix-builder'. Preferably and as implemented in this commit, we can keep standard values of these environment variables and provide a link from /etc/ssl -> /guix-builder/etc/ssl where the certificate files reference /guix-builder/gnu/store instead of /gnu/store. This allows correct functioning in either case of the store being mounted or not. Its important to note that if a users mounts their guix hosts certificates, they must also mount its store as the certificate files in /etc/ssl/certs will be links to files in the store.
This commit is contained in:
parent
e270484870
commit
c9b3062f11
11
Makefile
11
Makefile
|
@ -13,8 +13,9 @@ $(PASSWD_FILE):
|
|||
|
||||
$(LINKS_TARBALL):
|
||||
ln -s /guix-builder/bin bin
|
||||
tar -czvf $@ bin
|
||||
rm bin
|
||||
mkdir etc && ln -s /guix-builder/etc/ssl etc/ssl
|
||||
tar -czvf $@ bin etc
|
||||
rm -r etc bin
|
||||
|
||||
$(TARBALL):
|
||||
@cp $$(guix pack -RR -S /bin=bin -S /etc/ssl=etc/ssl -S /lib/locale=lib/locale -m $(GUIX_MANIFEST)) $@
|
||||
|
@ -37,10 +38,12 @@ run: build
|
|||
-v /var/guix/daemon-socket/socket:/var/guix/daemon-socket/socket \
|
||||
-v /gnu/store:/gnu/store:ro \
|
||||
-v /etc/ssl:/etc/ssl:ro \
|
||||
-e HOME=/tmp \
|
||||
-w /tmp \
|
||||
$(IMAGE_TAG):latest
|
||||
|
||||
.PHONY: run-no-store
|
||||
run-no-store: build
|
||||
@docker run --rm -it $(IMAGE_TAG):latest
|
||||
|
||||
.PHONY: shell
|
||||
shell:
|
||||
@./shell.sh $(GUIX_MANIFEST) $(GUIX_MANIFEST_DEV)
|
||||
|
|
Loading…
Reference in New Issue