From c9b3062f110f1e2cad36c873945736896bbcb2fb Mon Sep 17 00:00:00 2001 From: "Collin J. Doering" Date: Mon, 1 Jan 2024 15:08:20 -0500 Subject: [PATCH] Makefile: Use ssl certificates from within the container by default When a guix-builder container runs without the store attached, it should still be able to use ssl certificates. This was not possible prior to this change without adjusting the SSL_CERT_FILE and SSL_CERT_DIR environment variables to be prefixed with '/guix-builder'. Preferably and as implemented in this commit, we can keep standard values of these environment variables and provide a link from /etc/ssl -> /guix-builder/etc/ssl where the certificate files reference /guix-builder/gnu/store instead of /gnu/store. This allows correct functioning in either case of the store being mounted or not. Its important to note that if a users mounts their guix hosts certificates, they must also mount its store as the certificate files in /etc/ssl/certs will be links to files in the store. --- Makefile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 95aada8..6f5e5b1 100644 --- a/Makefile +++ b/Makefile @@ -13,8 +13,9 @@ $(PASSWD_FILE): $(LINKS_TARBALL): ln -s /guix-builder/bin bin - tar -czvf $@ bin - rm bin + mkdir etc && ln -s /guix-builder/etc/ssl etc/ssl + tar -czvf $@ bin etc + rm -r etc bin $(TARBALL): @cp $$(guix pack -RR -S /bin=bin -S /etc/ssl=etc/ssl -S /lib/locale=lib/locale -m $(GUIX_MANIFEST)) $@ @@ -37,10 +38,12 @@ run: build -v /var/guix/daemon-socket/socket:/var/guix/daemon-socket/socket \ -v /gnu/store:/gnu/store:ro \ -v /etc/ssl:/etc/ssl:ro \ - -e HOME=/tmp \ - -w /tmp \ $(IMAGE_TAG):latest +.PHONY: run-no-store +run-no-store: build + @docker run --rm -it $(IMAGE_TAG):latest + .PHONY: shell shell: @./shell.sh $(GUIX_MANIFEST) $(GUIX_MANIFEST_DEV)