daemon: Use `openssl' from $PATH.

* daemon.am (-DOPENSSL_PATH): Default to "openssl". * TODO: Mention removal of OpenSSL dependency.
9 years ago · a9128eac41
2 changed files with 10 additions and 1 deletions
--- a/9
+++ b/9
@ -14,6 +14,15 @@ and GC-related tasks.  The daemon mainly uses ‘libstore’ from Nix.
 Integrating it in Guix itself will make Guix self-contained, thereby
 simplifying our users’ lives.

+** Remove dependency on OpenSSL
+
+The ‘openssl’ command-line tool is used in libstore to sign store paths
+to be exported, and to check such signatures.  The signing keys are
+usually in /etc/nix/signing-key.{pub,sec}.  They are a PKCS#8-encoded
+X.509 SubjectPublicKeyInfo.  These can be decoded with the [[http://lists.gnu.org/archive/html/help-gnutls/2012-12/msg00012.html][C API of
+GnuTLS]], but not yet with its Guile bindings.  There’s also
+‘gnutls_privkey_sign_data’ to sign, and related functions.
+
 * infrastructure

 ** have a Hydra instance build Guix packages
--- a/daemon.am
+++ b/daemon.am
@ -114,7 +114,7 @@ libstore_a_CPPFLAGS =				\
  -DNIX_CONF_DIR=\"$(sysconfdir)/nix\"		\
  -DNIX_LIBEXEC_DIR=\"$(libexecdir)\"		\
  -DNIX_BIN_DIR=\"$(bindir)\"			\
-  -DOPENSSL_PATH="\"FIXME--no OpenSSL support\""
+  -DOPENSSL_PATH="\"openssl\""

 libstore_a_CFLAGS =				\
  $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS)