From b404b2126304c10327ffa5f958e640ab615287e2 Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Mon, 20 Feb 2023 19:49:15 +0100 Subject: Explicitly specify system-wide SSL certs By default, OpenSSL only uses its built-in certificates, but we need to use the system-wide ones for connecting to YouTube and BBC Sounds. --- tw/services/media.scm | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'tw/services') diff --git a/tw/services/media.scm b/tw/services/media.scm index cb463bb1..9755af9d 100644 --- a/tw/services/media.scm +++ b/tw/services/media.scm @@ -46,6 +46,8 @@ run the download script. By default, picks a random time between 04:00 and #$(program-file "yt-dlp-command" #~(begin + (setenv "SSL_CERT_DIR" "/etc/ssl/certs") + (setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt") (chdir #$(yt-dlp-configuration-media-directory config)) ;; Auto-update if we're using yt-dlp from the media directory. #$@(if yt-dlp-package '() @@ -77,10 +79,13 @@ run the download script. By default, picks a random time between 01:00 and #~(job #$(get-iplayer-configuration-schedule config) #$(program-file "get-iplayer-command" - #~(execl #$(file-append (get-iplayer-configuration-get-iplayer config) - "/bin/get_iplayer") - "get_iplayer" "--pvr" "--profile-dir" - #$(get-iplayer-configuration-config-directory config))) + #~(begin + (setenv "SSL_CERT_DIR" "/etc/ssl/certs") + (setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt") + (execl #$(file-append (get-iplayer-configuration-get-iplayer config) + "/bin/get_iplayer") + "get_iplayer" "--pvr" "--profile-dir" + #$(get-iplayer-configuration-config-directory config)))) #:user #$(get-iplayer-configuration-user config)))) (define get-iplayer-service-type -- cgit v1.2.3