[Nix-dev] msmtp and certificates

[Bjørn Forsman]

Hi all,

On Ubuntu I've been using msmtp on the command line to send emails
with my gmail account (handy for cronjobs). But my msmtp configuration
file includes a "tls_trust_file" directive that points to
"/etc/ssl/certs/ca-certificates.crt", and that fails on NixOS.

On Debian/Ubuntu, there is a ca-certificates package (seems to be
installed by default), but /etc/ssl/certs/ca-certificates.crt is
actually not owned by any package, I think it is generated by a
post-install script.

My attempts at locating this file on NixOS:

$ sudo find / -iname "*certificate*crt*"
/nix/store/q8v3qjqhik3r386lh7ywm11wrwlp38g4-python-tornado-2.4/lib/python2.7/site-packages/tornado-2.4-py2.7.egg/tornado/ca-certificates.crt

(That is actually a copy of /etc/ssl/certs/ca-certificates.crt from Ubuntu.)

And then:
$ nix-env -qaP \* | grep -i certificate
nixos.pkgs.haskellPackages.certificate
          haskell-certificate-ghc7.6.3-1.3.8
nixos.pkgs.haskellPackages_ghc763_no_profiling.certificate
          haskell-certificate-ghc7.6.3-1.3.8
nixos.pkgs.haskellPackages_ghc763_profiling.certificate
          haskell-certificate-ghc7.6.3-1.3.8-profiling

So I guess we don't have such a package for NixOS yet?

Does anyone know how these certificates work and whether we can make a
similar ca-certificates package for nixpkgs/NixOS?

Here is my ~/.msmtprc config file for gmail:
  account default
  host smtp.gmail.com
  port 587
  from bjorn.forsman at gmail.com
  tls on
  tls_starttls on
  # tls_trust_file for Ubuntu (other distros may use different path)
  tls_trust_file /etc/ssl/certs/ca-certificates.crt
  auth on
  user bjorn.forsman
  password <password>
  logfile ~/.msmtp.log

Best regards,
Bjørn Forsman