gnu: glib-networking: Prefer 'SSL_CERT_FILE' as TLS CA file.

This is an improvement over commit af6100f.

* gnu/packages/gnome.scm (glib-networking)[source](patches): New field.
  [arguments]: Pass '/etc/ssl/certs/ca-certificates.crt' to configure.
  Set 'SSL_CERT_FILE' to '/dev/null' in 'use-empty-ssl-cert-file' phase.
  (libsoup)[arguments]: Set 'SSL_CERT_FILE' to '/dev/null' in
  'pre-check' phase.
* gnu/packages/patches/glib-networking-ssl-cert-file.patch: New patch.
* gnu-system.am (dist_patch_DATA): Add it.

gnu-system.am

@@ -456,6 +456,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/ghostscript-CVE-2015-3228.patch		\
   gnu/packages/patches/ghostscript-runpath.patch		\
   gnu/packages/patches/gitolite-openssh-6.8-compat.patch	\
+  gnu/packages/patches/glib-networking-ssl-cert-file.patch	\
   gnu/packages/patches/glib-tests-desktop.patch			\
   gnu/packages/patches/glib-tests-homedir.patch			\
   gnu/packages/patches/glib-tests-prlimit.patch			\

gnu/packages/gnome.scm

@@ -1872,12 +1872,13 @@ library.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ij33bhvn7y5gagx4sbrw906dsjjjs9dllxn73pzv6x97c6k92lg"))))
+                "0ij33bhvn7y5gagx4sbrw906dsjjjs9dllxn73pzv6x97c6k92lg"))
+              (patches
+               (list (search-patch "glib-networking-ssl-cert-file.patch")))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
-       ;; FIXME: ca-certificates.crt is not available in the build environment.
+       '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
-       '("--with-ca-certificates=no")
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-giomoduledir
@@ -1886,7 +1887,13 @@ library.")
                        (substitute* "configure"
                          (("GIO_MODULE_DIR=.*")
                           (string-append "GIO_MODULE_DIR=" %output
-                                         "/lib/gio/modules\n"))))))))
+                                         "/lib/gio/modules\n")))))
+         (add-before 'check 'use-empty-ssl-cert-file
+                     (lambda _
+                       ;; The ca-certificates.crt is not available in the build
+                       ;; environment.
+                       (setenv "SSL_CERT_FILE" "/dev/null")
+                       #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)))
@@ -1968,11 +1975,14 @@ libxml to ease remote use of the RESTful API.")
                        (substitute* "tests/socket-test.c"
                          ((".*/sockets/unconnected.*") ""))
                        #t))
-         (add-before 'check 'unset-LC_ALL
+         (add-before 'check 'pre-check
-                     ;; The 'check-local' target runs 'env LANG=C sort -u',
-                     ;; unset 'LC_ALL' to make 'LANG' working.
                      (lambda _
+                       ;; The 'check-local' target runs 'env LANG=C sort -u',
+                       ;; unset 'LC_ALL' to make 'LANG' working.
                        (unsetenv "LC_ALL")
+                       ;; The ca-certificates.crt is not available in the build
+                       ;; environment.
+                       (setenv "SSL_CERT_FILE" "/dev/null")
                        #t)))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-mkenums

gnu/packages/patches/glib-networking-ssl-cert-file.patch

@@ -0,0 +1,29 @@
+From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
+Date: Fri, 14 Aug 2015 17:28:36 +0800
+Subject: [PATCH] gnutls: Allow overriding the anchor file location by
+ 'SSL_CERT_FILE'
+
+---
+ tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
+index 55ec1a5..217d3c8 100644
+--- a/tls/gnutls/gtlsbackend-gnutls.c
++++ b/tls/gnutls/gtlsbackend-gnutls.c
+@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls  *self,
+                                            GError            **error)
+ {
+   const gchar *anchor_file = NULL;
++  anchor_file = g_getenv ("SSL_CERT_FILE");
+ #ifdef GTLS_SYSTEM_CA_FILE
+-  anchor_file = GTLS_SYSTEM_CA_FILE;
++  if (!anchor_file)
++    anchor_file = GTLS_SYSTEM_CA_FILE;
+ #endif
+   return g_tls_file_database_new (anchor_file, error);
+ }
+-- 
+2.4.3
+