Don't statically depend on cacert for certificates
This reverts commit cd52c04456
and
others.
Managing certificates (including revoking certificates and adding
custom certificates) becomes extremely painful if every package in the
system potentially depends on a different copy of cacert. Also, it
makes updating cacert rather expensive.
This commit is contained in:
parent
23562aad59
commit
55932c1bec
@ -1,7 +1,7 @@
|
||||
{ fetchurl, stdenv, m4, glibc, gtk3, libexif, libgphoto2, libsoup, libxml2, vala, sqlite
|
||||
, webkitgtk24x, pkgconfig, gnome3, gst_all_1, which, udev, libraw, glib, json_glib
|
||||
, gettext, desktop_file_utils, lcms2, gdk_pixbuf, librsvg, makeWrapper
|
||||
, gnome_doc_utils, hicolor_icon_theme, cacert }:
|
||||
, gnome_doc_utils, hicolor_icon_theme }:
|
||||
|
||||
# for dependencies see http://www.yorba.org/projects/shotwell/install/
|
||||
|
||||
@ -15,9 +15,9 @@ stdenv.mkDerivation rec {
|
||||
};
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-I${glib}/include/glib-2.0 -I${glib}/lib/glib-2.0/include";
|
||||
|
||||
|
||||
configureFlags = [ "--disable-gsettings-convert-install" ];
|
||||
|
||||
|
||||
preConfigure = ''
|
||||
patchShebangs .
|
||||
'';
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, fetchurl, pkgconfig, libsoup, webkit, gtk, glib_networking
|
||||
, gsettings_desktop_schemas, makeWrapper, cacert
|
||||
, gsettings_desktop_schemas, makeWrapper
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -11,11 +11,6 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "0h9m5qfs09lb0dz8a79yccmm3a5rv6z8gi5pkyfh8fqkgkh2940p";
|
||||
};
|
||||
|
||||
# Nixos default ca bundle
|
||||
patchPhase = ''
|
||||
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, src/config.def.h
|
||||
'';
|
||||
|
||||
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ];
|
||||
|
||||
makeFlags = [ "PREFIX=$(out)" ];
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, fetchurl, makeWrapper, glib, glib_networking, gtk, libsoup, libX11, perl,
|
||||
pkgconfig, webkit, gsettings_desktop_schemas, cacert }:
|
||||
pkgconfig, webkit, gsettings_desktop_schemas }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.4.2";
|
||||
@ -9,11 +9,6 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "13jdximksh9r3cgd2f8vms0pbsn3x0gxvyqdqiw16xp5fmdx5kzr";
|
||||
};
|
||||
|
||||
# Nixos default ca bundle
|
||||
patchPhase = ''
|
||||
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, config.h
|
||||
'';
|
||||
|
||||
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];
|
||||
|
||||
installPhase = ''
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, buildEnv, fetchgit, fetchurl, makeWrapper, bundlerEnv, bundler_HEAD
|
||||
, ruby, libxslt, libxml2, sqlite, openssl, cacert, docker
|
||||
, ruby, libxslt, libxml2, sqlite, openssl, docker
|
||||
, dataDir ? "/var/lib/panamax-api" }:
|
||||
|
||||
with stdenv.lib;
|
||||
@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
|
||||
--prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
|
||||
--prefix "HOME" : "$out/share/panamax-api" \
|
||||
--prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
|
||||
--prefix "SSL_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
|
||||
--prefix "SSL_CERT_FILE" : /etc/ssl/certs/ca-certificates.crt \
|
||||
--prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
|
||||
'';
|
||||
|
||||
|
@ -1,12 +1,12 @@
|
||||
{ stdenv, fetchurl, dpkg, openssl, alsaLib, libXext, libXfixes, libXrandr
|
||||
, libjpeg, curl, libX11, libXmu, libXv, libXtst, qt4, mesa, zlib
|
||||
, gnome, libidn, rtmpdump, c-ares, openldap, makeWrapper, cacert
|
||||
, gnome, libidn, rtmpdump, c-ares, openldap, makeWrapper
|
||||
}:
|
||||
assert stdenv.system == "x86_64-linux";
|
||||
let
|
||||
curl_custom =
|
||||
stdenv.lib.overrideDerivation curl (args: {
|
||||
configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt"] ;
|
||||
configureFlags = args.configureFlags ++ ["--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"] ;
|
||||
} );
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, fetchurl, pkgconfig, libxslt, telepathy_glib, libxml2, dbus_glib, dbus_daemon
|
||||
, sqlite, libsoup, libnice, gnutls, cacert }:
|
||||
, sqlite, libsoup, libnice, gnutls }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "telepathy-gabble-0.18.2";
|
||||
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
|
||||
buildInputs = [ libxml2 dbus_glib sqlite libsoup libnice telepathy_glib gnutls ]
|
||||
++ stdenv.lib.optional doCheck dbus_daemon;
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
doCheck = true;
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ stdenv, fetchurl, ncurses, openssl, perl, python, aspell, gnutls
|
||||
, zlib, curl , pkgconfig, libgcrypt, ruby, lua5, tcl, guile
|
||||
, pythonPackages, cacert, cmake, makeWrapper, libobjc
|
||||
, pythonPackages, cmake, makeWrapper, libobjc
|
||||
, extraBuildInputs ? [] }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -15,11 +15,11 @@ stdenv.mkDerivation rec {
|
||||
buildInputs =
|
||||
[ ncurses perl python openssl aspell gnutls zlib curl pkgconfig
|
||||
libgcrypt ruby lua5 tcl guile pythonPackages.pycrypto makeWrapper
|
||||
cacert cmake ]
|
||||
cmake ]
|
||||
++ stdenv.lib.optionals stdenv.isDarwin [ pythonPackages.pync libobjc ]
|
||||
++ extraBuildInputs;
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=/etc/ssl/certs/ca-certificates.crt";
|
||||
|
||||
postInstall = ''
|
||||
NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages"
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, pythonPackages, cacert }:
|
||||
{ stdenv, fetchurl, pythonPackages }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
version = "2.6";
|
||||
@ -19,10 +19,9 @@ stdenv.mkDerivation rec {
|
||||
patches = [ ./add_certificates.patch ];
|
||||
postPatch = ''
|
||||
substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \
|
||||
--subst-var-by "certPath" "${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
--subst-var-by certPath /etc/ssl/certs/ca-certificates.crt
|
||||
'';
|
||||
|
||||
|
||||
installPhase = ''
|
||||
python setup.py install --prefix=$out
|
||||
wrapPythonPrograms
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ stdenv, fetchurl, python, makeWrapper, docutils, unzip, hg-git, dulwich
|
||||
, guiSupport ? false, tk ? null, curses, cacert
|
||||
|
||||
, guiSupport ? false, tk ? null, curses
|
||||
, ApplicationServices }:
|
||||
|
||||
let
|
||||
@ -48,7 +47,7 @@ stdenv.mkDerivation {
|
||||
mkdir -p $out/etc/mercurial
|
||||
cat >> $out/etc/mercurial/hgrc << EOF
|
||||
[web]
|
||||
cacerts = ${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
cacerts = /etc/ssl/certs/ca-certificates.crt
|
||||
EOF
|
||||
|
||||
# copy hgweb.cgi to allow use in apache
|
||||
|
@ -1,6 +1,6 @@
|
||||
{ stdenv, fetchurl, pkgconfig, dbus, libgcrypt, libtasn1, pam, python, glib, libxslt
|
||||
, intltool, pango, gcr, gdk_pixbuf, atk, p11_kit, makeWrapper
|
||||
, docbook_xsl_ns, docbook_xsl, gnome3, cacert }:
|
||||
, docbook_xsl_ns, docbook_xsl, gnome3 }:
|
||||
|
||||
let
|
||||
majVer = gnome3.version;
|
||||
@ -22,7 +22,7 @@ in stdenv.mkDerivation rec {
|
||||
nativeBuildInputs = [ pkgconfig intltool docbook_xsl_ns docbook_xsl ];
|
||||
|
||||
configureFlags = [
|
||||
"--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt" # NixOS hardcoded path
|
||||
"--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt" # NixOS hardcoded path
|
||||
"--with-pkcs11-config=$$out/etc/pkcs11/" # installation directories
|
||||
"--with-pkcs11-modules=$$out/lib/pkcs11/"
|
||||
];
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, pkgconfig, glib, libsoup, gobjectIntrospection, cacert, gnome3 }:
|
||||
{ stdenv, fetchurl, pkgconfig, glib, libsoup, gobjectIntrospection, gnome3 }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "rest-0.7.92";
|
||||
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
buildInputs = [ pkgconfig glib libsoup gobjectIntrospection];
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
platforms = platforms.linux;
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, erlang, rebar, makeWrapper, coreutils, curl, bash, cacert }:
|
||||
{ stdenv, fetchurl, erlang, rebar, makeWrapper, coreutils, curl, bash }:
|
||||
|
||||
let
|
||||
version = "1.0.5";
|
||||
@ -32,8 +32,8 @@ stdenv.mkDerivation {
|
||||
b=$(basename $f)
|
||||
if [ $b == "mix" ]; then continue; fi
|
||||
wrapProgram $f \
|
||||
--prefix PATH ":" "${erlang}/bin:${coreutils}/bin:${curl}/bin:${bash}/bin" \
|
||||
--set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
--prefix PATH ":" "${erlang}/bin:${coreutils}/bin:${curl}/bin:${bash}/bin" \
|
||||
--set CURL_CA_BUNDLE /etc/ssl/certs/ca-certificates.crt
|
||||
done
|
||||
'';
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
{ stdenv, fetchurl, pkgconfig, glib, intltool, gnutls, libproxy
|
||||
, gsettings_desktop_schemas, cacert }:
|
||||
, gsettings_desktop_schemas }:
|
||||
|
||||
let
|
||||
ver_maj = "2.44";
|
||||
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "8f8a340d3ba99bfdef38b653da929652ea6640e27969d29f7ac51fbbe11a4346";
|
||||
};
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt";
|
||||
|
||||
preBuild = ''
|
||||
sed -e "s@${glib}/lib/gio/modules@$out/lib/gio/modules@g" -i $(find . -name Makefile)
|
||||
|
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
|
||||
"--with-sock-dir=/run"
|
||||
"--with-privsep-user=smtpd"
|
||||
"--with-queue-user=smtpq"
|
||||
"--with-ca-file=${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
"--with-ca-file=/etc/ssl/certs/ca-certificates.crt"
|
||||
];
|
||||
|
||||
installFlags = [
|
||||
|
@ -43,7 +43,7 @@ diff -urN pipelight.old/bin/pipelight-plugin.in pipelight.new/bin/pipelight-plug
|
||||
-fi
|
||||
+download_file()
|
||||
+{
|
||||
+ curl --cacert /etc/ssl/certs/ca-bundle.crt -o "$1" "$2"
|
||||
+ curl --cacert /etc/ssl/certs/ca-certificates.crt -o "$1" "$2"
|
||||
+}
|
||||
|
||||
# Use shasum instead of sha256sum on MacOS / *BSD
|
||||
@ -111,7 +111,7 @@ diff -urN pipelight.old/share/install-dependency pipelight.new/share/install-dep
|
||||
-fi
|
||||
+download_file()
|
||||
+{
|
||||
+ curl --cacert /etc/ssl/certs/ca-bundle.crt -o "$1" "$2"
|
||||
+ curl --cacert /etc/ssl/certs/ca-certificates.crt -o "$1" "$2"
|
||||
+}
|
||||
+get_download_size()
|
||||
+{
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ stdenv, fetchurl, pkgconfig, cacert, c-ares, openssl, libxml2, sqlite, zlib }:
|
||||
{ stdenv, fetchurl, pkgconfig, c-ares, openssl, libxml2, sqlite, zlib }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "aria2-${version}";
|
||||
@ -11,9 +11,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
buildInputs = [ pkgconfig c-ares openssl libxml2 sqlite zlib ];
|
||||
|
||||
propagatedBuildInputs = [ cacert ];
|
||||
|
||||
configureFlags = [ "--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt" ];
|
||||
configureFlags = [ "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = http://aria2.sourceforge.net/;
|
||||
|
@ -1,5 +1,4 @@
|
||||
{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils
|
||||
, makeWrapper, coreutils, cacert
|
||||
{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils, makeWrapper, coreutils
|
||||
, apiKey ? ""
|
||||
, deviceKey ? "" }:
|
||||
|
||||
@ -36,7 +35,7 @@ in stdenv.mkDerivation rec {
|
||||
cp -R ${modulesSrc}/* $out/modules/
|
||||
wrapProgram "$out/prey.sh" \
|
||||
--prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \
|
||||
--set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
--set CURL_CA_BUNDLE "/etc/ssl/certs/ca-certificates.crt"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
Loading…
Reference in New Issue
Block a user