Merge #61179: stdenv, cacert: $NIX_SSL_CERT_FILE changes

... into staging
This commit is contained in:
Vladimír Čunát 2019-05-19 10:56:11 +02:00
commit 96a604320a
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
4 changed files with 11 additions and 6 deletions

View File

@ -1,4 +1,6 @@
cacertHook() {
export NIX_SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
# left for compatibility
export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
}

View File

@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
"--with-iconv=${libiconv}"
"--with-dbm=gdbm"
"--with-zlib=${zlib}"
"--with-ca-bundle=$SSL_CERT_FILE"
"--with-ca-bundle=$NIX_SSL_CERT_FILE"
# TODO: Enable slib
# Current slib in nixpkgs is specialized to Guile
# "--with-slib=${slibGuile}/lib/slib"

View File

@ -43,7 +43,7 @@ in stdenv.mkDerivation rec {
mv click-*/click $out/pkgs/click
mv requests-*/requests $out/pkgs/
if [ "$IN_NIX_SHELL" != "1" ]; then
if [ -z "$IN_NIX_SHELL" ]; then
if [ -e git-export ]; then
mv git-export/src/pypi2nix $out/pkgs/pypi2nix
else

View File

@ -646,10 +646,13 @@ fi
export NIX_BUILD_CORES
# Prevent OpenSSL-based applications from using certificates in
# /etc/ssl.
# Leave it in shells for convenience.
if [ -z "${SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then
# Prevent SSL libraries from using certificates in /etc/ssl, unless set explicitly.
# Leave it in impure shells for convenience.
if [ -z "${NIX_SSL_CERT_FILE:-}" ] && [ "${IN_NIX_SHELL:-}" != "impure" ]; then
export NIX_SSL_CERT_FILE=/no-cert-file.crt
fi
# Another variant left for compatibility.
if [ -z "${SSL_CERT_FILE:-}" ] && [ "${IN_NIX_SHELL:-}" != "impure" ]; then
export SSL_CERT_FILE=/no-cert-file.crt
fi