In 0c7c1660f7 I have set allowSubstitutes
to false, which avoided the substitution of the certificates.
Unfortunately substitution may still happen later when the certificate
is merged with the CA bundle. So the merged CA bundle might be
substituted from a binary cache but the certificate itself is built
locally, which could result in a different certificate in the bundle.
So instead of adding just yet another workaround, I've now hardcoded all
the certificates and keys in a separate file. This also moves
letsencrypt.nix into its own directory so we don't mess up
nixos/tests/common too much.
This was long overdue and should finally make the dependency graph for
the ACME test more deterministic.
Signed-off-by: aszlig <aszlig@nix.build>
Since e95f17e272, Go packages no longer
contain the source tree, however Boulder seems to need that as it
generates a few files during build.
Ideally we would only pick the files that are needed and put it into a
separate output, but I currently don't have time for this so I'm marking
this with XXX to get back to it later.
Signed-off-by: aszlig <aszlig@nix.build>
The Tor Browser Bundle is free software under various licenses:
> Can I distribute Tor?
>
> Yes.
>
> The Tor software is free software. This means we give you the rights
> to redistribute the Tor software, either modified or unmodified,
> either for a fee or gratis. You don't have to ask us for specific
> permission.
>
> However, if you want to redistribute the Tor software you must follow
> our LICENSE. Essentially this means that you need to include our
> LICENSE file along with whatever part of the Tor software you're
> distributing.
>
> Most people who ask us this question don't want to distribute just the
> Tor software, though. They want to distribute the Tor Browser. This
> includes Firefox Extended Support Release, and the NoScript and
> HTTPS-Everywhere extensions. You will need to follow the license for
> those programs as well. Both of those Firefox extensions are
> distributed under the GNU General Public License, while Firefox ESR is
> released under the Mozilla Public License. The simplest way to obey
> their licenses is to include the source code for these programs
> everywhere you include the bundles themselves.
(https://www.torproject.org/docs/faq.html.en#DistributingTor)
tor-browser-bundle-bin is already marked as licenses.free, so it doesn't
really make sense that this one is marked as unfree.