Merge pull request #33010 from LnL7/cacert-hook

cacert: add hook that sets SSL_CERT_FILE
This commit is contained in:
Daiderd Jordan 2018-01-07 09:55:15 +01:00 committed by GitHub
commit 5a02143c20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 19 additions and 28 deletions

View File

@ -11,7 +11,6 @@ let
fetchbower = name: version: target: outputHash: stdenv.mkDerivation {
name = "${cleanName name}-${bowerVersion version}";
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildCommand = ''
fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}"
# In some cases, the result of fetchBower is different depending
@ -23,7 +22,7 @@ let
outputHashMode = "recursive";
outputHashAlgo = "sha256";
inherit outputHash;
buildInputs = [ bower2nix ];
buildInputs = [ cacert bower2nix ];
};
in fetchbower

View File

@ -7,9 +7,8 @@ if md5 != "" then
else
stdenv.mkDerivation {
name = "fetchdarcs";
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
builder = ./builder.sh;
buildInputs = [darcs];
buildInputs = [cacert darcs];
outputHashAlgo = "sha256";
outputHashMode = "recursive";

View File

@ -6,7 +6,7 @@ stdenv.mkDerivation {
name = "${name}-gxdeps";
inherit src;
buildInputs = [ go gx gx-go ];
buildInputs = [ cacert go gx gx-go ];
outputHashAlgo = "sha256";
outputHashMode = "recursive";
@ -14,8 +14,6 @@ stdenv.mkDerivation {
phases = [ "unpackPhase" "buildPhase" "installPhase" ];
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
export GOPATH=$(pwd)/vendor
mkdir -p vendor

View File

@ -32,7 +32,7 @@ in stdenv.mkDerivation (args // {
patchRegistryDeps = ./patch-registry-deps;
buildInputs = [ git rust.cargo rust.rustc ] ++ buildInputs;
buildInputs = [ cacert git rust.cargo rust.rustc ] ++ buildInputs;
configurePhase = args.configurePhase or ''
runHook preConfigure
@ -60,7 +60,6 @@ in stdenv.mkDerivation (args // {
unset cargoDepsCopy
export RUST_LOG=${logLevel}
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
'' + (args.postUnpack or "");
buildPhase = with builtins; args.buildPhase or ''

View File

@ -19,7 +19,6 @@ stdenv.mkDerivation {
exit 1
fi
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
export CARGO_HOME=$(mktemp -d cargo-home.XXX)
cargo vendor

View File

@ -52,6 +52,8 @@ stdenv.mkDerivation rec {
cp -v ca-bundle.crt $out/etc/ssl/certs
'';
setupHook = ./setup-hook.sh;
meta = {
homepage = https://curl.haxx.se/docs/caextract.html;
description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";

View File

@ -0,0 +1,6 @@
cacertHook() {
export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
}
envHooks+=(cacertHook)
crossEnvHooks+=(cacertHook)

View File

@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
# perl is used for testing go vet
nativeBuildInputs = [ perl which pkgconfig patch ];
buildInputs = [ pcre ];
buildInputs = [ cacert pcre ];
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
hardeningDisable = [ "all" ];
@ -116,8 +116,6 @@ stdenv.mkDerivation rec {
})
];
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GOOS = if stdenv.isDarwin then "darwin" else "linux";
GOARCH = if stdenv.isDarwin then "amd64"
else if stdenv.system == "i686-linux" then "386"

View File

@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
# perl is used for testing go vet
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
++ optionals stdenv.isLinux [ procps ];
buildInputs = [ pcre ]
buildInputs = [ cacert pcre ]
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
@ -122,8 +122,6 @@ stdenv.mkDerivation rec {
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
'';
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GOOS = if stdenv.isDarwin then "darwin" else "linux";
GOARCH = if stdenv.isDarwin then "amd64"
else if stdenv.system == "i686-linux" then "386"

View File

@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
# perl is used for testing go vet
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
++ optionals stdenv.isLinux [ procps ];
buildInputs = [ pcre ]
buildInputs = [ cacert pcre ]
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
@ -128,8 +128,6 @@ stdenv.mkDerivation rec {
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
'';
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GOOS = if stdenv.isDarwin then "darwin" else "linux";
GOARCH = if stdenv.isDarwin then "amd64"
else if stdenv.system == "i686-linux" then "386"

View File

@ -24,7 +24,7 @@ rustPlatform.buildRustPackage rec {
passthru.rustc = rustc;
nativeBuildInputs = [ pkgconfig ];
buildInputs = [ file curl python openssl cmake zlib makeWrapper libgit2 ]
buildInputs = [ cacert file curl python openssl cmake zlib makeWrapper libgit2 ]
++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ];
LIBGIT2_SYS_USE_PKG_CONFIG=1;
@ -48,8 +48,6 @@ rustPlatform.buildRustPackage rec {
'';
checkPhase = ''
# Export SSL_CERT_FILE as without it one test fails with SSL verification error
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
# Disable cross compilation tests
export CFG_DISABLE_CROSS_TESTS=1
cargo test

View File

@ -3,7 +3,7 @@
{ R, pkgs, overrides }:
let
inherit (pkgs) fetchurl stdenv lib;
inherit (pkgs) cacert fetchurl stdenv lib;
buildRPackage = pkgs.callPackage ./generic-builder.nix {
inherit R;
@ -912,9 +912,7 @@ let
});
geojsonio = old.geojsonio.overrideDerivation (attrs: {
preConfigure = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
'';
buildInputs = [ cacert ] ++ attrs.buildInputs;
});
rstan = old.rstan.overrideDerivation (attrs: {

View File

@ -32,8 +32,7 @@ stdenv.mkDerivation rec {
# traffic, so don't do that.
preferLocalBuild = true;
buildInputs = [ git gnupg ];
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildInputs = [ cacert git gnupg ];
} ''
git init src && (
cd src