mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-25 04:12:44 +03:00
Merge pull request #33010 from LnL7/cacert-hook
cacert: add hook that sets SSL_CERT_FILE
This commit is contained in:
commit
5a02143c20
@ -11,7 +11,6 @@ let
|
||||
|
||||
fetchbower = name: version: target: outputHash: stdenv.mkDerivation {
|
||||
name = "${cleanName name}-${bowerVersion version}";
|
||||
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
buildCommand = ''
|
||||
fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}"
|
||||
# In some cases, the result of fetchBower is different depending
|
||||
@ -23,7 +22,7 @@ let
|
||||
outputHashMode = "recursive";
|
||||
outputHashAlgo = "sha256";
|
||||
inherit outputHash;
|
||||
buildInputs = [ bower2nix ];
|
||||
buildInputs = [ cacert bower2nix ];
|
||||
};
|
||||
|
||||
in fetchbower
|
||||
|
@ -7,9 +7,8 @@ if md5 != "" then
|
||||
else
|
||||
stdenv.mkDerivation {
|
||||
name = "fetchdarcs";
|
||||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
builder = ./builder.sh;
|
||||
buildInputs = [darcs];
|
||||
buildInputs = [cacert darcs];
|
||||
|
||||
outputHashAlgo = "sha256";
|
||||
outputHashMode = "recursive";
|
||||
|
@ -6,7 +6,7 @@ stdenv.mkDerivation {
|
||||
name = "${name}-gxdeps";
|
||||
inherit src;
|
||||
|
||||
buildInputs = [ go gx gx-go ];
|
||||
buildInputs = [ cacert go gx gx-go ];
|
||||
|
||||
outputHashAlgo = "sha256";
|
||||
outputHashMode = "recursive";
|
||||
@ -14,8 +14,6 @@ stdenv.mkDerivation {
|
||||
|
||||
phases = [ "unpackPhase" "buildPhase" "installPhase" ];
|
||||
|
||||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
buildPhase = ''
|
||||
export GOPATH=$(pwd)/vendor
|
||||
mkdir -p vendor
|
||||
|
@ -32,7 +32,7 @@ in stdenv.mkDerivation (args // {
|
||||
|
||||
patchRegistryDeps = ./patch-registry-deps;
|
||||
|
||||
buildInputs = [ git rust.cargo rust.rustc ] ++ buildInputs;
|
||||
buildInputs = [ cacert git rust.cargo rust.rustc ] ++ buildInputs;
|
||||
|
||||
configurePhase = args.configurePhase or ''
|
||||
runHook preConfigure
|
||||
@ -60,7 +60,6 @@ in stdenv.mkDerivation (args // {
|
||||
unset cargoDepsCopy
|
||||
|
||||
export RUST_LOG=${logLevel}
|
||||
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
'' + (args.postUnpack or "");
|
||||
|
||||
buildPhase = with builtins; args.buildPhase or ''
|
||||
|
@ -19,7 +19,6 @@ stdenv.mkDerivation {
|
||||
exit 1
|
||||
fi
|
||||
|
||||
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
export CARGO_HOME=$(mktemp -d cargo-home.XXX)
|
||||
|
||||
cargo vendor
|
||||
|
@ -52,6 +52,8 @@ stdenv.mkDerivation rec {
|
||||
cp -v ca-bundle.crt $out/etc/ssl/certs
|
||||
'';
|
||||
|
||||
setupHook = ./setup-hook.sh;
|
||||
|
||||
meta = {
|
||||
homepage = https://curl.haxx.se/docs/caextract.html;
|
||||
description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";
|
||||
|
6
pkgs/data/misc/cacert/setup-hook.sh
Normal file
6
pkgs/data/misc/cacert/setup-hook.sh
Normal file
@ -0,0 +1,6 @@
|
||||
cacertHook() {
|
||||
export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
|
||||
}
|
||||
|
||||
envHooks+=(cacertHook)
|
||||
crossEnvHooks+=(cacertHook)
|
@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
# perl is used for testing go vet
|
||||
nativeBuildInputs = [ perl which pkgconfig patch ];
|
||||
buildInputs = [ pcre ];
|
||||
buildInputs = [ cacert pcre ];
|
||||
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
|
||||
|
||||
hardeningDisable = [ "all" ];
|
||||
@ -116,8 +116,6 @@ stdenv.mkDerivation rec {
|
||||
})
|
||||
];
|
||||
|
||||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
GOOS = if stdenv.isDarwin then "darwin" else "linux";
|
||||
GOARCH = if stdenv.isDarwin then "amd64"
|
||||
else if stdenv.system == "i686-linux" then "386"
|
||||
|
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
|
||||
# perl is used for testing go vet
|
||||
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
|
||||
++ optionals stdenv.isLinux [ procps ];
|
||||
buildInputs = [ pcre ]
|
||||
buildInputs = [ cacert pcre ]
|
||||
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
|
||||
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
|
||||
|
||||
@ -122,8 +122,6 @@ stdenv.mkDerivation rec {
|
||||
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
|
||||
'';
|
||||
|
||||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
GOOS = if stdenv.isDarwin then "darwin" else "linux";
|
||||
GOARCH = if stdenv.isDarwin then "amd64"
|
||||
else if stdenv.system == "i686-linux" then "386"
|
||||
|
@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
|
||||
# perl is used for testing go vet
|
||||
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
|
||||
++ optionals stdenv.isLinux [ procps ];
|
||||
buildInputs = [ pcre ]
|
||||
buildInputs = [ cacert pcre ]
|
||||
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
|
||||
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
|
||||
|
||||
@ -128,8 +128,6 @@ stdenv.mkDerivation rec {
|
||||
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
|
||||
'';
|
||||
|
||||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
GOOS = if stdenv.isDarwin then "darwin" else "linux";
|
||||
GOARCH = if stdenv.isDarwin then "amd64"
|
||||
else if stdenv.system == "i686-linux" then "386"
|
||||
|
@ -24,7 +24,7 @@ rustPlatform.buildRustPackage rec {
|
||||
passthru.rustc = rustc;
|
||||
|
||||
nativeBuildInputs = [ pkgconfig ];
|
||||
buildInputs = [ file curl python openssl cmake zlib makeWrapper libgit2 ]
|
||||
buildInputs = [ cacert file curl python openssl cmake zlib makeWrapper libgit2 ]
|
||||
++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ];
|
||||
|
||||
LIBGIT2_SYS_USE_PKG_CONFIG=1;
|
||||
@ -48,8 +48,6 @@ rustPlatform.buildRustPackage rec {
|
||||
'';
|
||||
|
||||
checkPhase = ''
|
||||
# Export SSL_CERT_FILE as without it one test fails with SSL verification error
|
||||
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
# Disable cross compilation tests
|
||||
export CFG_DISABLE_CROSS_TESTS=1
|
||||
cargo test
|
||||
|
@ -3,7 +3,7 @@
|
||||
{ R, pkgs, overrides }:
|
||||
|
||||
let
|
||||
inherit (pkgs) fetchurl stdenv lib;
|
||||
inherit (pkgs) cacert fetchurl stdenv lib;
|
||||
|
||||
buildRPackage = pkgs.callPackage ./generic-builder.nix {
|
||||
inherit R;
|
||||
@ -912,9 +912,7 @@ let
|
||||
});
|
||||
|
||||
geojsonio = old.geojsonio.overrideDerivation (attrs: {
|
||||
preConfigure = ''
|
||||
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
'';
|
||||
buildInputs = [ cacert ] ++ attrs.buildInputs;
|
||||
});
|
||||
|
||||
rstan = old.rstan.overrideDerivation (attrs: {
|
||||
|
@ -32,8 +32,7 @@ stdenv.mkDerivation rec {
|
||||
# traffic, so don't do that.
|
||||
preferLocalBuild = true;
|
||||
|
||||
buildInputs = [ git gnupg ];
|
||||
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
buildInputs = [ cacert git gnupg ];
|
||||
} ''
|
||||
git init src && (
|
||||
cd src
|
||||
|
Loading…
Reference in New Issue
Block a user