Merge pull request #33010 from LnL7/cacert-hook

cacert: add hook that sets SSL_CERT_FILE
This commit is contained in:
Daiderd Jordan 2018-01-07 09:55:15 +01:00 committed by GitHub
commit 5a02143c20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 19 additions and 28 deletions

View File

@ -11,7 +11,6 @@ let
fetchbower = name: version: target: outputHash: stdenv.mkDerivation { fetchbower = name: version: target: outputHash: stdenv.mkDerivation {
name = "${cleanName name}-${bowerVersion version}"; name = "${cleanName name}-${bowerVersion version}";
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildCommand = '' buildCommand = ''
fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}" fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}"
# In some cases, the result of fetchBower is different depending # In some cases, the result of fetchBower is different depending
@ -23,7 +22,7 @@ let
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHashAlgo = "sha256"; outputHashAlgo = "sha256";
inherit outputHash; inherit outputHash;
buildInputs = [ bower2nix ]; buildInputs = [ cacert bower2nix ];
}; };
in fetchbower in fetchbower

View File

@ -7,9 +7,8 @@ if md5 != "" then
else else
stdenv.mkDerivation { stdenv.mkDerivation {
name = "fetchdarcs"; name = "fetchdarcs";
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
builder = ./builder.sh; builder = ./builder.sh;
buildInputs = [darcs]; buildInputs = [cacert darcs];
outputHashAlgo = "sha256"; outputHashAlgo = "sha256";
outputHashMode = "recursive"; outputHashMode = "recursive";

View File

@ -6,7 +6,7 @@ stdenv.mkDerivation {
name = "${name}-gxdeps"; name = "${name}-gxdeps";
inherit src; inherit src;
buildInputs = [ go gx gx-go ]; buildInputs = [ cacert go gx gx-go ];
outputHashAlgo = "sha256"; outputHashAlgo = "sha256";
outputHashMode = "recursive"; outputHashMode = "recursive";
@ -14,8 +14,6 @@ stdenv.mkDerivation {
phases = [ "unpackPhase" "buildPhase" "installPhase" ]; phases = [ "unpackPhase" "buildPhase" "installPhase" ];
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = '' buildPhase = ''
export GOPATH=$(pwd)/vendor export GOPATH=$(pwd)/vendor
mkdir -p vendor mkdir -p vendor

View File

@ -32,7 +32,7 @@ in stdenv.mkDerivation (args // {
patchRegistryDeps = ./patch-registry-deps; patchRegistryDeps = ./patch-registry-deps;
buildInputs = [ git rust.cargo rust.rustc ] ++ buildInputs; buildInputs = [ cacert git rust.cargo rust.rustc ] ++ buildInputs;
configurePhase = args.configurePhase or '' configurePhase = args.configurePhase or ''
runHook preConfigure runHook preConfigure
@ -60,7 +60,6 @@ in stdenv.mkDerivation (args // {
unset cargoDepsCopy unset cargoDepsCopy
export RUST_LOG=${logLevel} export RUST_LOG=${logLevel}
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
'' + (args.postUnpack or ""); '' + (args.postUnpack or "");
buildPhase = with builtins; args.buildPhase or '' buildPhase = with builtins; args.buildPhase or ''

View File

@ -19,7 +19,6 @@ stdenv.mkDerivation {
exit 1 exit 1
fi fi
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
export CARGO_HOME=$(mktemp -d cargo-home.XXX) export CARGO_HOME=$(mktemp -d cargo-home.XXX)
cargo vendor cargo vendor

View File

@ -52,6 +52,8 @@ stdenv.mkDerivation rec {
cp -v ca-bundle.crt $out/etc/ssl/certs cp -v ca-bundle.crt $out/etc/ssl/certs
''; '';
setupHook = ./setup-hook.sh;
meta = { meta = {
homepage = https://curl.haxx.se/docs/caextract.html; homepage = https://curl.haxx.se/docs/caextract.html;
description = "A bundle of X.509 certificates of public Certificate Authorities (CA)"; description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";

View File

@ -0,0 +1,6 @@
cacertHook() {
export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt
}
envHooks+=(cacertHook)
crossEnvHooks+=(cacertHook)

View File

@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
# perl is used for testing go vet # perl is used for testing go vet
nativeBuildInputs = [ perl which pkgconfig patch ]; nativeBuildInputs = [ perl which pkgconfig patch ];
buildInputs = [ pcre ]; buildInputs = [ cacert pcre ];
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
@ -116,8 +116,6 @@ stdenv.mkDerivation rec {
}) })
]; ];
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GOOS = if stdenv.isDarwin then "darwin" else "linux"; GOOS = if stdenv.isDarwin then "darwin" else "linux";
GOARCH = if stdenv.isDarwin then "amd64" GOARCH = if stdenv.isDarwin then "amd64"
else if stdenv.system == "i686-linux" then "386" else if stdenv.system == "i686-linux" then "386"

View File

@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
# perl is used for testing go vet # perl is used for testing go vet
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
++ optionals stdenv.isLinux [ procps ]; ++ optionals stdenv.isLinux [ procps ];
buildInputs = [ pcre ] buildInputs = [ cacert pcre ]
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
@ -122,8 +122,6 @@ stdenv.mkDerivation rec {
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
''; '';
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GOOS = if stdenv.isDarwin then "darwin" else "linux"; GOOS = if stdenv.isDarwin then "darwin" else "linux";
GOARCH = if stdenv.isDarwin then "amd64" GOARCH = if stdenv.isDarwin then "amd64"
else if stdenv.system == "i686-linux" then "386" else if stdenv.system == "i686-linux" then "386"

View File

@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
# perl is used for testing go vet # perl is used for testing go vet
nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
++ optionals stdenv.isLinux [ procps ]; ++ optionals stdenv.isLinux [ procps ];
buildInputs = [ pcre ] buildInputs = [ cacert pcre ]
++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
@ -128,8 +128,6 @@ stdenv.mkDerivation rec {
substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
''; '';
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GOOS = if stdenv.isDarwin then "darwin" else "linux"; GOOS = if stdenv.isDarwin then "darwin" else "linux";
GOARCH = if stdenv.isDarwin then "amd64" GOARCH = if stdenv.isDarwin then "amd64"
else if stdenv.system == "i686-linux" then "386" else if stdenv.system == "i686-linux" then "386"

View File

@ -24,7 +24,7 @@ rustPlatform.buildRustPackage rec {
passthru.rustc = rustc; passthru.rustc = rustc;
nativeBuildInputs = [ pkgconfig ]; nativeBuildInputs = [ pkgconfig ];
buildInputs = [ file curl python openssl cmake zlib makeWrapper libgit2 ] buildInputs = [ cacert file curl python openssl cmake zlib makeWrapper libgit2 ]
++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ]; ++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ];
LIBGIT2_SYS_USE_PKG_CONFIG=1; LIBGIT2_SYS_USE_PKG_CONFIG=1;
@ -48,8 +48,6 @@ rustPlatform.buildRustPackage rec {
''; '';
checkPhase = '' checkPhase = ''
# Export SSL_CERT_FILE as without it one test fails with SSL verification error
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
# Disable cross compilation tests # Disable cross compilation tests
export CFG_DISABLE_CROSS_TESTS=1 export CFG_DISABLE_CROSS_TESTS=1
cargo test cargo test

View File

@ -3,7 +3,7 @@
{ R, pkgs, overrides }: { R, pkgs, overrides }:
let let
inherit (pkgs) fetchurl stdenv lib; inherit (pkgs) cacert fetchurl stdenv lib;
buildRPackage = pkgs.callPackage ./generic-builder.nix { buildRPackage = pkgs.callPackage ./generic-builder.nix {
inherit R; inherit R;
@ -912,9 +912,7 @@ let
}); });
geojsonio = old.geojsonio.overrideDerivation (attrs: { geojsonio = old.geojsonio.overrideDerivation (attrs: {
preConfigure = '' buildInputs = [ cacert ] ++ attrs.buildInputs;
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
'';
}); });
rstan = old.rstan.overrideDerivation (attrs: { rstan = old.rstan.overrideDerivation (attrs: {

View File

@ -32,8 +32,7 @@ stdenv.mkDerivation rec {
# traffic, so don't do that. # traffic, so don't do that.
preferLocalBuild = true; preferLocalBuild = true;
buildInputs = [ git gnupg ]; buildInputs = [ cacert git gnupg ];
NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
} '' } ''
git init src && ( git init src && (
cd src cd src