mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-25 20:34:52 +03:00
Merge pull request #24203 from layus/nix-ssl-cert-file
git, curl, openssl: Refactor $NIX_SSL_CERT_FILE handling
This commit is contained in:
commit
f0875982d1
@ -30,7 +30,6 @@ stdenv.mkDerivation {
|
||||
./symlinks-in-bin.patch
|
||||
./git-sh-i18n.patch
|
||||
./ssh-path.patch
|
||||
./ssl-cert-file.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
|
@ -1,14 +0,0 @@
|
||||
diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c
|
||||
--- git-2.7.4-orig/http.c 2016-03-17 21:47:59.000000000 +0100
|
||||
+++ git-2.7.4/http.c 2016-04-12 11:38:33.187070848 +0200
|
||||
@@ -544,6 +544,10 @@
|
||||
#if LIBCURL_VERSION_NUM >= 0x070908
|
||||
set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
|
||||
#endif
|
||||
+ if (getenv("NIX_SSL_CERT_FILE"))
|
||||
+ set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE");
|
||||
+ else
|
||||
+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
|
||||
set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
|
||||
|
||||
set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
|
@ -20,7 +20,8 @@ let
|
||||
patches =
|
||||
(args.patches or [])
|
||||
++ [ ./nix-ssl-cert-file.patch ]
|
||||
++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch
|
||||
++ optional (versionOlder version "1.1.0")
|
||||
(if stdenv.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch)
|
||||
++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch
|
||||
++ optional
|
||||
(versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")))
|
||||
|
@ -0,0 +1,13 @@
|
||||
diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h
|
||||
--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100
|
||||
+++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100
|
||||
@@ -81,8 +81,8 @@
|
||||
|
||||
# ifndef OPENSSL_SYS_VMS
|
||||
# define X509_CERT_AREA OPENSSLDIR
|
||||
# define X509_CERT_DIR OPENSSLDIR "/certs"
|
||||
-# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
|
||||
+# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
|
||||
# define X509_PRIVATE_DIR OPENSSLDIR "/private"
|
||||
# else
|
||||
# define X509_CERT_AREA "SSLROOT:[000000]"
|
@ -28,8 +28,6 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw";
|
||||
};
|
||||
|
||||
patches = [ ./nix-ssl-cert-file.patch ];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" "devdoc" ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
@ -57,9 +55,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
# OS X does not have a default system bundle, so we assume cacerts is installed in the default nix-env profile
|
||||
# This sucks. We should probably just include the latest cacerts in the darwin bootstrap.
|
||||
"--with-ca-bundle=${if stdenv.isDarwin then "/nix/var/nix/profiles/default" else ""}/etc/ssl/certs/ca-${if stdenv.isDarwin then "bundle" else "certificates"}.crt"
|
||||
"--with-ca-fallback"
|
||||
"--disable-manual"
|
||||
( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" )
|
||||
( if gnutlsSupport then "--with-gnutls=${gnutls.dev}" else "--without-gnutls" )
|
||||
|
@ -1,14 +0,0 @@
|
||||
diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
|
||||
--- curl-7.50.3-orig/src/tool_operate.c 2016-09-06 23:25:06.000000000 +0200
|
||||
+++ curl-7.50.3/src/tool_operate.c 2016-10-14 11:51:48.999943142 +0200
|
||||
@@ -269,7 +269,9 @@
|
||||
capath_from_env = true;
|
||||
}
|
||||
else {
|
||||
- env = curlx_getenv("SSL_CERT_FILE");
|
||||
+ env = curlx_getenv("NIX_SSL_CERT_FILE");
|
||||
+ if(!env)
|
||||
+ env = curlx_getenv("SSL_CERT_FILE");
|
||||
if(env) {
|
||||
config->cacert = strdup(env);
|
||||
if(!config->cacert) {
|
Loading…
Reference in New Issue
Block a user