Merge pull request #33010 from LnL7/cacert-hook

pyrox.dev / nixpkgs

fork atom

lol

fork atom

cacert: add hook that sets SSL_CERT_FILE

authored by

Daiderd Jordan and committed by

GitHub 8 years ago 5a02143c 84f97360

+19 -28

13 changed files

expand all

unified split

pkgs

build-support

fetchbower

default.nix

fetchdarcs

default.nix

fetchgx

default.nix

rust

default.nix

fetchcargo.nix

data

misc

cacert

default.nix

setup-hook.sh

development

compilers

1.7.nix

1.8.nix

1.9.nix

rust

cargo.nix

r-modules

default.nix

os-specific

linux

firmware

firmware-linux-nonfree

default.nix

+1 -2

pkgs/build-support/fetchbower/default.nix

··· 11 11 12 12 fetchbower = name: version: target: outputHash: stdenv.mkDerivation { 13 13 name = "${cleanName name}-${bowerVersion version}"; 14 - SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 15 14 buildCommand = '' 16 15 fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}" 17 16 # In some cases, the result of fetchBower is different depending ··· 23 22 outputHashMode = "recursive"; 24 23 outputHashAlgo = "sha256"; 25 24 inherit outputHash; 26 - buildInputs = [ bower2nix ]; 25 + buildInputs = [ cacert bower2nix ]; 27 26 }; 28 27 29 28 in fetchbower

+1 -2

pkgs/build-support/fetchdarcs/default.nix

··· 7 7 else 8 8 stdenv.mkDerivation { 9 9 name = "fetchdarcs"; 10 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 11 10 builder = ./builder.sh; 12 - buildInputs = [darcs]; 11 + buildInputs = [cacert darcs]; 13 12 14 13 outputHashAlgo = "sha256"; 15 14 outputHashMode = "recursive";

+1 -3

pkgs/build-support/fetchgx/default.nix

··· 6 6 name = "${name}-gxdeps"; 7 7 inherit src; 8 8 9 - buildInputs = [ go gx gx-go ]; 9 + buildInputs = [ cacert go gx gx-go ]; 10 10 11 11 outputHashAlgo = "sha256"; 12 12 outputHashMode = "recursive"; 13 13 outputHash = sha256; 14 14 15 15 phases = [ "unpackPhase" "buildPhase" "installPhase" ]; 16 - 17 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 18 16 19 17 buildPhase = '' 20 18 export GOPATH=$(pwd)/vendor

+1 -2

pkgs/build-support/rust/default.nix

··· 32 32 33 33 patchRegistryDeps = ./patch-registry-deps; 34 34 35 - buildInputs = [ git rust.cargo rust.rustc ] ++ buildInputs; 35 + buildInputs = [ cacert git rust.cargo rust.rustc ] ++ buildInputs; 36 36 37 37 configurePhase = args.configurePhase or '' 38 38 runHook preConfigure ··· 60 60 unset cargoDepsCopy 61 61 62 62 export RUST_LOG=${logLevel} 63 - export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 64 63 '' + (args.postUnpack or ""); 65 64 66 65 buildPhase = with builtins; args.buildPhase or ''

-1

pkgs/build-support/rust/fetchcargo.nix

··· 19 19 exit 1 20 20 fi 21 21 22 - export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 23 22 export CARGO_HOME=$(mktemp -d cargo-home.XXX) 24 23 25 24 cargo vendor

pkgs/data/misc/cacert/default.nix

··· 52 52 cp -v ca-bundle.crt $out/etc/ssl/certs 53 53 ''; 54 54 55 + setupHook = ./setup-hook.sh; 56 + 55 57 meta = { 56 58 homepage = https://curl.haxx.se/docs/caextract.html; 57 59 description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";

pkgs/data/misc/cacert/setup-hook.sh

··· 1 + cacertHook() { 2 + export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt 3 + } 4 + 5 + envHooks+=(cacertHook) 6 + crossEnvHooks+=(cacertHook)

+1 -3

pkgs/development/compilers/go/1.7.nix

··· 35 35 36 36 # perl is used for testing go vet 37 37 nativeBuildInputs = [ perl which pkgconfig patch ]; 38 - buildInputs = [ pcre ]; 38 + buildInputs = [ cacert pcre ]; 39 39 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 40 40 41 41 hardeningDisable = [ "all" ]; ··· 115 115 sha256 = "1ny5l3f8a9dpjjrnjnsplb66308a0x13sa0wwr4j6yrkc8j4qxqi"; 116 116 }) 117 117 ]; 118 - 119 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 120 118 121 119 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 122 120 GOARCH = if stdenv.isDarwin then "amd64"

+1 -3

pkgs/development/compilers/go/1.8.nix

··· 37 37 # perl is used for testing go vet 38 38 nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] 39 39 ++ optionals stdenv.isLinux [ procps ]; 40 - buildInputs = [ pcre ] 40 + buildInputs = [ cacert pcre ] 41 41 ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; 42 42 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 43 43 ··· 121 121 echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" 122 122 substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil 123 123 ''; 124 - 125 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 126 124 127 125 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 128 126 GOARCH = if stdenv.isDarwin then "amd64"

+1 -3

pkgs/development/compilers/go/1.9.nix

··· 37 37 # perl is used for testing go vet 38 38 nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] 39 39 ++ optionals stdenv.isLinux [ procps ]; 40 - buildInputs = [ pcre ] 40 + buildInputs = [ cacert pcre ] 41 41 ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; 42 42 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 43 43 ··· 127 127 echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" 128 128 substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil 129 129 ''; 130 - 131 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 132 130 133 131 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 134 132 GOARCH = if stdenv.isDarwin then "amd64"

+1 -3

pkgs/development/compilers/rust/cargo.nix

··· 24 24 passthru.rustc = rustc; 25 25 26 26 nativeBuildInputs = [ pkgconfig ]; 27 - buildInputs = [ file curl python openssl cmake zlib makeWrapper libgit2 ] 27 + buildInputs = [ cacert file curl python openssl cmake zlib makeWrapper libgit2 ] 28 28 ++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ]; 29 29 30 30 LIBGIT2_SYS_USE_PKG_CONFIG=1; ··· 48 48 ''; 49 49 50 50 checkPhase = '' 51 - # Export SSL_CERT_FILE as without it one test fails with SSL verification error 52 - export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 53 51 # Disable cross compilation tests 54 52 export CFG_DISABLE_CROSS_TESTS=1 55 53 cargo test

+2 -4

pkgs/development/r-modules/default.nix

··· 3 3 { R, pkgs, overrides }: 4 4 5 5 let 6 - inherit (pkgs) fetchurl stdenv lib; 6 + inherit (pkgs) cacert fetchurl stdenv lib; 7 7 8 8 buildRPackage = pkgs.callPackage ./generic-builder.nix { 9 9 inherit R; ··· 912 912 }); 913 913 914 914 geojsonio = old.geojsonio.overrideDerivation (attrs: { 915 - preConfigure = '' 916 - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt 917 - ''; 915 + buildInputs = [ cacert ] ++ attrs.buildInputs; 918 916 }); 919 917 920 918 rstan = old.rstan.overrideDerivation (attrs: {

+1 -2

pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix

··· 32 32 # traffic, so don't do that. 33 33 preferLocalBuild = true; 34 34 35 - buildInputs = [ git gnupg ]; 36 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 35 + buildInputs = [ cacert git gnupg ]; 37 36 } '' 38 37 git init src && ( 39 38 cd src