pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #33010 from LnL7/cacert-hook

cacert: add hook that sets SSL_CERT_FILE

authored by

Daiderd Jordan and committed by
GitHub 5a02143c 84f97360

+19 -28
unified split
+1 -2
pkgs/build-support/fetchbower/default.nix
··· 11 12 fetchbower = name: version: target: outputHash: stdenv.mkDerivation { 13 name = "${cleanName name}-${bowerVersion version}"; 14 - SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 15 buildCommand = '' 16 fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}" 17 # In some cases, the result of fetchBower is different depending ··· 23 outputHashMode = "recursive"; 24 outputHashAlgo = "sha256"; 25 inherit outputHash; 26 - buildInputs = [ bower2nix ]; 27 }; 28 29 in fetchbower
··· 11 12 fetchbower = name: version: target: outputHash: stdenv.mkDerivation { 13 name = "${cleanName name}-${bowerVersion version}"; 14 buildCommand = '' 15 fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}" 16 # In some cases, the result of fetchBower is different depending ··· 22 outputHashMode = "recursive"; 23 outputHashAlgo = "sha256"; 24 inherit outputHash; 25 + buildInputs = [ cacert bower2nix ]; 26 }; 27 28 in fetchbower
+1 -2
pkgs/build-support/fetchdarcs/default.nix
··· 7 else 8 stdenv.mkDerivation { 9 name = "fetchdarcs"; 10 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 11 builder = ./builder.sh; 12 - buildInputs = [darcs]; 13 14 outputHashAlgo = "sha256"; 15 outputHashMode = "recursive";
··· 7 else 8 stdenv.mkDerivation { 9 name = "fetchdarcs"; 10 builder = ./builder.sh; 11 + buildInputs = [cacert darcs]; 12 13 outputHashAlgo = "sha256"; 14 outputHashMode = "recursive";
+1 -3
pkgs/build-support/fetchgx/default.nix
··· 6 name = "${name}-gxdeps"; 7 inherit src; 8 9 - buildInputs = [ go gx gx-go ]; 10 11 outputHashAlgo = "sha256"; 12 outputHashMode = "recursive"; 13 outputHash = sha256; 14 15 phases = [ "unpackPhase" "buildPhase" "installPhase" ]; 16 - 17 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 18 19 buildPhase = '' 20 export GOPATH=$(pwd)/vendor
··· 6 name = "${name}-gxdeps"; 7 inherit src; 8 9 + buildInputs = [ cacert go gx gx-go ]; 10 11 outputHashAlgo = "sha256"; 12 outputHashMode = "recursive"; 13 outputHash = sha256; 14 15 phases = [ "unpackPhase" "buildPhase" "installPhase" ]; 16 17 buildPhase = '' 18 export GOPATH=$(pwd)/vendor
+1 -2
pkgs/build-support/rust/default.nix
··· 32 33 patchRegistryDeps = ./patch-registry-deps; 34 35 - buildInputs = [ git rust.cargo rust.rustc ] ++ buildInputs; 36 37 configurePhase = args.configurePhase or '' 38 runHook preConfigure ··· 60 unset cargoDepsCopy 61 62 export RUST_LOG=${logLevel} 63 - export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 64 '' + (args.postUnpack or ""); 65 66 buildPhase = with builtins; args.buildPhase or ''
··· 32 33 patchRegistryDeps = ./patch-registry-deps; 34 35 + buildInputs = [ cacert git rust.cargo rust.rustc ] ++ buildInputs; 36 37 configurePhase = args.configurePhase or '' 38 runHook preConfigure ··· 60 unset cargoDepsCopy 61 62 export RUST_LOG=${logLevel} 63 '' + (args.postUnpack or ""); 64 65 buildPhase = with builtins; args.buildPhase or ''
-1
pkgs/build-support/rust/fetchcargo.nix
··· 19 exit 1 20 fi 21 22 - export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 23 export CARGO_HOME=$(mktemp -d cargo-home.XXX) 24 25 cargo vendor
··· 19 exit 1 20 fi 21 22 export CARGO_HOME=$(mktemp -d cargo-home.XXX) 23 24 cargo vendor
+2
pkgs/data/misc/cacert/default.nix
··· 52 cp -v ca-bundle.crt $out/etc/ssl/certs 53 ''; 54 55 meta = { 56 homepage = https://curl.haxx.se/docs/caextract.html; 57 description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";
··· 52 cp -v ca-bundle.crt $out/etc/ssl/certs 53 ''; 54 55 + setupHook = ./setup-hook.sh; 56 + 57 meta = { 58 homepage = https://curl.haxx.se/docs/caextract.html; 59 description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";
+6
pkgs/data/misc/cacert/setup-hook.sh
···
··· 1 + cacertHook() { 2 + export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt 3 + } 4 + 5 + envHooks+=(cacertHook) 6 + crossEnvHooks+=(cacertHook)
+1 -3
pkgs/development/compilers/go/1.7.nix
··· 35 36 # perl is used for testing go vet 37 nativeBuildInputs = [ perl which pkgconfig patch ]; 38 - buildInputs = [ pcre ]; 39 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 40 41 hardeningDisable = [ "all" ]; ··· 115 sha256 = "1ny5l3f8a9dpjjrnjnsplb66308a0x13sa0wwr4j6yrkc8j4qxqi"; 116 }) 117 ]; 118 - 119 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 120 121 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 122 GOARCH = if stdenv.isDarwin then "amd64"
··· 35 36 # perl is used for testing go vet 37 nativeBuildInputs = [ perl which pkgconfig patch ]; 38 + buildInputs = [ cacert pcre ]; 39 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 40 41 hardeningDisable = [ "all" ]; ··· 115 sha256 = "1ny5l3f8a9dpjjrnjnsplb66308a0x13sa0wwr4j6yrkc8j4qxqi"; 116 }) 117 ]; 118 119 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 120 GOARCH = if stdenv.isDarwin then "amd64"
+1 -3
pkgs/development/compilers/go/1.8.nix
··· 37 # perl is used for testing go vet 38 nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] 39 ++ optionals stdenv.isLinux [ procps ]; 40 - buildInputs = [ pcre ] 41 ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; 42 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 43 ··· 121 echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" 122 substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil 123 ''; 124 - 125 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 126 127 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 128 GOARCH = if stdenv.isDarwin then "amd64"
··· 37 # perl is used for testing go vet 38 nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] 39 ++ optionals stdenv.isLinux [ procps ]; 40 + buildInputs = [ cacert pcre ] 41 ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; 42 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 43 ··· 121 echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" 122 substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil 123 ''; 124 125 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 126 GOARCH = if stdenv.isDarwin then "amd64"
+1 -3
pkgs/development/compilers/go/1.9.nix
··· 37 # perl is used for testing go vet 38 nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] 39 ++ optionals stdenv.isLinux [ procps ]; 40 - buildInputs = [ pcre ] 41 ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; 42 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 43 ··· 127 echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" 128 substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil 129 ''; 130 - 131 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 132 133 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 134 GOARCH = if stdenv.isDarwin then "amd64"
··· 37 # perl is used for testing go vet 38 nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ] 39 ++ optionals stdenv.isLinux [ procps ]; 40 + buildInputs = [ cacert pcre ] 41 ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; 42 propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ]; 43 ··· 127 echo "substitute hardcoded dsymutil with ${llvm}/bin/llvm-dsymutil" 128 substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil 129 ''; 130 131 GOOS = if stdenv.isDarwin then "darwin" else "linux"; 132 GOARCH = if stdenv.isDarwin then "amd64"
+1 -3
pkgs/development/compilers/rust/cargo.nix
··· 24 passthru.rustc = rustc; 25 26 nativeBuildInputs = [ pkgconfig ]; 27 - buildInputs = [ file curl python openssl cmake zlib makeWrapper libgit2 ] 28 ++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ]; 29 30 LIBGIT2_SYS_USE_PKG_CONFIG=1; ··· 48 ''; 49 50 checkPhase = '' 51 - # Export SSL_CERT_FILE as without it one test fails with SSL verification error 52 - export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt 53 # Disable cross compilation tests 54 export CFG_DISABLE_CROSS_TESTS=1 55 cargo test
··· 24 passthru.rustc = rustc; 25 26 nativeBuildInputs = [ pkgconfig ]; 27 + buildInputs = [ cacert file curl python openssl cmake zlib makeWrapper libgit2 ] 28 ++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ]; 29 30 LIBGIT2_SYS_USE_PKG_CONFIG=1; ··· 48 ''; 49 50 checkPhase = '' 51 # Disable cross compilation tests 52 export CFG_DISABLE_CROSS_TESTS=1 53 cargo test
+2 -4
pkgs/development/r-modules/default.nix
··· 3 { R, pkgs, overrides }: 4 5 let 6 - inherit (pkgs) fetchurl stdenv lib; 7 8 buildRPackage = pkgs.callPackage ./generic-builder.nix { 9 inherit R; ··· 912 }); 913 914 geojsonio = old.geojsonio.overrideDerivation (attrs: { 915 - preConfigure = '' 916 - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt 917 - ''; 918 }); 919 920 rstan = old.rstan.overrideDerivation (attrs: {
··· 3 { R, pkgs, overrides }: 4 5 let 6 + inherit (pkgs) cacert fetchurl stdenv lib; 7 8 buildRPackage = pkgs.callPackage ./generic-builder.nix { 9 inherit R; ··· 912 }); 913 914 geojsonio = old.geojsonio.overrideDerivation (attrs: { 915 + buildInputs = [ cacert ] ++ attrs.buildInputs; 916 }); 917 918 rstan = old.rstan.overrideDerivation (attrs: {
+1 -2
pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
··· 32 # traffic, so don't do that. 33 preferLocalBuild = true; 34 35 - buildInputs = [ git gnupg ]; 36 - NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; 37 } '' 38 git init src && ( 39 cd src
··· 32 # traffic, so don't do that. 33 preferLocalBuild = true; 34 35 + buildInputs = [ cacert git gnupg ]; 36 } '' 37 git init src && ( 38 cd src