commit bfebc7342e42ebe7a57c9e21b11ab19579189bfd · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt

Eelco Dolstra 10 years ago bfebc734 7d2eb0c4

+9 -9

5 changed files

expand all

unified split

nixos

modules

programs

venus.nix

security

ca.nix

services

misc

nix-daemon.nix

monitoring

dd-agent.nix

networking

ddclient.nix

+1 -1

nixos/modules/programs/venus.nix

··· 165 script = "exec venus-planet ${configFile}"; 166 serviceConfig.User = "${cfg.user}"; 167 serviceConfig.Group = "${cfg.group}"; 168 - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; 169 startAt = cfg.dates; 170 }; 171

··· 165 script = "exec venus-planet ${configFile}"; 166 serviceConfig.User = "${cfg.user}"; 167 serviceConfig.Group = "${cfg.group}"; 168 + environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; 169 startAt = cfg.dates; 170 }; 171

+5 -5

nixos/modules/security/ca.nix

··· 4 5 let 6 7 - caBundle = pkgs.runCommand "ca-bundle.crt" 8 { files = 9 config.security.pki.certificateFiles ++ 10 [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ]; ··· 26 description = '' 27 A list of files containing trusted root certificates in PEM 28 format. These are concatenated to form 29 - <filename>/etc/ssl/certs/ca-bundle.crt</filename>, which is 30 used by many programs that use OpenSSL, such as 31 <command>curl</command> and <command>git</command>. 32 ''; ··· 56 security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; 57 58 # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. 59 - environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; 60 61 # Old NixOS compatibility. 62 - environment.etc."ssl/certs/ca-bundle.crt".source = caBundle; 63 64 # CentOS/Fedora compatibility. 65 - environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle; 66 67 environment.sessionVariables = 68 { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";

··· 4 5 let 6 7 + caCertificates = pkgs.runCommand "ca-certificates.crt" 8 { files = 9 config.security.pki.certificateFiles ++ 10 [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ]; ··· 26 description = '' 27 A list of files containing trusted root certificates in PEM 28 format. These are concatenated to form 29 + <filename>/etc/ssl/certs/ca-certificates.crt</filename>, which is 30 used by many programs that use OpenSSL, such as 31 <command>curl</command> and <command>git</command>. 32 ''; ··· 56 security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; 57 58 # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. 59 + environment.etc."ssl/certs/ca-certificates.crt".source = caCertificates; 60 61 # Old NixOS compatibility. 62 + environment.etc."ssl/certs/ca-bundle.crt".source = caCertificates; 63 64 # CentOS/Fedora compatibility. 65 + environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates; 66 67 environment.sessionVariables = 68 { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";

+1 -1

nixos/modules/services/misc/nix-daemon.nix

··· 364 ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; 365 366 environment = cfg.envVars 367 - // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; } 368 // config.networking.proxy.envVars; 369 370 serviceConfig =

··· 364 ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; 365 366 environment = cfg.envVars 367 + // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; } 368 // config.networking.proxy.envVars; 369 370 serviceConfig =

+1 -1

nixos/modules/services/monitoring/dd-agent.nix

··· 183 Restart = "always"; 184 RestartSec = 2; 185 }; 186 - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; 187 restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ]; 188 }; 189

··· 183 Restart = "always"; 184 RestartSec = 2; 185 }; 186 + environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; 187 restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ]; 188 }; 189

+1 -1

nixos/modules/services/networking/ddclient.nix

··· 127 wantedBy = [ "multi-user.target" ]; 128 after = [ "network.target" ]; 129 130 - environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; 131 serviceConfig = { 132 # Uncomment this if too many problems occur: 133 # Type = "forking";

··· 127 wantedBy = [ "multi-user.target" ]; 128 after = [ "network.target" ]; 129 130 + environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; 131 serviceConfig = { 132 # Uncomment this if too many problems occur: 133 # Type = "forking";