1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 22:33:57 +02:00

Call getDefaultSSLCertFile() only when none is specified

This does pathExists on various paths, which crashes on EPERM in the
macOS sandbox.

(cherry picked from commit b7cde90c6b)
This commit is contained in:
Yorick van Pelt 2023-05-11 13:09:02 +02:00 committed by Emily
parent 75ec8e3130
commit 24e1dc4d74
2 changed files with 3 additions and 1 deletions

View file

@ -47,6 +47,8 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "")
caFile = sslOverride;
else if (caFile == "")
caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");

View file

@ -858,7 +858,7 @@ public:
)"};
Setting<Path> caFile{
this, getDefaultSSLCertFile(), "ssl-cert-file",
this, "", "ssl-cert-file",
R"(
The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use