wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 18:31:49 +02:00
Code Activity

Call getDefaultSSLCertFile() only when none is specified

Browse source 
This does pathExists on various paths, which crashes on EPERM in the
macOS sandbox.

(cherry picked from commit b7cde90c6b)
This commit is contained in:
Yorick van Pelt 2023-05-11 13:09:02 +02:00 committed by Emily
parent 75ec8e3130
commit 24e1dc4d74
2 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/libstore/globals.cc
View file

@ -47,6 +47,8 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "")
caFile = sslOverride;
else if (caFile == "")
caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");

2
src/libstore/globals.hh
View file

@ -858,7 +858,7 @@ public:
)"};
Setting<Path> caFile{
this, getDefaultSSLCertFile(), "ssl-cert-file",
this, "", "ssl-cert-file",
R"(
The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use