wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-28 09:31:16 +02:00
Code Activity

Provide a builtin default for $NIX_SSL_CERT_FILE

Browse source 
This is mostly to ensure that when Nix is started on macOS via a
launchd service or sshd (for a remote build), it gets a certificate
bundle.
This commit is contained in:
Eelco Dolstra 2017-06-12 16:44:43 +02:00
parent 7f5b750b40
commit 847f19a5f7
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
3 changed files with 13 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/libstore/globals.cc
View file

@ -41,7 +41,15 @@ Settings::Settings()
{
buildUsersGroup = getuid() == 0 ? "nixbld" : "";
lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", ""));
if (caFile == "") {
for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
if (pathExists(fn)) {
caFile = fn;
break;
}
}
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");