diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2016-10-13T15·09+0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2016-10-13T15·09+0200 |
| commit | fb2dd3210072a03526e881cd2547cf4c2df4ba52 (patch) | |
| tree | 3d44c43f4d05a3f038b7e25e070dd50aef69bfa9 | |
| parent | 816d3e57248da2ce4976ae9f8334ee467bcd657e (diff) | |
SSL_CERT_FILE -> NIX_SSL_CERT_FILE
This prevents collisions with the "native" OpenSSL, in particular on OS X. Fixes #921.
| -rw-r--r-- | misc/docker/Dockerfile | 4 | ||||
| -rw-r--r-- | misc/launchd/org.nixos.nix-daemon.plist.in | 2 | ||||
| -rw-r--r-- | scripts/install-nix-from-closure.sh | 4 | ||||
| -rw-r--r-- | scripts/nix-profile.sh.in | 14 | ||||
| -rw-r--r-- | src/libstore/download.cc | 3 |
5 files changed, 14 insertions, 13 deletions
diff --git a/misc/docker/Dockerfile b/misc/docker/Dockerfile index 20171d2502..7b2865c946 100644 --- a/misc/docker/Dockerfile +++ b/misc/docker/Dockerfile @@ -13,11 +13,11 @@ ONBUILD ENV \ ENV=/etc/profile \ PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin \ GIT_SSL_CAINFO=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \ - SSL_CERT_FILE=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt + NIX_SSL_CERT_FILE=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt ENV \ ENV=/etc/profile \ PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin \ GIT_SSL_CAINFO=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \ - SSL_CERT_FILE=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \ + NIX_SSL_CERT_FILE=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \ NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/ diff --git a/misc/launchd/org.nixos.nix-daemon.plist.in b/misc/launchd/org.nixos.nix-daemon.plist.in index 0dd665db63..c5ef97ee9a 100644 --- a/misc/launchd/org.nixos.nix-daemon.plist.in +++ b/misc/launchd/org.nixos.nix-daemon.plist.in @@ -14,7 +14,7 @@ <string>/dev/null</string> <key>EnvironmentVariables</key> <dict> - <key>SSL_CERT_FILE</key> + <key>NIX_SSL_CERT_FILE</key> <string>/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt</string> </dict> </dict> diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh index a6b764bcb3..3b8c97ed26 100644 --- a/scripts/install-nix-from-closure.sh +++ b/scripts/install-nix-from-closure.sh @@ -76,9 +76,9 @@ if ! $nix/bin/nix-env -i "$nix"; then fi # Install an SSL certificate bundle. -if [ -z "$SSL_CERT_FILE" -o ! -f "$SSL_CERT_FILE" ]; then +if [ -z "$NIX_SSL_CERT_FILE" -o ! -f "$NIX_SSL_CERT_FILE" ]; then $nix/bin/nix-env -i "$cacert" - export SSL_CERT_FILE="$HOME/.nix-profile/etc/ssl/certs/ca-bundle.crt" + export NIX_SSL_CERT_FILE="$HOME/.nix-profile/etc/ssl/certs/ca-bundle.crt" fi # Subscribe the user to the Nixpkgs channel and fetch it. diff --git a/scripts/nix-profile.sh.in b/scripts/nix-profile.sh.in index 41111848b2..3cdf431041 100644 --- a/scripts/nix-profile.sh.in +++ b/scripts/nix-profile.sh.in @@ -66,19 +66,19 @@ if [ -n "$HOME" ] && [ -n "$USER" ]; then fi done - # Set $SSL_CERT_FILE so that Nixpkgs applications like curl work. + # Set $NIX_SSL_CERT_FILE so that Nixpkgs applications like curl work. if [ -e /etc/ssl/certs/ca-certificates.crt ]; then # NixOS, Ubuntu, Debian, Gentoo, Arch - export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt elif [ -e /etc/ssl/ca-bundle.pem ]; then # openSUSE Tumbleweed - export SSL_CERT_FILE=/etc/ssl/ca-bundle.pem + export NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS - export SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt + export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS - export SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt + export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt elif [ -e "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]; then # fall back to cacert in Nix profile - export SSL_CERT_FILE="$NIX_LINK/etc/ssl/certs/ca-bundle.crt" + export NIX_SSL_CERT_FILE="$NIX_LINK/etc/ssl/certs/ca-bundle.crt" elif [ -e "$NIX_LINK/etc/ca-bundle.crt" ]; then # old cacert in Nix profile - export SSL_CERT_FILE="$NIX_LINK/etc/ca-bundle.crt" + export NIX_SSL_CERT_FILE="$NIX_LINK/etc/ca-bundle.crt" fi if [ -n ${MANPATH} ]; then diff --git a/src/libstore/download.cc b/src/libstore/download.cc index b228cd0b4b..337ebc9bfe 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -210,7 +210,8 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_NOBODY, 1); if (request.verifyTLS) - curl_easy_setopt(req, CURLOPT_CAINFO, getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt").c_str()); + curl_easy_setopt(req, CURLOPT_CAINFO, + getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str()); else { curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); |