about summary refs log tree commit diff
path: root/scripts/install-multi-user.sh
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2018-05-26T15·41+0200
committerGitHub <noreply@github.com>2018-05-26T15·41+0200
commit0a830ef12d5bee2abf39c959812320d82d0c675a (patch)
tree0d63d3c72bf6e96fe00bedd0866f00b1a51e8006 /scripts/install-multi-user.sh
parentca9c6cb95db03cfb46e044dd45f113a72ee13bd2 (diff)
parente6466c20b37b7dcbeaa5c6dd4a1fef24101a310c (diff)
Merge pull request #2181 from grahamc/nix-install-behind-mitm-proxy
Install Nix behind MITM proxy
Diffstat (limited to 'scripts/install-multi-user.sh')
-rw-r--r--scripts/install-multi-user.sh12
1 files changed, 9 insertions, 3 deletions
diff --git a/scripts/install-multi-user.sh b/scripts/install-multi-user.sh
index 5f6542355e0c..b4eec2fe94cd 100644
--- a/scripts/install-multi-user.sh
+++ b/scripts/install-multi-user.sh
@@ -727,11 +727,17 @@ setup_default_profile() {
     _sudo "to installing a bootstrapping Nix in to the default Profile" \
           HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_NIX"
 
-    _sudo "to installing a bootstrapping SSL certificate just for Nix in to the default Profile" \
-          HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT"
+    if [ -z "$NIX_SSL_CERT_FILE" ] || ! [ -f "$NIX_SSL_CERT_FILE" ]; then
+        _sudo "to installing a bootstrapping SSL certificate just for Nix in to the default Profile" \
+              HOME="$ROOT_HOME" "$NIX_INSTALLED_NIX/bin/nix-env" -i "$NIX_INSTALLED_CACERT"
+        export NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
+    fi
 
+    # Have to explicitly pass NIX_SSL_CERT_FILE as part of the sudo call,
+    # otherwise it will be lost in environments where sudo doesn't pass
+    # all the environment variables by default.
     _sudo "to update the default channel in the default profile" \
-          HOME="$ROOT_HOME" NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs
+          HOME="$ROOT_HOME" NIX_SSL_CERT_FILE="$NIX_SSL_CERT_FILE" "$NIX_INSTALLED_NIX/bin/nix-channel" --update nixpkgs
 }