diff options
| author | Florian Klink <flokli@flokli.de> | 2024-07-07T14·16+0300 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2024-07-07T15·11+0000 |
| commit | d17c3d96b61a38b8a1900ca3b08bafff8e863cd2 (patch) | |
| tree | 15faeaa4efedfb9c6fdfc0841c32711c7ed7e9fd /tvix | |
| parent | 89d204d295345af6b64b2c5d515cfcf02828abf5 (diff) | |
refactor(tvix): point SSL_CERT_FILE to /dev/null r/8357
reqwest wants to be able to read a file of trust roots when constructed, but as it doesn't actually do any HTTPS connections inside the nix build, an empty list of trust roots is totally sufficient. Thankfully /dev/null provides such a file. Change-Id: I9bd1619b2c9f8ff2a6640d2ac410d4de5b20c2ea Reviewed-on: https://cl.tvl.fyi/c/depot/+/11961 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi>
Diffstat (limited to 'tvix')
| -rw-r--r-- | tvix/boot/tests/default.nix | 2 | ||||
| -rw-r--r-- | tvix/castore/default.nix | 6 | ||||
| -rw-r--r-- | tvix/cli/default.nix | 6 | ||||
| -rw-r--r-- | tvix/glue/default.nix | 4 | ||||
| -rw-r--r-- | tvix/store/default.nix | 6 |
5 files changed, 12 insertions, 12 deletions
diff --git a/tvix/boot/tests/default.nix b/tvix/boot/tests/default.nix index 31f69d11c83a..26640d6e921b 100644 --- a/tvix/boot/tests/default.nix +++ b/tvix/boot/tests/default.nix @@ -53,7 +53,7 @@ let buildCommand = '' touch $out # Ensure we can construct http clients. - export SSL_CERT_FILE="${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt" + export SSL_CERT_FILE=/dev/null ${preStart} diff --git a/tvix/castore/default.nix b/tvix/castore/default.nix index 03a12b6c2016..9c210884f6e3 100644 --- a/tvix/castore/default.nix +++ b/tvix/castore/default.nix @@ -3,7 +3,7 @@ (depot.tvix.crates.workspaceMembers.tvix-castore.build.override { runTests = true; testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt; + export SSL_CERT_FILE=/dev/null ''; }).overrideAttrs (old: rec { meta.ci.targets = [ "integration-tests" ] ++ lib.filter (x: lib.hasPrefix "with-features" x || x == "no-features") (lib.attrNames passthru); @@ -13,13 +13,13 @@ # virtiofs feature currently fails to build on Darwin ++ lib.optional pkgs.stdenv.isLinux "virtiofs"); override.testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=/dev/null ''; }) // { integration-tests = depot.tvix.crates.workspaceMembers.${old.crateName}.build.override (old: { runTests = true; testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt; + export SSL_CERT_FILE=/dev/null export PATH="$PATH:${pkgs.lib.makeBinPath [ pkgs.cbtemulator pkgs.google-cloud-bigtable-tool ]}" ''; features = old.features ++ [ "integration" ]; diff --git a/tvix/cli/default.nix b/tvix/cli/default.nix index 3ed7a7ccfaec..90394f6d28c7 100644 --- a/tvix/cli/default.nix +++ b/tvix/cli/default.nix @@ -3,7 +3,7 @@ (depot.tvix.crates.workspaceMembers.tvix-cli.build.override { runTests = true; testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt; + export SSL_CERT_FILE=/dev/null ''; }).overrideAttrs (finalAttrs: previousAttrs: @@ -30,7 +30,7 @@ let mkExprBenchmark = { expr, description }: let name = "tvix-cli-benchmark-${description}"; in (pkgs.runCommand name { } '' - export SSL_CERT_FILE=${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=/dev/null ${lib.escapeShellArgs [ "${pkgs.time}/bin/time" "--format" "${benchmark-gnutime-format-string description}" @@ -54,7 +54,7 @@ let name = "tvix-eval-test-${builtins.replaceStrings [".drv"] ["-drv"] attrpath}"; in (pkgs.runCommand name { } '' - export SSL_CERT_FILE=${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=/dev/null TVIX_OUTPUT=$(${tvix-cli}/bin/tvix -E '(import ${pkgs.path} {}).${attrpath}') EXPECTED='${/* the verbatim expected Tvix output: */ "=> \"${builtins.unsafeDiscardStringContext expectedPath}\" :: string"}' diff --git a/tvix/glue/default.nix b/tvix/glue/default.nix index 14c7e214f25b..e2b36e94b87f 100644 --- a/tvix/glue/default.nix +++ b/tvix/glue/default.nix @@ -3,7 +3,7 @@ (depot.tvix.crates.workspaceMembers.tvix-glue.build.override { runTests = true; testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt; + export SSL_CERT_FILE=/dev/null ''; }).overrideAttrs (old: rec { meta.ci.targets = lib.filter (x: lib.hasPrefix "with-features" x || x == "no-features") (lib.attrNames passthru); @@ -11,7 +11,7 @@ inherit (old) crateName; features = [ "nix_tests" ]; override.testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt; + export SSL_CERT_FILE=/dev/null ''; }; }) diff --git a/tvix/store/default.nix b/tvix/store/default.nix index 3fe47fe60b11..d5d4609beff9 100644 --- a/tvix/store/default.nix +++ b/tvix/store/default.nix @@ -25,7 +25,7 @@ in (depot.tvix.crates.workspaceMembers.tvix-store.build.override (old: { runTests = true; testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=/dev/null ''; features = old.features # virtiofs feature currently fails to build on Darwin @@ -41,13 +41,13 @@ in # virtiofs feature currently fails to build on Darwin ++ lib.optional pkgs.stdenv.isLinux "virtiofs"); override.testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=/dev/null ''; }) // { integration-tests = depot.tvix.crates.workspaceMembers.${old.crateName}.build.override (old: { runTests = true; testPreRun = '' - export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt; + export SSL_CERT_FILE=/dev/null export PATH="$PATH:${pkgs.lib.makeBinPath [ pkgs.cbtemulator pkgs.google-cloud-bigtable-tool ]}" ''; features = old.features ++ [ "integration" ]; |