cacert: cleanup exporting SSL_CERT_FILE

author: Daiderd Jordan <daiderd@gmail.com> 2017-12-27 21:26:36 +0100
committer: Daiderd Jordan <daiderd@gmail.com> 2017-12-27 21:36:32 +0100
commit: 091c2b9f04189301f18ff0bc8336541d137f1d61 (patch)
tree: 808197fe6e9bca7e6e84a65530d9c0e2a58c81ad
parent: bfccf8e42cb42a3876b4ed7c4514552f53e66d90 (diff)
download: nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar
nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.gz
nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.bz2
nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.lz
nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.xz
nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.zst
nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.zip
11 files changed, 11 insertions, 28 deletions
diff --git a/pkgs/build-support/fetchbower/default.nix b/pkgs/build-support/fetchbower/default.nix
index 3e1f0eff84a..ba1c8420e91 100644
--- a/pkgs/build-support/fetchbower/default.nix
+++ b/pkgs/build-support/fetchbower/default.nix
@@ -11,7 +11,6 @@ let
 
   fetchbower = name: version: target: outputHash: stdenv.mkDerivation {
     name = "${cleanName name}-${bowerVersion version}";
-    SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
     buildCommand = ''
       fetch-bower --quiet --out=$PWD/out "${name}" "${target}" "${version}"
       # In some cases, the result of fetchBower is different depending
@@ -23,7 +22,7 @@ let
     outputHashMode = "recursive";
     outputHashAlgo = "sha256";
     inherit outputHash;
-    buildInputs = [ bower2nix ];
+    buildInputs = [ cacert bower2nix ];
   };
 
 in fetchbower
diff --git a/pkgs/build-support/fetchdarcs/default.nix b/pkgs/build-support/fetchdarcs/default.nix
index 2df1b136c55..48d87cc5d10 100644
--- a/pkgs/build-support/fetchdarcs/default.nix
+++ b/pkgs/build-support/fetchdarcs/default.nix
@@ -7,9 +7,8 @@ if md5 != "" then
 else
 stdenv.mkDerivation {
   name = "fetchdarcs";
-  NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
   builder = ./builder.sh;
-  buildInputs = [darcs];
+  buildInputs = [cacert darcs];
 
   outputHashAlgo = "sha256";
   outputHashMode = "recursive";
diff --git a/pkgs/build-support/fetchgx/default.nix b/pkgs/build-support/fetchgx/default.nix
index ea91a0854d1..65061ce0f63 100644
--- a/pkgs/build-support/fetchgx/default.nix
+++ b/pkgs/build-support/fetchgx/default.nix
@@ -6,7 +6,7 @@ stdenv.mkDerivation {
   name = "${name}-gxdeps";
   inherit src;
 
-  buildInputs = [ go gx gx-go ];
+  buildInputs = [ cacert go gx gx-go ];
 
   outputHashAlgo = "sha256";
   outputHashMode = "recursive";
@@ -14,8 +14,6 @@ stdenv.mkDerivation {
 
   phases = [ "unpackPhase" "buildPhase" "installPhase" ];
 
-  NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
   buildPhase = ''
     export GOPATH=$(pwd)/vendor
     mkdir -p vendor
diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix
index 57948c33bbc..d720532e147 100644
--- a/pkgs/build-support/rust/default.nix
+++ b/pkgs/build-support/rust/default.nix
@@ -32,7 +32,7 @@ in stdenv.mkDerivation (args // {
 
   patchRegistryDeps = ./patch-registry-deps;
 
-  buildInputs = [ git rust.cargo rust.rustc ] ++ buildInputs;
+  buildInputs = [ cacert git rust.cargo rust.rustc ] ++ buildInputs;
 
   configurePhase = args.configurePhase or ''
     runHook preConfigure
@@ -60,7 +60,6 @@ in stdenv.mkDerivation (args // {
     unset cargoDepsCopy
 
     export RUST_LOG=${logLevel}
-    export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
   '' + (args.postUnpack or "");
 
   buildPhase = with builtins; args.buildPhase or ''
diff --git a/pkgs/build-support/rust/fetchcargo.nix b/pkgs/build-support/rust/fetchcargo.nix
index 9b3ba530339..8c136d86488 100644
--- a/pkgs/build-support/rust/fetchcargo.nix
+++ b/pkgs/build-support/rust/fetchcargo.nix
@@ -19,7 +19,6 @@ stdenv.mkDerivation {
         exit 1
     fi
 
-    export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
     export CARGO_HOME=$(mktemp -d cargo-home.XXX)
 
     cargo vendor
diff --git a/pkgs/development/compilers/go/1.7.nix b/pkgs/development/compilers/go/1.7.nix
index b1230da5a14..82ed9b53c60 100644
--- a/pkgs/development/compilers/go/1.7.nix
+++ b/pkgs/development/compilers/go/1.7.nix
@@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
 
   # perl is used for testing go vet
   nativeBuildInputs = [ perl which pkgconfig patch ];
-  buildInputs = [ pcre ];
+  buildInputs = [ cacert pcre ];
   propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
 
   hardeningDisable = [ "all" ];
@@ -116,8 +116,6 @@ stdenv.mkDerivation rec {
       })
     ];
 
-  NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
   GOOS = if stdenv.isDarwin then "darwin" else "linux";
   GOARCH = if stdenv.isDarwin then "amd64"
            else if stdenv.system == "i686-linux" then "386"
diff --git a/pkgs/development/compilers/go/1.8.nix b/pkgs/development/compilers/go/1.8.nix
index 210f259df89..050a2f3c865 100644
--- a/pkgs/development/compilers/go/1.8.nix
+++ b/pkgs/development/compilers/go/1.8.nix
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
   # perl is used for testing go vet
   nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
     ++ optionals stdenv.isLinux [ procps ];
-  buildInputs = [ pcre ]
+  buildInputs = [ cacert pcre ]
     ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
   propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
 
@@ -122,8 +122,6 @@ stdenv.mkDerivation rec {
     substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
   '';
 
-  NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
   GOOS = if stdenv.isDarwin then "darwin" else "linux";
   GOARCH = if stdenv.isDarwin then "amd64"
            else if stdenv.system == "i686-linux" then "386"
diff --git a/pkgs/development/compilers/go/1.9.nix b/pkgs/development/compilers/go/1.9.nix
index 8708bd762c4..8b8481c2656 100644
--- a/pkgs/development/compilers/go/1.9.nix
+++ b/pkgs/development/compilers/go/1.9.nix
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
   # perl is used for testing go vet
   nativeBuildInputs = [ perl which pkgconfig patch makeWrapper ]
     ++ optionals stdenv.isLinux [ procps ];
-  buildInputs = [ pcre ]
+  buildInputs = [ cacert pcre ]
     ++ optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ];
   propagatedBuildInputs = optionals stdenv.isDarwin [ Security Foundation ];
 
@@ -128,8 +128,6 @@ stdenv.mkDerivation rec {
     substituteInPlace "src/cmd/link/internal/ld/lib.go" --replace dsymutil ${llvm}/bin/llvm-dsymutil
   '';
 
-  NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
   GOOS = if stdenv.isDarwin then "darwin" else "linux";
   GOARCH = if stdenv.isDarwin then "amd64"
            else if stdenv.system == "i686-linux" then "386"
diff --git a/pkgs/development/compilers/rust/cargo.nix b/pkgs/development/compilers/rust/cargo.nix
index fb3001bbf17..386ffa62294 100644
--- a/pkgs/development/compilers/rust/cargo.nix
+++ b/pkgs/development/compilers/rust/cargo.nix
@@ -24,7 +24,7 @@ rustPlatform.buildRustPackage rec {
   passthru.rustc = rustc;
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ file curl python openssl cmake zlib makeWrapper libgit2 ]
+  buildInputs = [ cacert file curl python openssl cmake zlib makeWrapper libgit2 ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ CoreFoundation libiconv ];
 
   LIBGIT2_SYS_USE_PKG_CONFIG=1;
@@ -48,8 +48,6 @@ rustPlatform.buildRustPackage rec {
   '';
 
   checkPhase = ''
-    # Export SSL_CERT_FILE as without it one test fails with SSL verification error
-    export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
     # Disable cross compilation tests
     export CFG_DISABLE_CROSS_TESTS=1
     cargo test
diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix
index 76c0e522777..de800f701e3 100644
--- a/pkgs/development/r-modules/default.nix
+++ b/pkgs/development/r-modules/default.nix
@@ -3,7 +3,7 @@
 { R, pkgs, overrides }:
 
 let
-  inherit (pkgs) fetchurl stdenv lib;
+  inherit (pkgs) cacert fetchurl stdenv lib;
 
   buildRPackage = pkgs.callPackage ./generic-builder.nix {
     inherit R;
@@ -912,9 +912,7 @@ let
     });
 
     geojsonio = old.geojsonio.overrideDerivation (attrs: {
-      preConfigure = ''
-        export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
-        '';
+      buildInputs = [ cacert ] ++ attrs.buildInputs;
     });
 
     rstan = old.rstan.overrideDerivation (attrs: {
diff --git a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
index 0044a3f6f4a..3bd03d7b40c 100644
--- a/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
+++ b/pkgs/os-specific/linux/firmware/firmware-linux-nonfree/default.nix
@@ -32,8 +32,7 @@ stdenv.mkDerivation rec {
     # traffic, so don't do that.
     preferLocalBuild = true;
 
-    buildInputs = [ git gnupg ];
-    NIX_SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+    buildInputs = [ cacert git gnupg ];
   } ''
     git init src && (
       cd src
author	Daiderd Jordan <daiderd@gmail.com>	2017-12-27 21:26:36 +0100
committer	Daiderd Jordan <daiderd@gmail.com>	2017-12-27 21:36:32 +0100
commit	091c2b9f04189301f18ff0bc8336541d137f1d61 (patch)
tree	808197fe6e9bca7e6e84a65530d9c0e2a58c81ad
parent	bfccf8e42cb42a3876b4ed7c4514552f53e66d90 (diff)
download	nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.gz nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.bz2 nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.lz nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.xz nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.tar.zst nixpkgs-091c2b9f04189301f18ff0bc8336541d137f1d61.zip