diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-15 19:03:14 +0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-15 19:06:31 +0100 |
commit | 5092d625d6220ee738d80cc5161ddbeea18f14d8 (patch) | |
tree | 3f840072d3e83459d0bb0b4c397ee7b8795584ff /nixos/modules/security/ca.nix | |
parent | 75e1b5e317653a66dd64367fdf20f3d0cc9f6955 (diff) | |
download | nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.tar nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.tar.gz nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.tar.bz2 nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.tar.lz nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.tar.xz nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.tar.zst nixpkgs-5092d625d6220ee738d80cc5161ddbeea18f14d8.zip |
/etc/ssl/certs/ca-bundle.crt -> ca-certificates.crt
Even though there is no "official" standard location, it's better to stick to what most distros are using.
Diffstat (limited to 'nixos/modules/security/ca.nix')
-rw-r--r-- | nixos/modules/security/ca.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 2eaee815c7d..e60cb5cdb67 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -55,20 +55,21 @@ in security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ]; + # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. + environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; + + # Old NixOS compatibility. environment.etc."ssl/certs/ca-bundle.crt".source = caBundle; # CentOS/Fedora compatibility. environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle; - # Debian/Ubuntu/Arch/Gentoo compatibility. - environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; - environment.sessionVariables = - { SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; + { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # FIXME: unneeded - remove eventually. - OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; + OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # FIXME: unneeded - remove eventually. - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt"; + GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; }; }; |