diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-15 18:55:07 +0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-02-15 19:06:31 +0100 |
commit | 75e1b5e317653a66dd64367fdf20f3d0cc9f6955 (patch) | |
tree | b2057740c0199e3a57ac44d62e197a9cc8c2fc78 /nixos/modules/security/ca.nix | |
parent | ca2d7774e006dcf2a6f642e9b4a0e3b2df0ade02 (diff) | |
download | nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.tar nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.tar.gz nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.tar.bz2 nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.tar.lz nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.tar.xz nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.tar.zst nixpkgs-75e1b5e317653a66dd64367fdf20f3d0cc9f6955.zip |
Provide symlinks to ca-bundle.crt for compat with other distros
There is no "standard" location for the certificate bundle, so many programs/libraries have various hard-coded default locations that don't exist on NixOS. To make these more likely to work, provide some symlinks.
Diffstat (limited to 'nixos/modules/security/ca.nix')
-rw-r--r-- | nixos/modules/security/ca.nix | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index e070ffc95e4..2eaee815c7d 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -2,6 +2,19 @@ with lib; +let + + caBundle = pkgs.runCommand "ca-bundle.crt" + { files = + config.security.pki.certificateFiles ++ + [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ]; + } + '' + cat $files > $out + ''; + +in + { options = { @@ -42,18 +55,13 @@ with lib; security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ]; - environment.etc = - [ { source = pkgs.runCommand "ca-bundle.crt" - { files = - config.security.pki.certificateFiles ++ - [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ]; - } - '' - cat $files > $out - ''; - target = "ssl/certs/ca-bundle.crt"; - } - ]; + environment.etc."ssl/certs/ca-bundle.crt".source = caBundle; + + # CentOS/Fedora compatibility. + environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle; + + # Debian/Ubuntu/Arch/Gentoo compatibility. + environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; environment.sessionVariables = { SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; |