diff options
author | aszlig <aszlig@nix.build> | 2018-07-12 00:56:48 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-07-12 02:32:46 +0200 |
commit | 7b87554ca16bc60527f14e1837792170360cf6be (patch) | |
tree | a66017794699347cff8b7169a6beba60747f6c79 /nixos/tests/common/resolver.nix | |
parent | c21b1ede95de8bead6a83b8f182fd17f2c6a0ee0 (diff) | |
download | nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.tar nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.tar.gz nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.tar.bz2 nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.tar.lz nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.tar.xz nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.tar.zst nixpkgs-7b87554ca16bc60527f14e1837792170360cf6be.zip |
nixos/tests/letsencrypt: Hardcode certs and keys
In 0c7c1660f78e4f6befe0a210e1a9efae783a1733 I have set allowSubstitutes to false, which avoided the substitution of the certificates. Unfortunately substitution may still happen later when the certificate is merged with the CA bundle. So the merged CA bundle might be substituted from a binary cache but the certificate itself is built locally, which could result in a different certificate in the bundle. So instead of adding just yet another workaround, I've now hardcoded all the certificates and keys in a separate file. This also moves letsencrypt.nix into its own directory so we don't mess up nixos/tests/common too much. This was long overdue and should finally make the dependency graph for the ACME test more deterministic. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'nixos/tests/common/resolver.nix')
-rw-r--r-- | nixos/tests/common/resolver.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/tests/common/resolver.nix b/nixos/tests/common/resolver.nix index a1901c5c816..6be8d1d18e6 100644 --- a/nixos/tests/common/resolver.nix +++ b/nixos/tests/common/resolver.nix @@ -18,7 +18,7 @@ defining this option needs to be explicitly imported. The reason this option exists is for the - <filename>nixos/tests/common/letsencrypt.nix</filename> module, which + <filename>nixos/tests/common/letsencrypt</filename> module, which needs that option to disable the resolver once the user has set its own resolver. ''; |