diff options
author | aszlig <aszlig@nix.build> | 2018-06-30 18:31:38 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-06-30 18:35:10 +0200 |
commit | 0c7c1660f78e4f6befe0a210e1a9efae783a1733 (patch) | |
tree | 37c7ad9c529dbe919ec7974f72fc143c79050044 /nixos/tests | |
parent | bdb0b2db44f29937e285c975e0d47cbbd25708b8 (diff) | |
download | nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.gz nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.bz2 nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.lz nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.xz nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.zst nixpkgs-0c7c1660f78e4f6befe0a210e1a9efae783a1733.zip |
nixos/tests/letsencrypt: Don't substitute certs
If one of the certificates of the chain gets substituted from a binary cache and the rest is generated locally it might turn out that we get invalid certificates, which in turn cause tests using this module to fail. So let's set allowSubstitutes to false for all derivations that are involved with certificate/key generation. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/common/letsencrypt.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/tests/common/letsencrypt.nix b/nixos/tests/common/letsencrypt.nix index 7c6b3b29e36..2c86fe8d68b 100644 --- a/nixos/tests/common/letsencrypt.nix +++ b/nixos/tests/common/letsencrypt.nix @@ -193,6 +193,7 @@ let snakeOilCa = pkgs.runCommand "snakeoil-ca" { buildInputs = [ pkgs.openssl ]; + allowSubstitutes = false; } '' mkdir "$out" openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 \ @@ -215,6 +216,7 @@ let ''; in pkgs.runCommand "snakeoil-certs-${fqdn}" { buildInputs = [ pkgs.openssl ]; + allowSubstitutes = false; } '' mkdir "$out" openssl genrsa -out "$out/snakeoil.key" 4096 |