diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-07-31 01:30:15 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-07-31 01:34:58 +0200 |
commit | 55932c1beca26c7b5b7c259d95f6eb80644150a7 (patch) | |
tree | a2faafd73c3dcda7418278961a6ddf41d6d33d5c /pkgs/applications | |
parent | 23562aad59048e8e1202e618fcf402079f1593b8 (diff) | |
download | nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.tar nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.tar.gz nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.tar.bz2 nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.tar.lz nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.tar.xz nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.tar.zst nixpkgs-55932c1beca26c7b5b7c259d95f6eb80644150a7.zip |
Don't statically depend on cacert for certificates
This reverts commit cd52c044568bdf1108428698048a9af92dc0b625 and others. Managing certificates (including revoking certificates and adding custom certificates) becomes extremely painful if every package in the system potentially depends on a different copy of cacert. Also, it makes updating cacert rather expensive.
Diffstat (limited to 'pkgs/applications')
9 files changed, 18 insertions, 30 deletions
diff --git a/pkgs/applications/graphics/shotwell/default.nix b/pkgs/applications/graphics/shotwell/default.nix index 2b25f8d41f6..052ba9402be 100644 --- a/pkgs/applications/graphics/shotwell/default.nix +++ b/pkgs/applications/graphics/shotwell/default.nix @@ -1,7 +1,7 @@ { fetchurl, stdenv, m4, glibc, gtk3, libexif, libgphoto2, libsoup, libxml2, vala, sqlite , webkitgtk24x, pkgconfig, gnome3, gst_all_1, which, udev, libraw, glib, json_glib , gettext, desktop_file_utils, lcms2, gdk_pixbuf, librsvg, makeWrapper -, gnome_doc_utils, hicolor_icon_theme, cacert }: +, gnome_doc_utils, hicolor_icon_theme }: # for dependencies see http://www.yorba.org/projects/shotwell/install/ @@ -15,9 +15,9 @@ stdenv.mkDerivation rec { }; NIX_CFLAGS_COMPILE = "-I${glib}/include/glib-2.0 -I${glib}/lib/glib-2.0/include"; - + configureFlags = [ "--disable-gsettings-convert-install" ]; - + preConfigure = '' patchShebangs . ''; diff --git a/pkgs/applications/networking/browsers/vimb/default.nix b/pkgs/applications/networking/browsers/vimb/default.nix index 3222e87ac65..84a2870b6d0 100644 --- a/pkgs/applications/networking/browsers/vimb/default.nix +++ b/pkgs/applications/networking/browsers/vimb/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, libsoup, webkit, gtk, glib_networking -, gsettings_desktop_schemas, makeWrapper, cacert +, gsettings_desktop_schemas, makeWrapper }: stdenv.mkDerivation rec { @@ -11,11 +11,6 @@ stdenv.mkDerivation rec { sha256 = "0h9m5qfs09lb0dz8a79yccmm3a5rv6z8gi5pkyfh8fqkgkh2940p"; }; - # Nixos default ca bundle - patchPhase = '' - sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, src/config.def.h - ''; - buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ]; makeFlags = [ "PREFIX=$(out)" ]; diff --git a/pkgs/applications/networking/browsers/vimprobable2/default.nix b/pkgs/applications/networking/browsers/vimprobable2/default.nix index ad5f8aa4691..6f8eede9b3f 100644 --- a/pkgs/applications/networking/browsers/vimprobable2/default.nix +++ b/pkgs/applications/networking/browsers/vimprobable2/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, makeWrapper, glib, glib_networking, gtk, libsoup, libX11, perl, - pkgconfig, webkit, gsettings_desktop_schemas, cacert }: + pkgconfig, webkit, gsettings_desktop_schemas }: stdenv.mkDerivation rec { version = "1.4.2"; @@ -9,11 +9,6 @@ stdenv.mkDerivation rec { sha256 = "13jdximksh9r3cgd2f8vms0pbsn3x0gxvyqdqiw16xp5fmdx5kzr"; }; - # Nixos default ca bundle - patchPhase = '' - sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, config.h - ''; - buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ]; installPhase = '' diff --git a/pkgs/applications/networking/cluster/panamax/api/default.nix b/pkgs/applications/networking/cluster/panamax/api/default.nix index 524433b45fb..dcfef83f1be 100644 --- a/pkgs/applications/networking/cluster/panamax/api/default.nix +++ b/pkgs/applications/networking/cluster/panamax/api/default.nix @@ -1,5 +1,5 @@ { stdenv, buildEnv, fetchgit, fetchurl, makeWrapper, bundlerEnv, bundler_HEAD -, ruby, libxslt, libxml2, sqlite, openssl, cacert, docker +, ruby, libxslt, libxml2, sqlite, openssl, docker , dataDir ? "/var/lib/panamax-api" }: with stdenv.lib; @@ -62,7 +62,7 @@ stdenv.mkDerivation rec { --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \ --prefix "HOME" : "$out/share/panamax-api" \ --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \ - --prefix "SSL_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \ + --prefix "SSL_CERT_FILE" : /etc/ssl/certs/ca-certificates.crt \ --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}" ''; diff --git a/pkgs/applications/networking/instant-messengers/fuze/default.nix b/pkgs/applications/networking/instant-messengers/fuze/default.nix index 6b85e107d06..33ffe87a4ff 100644 --- a/pkgs/applications/networking/instant-messengers/fuze/default.nix +++ b/pkgs/applications/networking/instant-messengers/fuze/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, dpkg, openssl, alsaLib, libXext, libXfixes, libXrandr , libjpeg, curl, libX11, libXmu, libXv, libXtst, qt4, mesa, zlib -, gnome, libidn, rtmpdump, c-ares, openldap, makeWrapper, cacert +, gnome, libidn, rtmpdump, c-ares, openldap, makeWrapper }: assert stdenv.system == "x86_64-linux"; let curl_custom = stdenv.lib.overrideDerivation curl (args: { - configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt"] ; + configureFlags = args.configureFlags ++ ["--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt"] ; } ); in stdenv.mkDerivation { diff --git a/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix b/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix index a74885b2ce3..971a834f409 100644 --- a/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix +++ b/pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, pkgconfig, libxslt, telepathy_glib, libxml2, dbus_glib, dbus_daemon -, sqlite, libsoup, libnice, gnutls, cacert }: +, sqlite, libsoup, libnice, gnutls }: stdenv.mkDerivation rec { name = "telepathy-gabble-0.18.2"; @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { buildInputs = [ libxml2 dbus_glib sqlite libsoup libnice telepathy_glib gnutls ] ++ stdenv.lib.optional doCheck dbus_daemon; - configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt"; + configureFlags = "--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt"; enableParallelBuilding = true; doCheck = true; diff --git a/pkgs/applications/networking/irc/weechat/default.nix b/pkgs/applications/networking/irc/weechat/default.nix index c39c5be1d4c..060be8ab1eb 100644 --- a/pkgs/applications/networking/irc/weechat/default.nix +++ b/pkgs/applications/networking/irc/weechat/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, ncurses, openssl, perl, python, aspell, gnutls , zlib, curl , pkgconfig, libgcrypt, ruby, lua5, tcl, guile -, pythonPackages, cacert, cmake, makeWrapper, libobjc +, pythonPackages, cmake, makeWrapper, libobjc , extraBuildInputs ? [] }: stdenv.mkDerivation rec { @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses perl python openssl aspell gnutls zlib curl pkgconfig libgcrypt ruby lua5 tcl guile pythonPackages.pycrypto makeWrapper - cacert cmake ] + cmake ] ++ stdenv.lib.optionals stdenv.isDarwin [ pythonPackages.pync libobjc ] ++ extraBuildInputs; - NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt"; + NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=/etc/ssl/certs/ca-certificates.crt"; postInstall = '' NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" diff --git a/pkgs/applications/version-management/bazaar/default.nix b/pkgs/applications/version-management/bazaar/default.nix index c3b238eeb0a..28406cecbb0 100644 --- a/pkgs/applications/version-management/bazaar/default.nix +++ b/pkgs/applications/version-management/bazaar/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pythonPackages, cacert }: +{ stdenv, fetchurl, pythonPackages }: stdenv.mkDerivation rec { version = "2.6"; @@ -19,10 +19,9 @@ stdenv.mkDerivation rec { patches = [ ./add_certificates.patch ]; postPatch = '' substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \ - --subst-var-by "certPath" "${cacert}/etc/ssl/certs/ca-bundle.crt" + --subst-var-by certPath /etc/ssl/certs/ca-certificates.crt ''; - installPhase = '' python setup.py install --prefix=$out wrapPythonPrograms diff --git a/pkgs/applications/version-management/mercurial/default.nix b/pkgs/applications/version-management/mercurial/default.nix index 4d8b2fe27c6..12f3c8f11d8 100644 --- a/pkgs/applications/version-management/mercurial/default.nix +++ b/pkgs/applications/version-management/mercurial/default.nix @@ -1,6 +1,5 @@ { stdenv, fetchurl, python, makeWrapper, docutils, unzip, hg-git, dulwich -, guiSupport ? false, tk ? null, curses, cacert - +, guiSupport ? false, tk ? null, curses , ApplicationServices }: let @@ -48,7 +47,7 @@ stdenv.mkDerivation { mkdir -p $out/etc/mercurial cat >> $out/etc/mercurial/hgrc << EOF [web] - cacerts = ${cacert}/etc/ssl/certs/ca-bundle.crt + cacerts = /etc/ssl/certs/ca-certificates.crt EOF # copy hgweb.cgi to allow use in apache |