Merge remote-tracking branch 'nixpkgs/master' into master

author: Alyssa Ross <hi@alyssa.is> 2020-08-25 16:53:05 +0000
committer: Alyssa Ross <hi@alyssa.is> 2020-08-25 16:53:05 +0000
commit: b0849305d63df6cc0acfe199cec3a997ad3c5a75 (patch)
tree: 6ff64291dec94a85c6e523a3f78da127a7daa1dd /pkgs/development/compilers/go
parent: c901f337b8fed63ba0bb53674950ce4c7bf94dcd (diff)
parent: 7e07d142e78656c5f16b18d81ee4eb9444c9b93d (diff)
download: nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.gz
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.bz2
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.lz
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.xz
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.zst
nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.zip
10 files changed, 374 insertions, 46 deletions
diff --git a/pkgs/development/compilers/go/1.14.nix b/pkgs/development/compilers/go/1.14.nix
index 9ee5b6fa624..0bf972ff80f 100644
--- a/pkgs/development/compilers/go/1.14.nix
+++ b/pkgs/development/compilers/go/1.14.nix
@@ -2,6 +2,7 @@
 , perl, which, pkgconfig, patch, procps, pcre, cacert, Security, Foundation
 , mailcap, runtimeShell
 , buildPackages, pkgsTargetTarget
+, fetchpatch
 }:
 
 let
@@ -30,11 +31,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "go";
-  version = "1.14.2";
+  version = "1.14.7";
 
   src = fetchurl {
     url = "https://dl.google.com/go/go${version}.src.tar.gz";
-    sha256 = "0z3zxsnhmsxplnwfw1l9gr6jgglwp50sr3p5njknv9i6jzk89plq";
+    sha256 = "1qrhdjdzi1knchk1wmlaqgkqhxkq2niw14b931rhqrk36m1r4hq6";
   };
 
   # perl is used for testing go vet
@@ -137,6 +138,12 @@ stdenv.mkDerivation rec {
     ./go-1.9-skip-flaky-20072.patch
     ./skip-external-network-tests.patch
     ./skip-nohup-tests.patch
+
+    # fix rare TestDontCacheBrokenHTTP2Conn failure
+    (fetchpatch {
+      url = "https://github.com/golang/go/commit/ea1437a8cdf6bb3c2d2447833a5d06dbd75f7ae4.patch";
+      sha256 = "1lyzy4nf8c34a966vw45j3j7hzpvncq2gqspfxffzkyh17xd8sgy";
+    })
   ] ++ [
     # breaks under load: https://github.com/golang/go/issues/25628
     (if stdenv.isAarch32
@@ -186,8 +193,11 @@ stdenv.mkDerivation rec {
 
     export PATH=$(pwd)/bin:$PATH
 
+    ${optionalString (stdenv.buildPlatform != stdenv.targetPlatform) ''
     # Independent from host/target, CC should produce code for the building system.
+    # We only set it when cross-compiling.
     export CC=${buildPackages.stdenv.cc}/bin/cc
+    ''}
     ulimit -a
   '';
 
@@ -229,8 +239,6 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
-  setupHook = ./setup-hook.sh;
-
   disallowedReferences = [ goBootstrap ];
 
   meta = with stdenv.lib; {
@@ -238,7 +246,7 @@ stdenv.mkDerivation rec {
     homepage = "http://golang.org/";
     description = "The Go Programming language";
     license = licenses.bsd3;
-    maintainers = with maintainers; [ cstrahan orivej mic92 rvolosatovs kalbasit Frostman ];
+    maintainers = teams.golang.members;
     platforms = platforms.linux ++ platforms.darwin;
   };
 }
diff --git a/pkgs/development/compilers/go/1.15.nix b/pkgs/development/compilers/go/1.15.nix
new file mode 100644
index 00000000000..b3851741c69
--- /dev/null
+++ b/pkgs/development/compilers/go/1.15.nix
@@ -0,0 +1,255 @@
+{ stdenv, fetchurl, tzdata, iana-etc, runCommand
+, perl, which, pkgconfig, patch, procps, pcre, cacert, Security, Foundation
+, mailcap, runtimeShell
+, buildPackages, pkgsTargetTarget
+, fetchpatch
+}:
+
+let
+
+  inherit (stdenv.lib) optionals optionalString;
+
+  goBootstrap = runCommand "go-bootstrap" {} ''
+    mkdir $out
+    cp -rf ${buildPackages.go_bootstrap}/* $out/
+    chmod -R u+w $out
+    find $out -name "*.c" -delete
+    cp -rf $out/bin/* $out/share/go/bin/
+  '';
+
+  goarch = platform: {
+    "i686" = "386";
+    "x86_64" = "amd64";
+    "aarch64" = "arm64";
+    "arm" = "arm";
+    "armv5tel" = "arm";
+    "armv6l" = "arm";
+    "armv7l" = "arm";
+  }.${platform.parsed.cpu.name} or (throw "Unsupported system");
+
+in
+
+stdenv.mkDerivation rec {
+  pname = "go";
+  version = "1.15";
+
+  src = fetchurl {
+    url = "https://dl.google.com/go/go${version}.src.tar.gz";
+    sha256 = "0fmc53pamxxbvmp5bcvh1fhffirpv3gz6y7qz97iacpmsiz8yhv9";
+  };
+
+  # perl is used for testing go vet
+  nativeBuildInputs = [ perl which pkgconfig patch procps ];
+  buildInputs = [ cacert pcre ]
+    ++ optionals stdenv.isLinux [ stdenv.cc.libc.out ]
+    ++ optionals (stdenv.hostPlatform.libc == "glibc") [ stdenv.cc.libc.static ];
+
+  depsTargetTargetPropagated = optionals stdenv.isDarwin [ Security Foundation ];
+
+  hardeningDisable = [ "all" ];
+
+  prePatch = ''
+    patchShebangs ./ # replace /bin/bash
+
+    # This source produces shell script at run time,
+    # and thus it is not corrected by patchShebangs.
+    substituteInPlace misc/cgo/testcarchive/carchive_test.go \
+      --replace '#!/usr/bin/env bash' '#!${runtimeShell}'
+
+    # Patch the mimetype database location which is missing on NixOS.
+    # but also allow static binaries built with NixOS to run outside nix
+    sed -i 's,\"/etc/mime.types,"${mailcap}/etc/mime.types\"\,\n\t&,' src/mime/type_unix.go
+
+    # Disabling the 'os/http/net' tests (they want files not available in
+    # chroot builds)
+    rm src/net/{listen,parse}_test.go
+    rm src/syscall/exec_linux_test.go
+
+    # !!! substituteInPlace does not seems to be effective.
+    # The os test wants to read files in an existing path. Just don't let it be /usr/bin.
+    sed -i 's,/usr/bin,'"`pwd`", src/os/os_test.go
+    sed -i 's,/bin/pwd,'"`type -P pwd`", src/os/os_test.go
+    # Fails on aarch64
+    sed -i '/TestFallocate/aif true \{ return\; \}' src/cmd/link/internal/ld/fallocate_test.go
+    # Skip this test since ssl patches mess it up.
+    sed -i '/TestLoadSystemCertsLoadColonSeparatedDirs/aif true \{ return\; \}' src/crypto/x509/root_unix_test.go
+    # Disable another PIE test which breaks.
+    sed -i '/TestTrivialPIE/aif true \{ return\; \}' misc/cgo/testshared/shared_test.go
+    # Disable the BuildModePie test
+    sed -i '/TestBuildmodePIE/aif true \{ return\; \}' src/cmd/go/go_test.go
+    # Disable the unix socket test
+    sed -i '/TestShutdownUnix/aif true \{ return\; \}' src/net/net_test.go
+    # Disable the hostname test
+    sed -i '/TestHostname/aif true \{ return\; \}' src/os/os_test.go
+    # ParseInLocation fails the test
+    sed -i '/TestParseInSydney/aif true \{ return\; \}' src/time/format_test.go
+    # Remove the api check as it never worked
+    sed -i '/src\/cmd\/api\/run.go/ireturn nil' src/cmd/dist/test.go
+    # Remove the coverage test as we have removed this utility
+    sed -i '/TestCoverageWithCgo/aif true \{ return\; \}' src/cmd/go/go_test.go
+    # Remove the timezone naming test
+    sed -i '/TestLoadFixed/aif true \{ return\; \}' src/time/time_test.go
+    # Remove disable setgid test
+    sed -i '/TestRespectSetgidDir/aif true \{ return\; \}' src/cmd/go/internal/work/build_test.go
+    # Remove cert tests that conflict with NixOS's cert resolution
+    sed -i '/TestEnvVars/aif true \{ return\; \}' src/crypto/x509/root_unix_test.go
+    # TestWritevError hangs sometimes
+    sed -i '/TestWritevError/aif true \{ return\; \}' src/net/writev_test.go
+    # TestVariousDeadlines fails sometimes
+    sed -i '/TestVariousDeadlines/aif true \{ return\; \}' src/net/timeout_test.go
+
+    sed -i 's,/etc/protocols,${iana-etc}/etc/protocols,' src/net/lookup_unix.go
+    sed -i 's,/etc/services,${iana-etc}/etc/services,' src/net/port_unix.go
+
+    # Disable cgo lookup tests not works, they depend on resolver
+    rm src/net/cgo_unix_test.go
+
+  '' + optionalString stdenv.isLinux ''
+    # prepend the nix path to the zoneinfo files but also leave the original value for static binaries
+    # that run outside a nix server
+    sed -i 's,\"/usr/share/zoneinfo/,"${tzdata}/share/zoneinfo/\"\,\n\t&,' src/time/zoneinfo_unix.go
+
+  '' + optionalString stdenv.isAarch32 ''
+    echo '#!${runtimeShell}' > misc/cgo/testplugin/test.bash
+  '' + optionalString stdenv.isDarwin ''
+    substituteInPlace src/race.bash --replace \
+      "sysctl machdep.cpu.extfeatures | grep -qv EM64T" true
+    sed -i 's,strings.Contains(.*sysctl.*,true {,' src/cmd/dist/util.go
+    sed -i 's,"/etc","'"$TMPDIR"'",' src/os/os_test.go
+    sed -i 's,/_go_os_test,'"$TMPDIR"'/_go_os_test,' src/os/path_test.go
+
+    sed -i '/TestChdirAndGetwd/aif true \{ return\; \}' src/os/os_test.go
+    sed -i '/TestCredentialNoSetGroups/aif true \{ return\; \}' src/os/exec/exec_posix_test.go
+    sed -i '/TestRead0/aif true \{ return\; \}' src/os/os_test.go
+    sed -i '/TestSystemRoots/aif true \{ return\; \}' src/crypto/x509/root_darwin_test.go
+
+    sed -i '/TestGoInstallRebuildsStalePackagesInOtherGOPATH/aif true \{ return\; \}' src/cmd/go/go_test.go
+    sed -i '/TestBuildDashIInstallsDependencies/aif true \{ return\; \}' src/cmd/go/go_test.go
+
+    sed -i '/TestDisasmExtld/aif true \{ return\; \}' src/cmd/objdump/objdump_test.go
+
+    sed -i 's/unrecognized/unknown/' src/cmd/link/internal/ld/lib.go
+
+    # TestCurrent fails because Current is not implemented on Darwin
+    sed -i 's/TestCurrent/testCurrent/g' src/os/user/user_test.go
+    sed -i 's/TestLookup/testLookup/g' src/os/user/user_test.go
+
+    touch $TMPDIR/group $TMPDIR/hosts $TMPDIR/passwd
+  '';
+
+  patches = [
+    ./remove-tools-1.11.patch
+    ./ssl-cert-file-1.15.patch
+    ./remove-test-pie-1.15.patch
+    ./creds-test.patch
+    ./go-1.9-skip-flaky-19608.patch
+    ./go-1.9-skip-flaky-20072.patch
+    ./skip-external-network-tests-1.15.patch
+    ./skip-nohup-tests.patch
+    ./skip-cgo-tests-1.15.patch
+  ] ++ [
+    # breaks under load: https://github.com/golang/go/issues/25628
+    (if stdenv.isAarch32
+    then ./skip-test-extra-files-on-aarch32-1.14.patch
+    else ./skip-test-extra-files-on-386-1.14.patch)
+  ];
+
+  postPatch = ''
+    find . -name '*.orig' -exec rm {} ';'
+  '';
+
+  GOOS = stdenv.targetPlatform.parsed.kernel.name;
+  GOARCH = goarch stdenv.targetPlatform;
+  # GOHOSTOS/GOHOSTARCH must match the building system, not the host system.
+  # Go will nevertheless build a for host system that we will copy over in
+  # the install phase.
+  GOHOSTOS = stdenv.buildPlatform.parsed.kernel.name;
+  GOHOSTARCH = goarch stdenv.buildPlatform;
+
+  # {CC,CXX}_FOR_TARGET must be only set for cross compilation case as go expect those
+  # to be different from CC/CXX
+  CC_FOR_TARGET = if (stdenv.buildPlatform != stdenv.targetPlatform) then
+      "${pkgsTargetTarget.stdenv.cc}/bin/${pkgsTargetTarget.stdenv.cc.targetPrefix}cc"
+    else
+      null;
+  CXX_FOR_TARGET = if (stdenv.buildPlatform != stdenv.targetPlatform) then
+      "${pkgsTargetTarget.stdenv.cc}/bin/${pkgsTargetTarget.stdenv.cc.targetPrefix}c++"
+    else
+      null;
+
+  GOARM = toString (stdenv.lib.intersectLists [(stdenv.hostPlatform.parsed.cpu.version or "")] ["5" "6" "7"]);
+  GO386 = 387; # from Arch: don't assume sse2 on i686
+  CGO_ENABLED = 1;
+  # Hopefully avoids test timeouts on Hydra
+  GO_TEST_TIMEOUT_SCALE = 3;
+
+  # Indicate that we are running on build infrastructure
+  # Some tests assume things like home directories and users exists
+  GO_BUILDER_NAME = "nix";
+
+  GOROOT_BOOTSTRAP="${goBootstrap}/share/go";
+
+  postConfigure = ''
+    export GOCACHE=$TMPDIR/go-cache
+    # this is compiled into the binary
+    export GOROOT_FINAL=$out/share/go
+
+    export PATH=$(pwd)/bin:$PATH
+
+    ${optionalString (stdenv.buildPlatform != stdenv.targetPlatform) ''
+    # Independent from host/target, CC should produce code for the building system.
+    # We only set it when cross-compiling.
+    export CC=${buildPackages.stdenv.cc}/bin/cc
+    ''}
+    ulimit -a
+  '';
+
+  postBuild = ''
+    (cd src && ./make.bash)
+  '';
+
+  doCheck = stdenv.hostPlatform == stdenv.targetPlatform && !stdenv.isDarwin;
+
+  checkPhase = ''
+    runHook preCheck
+    (cd src && HOME=$TMPDIR GOCACHE=$TMPDIR/go-cache ./run.bash --no-rebuild)
+    runHook postCheck
+  '';
+
+  preInstall = ''
+    rm -r pkg/obj
+    # Contains the wrong perl shebang when cross compiling,
+    # since it is not used for anything we can deleted as well.
+    rm src/regexp/syntax/make_perl_groups.pl
+  '' + (if (stdenv.buildPlatform != stdenv.hostPlatform) then ''
+    mv bin/*_*/* bin
+    rmdir bin/*_*
+    ${optionalString (!(GOHOSTARCH == GOARCH && GOOS == GOHOSTOS)) ''
+      rm -rf pkg/${GOHOSTOS}_${GOHOSTARCH} pkg/tool/${GOHOSTOS}_${GOHOSTARCH}
+    ''}
+  '' else if (stdenv.hostPlatform != stdenv.targetPlatform) then ''
+    rm -rf bin/*_*
+    ${optionalString (!(GOHOSTARCH == GOARCH && GOOS == GOHOSTOS)) ''
+      rm -rf pkg/${GOOS}_${GOARCH} pkg/tool/${GOOS}_${GOARCH}
+    ''}
+  '' else "");
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $GOROOT_FINAL
+    cp -a bin pkg src lib misc api doc $GOROOT_FINAL
+    ln -s $GOROOT_FINAL/bin $out/bin
+    runHook postInstall
+  '';
+
+  disallowedReferences = [ goBootstrap ];
+
+  meta = with stdenv.lib; {
+    branch = "1.15";
+    homepage = "http://golang.org/";
+    description = "The Go Programming language";
+    license = licenses.bsd3;
+    maintainers = teams.golang.members;
+    platforms = platforms.linux ++ platforms.darwin;
+  };
+}
diff --git a/pkgs/development/compilers/go/1.4.nix b/pkgs/development/compilers/go/1.4.nix
index fc3fb0ad0e5..af125d60ed0 100644
--- a/pkgs/development/compilers/go/1.4.nix
+++ b/pkgs/development/compilers/go/1.4.nix
@@ -151,8 +151,6 @@ stdenv.mkDerivation rec {
     ./all.bash
   '';
 
-  setupHook = ./setup-hook.sh;
-
   meta = with stdenv.lib; {
     branch = "1.4";
     homepage = "http://golang.org/";
diff --git a/pkgs/development/compilers/go/remove-test-pie-1.13.patch b/pkgs/development/compilers/go/remove-test-pie-1.15.patch
index 05f18b813f9..f00685feba9 100644
--- a/pkgs/development/compilers/go/remove-test-pie-1.13.patch
+++ b/pkgs/development/compilers/go/remove-test-pie-1.15.patch
@@ -1,13 +1,13 @@
 diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
-index f63c94697c..f02eff7064 100644
+index e1cd4965c3..66bf980fc6 100644
 --- a/src/cmd/dist/test.go
 +++ b/src/cmd/dist/test.go
-@@ -574,29 +574,6 @@ func (t *tester) registerTests() {
+@@ -584,29 +584,6 @@ func (t *tester) registerTests() {
  		})
  	}
  
 -	// Test internal linking of PIE binaries where it is supported.
--	if goos == "linux" && (goarch == "amd64" || goarch == "arm64") {
+-	if t.internalLinkPIE() {
 -		t.tests = append(t.tests, distTest{
 -			name:    "pie_internal",
 -			heading: "internal linking of -buildmode=pie",
@@ -17,7 +17,7 @@ index f63c94697c..f02eff7064 100644
 -			},
 -		})
 -		// Also test a cgo package.
--		if t.cgoEnabled {
+-		if t.cgoEnabled && t.internalLink() {
 -			t.tests = append(t.tests, distTest{
 -				name:    "pie_internal_cgo",
 -				heading: "internal linking of -buildmode=pie",
diff --git a/pkgs/development/compilers/go/setup-hook.sh b/pkgs/development/compilers/go/setup-hook.sh
deleted file mode 100644
index 7dce15eeb10..00000000000
--- a/pkgs/development/compilers/go/setup-hook.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-addToGoPath() {
-    addToSearchPath GOPATH $1/share/go
-}
-
-addEnvHooks "$targetOffset" addToGoPath
diff --git a/pkgs/development/compilers/go/skip-cgo-tests-1.15.patch b/pkgs/development/compilers/go/skip-cgo-tests-1.15.patch
new file mode 100644
index 00000000000..945d3ef8d12
--- /dev/null
+++ b/pkgs/development/compilers/go/skip-cgo-tests-1.15.patch
@@ -0,0 +1,13 @@
+diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
+index e1cd4965c3..0980d044df 100644
+--- a/src/cmd/dist/test.go
++++ b/src/cmd/dist/test.go
+@@ -1136,7 +1136,7 @@ func (t *tester) cgoTest(dt *distTest) error {
+ 					t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal")
+ 				}
+ 				t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie")
+-				t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie")
++				//t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie")
+ 			}
+ 		}
+ 	}
diff --git a/pkgs/development/compilers/go/skip-external-network-tests-1.15.patch b/pkgs/development/compilers/go/skip-external-network-tests-1.15.patch
new file mode 100644
index 00000000000..0ea1050cd8e
--- /dev/null
+++ b/pkgs/development/compilers/go/skip-external-network-tests-1.15.patch
@@ -0,0 +1,13 @@
+diff --git a/src/net/dial_test.go b/src/net/dial_test.go
+index 01582489de..5b5faa5424 100644
+--- a/src/net/dial_test.go
++++ b/src/net/dial_test.go
+@@ -990,6 +990,8 @@ func TestDialerControl(t *testing.T) {
+ // except that it won't skip testing on non-mobile builders.
+ func mustHaveExternalNetwork(t *testing.T) {
+ 	t.Helper()
++	t.Skipf("Nix sandbox does not have networking")
++
+ 	mobile := runtime.GOOS == "android" || runtime.GOOS == "darwin" && runtime.GOARCH == "arm64"
+ 	if testenv.Builder() == "" || mobile {
+ 		testenv.MustHaveExternalNetwork(t)
diff --git a/pkgs/development/compilers/go/skip-test-extra-files-on-386.patch b/pkgs/development/compilers/go/skip-test-extra-files-on-386.patch
deleted file mode 100644
index afe5aea3d91..00000000000
--- a/pkgs/development/compilers/go/skip-test-extra-files-on-386.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go
-index 558345ff63..22129bf022 100644
---- a/src/os/exec/exec_test.go
-+++ b/src/os/exec/exec_test.go
-@@ -593,6 +593,10 @@ func TestExtraFiles(t *testing.T) {
- 		t.Skipf("skipping test on %q", runtime.GOOS)
- 	}
- 
-+	if runtime.GOOS == "linux" && runtime.GOARCH  == "386" {
-+		t.Skipf("skipping test on %q %q", runtime.GOARCH, runtime.GOOS)
-+	}
-+
- 	// Ensure that file descriptors have not already been leaked into
- 	// our environment.
- 	if !testedAlreadyLeaked {
diff --git a/pkgs/development/compilers/go/skip-test-extra-files-on-aarch32.patch b/pkgs/development/compilers/go/skip-test-extra-files-on-aarch32.patch
deleted file mode 100644
index f3566b3ddaa..00000000000
--- a/pkgs/development/compilers/go/skip-test-extra-files-on-aarch32.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go
-index 558345ff63..22129bf022 100644
---- a/src/os/exec/exec_test.go
-+++ b/src/os/exec/exec_test.go
-@@ -593,6 +593,10 @@ func TestExtraFiles(t *testing.T) {
- 		t.Skipf("skipping test on %q", runtime.GOOS)
- 	}
- 
-+	if runtime.GOOS == "linux" && runtime.GOARCH  == "arm" {
-+		t.Skipf("skipping test on %q %q", runtime.GOARCH, runtime.GOOS)
-+	}
-+
- 	// Ensure that file descriptors have not already been leaked into
- 	// our environment.
- 	if !testedAlreadyLeaked {
diff --git a/pkgs/development/compilers/go/ssl-cert-file-1.15.patch b/pkgs/development/compilers/go/ssl-cert-file-1.15.patch
new file mode 100644
index 00000000000..1884c681ca3
--- /dev/null
+++ b/pkgs/development/compilers/go/ssl-cert-file-1.15.patch
@@ -0,0 +1,76 @@
+diff --git a/src/crypto/x509/root_darwin_amd64.go b/src/crypto/x509/root_darwin_amd64.go
+index ce88de025e..258ecc45d1 100644
+--- a/src/crypto/x509/root_darwin_amd64.go
++++ b/src/crypto/x509/root_darwin_amd64.go
+@@ -10,6 +10,7 @@ import (
+ 	"bytes"
+ 	macOS "crypto/x509/internal/macos"
+ 	"fmt"
++	"io/ioutil"
+ 	"os"
+ 	"strings"
+ )
+@@ -25,6 +26,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
+ var loadSystemRootsWithCgo func() (*CertPool, error)
+ 
+ func loadSystemRoots() (*CertPool, error) {
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots := NewCertPool()
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+ 	var trustedRoots []*Certificate
+ 	untrustedRoots := make(map[string]bool)
+ 
+diff --git a/src/crypto/x509/root_darwin_ios.go b/src/crypto/x509/root_darwin_ios.go
+index 5ecc4911b3..14b4205c00 100644
+--- a/src/crypto/x509/root_darwin_ios.go
++++ b/src/crypto/x509/root_darwin_ios.go
+@@ -6,6 +6,11 @@
+ 
+ package x509
+ 
++import (
++	"io/ioutil"
++	"os"
++)
++
+ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
+ 	return nil, nil
+ }
+@@ -14,6 +19,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
+ var loadSystemRootsWithCgo func() (*CertPool, error)
+ 
+ func loadSystemRoots() (*CertPool, error) {
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots := NewCertPool()
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+ 	p := NewCertPool()
+ 	p.AppendCertsFromPEM([]byte(systemRootsPEM))
+ 	return p, nil
+diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
+index b48e618a65..195c1ff25a 100644
+--- a/src/crypto/x509/root_unix.go
++++ b/src/crypto/x509/root_unix.go
+@@ -42,6 +42,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
+ 
+ func loadSystemRoots() (*CertPool, error) {
+ 	roots := NewCertPool()
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+ 
+ 	files := certFiles
+ 	if f := os.Getenv(certFileEnv); f != "" {
author	Alyssa Ross <hi@alyssa.is>	2020-08-25 16:53:05 +0000
committer	Alyssa Ross <hi@alyssa.is>	2020-08-25 16:53:05 +0000
commit	b0849305d63df6cc0acfe199cec3a997ad3c5a75 (patch)
tree	6ff64291dec94a85c6e523a3f78da127a7daa1dd /pkgs/development/compilers/go
parent	c901f337b8fed63ba0bb53674950ce4c7bf94dcd (diff)
parent	7e07d142e78656c5f16b18d81ee4eb9444c9b93d (diff)
download	nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.gz nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.bz2 nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.lz nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.xz nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.tar.zst nixpkgs-b0849305d63df6cc0acfe199cec3a997ad3c5a75.zip