diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-05-09 08:42:07 +0200 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2019-05-09 08:46:22 +0200 |
commit | 79bd4ad5794163b8a65acc86809a6603ee7c7ce7 (patch) | |
tree | fd27ca49e9222b55f354fc608f5c8d1d4a580842 /pkgs/stdenv | |
parent | 9d3d5e98bc415935265d48f59f538cdda52fc3bb (diff) | |
download | nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.tar nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.tar.gz nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.tar.bz2 nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.tar.lz nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.tar.xz nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.tar.zst nixpkgs-79bd4ad5794163b8a65acc86809a6603ee7c7ce7.zip |
stdenv, cacert: consider $NIX_SSL_CERT_FILE in hooks
Some SSL libs don't react to $SSL_CERT_FILE. That actually makes sense to me, as we add this behavior as nixpkgs-specific, so it seems "safer" to use $NIX_*.
Diffstat (limited to 'pkgs/stdenv')
-rw-r--r-- | pkgs/stdenv/generic/setup.sh | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 6f1a654a38a..9cc5cd89f3b 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -646,9 +646,12 @@ fi export NIX_BUILD_CORES -# Prevent OpenSSL-based applications from using certificates in -# /etc/ssl. +# Prevent SSL libraries from using certificates in /etc/ssl, unless set explicitly. # Leave it in shells for convenience. +if [ -z "${NIX_SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then + export NIX_SSL_CERT_FILE=/no-cert-file.crt +fi +# Another variant left for compatibility. if [ -z "${SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then export SSL_CERT_FILE=/no-cert-file.crt fi |