diff options
-rw-r--r-- | pkgs/data/misc/cacert/setup-hook.sh | 2 | ||||
-rw-r--r-- | pkgs/development/interpreters/gauche/default.nix | 2 | ||||
-rw-r--r-- | pkgs/stdenv/generic/setup.sh | 7 |
3 files changed, 8 insertions, 3 deletions
diff --git a/pkgs/data/misc/cacert/setup-hook.sh b/pkgs/data/misc/cacert/setup-hook.sh index b704a6a919e..e969596752f 100644 --- a/pkgs/data/misc/cacert/setup-hook.sh +++ b/pkgs/data/misc/cacert/setup-hook.sh @@ -1,4 +1,6 @@ cacertHook() { + export NIX_SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt + # left for compatibility export SSL_CERT_FILE=@out@/etc/ssl/certs/ca-bundle.crt } diff --git a/pkgs/development/interpreters/gauche/default.nix b/pkgs/development/interpreters/gauche/default.nix index 5481c4e7d05..bb3294e2097 100644 --- a/pkgs/development/interpreters/gauche/default.nix +++ b/pkgs/development/interpreters/gauche/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { "--with-iconv=${libiconv}" "--with-dbm=gdbm" "--with-zlib=${zlib}" - "--with-ca-bundle=$SSL_CERT_FILE" + "--with-ca-bundle=$NIX_SSL_CERT_FILE" # TODO: Enable slib # Current slib in nixpkgs is specialized to Guile # "--with-slib=${slibGuile}/lib/slib" diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index 6f1a654a38a..9cc5cd89f3b 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -646,9 +646,12 @@ fi export NIX_BUILD_CORES -# Prevent OpenSSL-based applications from using certificates in -# /etc/ssl. +# Prevent SSL libraries from using certificates in /etc/ssl, unless set explicitly. # Leave it in shells for convenience. +if [ -z "${NIX_SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then + export NIX_SSL_CERT_FILE=/no-cert-file.crt +fi +# Another variant left for compatibility. if [ -z "${SSL_CERT_FILE:-}" ] && [ -z "${IN_NIX_SHELL:-}" ]; then export SSL_CERT_FILE=/no-cert-file.crt fi |