cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out

This commit is contained in:
William A. Kennington III 2015-06-05 13:00:52 -07:00
parent 9176f73cee
commit ffd0539eba
24 changed files with 28 additions and 28 deletions

View file

@ -22,7 +22,7 @@ in
security.pki.certificateFiles = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ \"\${pkgs.cacert}/ca-bundle.crt\" ]";
example = literalExample "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]";
description = ''
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
@ -53,7 +53,7 @@ in
config = {
security.pki.certificateFiles = [ "${pkgs.cacert}/ca-bundle.crt" ];
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;

View file

@ -13,7 +13,7 @@ let
sha256 = "0fmg7fq5fx0jg3ryk71kwdkspsvj42acxy9imk7vznkqj29a9zqn";
};
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
buildInputs = [ pkgconfig glib libsoup ];
};

View file

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
# Nixos default ca bundle
patchPhase = ''
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/ca-bundle.crt, src/config.def.h
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, src/config.def.h
'';
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ];

View file

@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
# Nixos default ca bundle
patchPhase = ''
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/ca-bundle.crt, config.h
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, config.h
'';
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];

View file

@ -62,8 +62,8 @@ stdenv.mkDerivation rec {
--prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
--prefix "HOME" : "$out/share/panamax-api" \
--prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
--prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \
--prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \
--prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
--prefix "SSL_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
--prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
'';

View file

@ -6,7 +6,7 @@ assert stdenv.system == "x86_64-linux";
let
curl_custom =
stdenv.lib.overrideDerivation curl (args: {
configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/ca-bundle.crt"] ;
configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt"] ;
} );
in
stdenv.mkDerivation {

View file

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
buildInputs = [ libxml2 dbus_glib sqlite libsoup libnice telepathy_glib gnutls ]
++ stdenv.lib.optional doCheck dbus_daemon;
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
enableParallelBuilding = true;
doCheck = true;

View file

@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
cacert cmake ]
++ extraBuildInputs;
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/ca-bundle.crt";
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt";
postInstall = ''
NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages"

View file

@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
patches = [ ./add_certificates.patch ];
postPatch = ''
substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \
--subst-var-by "certPath" "${cacert}/ca-bundle.crt"
--subst-var-by "certPath" "${cacert}/etc/ssl/certs/ca-bundle.crt"
'';

View file

@ -44,7 +44,7 @@ stdenv.mkDerivation {
mkdir -p $out/etc/mercurial
cat >> $out/etc/mercurial/hgrc << EOF
[web]
cacerts = ${cacert}/ca-bundle.crt
cacerts = ${cacert}/etc/ssl/certs/ca-bundle.crt
EOF
# copy hgweb.cgi to allow use in apache

View file

@ -54,7 +54,7 @@ stdenv.mkDerivation {
inherit url rev leaveDotGit fetchSubmodules deepClone branchName;
GIT_SSL_CAINFO = "${cacert}/ca-bundle.crt";
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
impureEnvVars = [
# We borrow these environment variables from the caller to allow

View file

@ -16,7 +16,7 @@ stdenv.mkDerivation {
outputHashMode = "recursive";
outputHash = sha256;
SSL_CERT_FILE = "${cacert}/ca-bundle.crt";
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ];
preferLocalBuild = true;

View file

@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
'';
installPhase = ''
mkdir -pv $out
cp -v ca-bundle.crt $out
mkdir -pv $out/etc/ssl/certs
cp -v ca-bundle.crt $out/etc/ssl/certs
'';
meta = with stdenv.lib; {

View file

@ -22,7 +22,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig intltool docbook_xsl_ns docbook_xsl ];
configureFlags = [
"--with-ca-certificates=${cacert}/ca-bundle.crt" # NixOS hardcoded path
"--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt" # NixOS hardcoded path
"--with-pkcs11-config=$$out/etc/pkcs11/" # installation directories
"--with-pkcs11-modules=$$out/lib/pkcs11/"
];

View file

@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
buildInputs = [ pkgconfig glib libsoup gobjectIntrospection];
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
meta = with stdenv.lib; {
platforms = platforms.linux;

View file

@ -135,7 +135,7 @@ let
# Generate certificates.
pushd $jre/lib/icedtea/jre/lib/security
rm cacerts
perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/ca-bundle.crt
perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
popd
ln -s $out/lib/icedtea/bin $out/bin

View file

@ -142,7 +142,7 @@ let
# Generate certificates.
pushd $jre/lib/openjdk/jre/lib/security
rm cacerts
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/ca-bundle.crt
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
popd
ln -s $out/lib/openjdk/bin $out/bin

View file

@ -136,7 +136,7 @@ let
# Generate certificates.
pushd $jre/lib/openjdk/jre/lib/security
rm cacerts
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/ca-bundle.crt
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
popd
ln -s $out/lib/openjdk/bin $out/bin

View file

@ -33,7 +33,7 @@ stdenv.mkDerivation {
if [ $b == "mix" ]; then continue; fi
wrapProgram $f \
--prefix PATH ":" "${erlang}/bin:${coreutils}/bin:${curl}/bin:${bash}/bin" \
--set CURL_CA_BUNDLE "${cacert}/ca-bundle.crt"
--set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
done
'';

View file

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
sha256 = "8f8a340d3ba99bfdef38b653da929652ea6640e27969d29f7ac51fbbe11a4346";
};
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
preBuild = ''
sed -e "s@${glib}/lib/gio/modules@$out/lib/gio/modules@g" -i $(find . -name Makefile)

View file

@ -40,7 +40,7 @@ let lispPackages = rec {
url = "https://common-lisp.net/project/iterate/darcs/iterate";
sha256 = "0gm05s3laiivsqgqjfj1rkz83c2c0jyn4msfgbv6sz42znjpam25";
context = ./iterate.darcs-context;
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/ca-bundle.crt";}));
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/etc/ssl/certs/ca-bundle.crt";}));
overrides = x: {
configurePhase="buildPhase(){ true; }";
};
@ -314,7 +314,7 @@ let lispPackages = rec {
src = (pkgs.lib.overrideDerivation (pkgs.fetchdarcs {
url = ''http://common-lisp.net/project/trivial-utf-8/darcs/trivial-utf-8/'';
sha256 = "1jz27gz8gvqdmvp3k9bxschs6d5b3qgk94qp2bj6nv1d0jc3m1l1";
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/ca-bundle.crt";}));
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/etc/ssl/certs/ca-bundle.crt";}));
};
cl-fuse-meta-fs = buildLispPackage rec {

View file

@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
"--with-sock-dir=/run"
"--with-privsep-user=smtpd"
"--with-queue-user=smtpq"
"--with-ca-file=${cacert}/ca-bundle.crt"
"--with-ca-file=${cacert}/etc/ssl/certs/ca-bundle.crt"
];
installFlags = [

View file

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ cacert ];
configureFlags = [ "--with-ca-bundle=${cacert}/ca-bundle.crt" ];
configureFlags = [ "--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt" ];
meta = with stdenv.lib; {
homepage = http://aria2.sourceforge.net/;

View file

@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
cp -R ${modulesSrc}/* $out/modules/
wrapProgram "$out/prey.sh" \
--prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \
--set CURL_CA_BUNDLE "${cacert}/ca-bundle.crt"
--set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
'';
meta = with stdenv.lib; {