cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out
This commit is contained in:
parent
9176f73cee
commit
ffd0539eba
24 changed files with 28 additions and 28 deletions
|
@ -22,7 +22,7 @@ in
|
|||
security.pki.certificateFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
example = literalExample "[ \"\${pkgs.cacert}/ca-bundle.crt\" ]";
|
||||
example = literalExample "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]";
|
||||
description = ''
|
||||
A list of files containing trusted root certificates in PEM
|
||||
format. These are concatenated to form
|
||||
|
@ -53,7 +53,7 @@ in
|
|||
|
||||
config = {
|
||||
|
||||
security.pki.certificateFiles = [ "${pkgs.cacert}/ca-bundle.crt" ];
|
||||
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
|
||||
|
||||
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
|
||||
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
|
||||
|
|
|
@ -13,7 +13,7 @@ let
|
|||
sha256 = "0fmg7fq5fx0jg3ryk71kwdkspsvj42acxy9imk7vznkqj29a9zqn";
|
||||
};
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
buildInputs = [ pkgconfig glib libsoup ];
|
||||
};
|
||||
|
|
|
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# Nixos default ca bundle
|
||||
patchPhase = ''
|
||||
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/ca-bundle.crt, src/config.def.h
|
||||
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, src/config.def.h
|
||||
'';
|
||||
|
||||
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ];
|
||||
|
|
|
@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# Nixos default ca bundle
|
||||
patchPhase = ''
|
||||
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/ca-bundle.crt, config.h
|
||||
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, config.h
|
||||
'';
|
||||
|
||||
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];
|
||||
|
|
|
@ -62,8 +62,8 @@ stdenv.mkDerivation rec {
|
|||
--prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
|
||||
--prefix "HOME" : "$out/share/panamax-api" \
|
||||
--prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
|
||||
--prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \
|
||||
--prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \
|
||||
--prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
|
||||
--prefix "SSL_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
|
||||
--prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
|
||||
'';
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ assert stdenv.system == "x86_64-linux";
|
|||
let
|
||||
curl_custom =
|
||||
stdenv.lib.overrideDerivation curl (args: {
|
||||
configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/ca-bundle.crt"] ;
|
||||
configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt"] ;
|
||||
} );
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
|
|
|
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
|
|||
buildInputs = [ libxml2 dbus_glib sqlite libsoup libnice telepathy_glib gnutls ]
|
||||
++ stdenv.lib.optional doCheck dbus_daemon;
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
doCheck = true;
|
||||
|
|
|
@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
|
|||
cacert cmake ]
|
||||
++ extraBuildInputs;
|
||||
|
||||
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/ca-bundle.crt";
|
||||
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
postInstall = ''
|
||||
NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages"
|
||||
|
|
|
@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
|
|||
patches = [ ./add_certificates.patch ];
|
||||
postPatch = ''
|
||||
substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \
|
||||
--subst-var-by "certPath" "${cacert}/ca-bundle.crt"
|
||||
--subst-var-by "certPath" "${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
'';
|
||||
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@ stdenv.mkDerivation {
|
|||
mkdir -p $out/etc/mercurial
|
||||
cat >> $out/etc/mercurial/hgrc << EOF
|
||||
[web]
|
||||
cacerts = ${cacert}/ca-bundle.crt
|
||||
cacerts = ${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
EOF
|
||||
|
||||
# copy hgweb.cgi to allow use in apache
|
||||
|
|
|
@ -54,7 +54,7 @@ stdenv.mkDerivation {
|
|||
|
||||
inherit url rev leaveDotGit fetchSubmodules deepClone branchName;
|
||||
|
||||
GIT_SSL_CAINFO = "${cacert}/ca-bundle.crt";
|
||||
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
impureEnvVars = [
|
||||
# We borrow these environment variables from the caller to allow
|
||||
|
|
|
@ -16,7 +16,7 @@ stdenv.mkDerivation {
|
|||
outputHashMode = "recursive";
|
||||
outputHash = sha256;
|
||||
|
||||
SSL_CERT_FILE = "${cacert}/ca-bundle.crt";
|
||||
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ];
|
||||
preferLocalBuild = true;
|
||||
|
|
|
@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
|
|||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -pv $out
|
||||
cp -v ca-bundle.crt $out
|
||||
mkdir -pv $out/etc/ssl/certs
|
||||
cp -v ca-bundle.crt $out/etc/ssl/certs
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
|
@ -22,7 +22,7 @@ in stdenv.mkDerivation rec {
|
|||
nativeBuildInputs = [ pkgconfig intltool docbook_xsl_ns docbook_xsl ];
|
||||
|
||||
configureFlags = [
|
||||
"--with-ca-certificates=${cacert}/ca-bundle.crt" # NixOS hardcoded path
|
||||
"--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt" # NixOS hardcoded path
|
||||
"--with-pkcs11-config=$$out/etc/pkcs11/" # installation directories
|
||||
"--with-pkcs11-modules=$$out/lib/pkcs11/"
|
||||
];
|
||||
|
|
|
@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
buildInputs = [ pkgconfig glib libsoup gobjectIntrospection];
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
platforms = platforms.linux;
|
||||
|
|
|
@ -135,7 +135,7 @@ let
|
|||
# Generate certificates.
|
||||
pushd $jre/lib/icedtea/jre/lib/security
|
||||
rm cacerts
|
||||
perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/ca-bundle.crt
|
||||
perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
popd
|
||||
|
||||
ln -s $out/lib/icedtea/bin $out/bin
|
||||
|
|
|
@ -142,7 +142,7 @@ let
|
|||
# Generate certificates.
|
||||
pushd $jre/lib/openjdk/jre/lib/security
|
||||
rm cacerts
|
||||
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/ca-bundle.crt
|
||||
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
popd
|
||||
|
||||
ln -s $out/lib/openjdk/bin $out/bin
|
||||
|
|
|
@ -136,7 +136,7 @@ let
|
|||
# Generate certificates.
|
||||
pushd $jre/lib/openjdk/jre/lib/security
|
||||
rm cacerts
|
||||
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/ca-bundle.crt
|
||||
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
|
||||
popd
|
||||
|
||||
ln -s $out/lib/openjdk/bin $out/bin
|
||||
|
|
|
@ -33,7 +33,7 @@ stdenv.mkDerivation {
|
|||
if [ $b == "mix" ]; then continue; fi
|
||||
wrapProgram $f \
|
||||
--prefix PATH ":" "${erlang}/bin:${coreutils}/bin:${curl}/bin:${bash}/bin" \
|
||||
--set CURL_CA_BUNDLE "${cacert}/ca-bundle.crt"
|
||||
--set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
done
|
||||
'';
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "8f8a340d3ba99bfdef38b653da929652ea6640e27969d29f7ac51fbbe11a4346";
|
||||
};
|
||||
|
||||
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt";
|
||||
configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
preBuild = ''
|
||||
sed -e "s@${glib}/lib/gio/modules@$out/lib/gio/modules@g" -i $(find . -name Makefile)
|
||||
|
|
|
@ -40,7 +40,7 @@ let lispPackages = rec {
|
|||
url = "https://common-lisp.net/project/iterate/darcs/iterate";
|
||||
sha256 = "0gm05s3laiivsqgqjfj1rkz83c2c0jyn4msfgbv6sz42znjpam25";
|
||||
context = ./iterate.darcs-context;
|
||||
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/ca-bundle.crt";}));
|
||||
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/etc/ssl/certs/ca-bundle.crt";}));
|
||||
overrides = x: {
|
||||
configurePhase="buildPhase(){ true; }";
|
||||
};
|
||||
|
@ -314,7 +314,7 @@ let lispPackages = rec {
|
|||
src = (pkgs.lib.overrideDerivation (pkgs.fetchdarcs {
|
||||
url = ''http://common-lisp.net/project/trivial-utf-8/darcs/trivial-utf-8/'';
|
||||
sha256 = "1jz27gz8gvqdmvp3k9bxschs6d5b3qgk94qp2bj6nv1d0jc3m1l1";
|
||||
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/ca-bundle.crt";}));
|
||||
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/etc/ssl/certs/ca-bundle.crt";}));
|
||||
};
|
||||
|
||||
cl-fuse-meta-fs = buildLispPackage rec {
|
||||
|
|
|
@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
|
|||
"--with-sock-dir=/run"
|
||||
"--with-privsep-user=smtpd"
|
||||
"--with-queue-user=smtpq"
|
||||
"--with-ca-file=${cacert}/ca-bundle.crt"
|
||||
"--with-ca-file=${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
];
|
||||
|
||||
installFlags = [
|
||||
|
|
|
@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
|
|||
|
||||
propagatedBuildInputs = [ cacert ];
|
||||
|
||||
configureFlags = [ "--with-ca-bundle=${cacert}/ca-bundle.crt" ];
|
||||
configureFlags = [ "--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt" ];
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = http://aria2.sourceforge.net/;
|
||||
|
|
|
@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
|
|||
cp -R ${modulesSrc}/* $out/modules/
|
||||
wrapProgram "$out/prey.sh" \
|
||||
--prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \
|
||||
--set CURL_CA_BUNDLE "${cacert}/ca-bundle.crt"
|
||||
--set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
|
|
Loading…
Reference in a new issue