public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gitRepo: Fix an error due to missing TLS certificates 

This was a problem when run inside a sandbox, e.g. via
"fetchRepoProject". The error message from repo seems unrelated:

fatal: Cannot get https://gerrit.googlesource.com/git-repo/clone.bundle
fatal: error no host given

But the exception is actually thrown due to missing certificates
(/etc/ssl/certs). It should be possible to provide another location via
environment variables (e.g. SSL_CERT_FILE, REQUESTS_CA_BUNDLE or
CURL_CA_BUNDLE) but apparently that doesn't actually work for some
reason (would have to study our Python packaging).

Now "fetchRepoProject" works without the "--no-clone-bundle" option.
This commit is contained in:
Michael Weiss 2017-09-16 21:53:16 +02:00
parent 8ceb209830
commit 337380ea1d
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkgs/applications/version-management/git-repo/default.nix
View File

@ -1,5 +1,6 @@
{ stdenv, fetchFromGitHub, makeWrapper { stdenv, fetchFromGitHub, makeWrapper
, python, git, gnupg1compat, less }: , python, git, gnupg, less, cacert
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "git-repo-${version}"; name = "git-repo-${version}";
@ -13,16 +14,23 @@ stdenv.mkDerivation rec {
}; };
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [ makeWrapper ];
buildInputs = [ python git gnupg1compat less ]; buildInputs = [ python ];
# TODO: Cleanup
patchPhase = ''
CA_PATH="$(echo '${cacert}/etc/ssl/certs/ca-bundle.crt' | sed 's/\//\\\//g')" # / -> \/
sed -i -E 's/urlopen\(url\)/urlopen(url, cafile="'$CA_PATH'")/' repo
'';
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
cp $src/repo $out/bin/repo cp repo $out/bin/repo
''; '';
# Important runtime dependencies
postFixup = '' postFixup = ''
wrapProgram $out/bin/repo --prefix PATH ":" \ wrapProgram $out/bin/repo --prefix PATH ":" \
"${stdenv.lib.makeBinPath [ git gnupg1compat less ]}" "${stdenv.lib.makeBinPath [ git gnupg less ]}"
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

2
pkgs/build-support/fetchrepoproject/default.nix
View File

@ -21,8 +21,6 @@ let
"--manifest-url=${manifest}" "--manifest-url=${manifest}"
"--manifest-branch=${rev}" "--manifest-branch=${rev}"
"--depth=1" "--depth=1"
#TODO: fetching clone.bundle seems to fail spectacularly inside a sandbox.
"--no-clone-bundle"
(optionalString createMirror "--mirror") (optionalString createMirror "--mirror")
(optionalString useArchive "--archive") (optionalString useArchive "--archive")
] ++ extraRepoInitFlags; ] ++ extraRepoInitFlags;