curl, git: Fix curl default CA, let git use it

Improve patching of curl to use NIX_SSL_CERT_FILE as default CA Remove patches from git, as git uses curl and passes its environment variables to curl.
2017-03-21 10:28:44 +01:00 · 2017-03-21 10:28:44 +01:00 · 525a663174
parent 1b0d9e9ae6
commit 525a663174
3 changed files with 27 additions and 19 deletions
--- a/pkgs/applications/version-management/git-and-tools/git/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git/default.nix
@ -30,7 +30,6 @@ stdenv.mkDerivation {
    ./symlinks-in-bin.patch
    ./git-sh-i18n.patch
    ./ssh-path.patch
-    ./ssl-cert-file.patch
  ];

  postPatch = ''
--- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
@ -1,14 +0,0 @@
-diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c
--- git-2.7.4-orig/http.c	2016-03-17 21:47:59.000000000 +0100
-+++ git-2.7.4/http.c	2016-04-12 11:38:33.187070848 +0200
-@@ -544,6 +544,10 @@
- #if LIBCURL_VERSION_NUM >= 0x070908
- 	set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
- #endif
-+	if (getenv("NIX_SSL_CERT_FILE"))
-+	  set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE");
-+	else
-+	  set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
- 	set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
- 
- 	set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
--- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
+++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
@ -1,7 +1,30 @@
-diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
--- curl-7.50.3-orig/src/tool_operate.c	2016-09-06 23:25:06.000000000 +0200
-+++ curl-7.50.3/src/tool_operate.c	2016-10-14 11:51:48.999943142 +0200
-@@ -269,7 +269,9 @@
+diff --git a/lib/url.c b/lib/url.c
+index 03feaa20f..43d3baa80 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
+ 
+   /* This is our preferred CA cert bundle/path since install time */
+ #if defined(CURL_CA_BUNDLE)
+-  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
+  char* env = curl_getenv("NIX_SSL_CERT_FILE");
+  if (!env)
+      env = CURL_CA_BUNDLE;
+
+  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env);
+   if(result)
+     return result;
+ 
+-  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
+  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env);
+   if(result)
+     return result;
+ #endif
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index 572c8d0cc..ca4fb31cb 100644
+--- a/src/tool_operate.c
+++ b/src/tool_operate.c
+@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
         capath_from_env = true;
       }
       else {