curl, git: Fix curl default CA, let git use it

Improve patching of curl to use NIX_SSL_CERT_FILE as default CA Remove patches from git, as git uses curl and passes its environment variables to curl.
2017-03-21 10:28:44 +01:00 · 2017-03-21 10:28:44 +01:00 · 525a663174
parent 1b0d9e9ae6
commit 525a663174
3 changed files with 27 additions and 19 deletions
--- a/pkgs/applications/version-management/git-and-tools/git/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git/default.nix
@ -30,7 +30,6 @@ stdenv.mkDerivation {
    ./symlinks-in-bin.patch
    ./git-sh-i18n.patch
    ./ssh-path.patch
    ./ssl-cert-file.patch
  ];
  postPatch = ''
--- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
@ -1,14 +0,0 @@
 diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c
 --- git-2.7.4-orig/http.c	2016-03-17 21:47:59.000000000 +0100
 +++ git-2.7.4/http.c	2016-04-12 11:38:33.187070848 +0200
@@ -544,6 +544,10 @@
 #if LIBCURL_VERSION_NUM >= 0x070908
 	set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
 #endif
 +	if (getenv("NIX_SSL_CERT_FILE"))
 +	  set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE");
 +	else
 +	  set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
 	set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
 	set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
--- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
+++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
@ -1,7 +1,30 @@
-diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
+diff --git a/lib/url.c b/lib/url.c
--- curl-7.50.3-orig/src/tool_operate.c	2016-09-06 23:25:06.000000000 +0200
+index 03feaa20f..43d3baa80 100644
-+++ curl-7.50.3/src/tool_operate.c	2016-10-14 11:51:48.999943142 +0200
+--- a/lib/url.c
-@@ -269,7 +269,9 @@
+++ b/lib/url.c
@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
   /* This is our preferred CA cert bundle/path since install time */
 #if defined(CURL_CA_BUNDLE)
 -  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
 +  char* env = curl_getenv("NIX_SSL_CERT_FILE");
 +  if (!env)
 +      env = CURL_CA_BUNDLE;
 +
 +  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env);
   if(result)
     return result;
 -  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
 +  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env);
   if(result)
     return result;
 #endif
 diff --git a/src/tool_operate.c b/src/tool_operate.c
 index 572c8d0cc..ca4fb31cb 100644
 --- a/src/tool_operate.c
 +++ b/src/tool_operate.c
@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
         capath_from_env = true;
       }
       else {