public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out

Browse Source
This commit is contained in:
William A. Kennington III 2015-06-05 13:00:52 -07:00
parent 9176f73cee
commit ffd0539eba
24 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/security/ca.nix
View File

@ -22,7 +22,7 @@ in
security.pki.certificateFiles = mkOption { security.pki.certificateFiles = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = []; default = [];
example = literalExample "[ \"\${pkgs.cacert}/ca-bundle.crt\" ]"; example = literalExample "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]";
description = '' description = ''
A list of files containing trusted root certificates in PEM A list of files containing trusted root certificates in PEM
format. These are concatenated to form format. These are concatenated to form
@ -53,7 +53,7 @@ in
config = { config = {
security.pki.certificateFiles = [ "${pkgs.cacert}/ca-bundle.crt" ]; security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;

2
pkgs/applications/graphics/shotwell/default.nix
View File

@ -13,7 +13,7 @@ let
sha256 = "0fmg7fq5fx0jg3ryk71kwdkspsvj42acxy9imk7vznkqj29a9zqn"; sha256 = "0fmg7fq5fx0jg3ryk71kwdkspsvj42acxy9imk7vznkqj29a9zqn";
}; };
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt"; configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
buildInputs = [ pkgconfig glib libsoup ]; buildInputs = [ pkgconfig glib libsoup ];
}; };

2
pkgs/applications/networking/browsers/vimb/default.nix
View File

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
# Nixos default ca bundle # Nixos default ca bundle
patchPhase = '' patchPhase = ''
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/ca-bundle.crt, src/config.def.h sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, src/config.def.h
''; '';
buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ]; buildInputs = [ makeWrapper gtk libsoup pkgconfig webkit gsettings_desktop_schemas ];

2
pkgs/applications/networking/browsers/vimprobable2/default.nix
View File

@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
# Nixos default ca bundle # Nixos default ca bundle
patchPhase = '' patchPhase = ''
sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/ca-bundle.crt, config.h sed -i s,/etc/ssl/certs/ca-certificates.crt,${cacert}/etc/ssl/certs/ca-bundle.crt, config.h
''; '';
buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ]; buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];

4
pkgs/applications/networking/cluster/panamax/api/default.nix
View File

@ -62,8 +62,8 @@ stdenv.mkDerivation rec {
--prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \ --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
--prefix "HOME" : "$out/share/panamax-api" \ --prefix "HOME" : "$out/share/panamax-api" \
--prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \ --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
--prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \ --prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
--prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \ --prefix "SSL_CERT_FILE" : "${cacert}/etc/ssl/certs/ca-bundle.crt" \
--prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}" --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
''; '';

2
pkgs/applications/networking/instant-messengers/fuze/default.nix
View File

@ -6,7 +6,7 @@ assert stdenv.system == "x86_64-linux";
let let
curl_custom = curl_custom =
stdenv.lib.overrideDerivation curl (args: { stdenv.lib.overrideDerivation curl (args: {
configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/ca-bundle.crt"] ; configureFlags = args.configureFlags ++ ["--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt"] ;
} ); } );
in in
stdenv.mkDerivation { stdenv.mkDerivation {

2
pkgs/applications/networking/instant-messengers/telepathy/gabble/default.nix
View File

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
buildInputs = [ libxml2 dbus_glib sqlite libsoup libnice telepathy_glib gnutls ] buildInputs = [ libxml2 dbus_glib sqlite libsoup libnice telepathy_glib gnutls ]
++ stdenv.lib.optional doCheck dbus_daemon; ++ stdenv.lib.optional doCheck dbus_daemon;
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt"; configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
enableParallelBuilding = true; enableParallelBuilding = true;
doCheck = true; doCheck = true;

2
pkgs/applications/networking/irc/weechat/default.nix
View File

@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
cacert cmake ] cacert cmake ]
++ extraBuildInputs; ++ extraBuildInputs;
NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/ca-bundle.crt"; NIX_CFLAGS_COMPILE = "-I${python}/include/${python.libPrefix} -DCA_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt";
postInstall = '' postInstall = ''
NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages" NIX_PYTHONPATH="$out/lib/${python.libPrefix}/site-packages"

2
pkgs/applications/version-management/bazaar/default.nix
View File

@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
patches = [ ./add_certificates.patch ]; patches = [ ./add_certificates.patch ];
postPatch = '' postPatch = ''
substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \ substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \
--subst-var-by "certPath" "${cacert}/ca-bundle.crt" --subst-var-by "certPath" "${cacert}/etc/ssl/certs/ca-bundle.crt"
''; '';

2
pkgs/applications/version-management/mercurial/default.nix
View File

@ -44,7 +44,7 @@ stdenv.mkDerivation {
mkdir -p $out/etc/mercurial mkdir -p $out/etc/mercurial
cat >> $out/etc/mercurial/hgrc << EOF cat >> $out/etc/mercurial/hgrc << EOF
[web] [web]
cacerts = ${cacert}/ca-bundle.crt cacerts = ${cacert}/etc/ssl/certs/ca-bundle.crt
EOF EOF
# copy hgweb.cgi to allow use in apache # copy hgweb.cgi to allow use in apache

2
pkgs/build-support/fetchgit/default.nix
View File

@ -54,7 +54,7 @@ stdenv.mkDerivation {
inherit url rev leaveDotGit fetchSubmodules deepClone branchName; inherit url rev leaveDotGit fetchSubmodules deepClone branchName;
GIT_SSL_CAINFO = "${cacert}/ca-bundle.crt"; GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
impureEnvVars = [ impureEnvVars = [
# We borrow these environment variables from the caller to allow # We borrow these environment variables from the caller to allow

2
pkgs/build-support/rust/fetchcargo.nix
View File

@ -16,7 +16,7 @@ stdenv.mkDerivation {
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHash = sha256; outputHash = sha256;
SSL_CERT_FILE = "${cacert}/ca-bundle.crt"; SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ]; impureEnvVars = [ "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy" ];
preferLocalBuild = true; preferLocalBuild = true;

4
pkgs/data/misc/cacert/default.nix
View File

@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
''; '';
installPhase = '' installPhase = ''
mkdir -pv $out mkdir -pv $out/etc/ssl/certs
cp -v ca-bundle.crt $out cp -v ca-bundle.crt $out/etc/ssl/certs
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {

2
pkgs/desktops/gnome-3/3.16/core/gnome-keyring/default.nix
View File

@ -22,7 +22,7 @@ in stdenv.mkDerivation rec {
nativeBuildInputs = [ pkgconfig intltool docbook_xsl_ns docbook_xsl ]; nativeBuildInputs = [ pkgconfig intltool docbook_xsl_ns docbook_xsl ];
configureFlags = [ configureFlags = [
"--with-ca-certificates=${cacert}/ca-bundle.crt" # NixOS hardcoded path "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt" # NixOS hardcoded path
"--with-pkcs11-config=$$out/etc/pkcs11/" # installation directories "--with-pkcs11-config=$$out/etc/pkcs11/" # installation directories
"--with-pkcs11-modules=$$out/lib/pkcs11/" "--with-pkcs11-modules=$$out/lib/pkcs11/"
]; ];

2
pkgs/desktops/gnome-3/3.16/core/rest/default.nix
View File

@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
buildInputs = [ pkgconfig glib libsoup gobjectIntrospection]; buildInputs = [ pkgconfig glib libsoup gobjectIntrospection];
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt"; configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
meta = with stdenv.lib; { meta = with stdenv.lib; {
platforms = platforms.linux; platforms = platforms.linux;

2
pkgs/development/compilers/icedtea/default.nix
View File

@ -135,7 +135,7 @@ let
# Generate certificates. # Generate certificates.
pushd $jre/lib/icedtea/jre/lib/security pushd $jre/lib/icedtea/jre/lib/security
rm cacerts rm cacerts
perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/ca-bundle.crt perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
popd popd
ln -s $out/lib/icedtea/bin $out/bin ln -s $out/lib/icedtea/bin $out/bin

2
pkgs/development/compilers/openjdk/default.nix
View File

@ -142,7 +142,7 @@ let
# Generate certificates. # Generate certificates.
pushd $jre/lib/openjdk/jre/lib/security pushd $jre/lib/openjdk/jre/lib/security
rm cacerts rm cacerts
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/ca-bundle.crt perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
popd popd
ln -s $out/lib/openjdk/bin $out/bin ln -s $out/lib/openjdk/bin $out/bin

2
pkgs/development/compilers/openjdk/openjdk8.nix
View File

@ -136,7 +136,7 @@ let
# Generate certificates. # Generate certificates.
pushd $jre/lib/openjdk/jre/lib/security pushd $jre/lib/openjdk/jre/lib/security
rm cacerts rm cacerts
perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/ca-bundle.crt perl ${./generate-cacerts.pl} $jre/lib/openjdk/jre/bin/keytool ${cacert}/etc/ssl/certs/ca-bundle.crt
popd popd
ln -s $out/lib/openjdk/bin $out/bin ln -s $out/lib/openjdk/bin $out/bin

2
pkgs/development/interpreters/elixir/default.nix
View File

@ -33,7 +33,7 @@ stdenv.mkDerivation {
if [ $b == "mix" ]; then continue; fi if [ $b == "mix" ]; then continue; fi
wrapProgram $f \ wrapProgram $f \
--prefix PATH ":" "${erlang}/bin:${coreutils}/bin:${curl}/bin:${bash}/bin" \ --prefix PATH ":" "${erlang}/bin:${coreutils}/bin:${curl}/bin:${bash}/bin" \
--set CURL_CA_BUNDLE "${cacert}/ca-bundle.crt" --set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
done done
''; '';

2
pkgs/development/libraries/glib-networking/default.nix
View File

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
sha256 = "8f8a340d3ba99bfdef38b653da929652ea6640e27969d29f7ac51fbbe11a4346"; sha256 = "8f8a340d3ba99bfdef38b653da929652ea6640e27969d29f7ac51fbbe11a4346";
}; };
configureFlags = "--with-ca-certificates=${cacert}/ca-bundle.crt"; configureFlags = "--with-ca-certificates=${cacert}/etc/ssl/certs/ca-bundle.crt";
preBuild = '' preBuild = ''
sed -e "s@${glib}/lib/gio/modules@$out/lib/gio/modules@g" -i $(find . -name Makefile) sed -e "s@${glib}/lib/gio/modules@$out/lib/gio/modules@g" -i $(find . -name Makefile)

4
pkgs/development/lisp-modules/lisp-packages.nix
View File

@ -40,7 +40,7 @@ let lispPackages = rec {
url = "https://common-lisp.net/project/iterate/darcs/iterate"; url = "https://common-lisp.net/project/iterate/darcs/iterate";
sha256 = "0gm05s3laiivsqgqjfj1rkz83c2c0jyn4msfgbv6sz42znjpam25"; sha256 = "0gm05s3laiivsqgqjfj1rkz83c2c0jyn4msfgbv6sz42znjpam25";
context = ./iterate.darcs-context; context = ./iterate.darcs-context;
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/ca-bundle.crt";})); }) (x: {SSL_CERT_FILE=pkgs.cacert + "/etc/ssl/certs/ca-bundle.crt";}));
overrides = x: { overrides = x: {
configurePhase="buildPhase(){ true; }"; configurePhase="buildPhase(){ true; }";
}; };
@ -314,7 +314,7 @@ let lispPackages = rec {
src = (pkgs.lib.overrideDerivation (pkgs.fetchdarcs { src = (pkgs.lib.overrideDerivation (pkgs.fetchdarcs {
url = ''http://common-lisp.net/project/trivial-utf-8/darcs/trivial-utf-8/''; url = ''http://common-lisp.net/project/trivial-utf-8/darcs/trivial-utf-8/'';
sha256 = "1jz27gz8gvqdmvp3k9bxschs6d5b3qgk94qp2bj6nv1d0jc3m1l1"; sha256 = "1jz27gz8gvqdmvp3k9bxschs6d5b3qgk94qp2bj6nv1d0jc3m1l1";
}) (x: {SSL_CERT_FILE=pkgs.cacert + "/ca-bundle.crt";})); }) (x: {SSL_CERT_FILE=pkgs.cacert + "/etc/ssl/certs/ca-bundle.crt";}));
}; };
cl-fuse-meta-fs = buildLispPackage rec { cl-fuse-meta-fs = buildLispPackage rec {

2
pkgs/servers/mail/opensmtpd/default.nix
View File

@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
"--with-sock-dir=/run" "--with-sock-dir=/run"
"--with-privsep-user=smtpd" "--with-privsep-user=smtpd"
"--with-queue-user=smtpq" "--with-queue-user=smtpq"
"--with-ca-file=${cacert}/ca-bundle.crt" "--with-ca-file=${cacert}/etc/ssl/certs/ca-bundle.crt"
]; ];
installFlags = [ installFlags = [

2
pkgs/tools/networking/aria2/default.nix
View File

@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ cacert ]; propagatedBuildInputs = [ cacert ];
configureFlags = [ "--with-ca-bundle=${cacert}/ca-bundle.crt" ]; configureFlags = [ "--with-ca-bundle=${cacert}/etc/ssl/certs/ca-bundle.crt" ];
meta = with stdenv.lib; { meta = with stdenv.lib; {
homepage = http://aria2.sourceforge.net/; homepage = http://aria2.sourceforge.net/;

2
pkgs/tools/security/prey/default.nix
View File

@ -36,7 +36,7 @@ in stdenv.mkDerivation rec {
cp -R ${modulesSrc}/* $out/modules/ cp -R ${modulesSrc}/* $out/modules/
wrapProgram "$out/prey.sh" \ wrapProgram "$out/prey.sh" \
--prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \ --prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \
--set CURL_CA_BUNDLE "${cacert}/ca-bundle.crt" --set CURL_CA_BUNDLE "${cacert}/etc/ssl/certs/ca-bundle.crt"
''; '';
meta = with stdenv.lib; { meta = with stdenv.lib; {