mirror of
https://github.com/NixOS/nix.git
synced 2024-11-25 00:02:25 +00:00
feat: use OSX keychain
This commit is contained in:
parent
09199a40cd
commit
849b52cc88
@ -77,6 +77,23 @@ Settings::Settings()
|
||||
if (sslOverride != "")
|
||||
caFile = sslOverride;
|
||||
|
||||
#ifdef __APPLE__
|
||||
if(caFile.get().starts_with("keychain:")){
|
||||
debug("reading %s",caFile.get());
|
||||
auto caContents = runProgram("/usr/bin/security", false, {"find-certificate", "-a", "-p", caFile.get().substr(9)});
|
||||
if (caContents.empty()){
|
||||
warn("reading '%s' found no certificates",caFile.get());
|
||||
}
|
||||
auto caFilePath = settings.nixConfDir + "/ssl-cert-file.keychain";
|
||||
auto caFilePathTmp = caFilePath + ".tmp";
|
||||
debug("writing to %s",caFilePathTmp);
|
||||
writeFile(caFilePathTmp.c_str(),caContents);
|
||||
// check failure?
|
||||
std::rename(caFilePathTmp.c_str(), caFilePath.c_str());
|
||||
caFile = caFilePath;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Backwards compatibility. */
|
||||
auto s = getEnv("NIX_REMOTE_SYSTEMS");
|
||||
if (s) {
|
||||
|
@ -1061,6 +1061,12 @@ public:
|
||||
|
||||
1. `NIX_SSL_CERT_FILE`
|
||||
2. `SSL_CERT_FILE`
|
||||
|
||||
Darwin only: The path can also be of form keychain:/path-to-keychain
|
||||
which will read the OSX keychain and write it to the config directory
|
||||
and use that file as the CA file. For example, setting
|
||||
"keychain:/System/Library/Keychains/SystemRootCertificates.keychain"
|
||||
will write to "/etc/nix/ssl-cert-file.keychain".
|
||||
)"};
|
||||
|
||||
#if __linux__
|
||||
|
Loading…
Reference in New Issue
Block a user