mirror of
https://github.com/NixOS/nix.git
synced 2024-11-24 15:52:30 +00:00
fix passing CA files into builtins:fetchurl sandbox
This patch has been manually adapted from14dc84ed03
Tested with: $ NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }' warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=' this derivation will be built: /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'... error: … writing file '/nix/store/0zynn4n8yx59bczy1mgh1lq2rnprvvrc-google.com' error: unable to download 'https://google.com': Problem with the SSL CA cert (path? access rights?) (77) error: builder for '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv' failed with exit code 1 Now returns: nix-env % NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }' this derivation will be built: /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'... error: hash mismatch in fixed-output derivation '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv': specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= got: sha256-5xXEhGtnRdopaUTqaz2M1o2NE7ovhU0SjcSOPwntqwY= (cherry picked from commit 1fbdf409524bb350b8614f3d95067cb9ba3c57f2) (cherry picked from commit9b818f14dd
) # Conflicts: # src/libstore/build/local-derivation-goal.cc # src/libstore/builtins/fetchurl.cc
This commit is contained in:
parent
52166fd12e
commit
e393ee3fdb
@ -1748,11 +1748,19 @@ void LocalDerivationGoal::runChild()
|
||||
if (drv->isBuiltin() && drv->builder == "builtin:fetchurl") {
|
||||
try {
|
||||
netrcData = readFile(settings.netrcFile);
|
||||
<<<<<<< HEAD
|
||||
} catch (SysError &) { }
|
||||
|
||||
try {
|
||||
caFileData = readFile(settings.caFile);
|
||||
} catch (SysError &) { }
|
||||
=======
|
||||
} catch (SystemError &) { }
|
||||
|
||||
try {
|
||||
caFileData = readFile(settings.caFile);
|
||||
} catch (SystemError &) { }
|
||||
>>>>>>> 9b818f14d (fix passing CA files into builtins:fetchurl sandbox)
|
||||
}
|
||||
|
||||
#if __linux__
|
||||
|
@ -21,6 +21,16 @@ void builtinFetchurl(
|
||||
|
||||
settings.caFile = "ca-certificates.crt";
|
||||
writeFile(settings.caFile, caFileData, 0600);
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
|
||||
auto out = get(drv.outputs, "out");
|
||||
if (!out)
|
||||
throw Error("'builtin:fetchurl' requires an 'out' output");
|
||||
|
||||
if (!(drv.type().isFixed() || drv.type().isImpure()))
|
||||
throw Error("'builtin:fetchurl' must be a fixed-output or impure derivation");
|
||||
>>>>>>> 9b818f14d (fix passing CA files into builtins:fetchurl sandbox)
|
||||
|
||||
auto getAttr = [&](const std::string & name) {
|
||||
auto i = drv.env.find(name);
|
||||
|
Loading…
Reference in New Issue
Block a user