nordic-dev.net/nix
nordic-dev.net/nix
2
0
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2024-11-24 15:52:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
mergify/bp/2.19-maintenance/pr-11686
nix/src
History
Puck Meerburg e393ee3fdb fix passing CA files into builtins:fetchurl sandbox 
This patch has been manually adapted from
14dc84ed03

Tested with:

$ NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
  /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'...
error:
       … writing file '/nix/store/0zynn4n8yx59bczy1mgh1lq2rnprvvrc-google.com'

       error: unable to download 'https://google.com': Problem with the SSL CA cert (path? access rights?) (77)
error: builder for '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv' failed with exit code 1

Now returns:

nix-env % NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
this derivation will be built:
  /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'...
error: hash mismatch in fixed-output derivation '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv':
         specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
            got:    sha256-5xXEhGtnRdopaUTqaz2M1o2NE7ovhU0SjcSOPwntqwY=

(cherry picked from commit 1fbdf409524bb350b8614f3d95067cb9ba3c57f2)
(cherry picked from commit 9b818f14dd)

# Conflicts:
#	src/libstore/build/local-derivation-goal.cc
#	src/libstore/builtins/fetchurl.cc
2024-10-29 20:11:31 +00:00
..
build-remote Allow dynamic derivation deps in inputDrvs 2023-09-07 10:39:37 -04:00
libcmd add deprecation warnings in documentation 2023-11-27 14:08:16 +01:00
libexpr builtins.addDrvOutputDependencies: fix commentary 2024-03-29 10:56:43 +00:00
libfetchers Merge pull request #9283 from obsidiansystems/mememory-source-accessor 2023-11-06 19:51:02 +01:00
libmain Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
libstore fix passing CA files into builtins:fetchurl sandbox 2024-10-29 20:11:31 +00:00
libutil Merge pull request from GHSA-q82p-44mg-mgh5 2024-06-26 18:49:22 -04:00
nix Use proper struct sockpeercred for SO_PEERCRED for OpenBSD 2024-07-03 15:57:03 +00:00
nix-build fix: check to see if there are any lines before 2024-08-19 14:28:12 +00:00
nix-channel Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
nix-collect-garbage Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
nix-copy-closure Remove stray executable permissions on source files 2023-11-02 09:24:21 +01:00
nix-env nix-env: Use state.mkList, required for correct stats 2023-11-17 10:23:32 +01:00
nix-instantiate Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
nix-store Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
resolve-system-dependencies Remove FormatOrString and remaining uses of format() 2023-03-02 15:57:54 +01:00
toml11 Replace cpptoml with toml11 2021-12-17 22:03:33 +01:00