Nix, the purely functional package manager
Go to file
Puck Meerburg c05219d497 fix passing CA files into builtins:fetchurl sandbox
This patch has been manually adapted from
14dc84ed03

Tested with:

$ NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
Finished at 16:57:50 after 1s
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
  /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> error:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>        … writing file '/nix/store/0zynn4n8yx59bczy1mgh1lq2rnprvvrc-google.com'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com>        error: unable to download 'https://google.com': Problem with the SSL CA cert (path? access rights?) (77) error setting certificate file: /nix/store/nlgbippbbgn38hynjkp1ghiybcq1dqhx-nss-cacert-3.101.1/etc/ssl/certs/ca-bundle.crt
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
error: builder for '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv' failed with exit code 1

Now returns:

nix-env % NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }'
Finished at 17:05:48 after 0s
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
  /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
google.com> building '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv'
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory)
error: hash mismatch in fixed-output derivation '/nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv':
         specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

(cherry picked from commit c1ecf0bee9)
2024-10-07 12:43:46 +00:00
.github Fix the docker push job 2024-03-02 09:00:42 +01:00
config Remove and gitignore the autoreconf generated files 2024-03-02 10:18:47 +01:00
contrib function-trace: always show the trace 2019-09-18 23:23:21 +02:00
dep-patches Move dependency patches from top level into subdir 2024-01-17 13:13:54 -05:00
doc Typo 2024-09-26 00:20:22 +02:00
m4 Add configure test to ensure GCC bug is fixed 2023-10-31 12:09:46 -04:00
maintainers maintainers/upload-release.pl: Handle 2.3 and 2.18 branches 2024-03-07 16:53:34 +01:00
misc Remove custom lowdown 2023-12-13 16:25:18 -05:00
mk Replace foo with __NIX_STR in cxx-big-literal 2024-03-09 17:05:56 -08:00
perl Add Git object hashing to the store layer 2024-02-27 11:27:34 -05:00
scripts install-darwin: increment base UID by 1 (#15) 2024-09-03 23:58:12 +00:00
src fix passing CA files into builtins:fetchurl sandbox 2024-10-07 12:43:46 +00:00
tests fix passing CA files into builtins:fetchurl sandbox 2024-10-07 12:43:46 +00:00
.clang-format Add clang format configuration 2024-01-08 19:46:38 +01:00
.clang-tidy Add .clang-tidy 2024-02-01 01:01:39 +01:00
.dir-locals.el .dir-locals.el: Set c-block-comment-prefix 2020-07-10 11:21:06 +02:00
.editorconfig .editorconfig: Also affect Perl FFI xs file 2023-11-09 23:11:52 -05:00
.gitignore Remove and gitignore the autoreconf generated files 2024-03-02 10:18:47 +01:00
.version Bump version 2024-07-10 13:50:22 +02:00
configure.ac Don't hardcode the -O2 compiler flag 2024-02-09 06:27:24 +01:00
CONTRIBUTING.md docs: Fix link to release note documentation 2024-03-08 20:04:55 +01:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
default.nix add flake-compat to flake.nix and use sha256 in default.nix 2023-03-06 21:11:24 +01:00
docker.nix fix "add an option to include flake-registry..." 2023-05-16 14:35:31 +02:00
flake.lock flake.lock: Strip out treeHash. Too soon... 2024-02-28 07:08:21 +01:00
flake.nix installerScriptForGHA: aarch64-darwin 2024-09-09 15:55:07 +00:00
local.mk Use positive source filtering for the standalone functional tests job 2023-10-09 08:29:27 -04:00
Makefile unset NIX_HARDENING_ENABLE in fast build mode 2024-02-28 08:07:51 +01:00
Makefile.config.in Simplify RapidCheck configure 2024-01-15 08:05:05 -05:00
package.nix Run preInstallCheck even when not building 2024-03-11 15:34:23 +01:00
precompiled-headers.h Config: Use nlohmann/json 2020-08-20 11:02:16 +02:00
README.md fix: Remove extra to from README.md (#9213) 2023-10-23 19:20:23 +02:00
shell.nix Remove url literals 2022-01-24 13:28:21 +01:00

Nix

Open Collective supporters Test

Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.

Installation and first steps

Visit nix.dev for installation instructions and beginner tutorials.

Full reference documentation can be found in the Nix manual.

Building And Developing

See our Hacking guide in our manual for instruction on how to set up a development environment and build Nix from source.

Contributing

Check the contributing guide if you want to get involved with developing Nix.

Additional Resources

License

Nix is released under the LGPL v2.1.