From 1241a589756414222bbac731686dc3e2cc2538b3 Mon Sep 17 00:00:00 2001 From: Luke Clifton Date: Wed, 19 Sep 2018 15:10:06 +0800 Subject: [PATCH 1/2] Look inside the user profile --- scripts/nix-profile-daemon.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/nix-profile-daemon.sh.in b/scripts/nix-profile-daemon.sh.in index 1be9a0755..432100d16 100644 --- a/scripts/nix-profile-daemon.sh.in +++ b/scripts/nix-profile-daemon.sh.in @@ -61,8 +61,8 @@ elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt -elif [ -e "$NIX_USER_PROFILE_DIR/etc/ssl/certs/ca-bundle.crt" ]; then # fall back to cacert in the user's Nix profile - export NIX_SSL_CERT_FILE=$NIX_USER_PROFILE_DIR/etc/ssl/certs/ca-bundle.crt +elif [ -e "$NIX_USER_PROFILE_DIR/profile/etc/ssl/certs/ca-bundle.crt" ]; then # fall back to cacert in the user's Nix profile + export NIX_SSL_CERT_FILE=$NIX_USER_PROFILE_DIR/profile/etc/ssl/certs/ca-bundle.crt elif [ -e "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]; then # fall back to cacert in the default Nix profile export NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt fi From fb72104b80eb5747788ac32bcef9fc1db00d9825 Mon Sep 17 00:00:00 2001 From: Luke Clifton Date: Thu, 20 Sep 2018 07:33:35 +0800 Subject: [PATCH 2/2] Search NIX_PROFILE for SSL CA --- scripts/nix-profile-daemon.sh.in | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/nix-profile-daemon.sh.in b/scripts/nix-profile-daemon.sh.in index 432100d16..567a543d9 100644 --- a/scripts/nix-profile-daemon.sh.in +++ b/scripts/nix-profile-daemon.sh.in @@ -61,10 +61,13 @@ elif [ -e /etc/ssl/certs/ca-bundle.crt ]; then # Old NixOS export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt elif [ -e /etc/pki/tls/certs/ca-bundle.crt ]; then # Fedora, CentOS export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt -elif [ -e "$NIX_USER_PROFILE_DIR/profile/etc/ssl/certs/ca-bundle.crt" ]; then # fall back to cacert in the user's Nix profile - export NIX_SSL_CERT_FILE=$NIX_USER_PROFILE_DIR/profile/etc/ssl/certs/ca-bundle.crt -elif [ -e "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]; then # fall back to cacert in the default Nix profile - export NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt +else + # Fall back to what is in the nix profiles, favouring whatever is defined last. + for i in $NIX_PROFILES; do + if [ -e $i/etc/ssl/certs/ca-bundle.crt ]; then + export NIX_SSL_CERT_FILE=$i/etc/ssl/certs/ca-bundle.crt + fi + done fi export NIX_PATH="nixpkgs=@localstatedir@/nix/profiles/per-user/root/channels/nixpkgs:@localstatedir@/nix/profiles/per-user/root/channels"