From 20cf0127f5a0cfd417bc7256db23f6eef2ad8141 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 10 Dec 2014 16:05:08 +0100
Subject: [PATCH] Include cacert in the binary tarball

This prevents having to fetch Nixpkgs or cacert over http.
---
 release.nix                         | 9 +++++----
 scripts/install-nix-from-closure.sh | 7 +++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/release.nix b/release.nix
index af0e2362b..a08cf7a96 100644
--- a/release.nix
+++ b/release.nix
@@ -122,15 +122,16 @@ let
       in
 
       runCommand "nix-binary-tarball-${version}"
-        { exportReferencesGraph = [ "closure" toplevel ];
+        { exportReferencesGraph = [ "closure1" toplevel "closure2" cacert ];
           buildInputs = [ perl ];
           meta.description = "Distribution-independent Nix bootstrap binaries for ${system}";
         }
         ''
-          storePaths=$(perl ${pathsFromGraph} ./closure)
-          printRegistration=1 perl ${pathsFromGraph} ./closure > $TMPDIR/reginfo
+          storePaths=$(perl ${pathsFromGraph} ./closure1 ./closure2)
+          printRegistration=1 perl ${pathsFromGraph} ./closure1 ./closure2 > $TMPDIR/reginfo
           substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
-            --subst-var-by nix ${toplevel}
+            --subst-var-by nix ${toplevel} \
+            --subst-var-by cacert ${cacert}
           chmod +x $TMPDIR/install
           dir=nix-${version}-${system}
           fn=$out/$dir.tar.bz2
diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh
index 467fc50d6..9977dca2c 100644
--- a/scripts/install-nix-from-closure.sh
+++ b/scripts/install-nix-from-closure.sh
@@ -5,6 +5,7 @@ set -e
 dest="/nix"
 self="$(dirname "$0")"
 nix="@nix@"
+cacert="@cacert@"
 
 if ! [ -e $self/.reginfo ]; then
     echo "$0: incomplete installer (.reginfo is missing)" >&2
@@ -66,7 +67,7 @@ fi
 
 . $nix/etc/profile.d/nix.sh
 
-if ! $nix/bin/nix-env -i $nix; then
+if ! $nix/bin/nix-env -i "$nix"; then
     echo "$0: unable to install Nix into your default profile" >&2
     exit 1
 fi
@@ -80,7 +81,9 @@ if [ -z "$_NIX_INSTALLER_TEST" ]; then
 fi
 
 # Install an SSL certificate bundle.
-$nix/bin/nix-env -iA nixpkgs.cacert || true
+if [ -z "$SSL_CERT_FILE" ]; then
+    $nix/bin/nix-env -i "$cacert"
+fi
 
 # Make the shell source nix.sh during login.
 p=$NIX_LINK/etc/profile.d/nix.sh