From 20cf0127f5a0cfd417bc7256db23f6eef2ad8141 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed, 10 Dec 2014 16:05:08 +0100 Subject: [PATCH] Include cacert in the binary tarball This prevents having to fetch Nixpkgs or cacert over http. --- release.nix | 9 +++++---- scripts/install-nix-from-closure.sh | 7 +++++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/release.nix b/release.nix index af0e2362b..a08cf7a96 100644 --- a/release.nix +++ b/release.nix @@ -122,15 +122,16 @@ let in runCommand "nix-binary-tarball-${version}" - { exportReferencesGraph = [ "closure" toplevel ]; + { exportReferencesGraph = [ "closure1" toplevel "closure2" cacert ]; buildInputs = [ perl ]; meta.description = "Distribution-independent Nix bootstrap binaries for ${system}"; } '' - storePaths=$(perl ${pathsFromGraph} ./closure) - printRegistration=1 perl ${pathsFromGraph} ./closure > $TMPDIR/reginfo + storePaths=$(perl ${pathsFromGraph} ./closure1 ./closure2) + printRegistration=1 perl ${pathsFromGraph} ./closure1 ./closure2 > $TMPDIR/reginfo substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \ - --subst-var-by nix ${toplevel} + --subst-var-by nix ${toplevel} \ + --subst-var-by cacert ${cacert} chmod +x $TMPDIR/install dir=nix-${version}-${system} fn=$out/$dir.tar.bz2 diff --git a/scripts/install-nix-from-closure.sh b/scripts/install-nix-from-closure.sh index 467fc50d6..9977dca2c 100644 --- a/scripts/install-nix-from-closure.sh +++ b/scripts/install-nix-from-closure.sh @@ -5,6 +5,7 @@ set -e dest="/nix" self="$(dirname "$0")" nix="@nix@" +cacert="@cacert@" if ! [ -e $self/.reginfo ]; then echo "$0: incomplete installer (.reginfo is missing)" >&2 @@ -66,7 +67,7 @@ fi . $nix/etc/profile.d/nix.sh -if ! $nix/bin/nix-env -i $nix; then +if ! $nix/bin/nix-env -i "$nix"; then echo "$0: unable to install Nix into your default profile" >&2 exit 1 fi @@ -80,7 +81,9 @@ if [ -z "$_NIX_INSTALLER_TEST" ]; then fi # Install an SSL certificate bundle. -$nix/bin/nix-env -iA nixpkgs.cacert || true +if [ -z "$SSL_CERT_FILE" ]; then + $nix/bin/nix-env -i "$cacert" +fi # Make the shell source nix.sh during login. p=$NIX_LINK/etc/profile.d/nix.sh