Qyriad
a3be742bda
93cc06334
removed nss-cacert from the binary tarball, but they're necessary for global compatibility (and for our installer). This is what results in cacerts being in the default profile, so e.g. the daemon has TLS certs without having to use the system ones. There's a fallback behavior in the daemon script in case these wind up missing from the profile, but we don't want to have to rely on that, since the fallback fails if it doesn't recognize one of a handful of distros. Change-Id:I60d8e6f734469548e80d5f38113ef168f67cbf7d
35 lines
856 B
Nix
35 lines
856 B
Nix
{
|
|
buildPackages,
|
|
cacert,
|
|
nix,
|
|
system,
|
|
version,
|
|
}:
|
|
let
|
|
installerClosureInfo = buildPackages.closureInfo {
|
|
rootPaths = [
|
|
nix
|
|
cacert
|
|
];
|
|
};
|
|
|
|
meta.description = "Distribution-independent Nix bootstrap binaries for ${system}";
|
|
in
|
|
buildPackages.runCommand "nix-binary-tarball-${version}" { inherit meta; } ''
|
|
cp ${installerClosureInfo}/registration $TMPDIR/reginfo
|
|
|
|
dir=nix-${version}-${system}
|
|
fn=$out/$dir.tar.xz
|
|
mkdir -p $out/nix-support
|
|
echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
|
|
tar cvfJ $fn \
|
|
--owner=0 --group=0 --mode=u+rw,uga+r \
|
|
--mtime='1970-01-01' \
|
|
--absolute-names \
|
|
--hard-dereference \
|
|
--transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
|
|
--transform "s,$NIX_STORE,$dir/store,S" \
|
|
$TMPDIR/reginfo \
|
|
$(cat ${installerClosureInfo}/store-paths)
|
|
''
|