Comments (10)
raboof
commented on July 1, 2024
1
What do you think?
Hmm, indeed curl in nixpkgs does reference NIX_SSL_CERT_FILE in a comment - not sure how this is intended to fit together.
#3155 and https://discourse.nixos.org/t/nix-cannot-find-my-custom-ssl-certificate/27361/5 might also be relevant.
from nix.
cole-h
commented on July 1, 2024
I wonder if behavior changes with --option ssl-cert-file /path/to/bundle (it might not, since I think it takes effect in the same way NIX_SSL_CERT_FILE does, but worth a shot...)
from nix.
leon-thomm
commented on July 1, 2024
yeah same result, unfortunately
from nix.
nixos-discourse
commented on July 1, 2024
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/nix-build-curl-issues-behind-proxy/45911/5
from nix.
raboof
commented on July 1, 2024
Fetchers such as
fetchzip
since fetchzip is not a nix builtin but implemented in nixpkgs (based on fetchurl), this issue should perhaps be moved to the nixpkgs repo instead?
from nix.
leon-thomm
commented on July 1, 2024
this issue should perhaps be moved to the nixpkgs repo instead?
I thought it might also be a Nix (daemon?) issue that it kills NIX_SSL_CERT_FILE or something, because I experienced this with multiple fetchers, but I don't actually know. What do you think?
from nix.
leon-thomm
commented on July 1, 2024
yeah, I saw those issues and already applied the Environment fix, by adding NIX_SSL_CERT_FILE to systemd.services.nix-daemon.serviceConfig.Environment, and checking systemctl show nix-daemon | grep Environment, whose output correctly includes
CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
from nix.
leon-thomm
commented on July 1, 2024
A workaround when using curl through fetchurl is to set NIX_CURL_FLAGS in the nix-daemon environment [1] [2]. On NixOS in configuration.nix you can do something like this:
systemd.services.nix-daemon = {
enable = true;
serviceConfig = {
Environment = [
"NIX_CURL_FLAGS=\"--cacert /etc/ssl/certs/ca-certificates.crt\""
];
};
};which seems to work in my setup. Still, I think NIX_SSL_CERT_FILE should be fixed and used instead.
edit: this workaround seems to work with nix-build but not with nixos-rebuild on NixOS which runs into the original error
from nix.
fricklerhandwerk
commented on July 1, 2024
Triaged in Nix maintainers meeting:
- This is a documentation issue, partly in the Nix manual, largely in the Nixpkgs manual.
from nix.
nixos-discourse
commented on July 1, 2024
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/2024-05-29-nix-team-meeting-minutes-148/46195/1
from nix.
Related Issues (20)
- Test repl completions HOT 4
- Removing static IP Configuration doesnt initiate dhcp renewal HOT 1
- the documentation of `nix_setting_get` requires calling `nix_libutil_init`, which achieves nothing HOT 1
- Issue with nix installation - syntax error *env-manifest.next1:1 HOT 5
- Get all shell scripts passing shellcheck HOT 2
- Poor performance of `nix build --debugger` HOT 3
- LocalStore does not set up or sanitize its build environment correctly HOT 4
- Docs: How to render an evaluation flame graph
- Spin out libfetchers into stand-alone project HOT 4
- Old `bash.bashrc.backup-before-nix` mentions Nix HOT 1
- the copy/download status when fetching flake lock archives is misleading/wrong
- "lock file contains unlocked input" when using (dirty) git+file:// input HOT 1
- File does not exist error improvement HOT 2
- NixOS Gnome Graphical Installer - Does not set keyboard layout inside installer HOT 1
- Support hard links within tar files being used as flake inputs type=tarball HOT 1
- No relevant error in `nix run` when CA SSL certs are misconfigured
- Make derivation building work on windows
- Functional tests that work on both Windows and Unix
- NUL bytes in JSON input are not handled correctly HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nix.