diff options
| author | Guillaume Maudoux <guillaume.maudoux@uclouvain.be> | 2017-03-21 10:28:44 +0100 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2017-03-22 15:44:20 +0100 |
| commit | c1401e1e4c56619d1e743f83eaaeac4a0fbfbfba (patch) | |
| tree | 2e220e5757022783cf324318cc64599824aab601 | |
| parent | pythonPackages.pygobject2: fixup conversation to buildPythonPackage (diff) | |
| download | nixpkgs-c1401e1e4c56619d1e743f83eaaeac4a0fbfbfba.tar.gz | |
curl, git: Fix curl default CA, let git use it
Improve patching of curl to use NIX_SSL_CERT_FILE as default CA
Remove patches from git, as git uses curl and passes its environment
variables to curl.
(cherry picked from commit 525a6631747597cd108bed21c26286637038b6a6)
3 files changed, 27 insertions, 19 deletions
diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index af5fc8a8be46..d6cc205bbae4 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -30,7 +30,6 @@ stdenv.mkDerivation { ./symlinks-in-bin.patch ./git-sh-i18n.patch ./ssh-path.patch - ./ssl-cert-file.patch ]; postPatch = '' diff --git a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch deleted file mode 100644 index 0e0697dfb211..000000000000 --- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c ---- git-2.7.4-orig/http.c 2016-03-17 21:47:59.000000000 +0100 -+++ git-2.7.4/http.c 2016-04-12 11:38:33.187070848 +0200 -@@ -544,6 +544,10 @@ - #if LIBCURL_VERSION_NUM >= 0x070908 - set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); - #endif -+ if (getenv("NIX_SSL_CERT_FILE")) -+ set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE"); -+ else -+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); - set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); - - set_from_env(&user_agent, "GIT_HTTP_USER_AGENT"); diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch index 20c408bfae23..14eaea7071bf 100644 --- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch +++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch @@ -1,7 +1,30 @@ -diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c ---- curl-7.50.3-orig/src/tool_operate.c 2016-09-06 23:25:06.000000000 +0200 -+++ curl-7.50.3/src/tool_operate.c 2016-10-14 11:51:48.999943142 +0200 -@@ -269,7 +269,9 @@ +diff --git a/lib/url.c b/lib/url.c +index 03feaa20f..43d3baa80 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set) + + /* This is our preferred CA cert bundle/path since install time */ + #if defined(CURL_CA_BUNDLE) +- result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE); ++ char* env = curl_getenv("NIX_SSL_CERT_FILE"); ++ if (!env) ++ env = CURL_CA_BUNDLE; ++ ++ result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env); + if(result) + return result; + +- result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE); ++ result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env); + if(result) + return result; + #endif +diff --git a/src/tool_operate.c b/src/tool_operate.c +index 572c8d0cc..ca4fb31cb 100644 +--- a/src/tool_operate.c ++++ b/src/tool_operate.c +@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global, capath_from_env = true; } else { |