From 272f2c365c0778836aeace102946f1040268c4a1 Mon Sep 17 00:00:00 2001 From: Wout Mertens Date: Tue, 25 Nov 2014 23:49:11 +0100 Subject: [PATCH 1/2] git: Support $SSL_CERT_FILE --- .../git-and-tools/git/default.nix | 9 +++++++-- .../git-and-tools/git/ssl-cert-file.patch | 13 +++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 7ba69a9fc182..69e88f32c41d 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -24,7 +24,12 @@ stdenv.mkDerivation { sha256 = "0mvgvr2hz25p49dhhizcw9591f2h17y2699mpmndis3kzap0c6zy"; }; - patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch ./cert-path.patch ]; + patches = [ + ./docbook2texi.patch + ./symlinks-in-bin.patch + ./cert-path.patch + ./ssl-cert-file.patch + ]; buildInputs = [curl openssl zlib expat gettext cpio makeWrapper] ++ stdenv.lib.optionals withManual [ asciidoc texinfo xmlto docbook2x @@ -142,6 +147,6 @@ stdenv.mkDerivation { ''; platforms = stdenv.lib.platforms.all; - maintainers = with stdenv.lib.maintainers; [ simons the-kenny ]; + maintainers = with stdenv.lib.maintainers; [ simons the-kenny wmertens ]; }; } diff --git a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch new file mode 100644 index 000000000000..dd216b7bf6f8 --- /dev/null +++ b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch @@ -0,0 +1,13 @@ +This patch adds support for the OpenSSL SSL_CERT_FILE environment variable. +GIT_SSL_CAINFO still takes precedence. + +--- git-orig/http.c.orig 2014-11-25 23:27:56.000000000 +0100 ++++ git-orig/http.c 2014-11-25 23:28:48.000000000 +0100 +@@ -433,6 +433,7 @@ + #if LIBCURL_VERSION_NUM >= 0x070908 + set_from_env(&ssl_capath, "GIT_SSL_CAPATH"); + #endif ++ set_from_env(&ssl_cainfo, "SSL_CERT_FILE"); + set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO"); + + set_from_env(&user_agent, "GIT_HTTP_USER_AGENT"); From 72b81cf8bbaa389c05baf2943b6330f9f333d6b4 Mon Sep 17 00:00:00 2001 From: Wout Mertens Date: Tue, 25 Nov 2014 23:52:01 +0100 Subject: [PATCH 2/2] Remove unnecessary $GIT_SSL_CAINFO from sys env --- nixos/modules/security/ca.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 8e653cd42847..e17ad448f401 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -16,7 +16,6 @@ with lib; { SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; # FIXME: unneeded - remove eventually. OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt"; }; };