$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides
the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows
Nix to set a CA path without interfering with other packages (such as
Homebrew).
See https://github.com/NixOS/nix/issues/921.
Note: I ignored the C++ libraries, but it appears we're not currently
using them. Once we do, we'll probably want to put them in a separate
output as well (to prevent non-C++ users from depending on Boost).
I assume there's not much use for it during bootstrapping.
This fixes them as well, as curl was compiled against libnghttp2 but the
lib wasn't copied to the bootstrap tools.
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
... after auto-removing some kinds of files by default.
In some cases I let them be removed and in others I let them be put into
$docdev. That was more due to general indecisiveness on this question
than any reasons in the particular cases.
The previous attempt to patch libcurl used
getenv("CURL_CA_BUNDLE") || getenv("SSL_CERT_FILE")
to get the second environment variable if the first is unset.
Unfortunately, this broke libcurl because the (||) operator is C returns
only 0 or 1, so it is inappropriate for pointer comparisons! Now we use
getenv("CURL_CA_BUNDLE") ? getenv("CURL_CA_BUNDLE") : getenv("SSL_CERT_FILE")
instead. This has one downside: it always calls getenv twice! But,
that's a small price to pay for actually being correct.
This version contains a security fix for CVE-2013-0249, for details please have
a look at:
http://curl.haxx.se/docs/adv_20130206.html
Thanks to @roconnor for pointing this out.
I'm pushing this to stdenv-updates because I'm not quite sure if it will break
other things because 7.29.0 is now non-blocking by default. Plus the security
vulnerability only affects IMAP, POP3 and SMTP protocol support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cherry-picked into master, this won't change stdenv.
Signed-off-by: Shea Levy <shea@shealevy.com>
This version contains a security fix for CVE-2013-0249, for details please have
a look at:
http://curl.haxx.se/docs/adv_20130206.html
Thanks to @roconnor for pointing this out.
I'm pushing this to stdenv-updates because I'm not quite sure if it will break
other things because 7.29.0 is now non-blocking by default. Plus the security
vulnerability only affects IMAP, POP3 and SMTP protocol support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is for consistency with terminology in stdenv (and the terms
"hostDrv" and "buildDrv" are not very intuitive, even if they're
consistent with GNU terminology).
Solves a hideous bug which affects lots of things including nix-env.
The question now is, how to rebuild everything that depends directly or indirectly on curl?
More about the underlying bug and its resolution here:
http://comments.gmane.org/gmane.comp.web.curl.library/33285
Bug looks like this:
curl google.com
curl: (7) Failed to connect to 74.125.224.35: Invalid argument
Allowing 'curl' build without some dependencies, if it is told not to build
with them.
Updating the make-bootstrap-tools for the latest gcc/glibc, removing the
dependency on klibc, and updating unpack-boostrap-tools for the latest
boostrap-tools to work.
svn path=/nixpkgs/branches/stdenv-updates/; revision=23305
This comes from:
svn diff ^/nixpkgs/trunk/@18255 ^/nixpkgs/branches/stdenv-updates/ > diff
patch -p0 < diff
and then adding into svn all files new from the patch.
trunk@18255 comes from the last time I updated stdenv-updates from trunk.
svn path=/nixpkgs/stdenv-updates2/; revision=18272
* Some fetchurl-related refactoring. The `realCurl' attribute is
gone, `curl' is the real thing. To prevent an infinite recursion in
`fetchurl' (because it depends on curl and building curl needs
fetchurl), curl and its dependencies (openssl, zlib, perl) use
`fetchurlBoot', which is the fetchurl used by the previous bootstrap
phase (e.g. the statically linked version of curl for
stdenv-linux). So as a result you can use https:// urls almost
everywhere.
There's also some hackery to prevent a different curl from being
built in every stdenv-linux bootstrap phase (namely the
stdenv.fetchurl attribute which allows fetchurl to be overriden
everywhere).
svn path=/nixpkgs/trunk/; revision=11905
* Added a patch to fix --retry in case of connection timeouts when
--connect-timeout is used. (--retry is still broken when
--connect-timeout isn't used.)
svn path=/nixpkgs/trunk/; revision=9956