commit 867d2c5c464fd87268f71942beded17d7e1e5b9c · pyrox.dev/nixpkgs

+1 -1

nixos/modules/programs/venus.nix

···

       166
       166
        
               script = "exec venus-planet ${configFile}";

     

       167
       167
        
               serviceConfig.User = "${cfg.user}";

     

       168
       168
        
               serviceConfig.Group = "${cfg.group}";

     

       169
       169
       -
               environment.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";

     

       169
       169
       +
               environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";

     

       170
       170
        
               startAt = cfg.dates;

     

       171
       171
        
             };

     

       172
       172

-2

nixos/modules/security/ca.nix

···

       67
       67
        
           environment.sessionVariables =

     

       68
       68
        
             { SSL_CERT_FILE          = "/etc/ssl/certs/ca-certificates.crt";

     

       69
       69
        
               # FIXME: unneeded - remove eventually.

     

       70
       70
       -
               OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";

     

       71
       71
       -
               # FIXME: unneeded - remove eventually.

     

       72
       70
        
               GIT_SSL_CAINFO         = "/etc/ssl/certs/ca-certificates.crt";

     

       73
       71
        
             };

     

       74
       72

-1

pkgs/applications/networking/cluster/panamax/api/default.nix

···

       62
       62
        
             --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \

     

       63
       63
        
             --prefix "HOME" : "$out/share/panamax-api" \

     

       64
       64
        
             --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \

     

       65
       65
       -
             --prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \

     

       66
       65
        
             --prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \

     

       67
       66
        
             --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"

     

       68
       67
        
         '';

+1 -1

pkgs/applications/networking/instant-messengers/tkabber/default.nix

···

       43
       43
        
         postPatch = ''

     

       44
       44
        
           substituteInPlace login.tcl --replace \

     

       45
       45
        
             "custom::defvar loginconf(sslcacertstore) \"\"" \

     

       46
       46
       -
             "custom::defvar loginconf(sslcacertstore) \$env(OPENSSL_X509_CERT_FILE)"

     

       46
       46
       +
             "custom::defvar loginconf(sslcacertstore) \$env(SSL_CERT_FILE)"

     

       47
       47
        
         '' + optionalString (theme != null) ''

     

       48
       48
        
           themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb"

     

       49
       49
        
           sed -i '/^if.*load_default_xrdb/,/^}$/ {

+1 -1

pkgs/applications/version-management/git-and-tools/git/cert-path.patch

···

       5
       5
        
        		return;

     

       6
       6
        
        	}

     

       7
       7
        
        

     

       8
       8
       -
       +	$smtp_ssl_cert_path //= $ENV{'OPENSSL_X509_CERT_FILE'};

     

       8
       8
       +
       +	$smtp_ssl_cert_path //= $ENV{'SSL_CERT_FILE'};

     

       9
       9
        
       +

     

       10
       10
        
        	if (!defined $smtp_ssl_cert_path) {

     

       11
       11
        
        		# use the OpenSSL defaults

+1 -24

pkgs/development/libraries/openssl/1.0.2.x.nix

···

       10
       10
        
       

     

       11
       11
        
         patchesCross = isCross: let

     

       12
       12
        
           isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");

     

       13
       13
       -
         in

     

       14
       14
       -
           [ # Allow the location of the X509 certificate file (the CA

     

       15
       15
       -
             # bundle) to be set through the environment variable

     

       16
       16
       -
             # ‘OPENSSL_X509_CERT_FILE’.  This is necessary because the

     

       17
       17
       -
             # default location ($out/ssl/cert.pem) doesn't exist, and

     

       18
       18
       -
             # hardcoding something like /etc/ssl/cert.pem is impure and

     

       19
       19
       -
             # cannot be overriden per-process.  For security, the

     

       20
       20
       -
             # environment variable is ignored for setuid binaries.

     

       21
       21
       -
             # FIXME: drop this patch; it really isn't necessary, because

     

       22
       22
       -
             # OpenSSL already supports a ‘SSL_CERT_FILE’ variable.

     

       23
       23
       -
             ./cert-file.patch

     

       24
       24
       -
           ]

     

       25
       25
       -
       

     

       26
       26
       -
           ++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")

     

       27
       27
       -
                [ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually

     

       28
       28
       -
                  ./gnu.patch                # submitted upstream

     

       29
       29
       -
                ]

     

       30
       30
       -
       

     

       31
       31
       -
           ++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")

     

       32
       32
       -
               [ ./gnu.patch

     

       33
       33
       -
                 ./kfreebsd-gnu.patch

     

       34
       34
       -
               ]

     

       35
       35
       -
       

     

       36
       36
       -
           ++ stdenv.lib.optional isDarwin ./darwin-arch.patch;

     

       13
       13
       +
         in stdenv.lib.optional isDarwin ./darwin-arch.patch;

     

       37
       14
        
       

     

       38
       15
        
         extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch;

     

       39
       16
        
       in

+3 -3

pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch

···

       1
       1
       -
       Use $OPENSSL_X509_CERT_FILE to get the CA certificates.

     

       1
       1
       +
       Use $SSL_CERT_FILE to get the CA certificates.

     

       2
       2
        
       

     

       3
       3
        
       diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm

     

       4
       4
        
       --- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm	2011-03-27 13:54:01.000000000 +0200

     
···

       7
       7
        
            }

     

       8
       8
        
            if ($ssl_opts{SSL_verify_mode}) {

     

       9
       9
        
        	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {

     

       10
       10
       -
       +            if (defined $ENV{'OPENSSL_X509_CERT_FILE'}) {

     

       11
       11
       -
       +                $ssl_opts{SSL_ca_file} = $ENV{'OPENSSL_X509_CERT_FILE'};

     

       10
       10
       +
       +            if (defined $ENV{'SSL_CERT_FILE'}) {

     

       11
       11
       +
       +                $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'};

     

       12
       12
        
       +            }

     

       13
       13
        
       +        }

     

       14
       14
        
       +	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {