New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stdenv, cacert: $NIX_SSL_CERT_FILE changes #61179
Conversation
Some SSL libs don't react to $SSL_CERT_FILE. That actually makes sense to me, as we add this behavior as nixpkgs-specific, so it seems "safer" to use $NIX_*.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It totally makes sense, and should have been done before :-)
That's very much consistent with the spirit of nix-shell --pure BTW, nix 1.x shells will be always treated as pure; in that version detection isn't possible. NixOS/nix@1bffd83e1a9c
In nix 2.0 this changed: NixOS/nix@1bffd83 I only kept the original intention and did no kind of verification.
/cc pypi2nix maintainer @garbas. It couldn't work for years in the intended way, so I don't know. |
My reasoning back when I added it was to go trough the upstream codepath instead of our patches by default. But that doesn't really make sense since we want NIX_SSL_CERT_FILE to work for everything. |
Motivation for this change
Some SSL libs don't react to
$SSL_CERT_FILE
. That actually makes sense to me, as we add this behavior as nixpkgs-specific, so it seems "safer" to use$NIX_*
.Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)