diff options
author | aszlig <aszlig@redmoonstudios.org> | 2014-12-12 02:56:11 +0100 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2014-12-12 03:03:14 +0100 |
commit | cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5 (patch) | |
tree | a161f294237798bfadf345f3c5c25f5326e37f82 /nixos/modules/installer | |
parent | f2e20fa83729981c679b4dfb1689db8ca3f70ec7 (diff) | |
download | nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.tar nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.tar.gz nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.tar.bz2 nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.tar.lz nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.tar.xz nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.tar.zst nixlib-cf7f15c92ca07d2d6d249fd2965b9e1950fb11a5.zip |
nixos-install: Pass CA cert bundle to chroot.
Since we're using HTTPS for the binary cache (introduced in faf0797) by default, the binary cache should also be available during installation. The file that is defined in SSL_CERT_FILE outside of the chroot is copied over to /tmp/ca-cert.crt inside the chroot, so we have an absolute path we can reference during nixos-install. However, this might end up with the file not being cleaned up properly from outside of the store, but neither would be /tmp/root so the cleanup issue needs to be solved in another place (or commit to be more exact). Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules/installer')
-rw-r--r-- | nixos/modules/installer/tools/nixos-install.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index bd334c2a3cb4..a7333fbd541d 100644 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -89,6 +89,12 @@ ln -s /run $mountPoint/var/run rm -f $mountPoint/etc/{resolv.conf,hosts} cp -Lf /etc/resolv.conf /etc/hosts $mountPoint/etc/ +if [ -e "$SSL_CERT_FILE" ]; then + cp -Lf "$SSL_CERT_FILE" "$mountPoint/tmp/ca-cert.crt" + export SSL_CERT_FILE=/tmp/ca-cert.crt + # For Nix 1.7 + export CURL_CA_BUNDLE=/tmp/ca-cert.crt +fi if [ -n "$runChroot" ]; then if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then |