diff options
author | aszlig <aszlig@nix.build> | 2018-06-30 18:31:38 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-06-30 18:35:10 +0200 |
commit | 0c7c1660f78e4f6befe0a210e1a9efae783a1733 (patch) | |
tree | 37c7ad9c529dbe919ec7974f72fc143c79050044 /nixos/tests | |
parent | bdb0b2db44f29937e285c975e0d47cbbd25708b8 (diff) | |
download | nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.gz nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.bz2 nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.lz nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.xz nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.tar.zst nixlib-0c7c1660f78e4f6befe0a210e1a9efae783a1733.zip |
nixos/tests/letsencrypt: Don't substitute certs
If one of the certificates of the chain gets substituted from a binary cache and the rest is generated locally it might turn out that we get invalid certificates, which in turn cause tests using this module to fail. So let's set allowSubstitutes to false for all derivations that are involved with certificate/key generation. Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/common/letsencrypt.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/tests/common/letsencrypt.nix b/nixos/tests/common/letsencrypt.nix index 7c6b3b29e36d..2c86fe8d68bc 100644 --- a/nixos/tests/common/letsencrypt.nix +++ b/nixos/tests/common/letsencrypt.nix @@ -193,6 +193,7 @@ let snakeOilCa = pkgs.runCommand "snakeoil-ca" { buildInputs = [ pkgs.openssl ]; + allowSubstitutes = false; } '' mkdir "$out" openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 \ @@ -215,6 +216,7 @@ let ''; in pkgs.runCommand "snakeoil-certs-${fqdn}" { buildInputs = [ pkgs.openssl ]; + allowSubstitutes = false; } '' mkdir "$out" openssl genrsa -out "$out/snakeoil.key" 4096 |