diff options
author | Michael Weiss <dev.primeos@gmail.com> | 2017-09-16 21:53:16 +0200 |
---|---|---|
committer | Michael Weiss <dev.primeos@gmail.com> | 2017-09-16 22:13:56 +0200 |
commit | 337380ea1de122c74d4dfaf7709a34f2448896f5 (patch) | |
tree | 04c9a379f7b169dd0bb2905e6066e5474fd19cce /pkgs/applications/version-management/git-repo | |
parent | 8ceb2098302c4af3990ae6d2e5affc2d77455f03 (diff) | |
download | nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.tar nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.tar.gz nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.tar.bz2 nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.tar.lz nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.tar.xz nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.tar.zst nixlib-337380ea1de122c74d4dfaf7709a34f2448896f5.zip |
gitRepo: Fix an error due to missing TLS certificates
This was a problem when run inside a sandbox, e.g. via "fetchRepoProject". The error message from repo seems unrelated: fatal: Cannot get https://gerrit.googlesource.com/git-repo/clone.bundle fatal: error no host given But the exception is actually thrown due to missing certificates (/etc/ssl/certs). It should be possible to provide another location via environment variables (e.g. SSL_CERT_FILE, REQUESTS_CA_BUNDLE or CURL_CA_BUNDLE) but apparently that doesn't actually work for some reason (would have to study our Python packaging). Now "fetchRepoProject" works without the "--no-clone-bundle" option.
Diffstat (limited to 'pkgs/applications/version-management/git-repo')
-rw-r--r-- | pkgs/applications/version-management/git-repo/default.nix | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/pkgs/applications/version-management/git-repo/default.nix b/pkgs/applications/version-management/git-repo/default.nix index 808e7b1850d1..e0aed206b750 100644 --- a/pkgs/applications/version-management/git-repo/default.nix +++ b/pkgs/applications/version-management/git-repo/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchFromGitHub, makeWrapper -, python, git, gnupg1compat, less }: +, python, git, gnupg, less, cacert +}: stdenv.mkDerivation rec { name = "git-repo-${version}"; @@ -13,16 +14,23 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ python git gnupg1compat less ]; + buildInputs = [ python ]; + + # TODO: Cleanup + patchPhase = '' + CA_PATH="$(echo '${cacert}/etc/ssl/certs/ca-bundle.crt' | sed 's/\//\\\//g')" # / -> \/ + sed -i -E 's/urlopen\(url\)/urlopen(url, cafile="'$CA_PATH'")/' repo + ''; installPhase = '' mkdir -p $out/bin - cp $src/repo $out/bin/repo + cp repo $out/bin/repo ''; + # Important runtime dependencies postFixup = '' wrapProgram $out/bin/repo --prefix PATH ":" \ - "${stdenv.lib.makeBinPath [ git gnupg1compat less ]}" + "${stdenv.lib.makeBinPath [ git gnupg less ]}" ''; meta = with stdenv.lib; { |