Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

Wed, 04 Feb 2015 12:57:29 -0800 

On Wed, Feb 4, 2015 at 10:26 AM, Bjørn Forsman <bjorn.fors...@gmail.com> wrote:
> On 2 February 2015 at 21:06, Bjørn Forsman <bjorn.fors...@gmail.com> wrote:
>> On 2 February 2015 at 17:43, Eelco Dolstra <eelco.dols...@logicblox.com> 
>> wrote:
>>> A better way (not tested):
>>>
>>>   environment.etc."ssl/certs/ca-bundle.crt".source =
>>>     pkgs.runCommand "my-ca-bundle.crt" { }
>>>       ''
>>>         cat ${pkgs.cacert}/etc/ca-bundle.crt ${./my-certificate.crt} > $out
>>>       '';
>>
>> That works! Thank you.
>
> Apparently, that was only half the problem. I also need to _override_
> this entry, because the ca.nix module already provides
> environment.etc."ssl/certs/ca-bundle.crt". My attempts so far have
> failed:
>
> (1) Plain setting. Causes "mismatched duplicate entry
> /nix/store/HASH1-my-ca-bundle.crt <->
> /nix/store/HASH2-cacert-2014-0715/etc/ca-bundle.crt":
>
>   environment.etc."ssl/certs/ca-bundle.crt".source = ...
>
> (2) "Inner mkForce". Also causes "mismatched duplicate entry ...":
>
>   environment.etc."ssl/certs/ca-bundle.crt" = lib.mkForce { source = ...; };

The following should work:

  environment.etc."ssl/certs/ca-bundle.crt".source = lib.mkForce ...;

?

> (3) "Full mkForce". This blows away all other environment.etc.* attrs,
> making the system unable to boot:
>
>   environment.etc = lib.mkForce {
>     "ssl/certs/ca-bundle.crt" = ...
>   };
>
> (4) Merge/override config attribute. Causes infinite recursion:
>
>   environment.etc = config.environment.etc // {
>     "ssl/certs/ca-bundle.crt".source = ...;
>   };



-- 
Nicolas Pierron
http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Reply via email to