aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorick van Pelt <yorick@yorickvanpelt.nl>2023-05-11 13:09:02 +0200
committerYorick van Pelt <yorick@yorickvanpelt.nl>2023-05-26 15:36:45 +0200
commitb7cde90c6b479562eb9f1d9df399d04cf9c42aad (patch)
tree9a0e928dad526cc6f31c169145f5063d2a016983
parentbe4890747051de0e489d608fdba65489c45d2b02 (diff)
Call getDefaultSSLCertFile() only when none is specified
This does pathExists on various paths, which crashes on EPERM in the macOS sandbox.
-rw-r--r--src/libstore/globals.cc2
-rw-r--r--src/libstore/globals.hh2
2 files changed, 3 insertions, 1 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 4c66d08ee..a196c10e6 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -57,6 +57,8 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "")
caFile = sslOverride;
+ else if (caFile == "")
+ caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 31dfe5b4e..34b4f24a7 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -842,7 +842,7 @@ public:
)"};
Setting<Path> caFile{
- this, getDefaultSSLCertFile(), "ssl-cert-file",
+ this, "", "ssl-cert-file",
R"(
The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use