From b7cde90c6b479562eb9f1d9df399d04cf9c42aad Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Thu, 11 May 2023 13:09:02 +0200 Subject: Call getDefaultSSLCertFile() only when none is specified This does pathExists on various paths, which crashes on EPERM in the macOS sandbox. --- src/libstore/globals.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/libstore/globals.cc') diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 4c66d08ee..a196c10e6 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -57,6 +57,8 @@ Settings::Settings() auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or("")); if (sslOverride != "") caFile = sslOverride; + else if (caFile == "") + caFile = getDefaultSSLCertFile(); /* Backwards compatibility. */ auto s = getEnv("NIX_REMOTE_SYSTEMS"); -- cgit v1.2.3