search

DeterminateSystems / nix-installer

Install Nix and flakes with the fast and reliable Determinate Nix Installer, with over 2 million installs.
GNU Lesser General Public License v2.1
1.79k stars 47 forks source link

Redundant installation of `nss-cacert` with `--ssl-cert-file` #880

Open sbp opened 3 months ago

sbp commented 3 months ago

After installation using nix-installer v0.17.0 on Linux x64, with a custom ssl-cert-file value set, nss-cacert is still added to the Nix profile.

# nix profile history
Version 1 (2024-03-06):
  nix: ∅ -> 2.20.3

Version 2 (2024-03-06) <- 1:
  nss-cacert: ∅ -> 3.95

When we're using our own certificates file through user configuration there is presumably no reason to add nss-cacert. Perhaps the installer could be modified to detect this case and not install nss-cacert.

For the benefit of anyone reading this issue who wants to remove nss-cacert immediately after installation, you can run the following:

nix profile rollback --to 1 && nix store gc

Which will work as long as no other Nix profile versions are created by newer versions of nix-installer.

sbp commented 3 months ago

The workaround above omits a necessary step. The correct command is:

nix profile rollback --to 1 && nix profile wipe-history && nix store gc