search

Mic92 / nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs
MIT License
356 stars 59 forks source link

Issue with SSL substituter and NIX_SSL_CERT_FILE #305

Closed gador closed 1 year ago

gador commented 1 year ago

I noticed SSL errors when using nixpkgs-review when it tries to download build artifacts from my binary cache. The cache is behind a nginx reverse proxy and I get SSL peer certificate or SSH remote key was not OK errors.

I thought it had to do with nix itself and posted the problem on discourse

Through chance I found the commit 62b04e4bdc321633ca9e1a235132c99bf51947e3 which sets the cacert file explicitly for nixpkgs-review and breaks my certificate chain. If I remove that line, I can connect just fine.

Is there any way to disable the setting of NIX_SSL_CERT_FILE or to override it? I would like to connect through SSL/TLS to my binary cache and use it with nixpkgs-review

gador commented 1 year ago

awesome, thanks! Just tested it and works :+1: