Closed timbertson closed 4 years ago
I think this is supposed to come from openssl, but I don't see anything about that in the Makefile
Yep, but it should be no problem since trace-nix.so
should only be injected into nix-shell
, which itself has a link to openssl.
It seems you have some bash wrapper over nix-shell
binary?
Oh yeah, I forgot I made that wrapper:
#! /nix/store/b34zjdmq5l8k6rwdykjx55yl9r9isl8k-bash-4.4-p23/bin/bash -e
export GIT_SSL_CAINFO='/nix/store/xicfas694anca5chp3hnk85bzrqyhb5b-nss-cacert-3.46.1/etc/ssl/certs/ca-bundle.crt'
export CURL_CA_BUNDLE='/nix/store/xicfas694anca5chp3hnk85bzrqyhb5b-nss-cacert-3.46.1/etc/ssl/certs/ca-bundle.crt'
export SSL_CERT_FILE='/nix/store/xicfas694anca5chp3hnk85bzrqyhb5b-nss-cacert-3.46.1/etc/ssl/certs/ca-bundle.crt'
exec "/nix/store/0hf13bhb67a64pyw4v2x8cv5vn1jgngd-nix-2.3.1/bin/nix-shell" "$@"
I've since integrated those vars into my shell anyway, so I did away with this wrapper and it is running now for a simple shell. Thanks!
Hmm, I spoke too soon. Without the bove wrapper nix-shell
works fine, but cached-nix-shell
doesn't seem to be set up right:
warning: unable to download 'https://cache.nixos.org/xfzgpa1shsa2hrqq8g9jw38p6w8f3n93.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 283 ms
warning: unable to download 'https://cache.nixos.org/pqlq1bncrnq74zn8df7f7n8wxw8cki59.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 327 ms
warning: unable to download 'https://cache.nixos.org/il0pf2xzf9x6b5ajpi4jjr51vjvlng5l.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 270 ms
warning: unable to download 'https://cache.nixos.org/4y801lcrypb58651bl7w8w102pbng0w3.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 272 ms
warning: unable to download 'https://cache.nixos.org/3pi55kmyaqi8mkzgv0fnqbqmxpmy5zgw.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 254 ms
warning: unable to download 'https://cache.nixos.org/xfzgpa1shsa2hrqq8g9jw38p6w8f3n93.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 569 ms
warning: unable to download 'https://cache.nixos.org/pqlq1bncrnq74zn8df7f7n8wxw8cki59.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 530 ms
warning: unable to download 'https://cache.nixos.org/il0pf2xzf9x6b5ajpi4jjr51vjvlng5l.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 593 ms
warning: unable to download 'https://cache.nixos.org/4y801lcrypb58651bl7w8w102pbng0w3.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 561 ms
warning: unable to download 'https://cache.nixos.org/3pi55kmyaqi8mkzgv0fnqbqmxpmy5zgw.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 526 ms
Does it clear the env before invoking nix shell? Can the above SSL-related vars be whitelisted?
Does it clear the env before invoking nix shell?
Yes. The reason is to prevent the re-evaluation when env is changed (variables like PWD
, STY
, GNOME_TERMINAL_SCREEN
may change often).
Can the above SSL-related vars be whitelisted?
Whitelisted in 5c2f40a3cffee9fa5e8e7236df32cfa4997cbcbf.
Perfect, thanks!
Built from git HEAD (ade493239d20458658db6b994a9bc40724e67ebb)
I think this is supposed to come from openssl, but I don't see anything about that in the Makefile