[Nix-dev] Failure trying to build node package
Wout Mertens
wout.mertens at gmail.com
Mon Oct 6 13:36:46 CEST 2014
On Mon, Oct 6, 2014 at 12:18 PM, Nikolay Amiantov <ab at fmap.me> wrote:
> On 10/06/2014 10:26 AM, Wout Mertens wrote:
>
> To make https work, do `nix-env -i cacert` and then do `export
> GIT_SSL_CAINFO=$HOME/.nix-profile/etc/ca-bundle.crt`. git clone should now
> work.
>
> Unfortunately, this does not help -- maybe I've misunderstood something?
> Also, "git clone" worked before this. and $GIT_SSL_CAINFO pointed to valid
> path "/etc/ssl/certs/ca-bundle.crt".
>
Ok, weird. Try also setting OPENSSL_X509_CERT_FILE to that file?
> parsoid git:(master) ✗ ls $GIT_SSL_CAINFO
> /home/shlomo/.nix-profile/etc/ca-bundle.crt
> parsoid git:(master) ✗ npm --version
> 2.1.3
> parsoid git:(master) ✗ npm install
> npm ERR! git clone https://github.com/arlolra/pegjs Cloning into bare
> repository
> '/home/shlomo/.npm/_git-remotes/https-github-com-arlolra-pegjs-0488b4b2'...
> npm ERR! git clone https://github.com/arlolra/pegjs warning: templates
> not found /home/shlomo/.npm/_git_remotes/_templates
> npm ERR! git clone https://github.com/arlolra/pegjs fatal: unable to
> access 'https://github.com/arlolra/pegjs/';;;: SSL certificate problem:
> unable to get local issuer certificate
>
So this error means that it can't verify the certificate. Normally, with
GIT_SSL_CAINFO it should be able to find it :-/ Perhaps npm removes the
environment variable?
parsoid git:(master) ✗ git clone https://github.com/arlolra/pegjs/ -b
> startOffset
> Cloning into 'pegjs'...
>
I see that you can clone it yourself, can you try under `nix-shell -p git
--pure` as well?
Note that if you use npm2nix, you should use nix to get the modules, not
npm. See also the work Sander is doing at
https://github.com/svanderburg/npm2nix/tree/reengineering , you might want
to use that version instead.
> We're currently thinking about how to solve these types of problems, see
> the thread this month.
>
> I'm only starting to understand Nix and make contributions, but isn't
> "makeWrapper" a solution?
>
Yes, that's one way and the other is to set user environment variables.
Either way though we'll have to move some settings from /nixos to /pkgs.
However, how do you handle openssl? It's a library so you can't use a shell
wrapper and it needs OPENSSL_X509_CERT_FILE. Should that go into user
environment, into the wrapper for all programs that depend on openssl, or
should we create a wrapper library that loads the library with the correct
environment set (hmm interesting idea but still requires rebuilding things
that depend on it)?
Another interesting one is TZDIR, which is required for glibc to tell
timezones correctly. How do you handle that? You'd have to set it on all
programs that use glibc and in fact even on everything else on the off
chance that there's some library being loaded that uses glibc. So then it
would be better off being set in the user environment but then if you
upgrade the time zone data, the user has to log out for everything to get
the new data. So then you might be even better off pointing it to some path
on disk that has the correct data, like $HOME/.nix-profile/etc/tzdata. But
all users share the same data, so you'd be better off pointing it somewhere
global like /usr/share/zoneinfo, and hardcoding that path in glibc, which
is what all other distros do. On NixOS it's /etc/zoneinfo because there's
no /usr but that means that either on NixOS the TZDIR environment variable
needs to be set for all processes, or glibc needs a different hardcoded
path and nixpkgs installations need to set TZDIR, or glibc for NixOS is
different from glibc for nixpkgs.
Maybe I'm overthinking this :)
Wout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20141006/99eeed53/attachment.html
More information about the nix-dev
mailing list