[Nix-dev] How to add (self-signed) SSL certificate to NixOS?
Eelco Dolstra
eelco.dolstra at logicblox.com
Mon Feb 2 17:43:58 CET 2015
On 02/02/15 16:13, Bjørn Forsman wrote:
> Then I tried to append the certificate contents to the ca-bundle.crt:
>
> environment.etc."ssl/certs/ca-bundle.crt".text = ''
> ${builtins.readFile (pkgs.cacert + "/etc/ca-bundle.crt")}
Note that this causes cacert to be built at evaluation time.
> ${builtins.readFile ./my-certificate.crt}
> '';
>
> That failed too:
>
> building path(s) '/nix/store/.....-etc-file'
> while setting up the build environment: executing
> '/nix/store/....-bash-4.3-p30/bin/bash': Argument list too long
> [exit error]
This is because the "text" attribute is passed to pkgs.writeText via the
environment. But because there is a limit on the size of the environment, you
get an "Argument list too long" error.
A better way (not tested):
environment.etc."ssl/certs/ca-bundle.crt".source =
pkgs.runCommand "my-ca-bundle.crt" { }
''
cat ${pkgs.cacert}/etc/ca-bundle.crt ${./my-certificate.crt} > $out
'';
An even better solution is for NixOS to switch from $SSL_CERT_FILE to
$SSL_CERT_DIR so you can just add extra certificate files.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list