Include cacert in the binary tarball

This prevents having to fetch Nixpkgs or cacert over http.
This commit is contained in:
Eelco Dolstra 2014-12-10 16:05:08 +01:00
parent e529823635
commit 20cf0127f5
2 changed files with 10 additions and 6 deletions

View file

@ -122,15 +122,16 @@ let
in
runCommand "nix-binary-tarball-${version}"
{ exportReferencesGraph = [ "closure" toplevel ];
{ exportReferencesGraph = [ "closure1" toplevel "closure2" cacert ];
buildInputs = [ perl ];
meta.description = "Distribution-independent Nix bootstrap binaries for ${system}";
}
''
storePaths=$(perl ${pathsFromGraph} ./closure)
printRegistration=1 perl ${pathsFromGraph} ./closure > $TMPDIR/reginfo
storePaths=$(perl ${pathsFromGraph} ./closure1 ./closure2)
printRegistration=1 perl ${pathsFromGraph} ./closure1 ./closure2 > $TMPDIR/reginfo
substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
--subst-var-by nix ${toplevel}
--subst-var-by nix ${toplevel} \
--subst-var-by cacert ${cacert}
chmod +x $TMPDIR/install
dir=nix-${version}-${system}
fn=$out/$dir.tar.bz2

View file

@ -5,6 +5,7 @@ set -e
dest="/nix"
self="$(dirname "$0")"
nix="@nix@"
cacert="@cacert@"
if ! [ -e $self/.reginfo ]; then
echo "$0: incomplete installer (.reginfo is missing)" >&2
@ -66,7 +67,7 @@ fi
. $nix/etc/profile.d/nix.sh
if ! $nix/bin/nix-env -i $nix; then
if ! $nix/bin/nix-env -i "$nix"; then
echo "$0: unable to install Nix into your default profile" >&2
exit 1
fi
@ -80,7 +81,9 @@ if [ -z "$_NIX_INSTALLER_TEST" ]; then
fi
# Install an SSL certificate bundle.
$nix/bin/nix-env -iA nixpkgs.cacert || true
if [ -z "$SSL_CERT_FILE" ]; then
$nix/bin/nix-env -i "$cacert"
fi
# Make the shell source nix.sh during login.
p=$NIX_LINK/etc/profile.d/nix.sh