this post was submitted on 18 Aug 2024
14 points (100.0% liked)
Nix / NixOS
1762 readers
30 users here now
Main links
Videos
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Sure. I import the certificates like this:
where
home.pem
is a default PEM formatted certificate. It works fine to import the cert system wide this way.If I enter the flake.nix and run a simple
curl
against the remote server I get the following, which is typical for a TLS certificate error.So it seems to me that the development shell does not pick up the certificates installed on the system. I can work around that by using an impure shell, but I think that this is not how nix should be used.
So the certs end up in these files:
Only the first one is mentioned on stackoverflow as being used by Go on debian.
Curl seems to have its default location compiled in by passing
--with-ca-bundle
~~, but after installingcurlFull
and runningcurl-config --ca
, it doesn't look like that was used and the "default" path is guessed.~~Looking further in the
curl
derivation there are these lines for darwin :So, check the value of
NIX_SSL_CERT_FILE
outsidenix shell
and within. The path might have to be set there. I dunno how to do that automatically withnix shell
, so it might have to be done manually.Anti Commercial-AI license
Thanks, I'll try that!