Fix the nix-daemon Mac OS SSL CA cert #4023
Conversation
Mac OS multi-user installations are currently broken because all requests made by nix-daemon to the binary cache fail with: ``` unable to download ... Problem with the SSL CA cert (path? access rights?) (77). ``` This change ensures that the nix-daemon knows where to find the SSL CA cert file. Fixes #2899 and #3261.
| @@ -4,6 +4,8 @@ | |||
| <dict> | |||
| <key>EnvironmentVariables</key> | |||
| <dict> | |||
| <key>NIX_SSL_CERT_FILE</key> | |||
| <string>/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt</string> | |||
There was a problem hiding this comment.
Interesting. Something very weird must be going on then. Perhaps it was restarting the daemon rather than this setting that fixed it for me. I removed the environment variable and the daemon is still working ok.
Is it possible that the daemon is unable to access the certificate the first time it is started for some reason? Since it's clear from the other reports that I'm not the only one who had this problem with a fresh installation of Nix.
There was a problem hiding this comment.
That's a good point. caFile is set only once, when the daemon starts, so if the CA bundle is installed afterwards, the daemon needs to be restarted.
|
Thanks. I've merged this since it seems the easiest way to make the daemon behave predictably. |
|
@edolstra Can we get a new release with this? |
|
@shlevy Sure, I've cherry-picked it to the 2.3 branch. Will do a release later today. |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/user-study-learning-journey-1/21398/1 |
Mac OS multi-user installations are currently broken because all requests
made by nix-daemon to the binary cache fail with:
This change ensures that the nix-daemon knows where to find the SSL CA cert file.
Fixes #2899 and #3261.