Add option to disable binary cache certificate checking
This commit is contained in:
parent
5510d21193
commit
d44d923be9
2 changed files with 16 additions and 1 deletions
|
@ -402,6 +402,15 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>verify-https-binary-caches</literal></term>
|
||||
|
||||
<listitem><para>Whether HTTPS binary caches are required to have a
|
||||
certificate that can be verified. Defaults to
|
||||
<literal>true</literal>.</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>force-manifest</literal></term>
|
||||
|
||||
<listitem><para>If this option is set to <literal>false</literal>
|
||||
|
|
|
@ -47,7 +47,12 @@ $caBundle = "/etc/ssl/certs/ca-certificates.crt" if !$caBundle && -f "/etc/ssl/c
|
|||
|
||||
my $userName = getpwuid($<) || $ENV{"USER"} or die "cannot figure out user name";
|
||||
|
||||
my $requireSignedBinaryCaches = ($Nix::Config::config{"signed-binary-caches"} // "0") ne "0";
|
||||
sub isTrue {
|
||||
my ($x) = @_;
|
||||
return $x eq "true" || $x eq "1";
|
||||
}
|
||||
|
||||
my $requireSignedBinaryCaches = isTrue($Nix::Config::config{"signed-binary-caches"} // "0");
|
||||
|
||||
my $curlConnectTimeout = int(
|
||||
$Nix::Config::config{"untrusted-connect-timeout"} //
|
||||
|
@ -69,6 +74,7 @@ sub addRequest {
|
|||
$curl->setopt(CURLOPT_WRITEDATA, $fh);
|
||||
$curl->setopt(CURLOPT_FOLLOWLOCATION, 1);
|
||||
$curl->setopt(CURLOPT_CAINFO, $caBundle) if defined $caBundle;
|
||||
$curl->setopt(CURLOPT_SSL_VERIFYPEER, 0) unless isTrue($Nix::Config::config{"verify-https-binary-caches"} // "1");
|
||||
$curl->setopt(CURLOPT_USERAGENT, "Nix/$Nix::Config::version");
|
||||
$curl->setopt(CURLOPT_NOBODY, 1) if $head;
|
||||
$curl->setopt(CURLOPT_FAILONERROR, 1);
|
||||
|
|
Loading…
Reference in a new issue