Call getDefaultSSLCertFile() only when none is specified

This does pathExists on various paths, which crashes on EPERM in the
macOS sandbox.
This commit is contained in:
Yorick van Pelt 2023-05-11 13:09:02 +02:00
parent be48907470
commit b7cde90c6b
No known key found for this signature in database
GPG key ID: D8D3CC6D951384DE
2 changed files with 3 additions and 1 deletions

View file

@ -57,6 +57,8 @@ Settings::Settings()
auto sslOverride = getEnv("NIX_SSL_CERT_FILE").value_or(getEnv("SSL_CERT_FILE").value_or(""));
if (sslOverride != "")
caFile = sslOverride;
else if (caFile == "")
caFile = getDefaultSSLCertFile();
/* Backwards compatibility. */
auto s = getEnv("NIX_REMOTE_SYSTEMS");

View file

@ -842,7 +842,7 @@ public:
)"};
Setting<Path> caFile{
this, getDefaultSSLCertFile(), "ssl-cert-file",
this, "", "ssl-cert-file",
R"(
The path of a file containing CA certificates used to
authenticate `https://` downloads. Nix by default will use