refactor(tvix): point SSL_CERT_FILE to /dev/null

reqwest wants to be able to read a file of trust roots when constructed,
but as it doesn't actually do any HTTPS connections inside the nix
build, an empty list of trust roots is totally sufficient.

Thankfully /dev/null provides such a file.

Change-Id: I9bd1619b2c9f8ff2a6640d2ac410d4de5b20c2ea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11961
Autosubmit: flokli <flokli@flokli.de>
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
This commit is contained in:
Florian Klink 2024-07-07 17:16:36 +03:00 committed by clbot
parent 89d204d295
commit d17c3d96b6
5 changed files with 12 additions and 12 deletions

View file

@ -53,7 +53,7 @@ let
buildCommand = ''
touch $out
# Ensure we can construct http clients.
export SSL_CERT_FILE="${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt"
export SSL_CERT_FILE=/dev/null
${preStart}

View file

@ -3,7 +3,7 @@
(depot.tvix.crates.workspaceMembers.tvix-castore.build.override {
runTests = true;
testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
export SSL_CERT_FILE=/dev/null
'';
}).overrideAttrs (old: rec {
meta.ci.targets = [ "integration-tests" ] ++ lib.filter (x: lib.hasPrefix "with-features" x || x == "no-features") (lib.attrNames passthru);
@ -13,13 +13,13 @@
# virtiofs feature currently fails to build on Darwin
++ lib.optional pkgs.stdenv.isLinux "virtiofs");
override.testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=/dev/null
'';
}) // {
integration-tests = depot.tvix.crates.workspaceMembers.${old.crateName}.build.override (old: {
runTests = true;
testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
export SSL_CERT_FILE=/dev/null
export PATH="$PATH:${pkgs.lib.makeBinPath [ pkgs.cbtemulator pkgs.google-cloud-bigtable-tool ]}"
'';
features = old.features ++ [ "integration" ];

View file

@ -3,7 +3,7 @@
(depot.tvix.crates.workspaceMembers.tvix-cli.build.override {
runTests = true;
testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
export SSL_CERT_FILE=/dev/null
'';
}).overrideAttrs (finalAttrs: previousAttrs:
@ -30,7 +30,7 @@ let
mkExprBenchmark = { expr, description }:
let name = "tvix-cli-benchmark-${description}"; in
(pkgs.runCommand name { } ''
export SSL_CERT_FILE=${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=/dev/null
${lib.escapeShellArgs [
"${pkgs.time}/bin/time"
"--format" "${benchmark-gnutime-format-string description}"
@ -54,7 +54,7 @@ let
name = "tvix-eval-test-${builtins.replaceStrings [".drv"] ["-drv"] attrpath}";
in
(pkgs.runCommand name { } ''
export SSL_CERT_FILE=${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=/dev/null
TVIX_OUTPUT=$(${tvix-cli}/bin/tvix -E '(import ${pkgs.path} {}).${attrpath}')
EXPECTED='${/* the verbatim expected Tvix output: */ "=> \"${builtins.unsafeDiscardStringContext expectedPath}\" :: string"}'

View file

@ -3,7 +3,7 @@
(depot.tvix.crates.workspaceMembers.tvix-glue.build.override {
runTests = true;
testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
export SSL_CERT_FILE=/dev/null
'';
}).overrideAttrs (old: rec {
meta.ci.targets = lib.filter (x: lib.hasPrefix "with-features" x || x == "no-features") (lib.attrNames passthru);
@ -11,7 +11,7 @@
inherit (old) crateName;
features = [ "nix_tests" ];
override.testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
export SSL_CERT_FILE=/dev/null
'';
};
})

View file

@ -25,7 +25,7 @@ in
(depot.tvix.crates.workspaceMembers.tvix-store.build.override (old: {
runTests = true;
testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=/dev/null
'';
features = old.features
# virtiofs feature currently fails to build on Darwin
@ -41,13 +41,13 @@ in
# virtiofs feature currently fails to build on Darwin
++ lib.optional pkgs.stdenv.isLinux "virtiofs");
override.testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=/dev/null
'';
}) // {
integration-tests = depot.tvix.crates.workspaceMembers.${old.crateName}.build.override (old: {
runTests = true;
testPreRun = ''
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
export SSL_CERT_FILE=/dev/null
export PATH="$PATH:${pkgs.lib.makeBinPath [ pkgs.cbtemulator pkgs.google-cloud-bigtable-tool ]}"
'';
features = old.features ++ [ "integration" ];