refactor(tvix): point SSL_CERT_FILE to /dev/null

reqwest wants to be able to read a file of trust roots when constructed, but as it doesn't actually do any HTTPS connections inside the nix build, an empty list of trust roots is totally sufficient. Thankfully /dev/null provides such a file. Change-Id: I9bd1619b2c9f8ff2a6640d2ac410d4de5b20c2ea Reviewed-on: https://cl.tvl.fyi/c/depot/+/11961 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi>
2024-07-07 17:16:36 +03:00 · 2024-07-07 17:16:36 +03:00 · d17c3d96b6
commit d17c3d96b6
parent 89d204d295
5 changed files with 12 additions and 12 deletions
--- a/tvix/cli/default.nix
+++ b/tvix/cli/default.nix
@ -3,7 +3,7 @@
 (depot.tvix.crates.workspaceMembers.tvix-cli.build.override {
  runTests = true;
  testPreRun = ''
-    export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
+    export SSL_CERT_FILE=/dev/null
  '';
 }).overrideAttrs (finalAttrs: previousAttrs:

@ -30,7 +30,7 @@ let
  mkExprBenchmark = { expr, description }:
    let name = "tvix-cli-benchmark-${description}"; in
    (pkgs.runCommand name { } ''
-      export SSL_CERT_FILE=${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt
+      export SSL_CERT_FILE=/dev/null
      ${lib.escapeShellArgs [
        "${pkgs.time}/bin/time"
        "--format" "${benchmark-gnutime-format-string description}"
@ -54,7 +54,7 @@ let
      name = "tvix-eval-test-${builtins.replaceStrings [".drv"] ["-drv"] attrpath}";
    in
    (pkgs.runCommand name { } ''
-      export SSL_CERT_FILE=${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt
+      export SSL_CERT_FILE=/dev/null
      TVIX_OUTPUT=$(${tvix-cli}/bin/tvix -E '(import ${pkgs.path} {}).${attrpath}')
      EXPECTED='${/* the verbatim expected Tvix output: */ "=> \"${builtins.unsafeDiscardStringContext expectedPath}\" :: string"}'