mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-11 18:23:18 +01:00
1a4575f9db
Previously some modules used `config.environment.etc."ssl/certs/ca-certificates.crt".source`, some used `"/etc/ssl/certs/ca-certificates.crt"`, and some used `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`. These were all bad in one way or another:
- `config.environment.etc."ssl/certs/ca-certificates.crt".source` relies on `source` being set; if `text` is set instead this breaks, introducing a weird undocumented requirement
- `"/etc/ssl/certs/ca-certificates.crt"` is probably okay but very un-nix. It's a magic string, and the path doesn't change when the file changes (and so you can't trigger service reloads, for example, when the contents change in a new system activation)
- `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"` silently doesn't include the options from `security.pki`
Co-authored-by: Shelvacu <git@shelvacu.com>
|
||
|---|---|---|
| .. | ||
| release-notes.md | ||
| rl-1310.section.md | ||
| rl-1404.section.md | ||
| rl-1412.section.md | ||
| rl-1509.section.md | ||
| rl-1603.section.md | ||
| rl-1609.section.md | ||
| rl-1703.section.md | ||
| rl-1709.section.md | ||
| rl-1803.section.md | ||
| rl-1809.section.md | ||
| rl-1903.section.md | ||
| rl-1909.section.md | ||
| rl-2003.section.md | ||
| rl-2009.section.md | ||
| rl-2105.section.md | ||
| rl-2111.section.md | ||
| rl-2205.section.md | ||
| rl-2211.section.md | ||
| rl-2305.section.md | ||
| rl-2311.section.md | ||
| rl-2405.section.md | ||
| rl-2411.section.md | ||
| rl-2505.section.md | ||