Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Git and SSL do not work in nix-shell #64212

Closed
josephsdavid opened this issue Jul 3, 2019 · 5 comments
Closed

Git and SSL do not work in nix-shell #64212

josephsdavid opened this issue Jul 3, 2019 · 5 comments

Comments

@josephsdavid
Copy link

Issue description

git and all ssl related operations in nix-shell

Steps to reproduce

git clone https://github.com/josephsdavid/forecastR.git

Technical details

``` - system: "x86_64-linux"

  • host os: Linux 5.1.15, NixOS, 19.09pre184452.5a7ab1963a9 (Loris)
  • multi-user?: yes
  • sandbox: yes
  • version: nix-env (Nix) 2.2.2
  • channels(dj): "home-manager, nixpkgs-19.09pre174594.0c0954781e2"
  • channels(root): "nixos-19.09pre184452.5a7ab1963a9, nixpkgs-19.09pre178895.9ebc6ad944c"
  • channels(david): "home-manager, nixpkgs-19.09pre184398.d98a165de78"
  • nixpkgs: /home/david/.nix-defexpr/channels/nixpkgs
@josephsdavid
Copy link
Author

Tried all fixes mentioned in #16031 and related issues no luck

@jonringer
Copy link
Contributor

I'm only able to reproduce this if i add --pure to the command

$ nix-shell -p git --pure

[nix-shell:~/projects/nixpkgs]$ git fetch
fatal: unable to access 'https://github.com/NixOS/nixpkgs.git/': SSL certificate problem: unable to get local issuer certificate
$ nix-shell -p git

[nix-shell:~/projects/nixpkgs]$ git fetch

[nix-shell:~/projects/nixpkgs]$

@josephsdavid
Copy link
Author

Ah this makes some sense, the issue is I am using lorri for my project, which I am guessing was updated to do pure nix shells today or something.

@josephsdavid
Copy link
Author

ah yep: target/lorri#98

@matta
Copy link

matta commented Sep 12, 2022

Since I landed here first via a websearch of "nixpkgs git ssl github" I thought I'd say that as of today including both pkgs.git and pkgs.cacert in my shell.nix was enough to teach cmake and git to successfully fetch repos from github, even when using nix-shell --pure. I am using nixpkgs on a Debian Testing host.

I.e. when I have this as my shell.nix:

{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell {
  nativeBuildInputs = [
    pkgs.cmake
    pkgs.ninja
    pkgs.clang_14
    pkgs.gcc12

    pkgs.cacert  # git needs this to interact with github
    pkgs.git
  ];
}

Then a pure shell shows this:

[nix-shell:~/notrelevant]$ env | grep crt
SYSTEM_CERTIFICATE_PATH=/nix/store/ahz1n1ykc5gjizmb3yrbbk15pv3fjrky-nss-cacert-3.80/etc/ssl/certs/ca-bundle.crt
NIX_SSL_CERT_FILE=/nix/store/ahz1n1ykc5gjizmb3yrbbk15pv3fjrky-nss-cacert-3.80/etc/ssl/certs/ca-bundle.crt
SSL_CERT_FILE=/nix/store/ahz1n1ykc5gjizmb3yrbbk15pv3fjrky-nss-cacert-3.80/etc/ssl/certs/ca-bundle.crt

Related issues: NixOS/nix#795, #3382 (especially #3382 (comment)).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants