admin管理员组文章数量:1336631
I am trying to make nix work behind zscaler. I am getting an error while executing this command
nix-shell -p nix-info --run --show-trace --verbose "nix-info"
This is the error message:
warning: error: unable to download '/': SSL connect error (35) OpenSSL/3.0.14: error:16000069:STORE routines::unregistered scheme; retrying in 273 ms
I have tried multiple things with pem files, like providing rootCA of anization to NIX_SSL_CERT_FILE environment variable, combining rootCA with cert.pem, but nothing is working
I am trying to make nix work behind zscaler. I am getting an error while executing this command
nix-shell -p nix-info --run --show-trace --verbose "nix-info"
This is the error message:
warning: error: unable to download 'https://cache.nixos./': SSL connect error (35) OpenSSL/3.0.14: error:16000069:STORE routines::unregistered scheme; retrying in 273 ms
I have tried multiple things with pem files, like providing rootCA of anization to NIX_SSL_CERT_FILE environment variable, combining rootCA with cert.pem, but nothing is working
Share Improve this question asked Nov 20, 2024 at 10:02 Prakhar MishraPrakhar Mishra 1,8144 gold badges34 silver badges61 bronze badges1 Answer
Reset to default 0So what I do on a Mac - maybe you can relate it to your situation - is to merge exported Mac cert bundle with Nix's CA cert bundle and place it in configuration:
#!/bin/sh
set -ex pipefail
TARGET=/opt/certs
# dump macOS cert bundle
sudo mkdir -p $TARGET
sudo security export -t certs -p -o "$TARGET/mac-bundle.crt"
# ensure the zscaler cert bundle is world readable
sudo chmod 755 "$TARGET/mac-bundle.crt"
# install nix using the zscaler cert bundle
curl --proto '=https' --tlsv1.2 -sSf -L 'https://install.determinate.systems/nix' \
| sh -s -- install --no-confirm --ssl-cert-file "$TARGET/mac-bundle.crt"
# merge Nix and zscaler cert bundles
# TODO: I expect this will break if/when nix updates their ca bundle?
cat "$TARGET/mac-bundle.crt" "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" \
| sudo tee "$TARGET/nix-and-mac-bundle.crt"
sudo chmod 755 "$TARGET/nix-and-mac-bundle.crt"
# reconfigure nix to use our combined cert bundle instead
tmpfile=$(mktemp /tmp/nix.conf.XXXXXX)
sudo sed "/^ssl-cert-file /d" /etc/nix/nix.conf >$tmpfile
printf "\nssl-cert-file = $TARGET/nix-and-mac-bundle.crt\n" | sudo tee -a $tmpfile
sudo mv $tmpfile /etc/nix/nix.conf
# make the current user a trusted user
printf "\ntrusted-users = root %s\n" "$USER" | sudo tee -a '/etc/nix/nix.conf'
# source the nix integration script
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
# make changes active
sudo launchctl stop .nixos.nix-daemon
sudo launchctl start .nixos.nix-daemon
本文标签: nixosNix SSL error while downloading narinfo filesStack Overflow
版权声明:本文标题:nixos - Nix: SSL error while downloading narinfo files - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742366598a2461410.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论