PlaceNixConfiguration: don't write ssl-cert-file to nix.custom.conf…

… if determinate and macOS (#1440) determinate-nixd will handle the `ssl-cert-file` setting in its managed nix.conf, which will override the `ssl-cert-file` that may already be configured in the user's nix.custom.conf. This is _NOT TRUE_ for non-Determinate installs, since the `!include nix.custom.conf` statement is at the _bottom_ of nix.conf on non-Determinate installs, meaning it will override whatever is set in nix.conf; for Determinate installs, the include statement is at the _top_ of nix.conf, meaning the Determinate-managed config will override anything set in the nix.custom.conf (such as `ssl-cert-file`).
DeterminateSystems · Feb 14, 2025 · 268c44c · 268c44c
1 parent 7a51da5
commit 268c44c
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/src/action/common/place_nix_configuration.rs b/src/action/common/place_nix_configuration.rs
@@ -50,6 +50,18 @@ impl PlaceNixConfiguration {
     ) -> Result<StatefulAction<Self>, ActionError> {
         let extra_conf = Self::parse_extra_conf(proxy, ssl_cert_file.as_ref(), extra_conf).await?;
 
+        let is_macos = matches!(
+            target_lexicon::OperatingSystem::host(),
+            target_lexicon::OperatingSystem::MacOSX { .. }
+                | target_lexicon::OperatingSystem::Darwin
+        );
+        let configured_ssl_cert_file = if determinate_nix && is_macos {
+            // On macOS, determinate-nixd will handle configuring the ssl-cert-file option for Nix
+            None
+        } else {
+            ssl_cert_file
+        };
+
         let standard_nix_config = if !determinate_nix {
             let maybe_trusted_users = extra_conf.settings().get(TRUSTED_USERS_CONF_NAME);
 
@@ -58,9 +70,12 @@ impl PlaceNixConfiguration {
             None
         };
 
-        let custom_nix_config =
-            Self::setup_extra_config(extra_conf, nix_build_group_name, ssl_cert_file.as_ref())
-                .await?;
+        let custom_nix_config = Self::setup_extra_config(
+            extra_conf,
+            nix_build_group_name,
+            configured_ssl_cert_file.as_ref(),
+        )
+        .await?;
 
         let create_directory = CreateDirectory::plan(NIX_CONF_FOLDER, None, None, 0o0755, force)
             .await