diff --git a/.circleci/config.yml b/.circleci/config.yml
index eedb1c6462947b2610c6ceba3d93a1ab4ad00dc4..5a7a8f081f5207b8c318ccfcf836150fe934bfe7 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -148,10 +148,6 @@ jobs:
# one day someone pushed a bad revision to it and our CI broke. So now
# we just pin some recent version. Who would have thought a floating
# dependency would cause build instability?
- #
- # This pre-release image in particular fixes a problem in the 2.5.1
- # image where no CA certificates are available.
- # https://github.com/NixOS/nix/issues/5797
- image: "nixos/nix:2.5.1"
# Tahoe-LAFS requires more memory than we get from the default resource
@@ -165,7 +161,6 @@ jobs:
# Let us use features marked "experimental". For example, most/all of
# the `nix <subcommand>` forms.
NIX_CONFIG: "experimental-features = nix-command"
- # NIX_SSL_CERT_FILE: "/nix/store/dvcalma5h3wd8bbwhj7g9m3yswxm707c-nss-cacert-3.66/etc/ssl/certs/ca-bundle.crt"
# Pin a NixOS 21.11 revision. Most of the software involved in the
# build process is pinned by nix/sources.json with niv but a few things
@@ -177,11 +172,21 @@ jobs:
steps:
- run:
- name: "Set up Cachix"
+ # Work around a bug in the 2.5.1 Docker image that prevents it from
+ # having any CA certificates to use to validate any certificates it
+ # encounters (and thus makes it incapable of talking to our binary
+ # caches).
+ #
+ # The work-around is from a comment on the issue
+ # https://github.com/NixOS/nix/issues/5797
+ name: "Fix CA Certificates"
command: |
- env
mkdir -p /etc/ssl/certs/
ln -s $NIX_SSL_CERT_FILE /etc/ssl/certs/
+
+ - run:
+ name: "Set up Cachix"
+ command: |
nix-env -f $NIXPKGS -iA cachix bash
cachix use "${CACHIX_NAME}"
nix path-info --all > /tmp/store-path-pre-build