From 9ac1a3fb832094ac18590db40398080b1ade98a1 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 3 Jan 2022 14:25:49 -0500
Subject: [PATCH] fix the work-around by creating the target directory first

---
 .circleci/config.yml | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index eedb1c6..5a7a8f0 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -148,10 +148,6 @@ jobs:
       # one day someone pushed a bad revision to it and our CI broke.  So now
       # we just pin some recent version.  Who would have thought a floating
       # dependency would cause build instability?
-      #
-      # This pre-release image in particular fixes a problem in the 2.5.1
-      # image where no CA certificates are available.
-      # https://github.com/NixOS/nix/issues/5797
       - image: "nixos/nix:2.5.1"
 
     # Tahoe-LAFS requires more memory than we get from the default resource
@@ -165,7 +161,6 @@ jobs:
       # Let us use features marked "experimental".  For example, most/all of
       # the `nix <subcommand>` forms.
       NIX_CONFIG: "experimental-features = nix-command"
-      # NIX_SSL_CERT_FILE: "/nix/store/dvcalma5h3wd8bbwhj7g9m3yswxm707c-nss-cacert-3.66/etc/ssl/certs/ca-bundle.crt"
 
       # Pin a NixOS 21.11 revision.  Most of the software involved in the
       # build process is pinned by nix/sources.json with niv but a few things
@@ -177,11 +172,21 @@ jobs:
 
     steps:
       - run:
-          name: "Set up Cachix"
+          # Work around a bug in the 2.5.1 Docker image that prevents it from
+          # having any CA certificates to use to validate any certificates it
+          # encounters (and thus makes it incapable of talking to our binary
+          # caches).
+          #
+          # The work-around is from a comment on the issue
+          # https://github.com/NixOS/nix/issues/5797
+          name: "Fix CA Certificates"
           command: |
-            env
             mkdir -p /etc/ssl/certs/
             ln -s $NIX_SSL_CERT_FILE /etc/ssl/certs/
+
+      - run:
+          name: "Set up Cachix"
+          command: |
             nix-env -f $NIXPKGS -iA cachix bash
             cachix use "${CACHIX_NAME}"
             nix path-info --all > /tmp/store-path-pre-build
-- 
GitLab