github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-18 17:27:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(daemon): default NODE_USE_SYSTEM_CA=1 on macOS

Browse Source
This commit is contained in:
magos-minor
2026-03-02 13:52:31 -08:00
committed by Peter Steinberger
parent 19fafed11d
commit 350ac0d824
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/daemon/service-env.test.ts
View File

@@ -354,6 +354,33 @@ describe("buildServiceEnvironment", () => {
});
expect(env.NODE_EXTRA_CA_CERTS).toBe("/custom/certs/ca.pem");
});
it("defaults NODE_USE_SYSTEM_CA=1 on macOS", () => {
const env = buildServiceEnvironment({
env: { HOME: "/home/user" },
port: 18789,
platform: "darwin",
});
expect(env.NODE_USE_SYSTEM_CA).toBe("1");
});
it("does not default NODE_USE_SYSTEM_CA on non-macOS", () => {
const env = buildServiceEnvironment({
env: { HOME: "/home/user" },
port: 18789,
platform: "linux",
});
expect(env.NODE_USE_SYSTEM_CA).toBeUndefined();
});
it("respects user-provided NODE_USE_SYSTEM_CA over the default", () => {
const env = buildServiceEnvironment({
env: { HOME: "/home/user", NODE_USE_SYSTEM_CA: "0" },
port: 18789,
platform: "darwin",
});
expect(env.NODE_USE_SYSTEM_CA).toBe("0");
});
});
describe("buildNodeServiceEnvironment", () => {
@@ -449,6 +476,30 @@ describe("buildNodeServiceEnvironment", () => {
});
expect(env.NODE_EXTRA_CA_CERTS).toBe("/custom/certs/ca.pem");
});
it("defaults NODE_USE_SYSTEM_CA=1 on macOS for node services", () => {
const env = buildNodeServiceEnvironment({
env: { HOME: "/home/user" },
platform: "darwin",
});
expect(env.NODE_USE_SYSTEM_CA).toBe("1");
});
it("does not default NODE_USE_SYSTEM_CA on non-macOS for node services", () => {
const env = buildNodeServiceEnvironment({
env: { HOME: "/home/user" },
platform: "linux",
});
expect(env.NODE_USE_SYSTEM_CA).toBeUndefined();
});
it("respects user-provided NODE_USE_SYSTEM_CA for node services", () => {
const env = buildNodeServiceEnvironment({
env: { HOME: "/home/user", NODE_USE_SYSTEM_CA: "0" },
platform: "darwin",
});
expect(env.NODE_USE_SYSTEM_CA).toBe("0");
});
});
describe("resolveGatewayStateDir", () => {

5
src/daemon/service-env.ts
View File

@@ -251,6 +251,7 @@ export function buildServiceEnvironment(params: {
PATH: sharedEnv.minimalPath,
...sharedEnv.proxyEnv,
NODE_EXTRA_CA_CERTS: sharedEnv.nodeCaCerts,
NODE_USE_SYSTEM_CA: sharedEnv.nodeUseSystemCa,
OPENCLAW_PROFILE: profile,
OPENCLAW_STATE_DIR: sharedEnv.stateDir,
OPENCLAW_CONFIG_PATH: sharedEnv.configPath,
@@ -279,6 +280,7 @@ export function buildNodeServiceEnvironment(params: {
PATH: sharedEnv.minimalPath,
...sharedEnv.proxyEnv,
NODE_EXTRA_CA_CERTS: sharedEnv.nodeCaCerts,
NODE_USE_SYSTEM_CA: sharedEnv.nodeUseSystemCa,
OPENCLAW_STATE_DIR: sharedEnv.stateDir,
OPENCLAW_CONFIG_PATH: sharedEnv.configPath,
OPENCLAW_GATEWAY_TOKEN: gatewayToken,
@@ -303,6 +305,7 @@ function resolveSharedServiceEnvironmentFields(
minimalPath: string;
proxyEnv: Record<string, string | undefined>;
nodeCaCerts: string | undefined;
nodeUseSystemCa: string | undefined;
} {
const stateDir = env.OPENCLAW_STATE_DIR;
const configPath = env.OPENCLAW_CONFIG_PATH;
@@ -314,6 +317,7 @@ function resolveSharedServiceEnvironmentFields(
// works correctly when running as a LaunchAgent without extra user configuration.
const nodeCaCerts =
env.NODE_EXTRA_CA_CERTS ?? (platform === "darwin" ? "/etc/ssl/cert.pem" : undefined);
const nodeUseSystemCa = env.NODE_USE_SYSTEM_CA ?? (platform === "darwin" ? "1" : undefined);
return {
stateDir,
configPath,
@@ -321,5 +325,6 @@ function resolveSharedServiceEnvironmentFields(
minimalPath: buildMinimalServicePath({ env }),
proxyEnv,
nodeCaCerts,
nodeUseSystemCa,
};
}