diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-02-25 00:13:49 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-25 00:13:49 +0000 |
commit | 257171f024023815158819b0cb35b5958f1b4975 (patch) | |
tree | 91f9a728162c7e67be0ebf5602148377f1841da1 /pkgs/data/misc/cacert/default.nix | |
parent | 57bbe4245f80b90b4b48079750f91bdc0437c66e (diff) | |
parent | 7794d8a78570335f10b0f97ae72b14b33c6addc2 (diff) |
Merge master into haskell-updates
Diffstat (limited to 'pkgs/data/misc/cacert/default.nix')
-rw-r--r-- | pkgs/data/misc/cacert/default.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix index 30f2ee38c72f8..7dc047bb1c88b 100644 --- a/pkgs/data/misc/cacert/default.nix +++ b/pkgs/data/misc/cacert/default.nix @@ -20,7 +20,7 @@ let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); - srcVersion = "3.95"; + srcVersion = "3.98"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; @@ -37,7 +37,7 @@ let owner = "nss-dev"; repo = "nss"; rev = "NSS_${lib.replaceStrings ["."] ["_"] version}_RTM"; - hash = "sha256-qgSbzlRbU+gElC2ae3FEGRUFSM1JHd/lNGNXC0x4xt4="; + hash = "sha256-0p1HzspxyzhzX46O7ax8tmYiaFEBeqEqEvman4NIiQc="; }; dontBuild = true; @@ -71,6 +71,7 @@ stdenv.mkDerivation rec { --ca_bundle_input "${extraCertificatesBundle}" ${lib.escapeShellArgs (map (arg: "${arg}") extraCertificateFiles)} \ --blocklist "${blocklist}" \ --ca_bundle_output ca-bundle.crt \ + --ca_standard_bundle_output ca-no-trust-rules-bundle.crt \ --ca_unpacked_output unbundled \ --p11kit_output ca-bundle.trust.p11-kit ''; @@ -78,6 +79,9 @@ stdenv.mkDerivation rec { installPhase = '' install -D -t "$out/etc/ssl/certs" ca-bundle.crt + # install standard PEM compatible bundle + install -D -t "$out/etc/ssl/certs" ca-no-trust-rules-bundle.crt + # install p11-kit specific output to p11kit output install -D -t "$p11kit/etc/ssl/trust-source" ca-bundle.trust.p11-kit |