diff options
author | Ryan Lahfa <masterancpp@gmail.com> | 2024-02-11 19:44:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-11 19:44:02 +0100 |
commit | d9e7a2a88ab0c125ec1524394c3173ee6879f651 (patch) | |
tree | 159610a708f8ba6c4cc6a4bdc4ddf100490bef3a /pkgs/data/misc | |
parent | 496cd829f0267244e7ffdadf4a9e21f3d96ce0b6 (diff) | |
parent | 19159a234916d7169e15d267e6ee1c9462790319 (diff) |
Merge pull request #286857 from RaitoBezarius/cacerts
nixos/security/ca: enable support for compatibility bundles
Diffstat (limited to 'pkgs/data/misc')
-rw-r--r-- | pkgs/data/misc/cacert/default.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix index 30f2ee38c72f8..4979fa6edfded 100644 --- a/pkgs/data/misc/cacert/default.nix +++ b/pkgs/data/misc/cacert/default.nix @@ -71,6 +71,7 @@ stdenv.mkDerivation rec { --ca_bundle_input "${extraCertificatesBundle}" ${lib.escapeShellArgs (map (arg: "${arg}") extraCertificateFiles)} \ --blocklist "${blocklist}" \ --ca_bundle_output ca-bundle.crt \ + --ca_standard_bundle_output ca-no-trust-rules-bundle.crt \ --ca_unpacked_output unbundled \ --p11kit_output ca-bundle.trust.p11-kit ''; @@ -78,6 +79,9 @@ stdenv.mkDerivation rec { installPhase = '' install -D -t "$out/etc/ssl/certs" ca-bundle.crt + # install standard PEM compatible bundle + install -D -t "$out/etc/ssl/certs" ca-no-trust-rules-bundle.crt + # install p11-kit specific output to p11kit output install -D -t "$p11kit/etc/ssl/trust-source" ca-bundle.trust.p11-kit |