Merge pull request #286857 from RaitoBezarius/cacerts

nixos/security/ca: enable support for compatibility bundles
author: Ryan Lahfa <masterancpp@gmail.com> 2024-02-11 19:44:02 +0100
committer: GitHub <noreply@github.com> 2024-02-11 19:44:02 +0100
commit: d9e7a2a88ab0c125ec1524394c3173ee6879f651 (patch)
tree: 159610a708f8ba6c4cc6a4bdc4ddf100490bef3a /pkgs/data/misc
parent: 496cd829f0267244e7ffdadf4a9e21f3d96ce0b6 (diff)
parent: 19159a234916d7169e15d267e6ee1c9462790319 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix
index 30f2ee38c72f8..4979fa6edfded 100644
--- a/pkgs/data/misc/cacert/default.nix
+++ b/pkgs/data/misc/cacert/default.nix
@@ -71,6 +71,7 @@ stdenv.mkDerivation rec {
       --ca_bundle_input "${extraCertificatesBundle}" ${lib.escapeShellArgs (map (arg: "${arg}") extraCertificateFiles)} \
       --blocklist "${blocklist}" \
       --ca_bundle_output ca-bundle.crt \
+      --ca_standard_bundle_output ca-no-trust-rules-bundle.crt \
       --ca_unpacked_output unbundled \
       --p11kit_output ca-bundle.trust.p11-kit
   '';
@@ -78,6 +79,9 @@ stdenv.mkDerivation rec {
   installPhase = ''
     install -D -t "$out/etc/ssl/certs" ca-bundle.crt
 
+    # install standard PEM compatible bundle
+    install -D -t "$out/etc/ssl/certs" ca-no-trust-rules-bundle.crt
+
     # install p11-kit specific output to p11kit output
     install -D -t "$p11kit/etc/ssl/trust-source" ca-bundle.trust.p11-kit
author	Ryan Lahfa <masterancpp@gmail.com>	2024-02-11 19:44:02 +0100
committer	GitHub <noreply@github.com>	2024-02-11 19:44:02 +0100
commit	d9e7a2a88ab0c125ec1524394c3173ee6879f651 (patch)
tree	159610a708f8ba6c4cc6a4bdc4ddf100490bef3a /pkgs/data/misc
parent	496cd829f0267244e7ffdadf4a9e21f3d96ce0b6 (diff)
parent	19159a234916d7169e15d267e6ee1c9462790319 (diff)