diff options
| author | Alyssa Ross <hi@alyssa.is> | 2024-02-26 16:20:28 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2024-02-26 16:20:28 +0100 |
| commit | 647438344bfc1f77791391e2b4f98eef865c63dc (patch) | |
| tree | ef580867fc6cc413940e4330d939cf1afda082cb /nixpkgs/pkgs/data/misc/cacert/default.nix | |
| parent | b084c6a0fab7f32c904c5c8e8db8dddcefbe507f (diff) | |
| parent | e3474e1d1e53b70e2b2af73ea26d6340e82f6b8b (diff) | |
| download | nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.tar nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.tar.gz nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.tar.bz2 nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.tar.lz nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.tar.xz nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.tar.zst nixlib-647438344bfc1f77791391e2b4f98eef865c63dc.zip | |
Merge commit 'e3474e1d1e53'
Diffstat (limited to 'nixpkgs/pkgs/data/misc/cacert/default.nix')
| -rw-r--r-- | nixpkgs/pkgs/data/misc/cacert/default.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/data/misc/cacert/default.nix b/nixpkgs/pkgs/data/misc/cacert/default.nix index 30f2ee38c72f..7dc047bb1c88 100644 --- a/nixpkgs/pkgs/data/misc/cacert/default.nix +++ b/nixpkgs/pkgs/data/misc/cacert/default.nix @@ -20,7 +20,7 @@ let blocklist = writeText "cacert-blocklist.txt" (lib.concatStringsSep "\n" blacklist); extraCertificatesBundle = writeText "cacert-extra-certificates-bundle.crt" (lib.concatStringsSep "\n\n" extraCertificateStrings); - srcVersion = "3.95"; + srcVersion = "3.98"; version = if nssOverride != null then nssOverride.version else srcVersion; meta = with lib; { homepage = "https://curl.haxx.se/docs/caextract.html"; @@ -37,7 +37,7 @@ let owner = "nss-dev"; repo = "nss"; rev = "NSS_${lib.replaceStrings ["."] ["_"] version}_RTM"; - hash = "sha256-qgSbzlRbU+gElC2ae3FEGRUFSM1JHd/lNGNXC0x4xt4="; + hash = "sha256-0p1HzspxyzhzX46O7ax8tmYiaFEBeqEqEvman4NIiQc="; }; dontBuild = true; @@ -71,6 +71,7 @@ stdenv.mkDerivation rec { --ca_bundle_input "${extraCertificatesBundle}" ${lib.escapeShellArgs (map (arg: "${arg}") extraCertificateFiles)} \ --blocklist "${blocklist}" \ --ca_bundle_output ca-bundle.crt \ + --ca_standard_bundle_output ca-no-trust-rules-bundle.crt \ --ca_unpacked_output unbundled \ --p11kit_output ca-bundle.trust.p11-kit ''; @@ -78,6 +79,9 @@ stdenv.mkDerivation rec { installPhase = '' install -D -t "$out/etc/ssl/certs" ca-bundle.crt + # install standard PEM compatible bundle + install -D -t "$out/etc/ssl/certs" ca-no-trust-rules-bundle.crt + # install p11-kit specific output to p11kit output install -D -t "$p11kit/etc/ssl/trust-source" ca-bundle.trust.p11-kit |