cfssl: Add patch for stripping authkey whitespaces

1 files changed, 12 insertions, 1 deletions

diff --git a/pkgs/tools/security/cfssl/default.nix b/pkgs/tools/security/cfssl/default.nix
index cce3370aeda1..2391ea1b859b 100644
--- a/pkgs/tools/security/cfssl/default.nix
+++ b/pkgs/tools/security/cfssl/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, buildGoPackage, fetchFromGitHub }:
+{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }:
 
 buildGoPackage rec {
   name = "cfssl-${version}";
@@ -13,6 +13,17 @@ buildGoPackage rec {
     sha256 = "0j2gz2vl2pf7ir7sc7jrwmjnr67hk4qhxw09cjx132jbk337jc9x";
   };
 
+  # The following patch ensures that the auth-key decoder doesn't break,
+  # if the auth-key file contains leading or trailing whitespaces.
+  # https://github.com/cloudflare/cfssl/pull/923 is merged
+  # remove patch when it becomes part of a release.
+  patches = [
+    (fetchpatch {
+      url    = "https://github.com/cloudflare/cfssl/commit/7e13f60773c96644db9dd8d342d42fe3a4d26f36.patch";
+      sha256 = "1z2v2i8yj7qpj8zj5f2q739nhrr9s59jwzfzk52wfgssl4vv5mn5";
+    })
+  ];
+
   meta = with stdenv.lib; {
     homepage = https://cfssl.org/;
     description = "Cloudflare's PKI and TLS toolkit";