qca2 and qca-qt5: use system CA certificates

CMakeLists.txt looks for the system CA bundle in several locations,
including /etc/ssl/certs/ca-certificates.crt.
This works for non-sandboxed builds but fails inside a sandbox.

2 files changed, 12 insertions, 0 deletions

diff --git a/pkgs/development/libraries/qca-qt5/default.nix b/pkgs/development/libraries/qca-qt5/default.nix
index 9433eb87109f..0ea58e6c434f 100644
--- a/pkgs/development/libraries/qca-qt5/default.nix
+++ b/pkgs/development/libraries/qca-qt5/default.nix
@@ -11,6 +11,12 @@ stdenv.mkDerivation rec {
   buildInputs = [ openssl qtbase ];
   nativeBuildInputs = [ cmake pkgconfig ];
 
+  # tells CMake to use this CA bundle file if it is accessible
+  preConfigure = ''export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt'';
+
+  # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox)
+  cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ];
+
   meta = with stdenv.lib; {
     description = "Qt 5 Cryptographic Architecture";
     homepage = http://delta.affinix.com/qca;
diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix
index 2265d0df3949..4976399a66a6 100644
--- a/pkgs/development/libraries/qca2/default.nix
+++ b/pkgs/development/libraries/qca2/default.nix
@@ -14,6 +14,12 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  # tells CMake to use this CA bundle file if it is accessible
+  preConfigure = ''export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt'';
+
+  # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox)
+  cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ];
+
   meta = with stdenv.lib; {
     description = "Qt Cryptographic Architecture";
     license = "LGPL";