diff options
Diffstat (limited to 'pkgs/data/misc')
-rw-r--r-- | pkgs/data/misc/cacert/default.nix | 7 | ||||
-rw-r--r-- | pkgs/data/misc/cacert/fix-unicode-ca-names.patch | 20 |
2 files changed, 24 insertions, 3 deletions
diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix index fbf9af36f27a..22cd14fe4ab5 100644 --- a/pkgs/data/misc/cacert/default.nix +++ b/pkgs/data/misc/cacert/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, writeText, nss, python3 +{ stdenv, fetchurl, writeText, nss, python , blacklist ? [] , includeEmail ? false }: @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { src = nss.src; - nativeBuildInputs = [ python3 ]; + nativeBuildInputs = [ python ]; configurePhase = '' ln -s nss/lib/ckfw/builtins/certdata.txt @@ -29,7 +29,8 @@ stdenv.mkDerivation rec { ${concatStringsSep "\n" (map (c: ''"${c}"'') blacklist)} EOF - cp ${certdata2pem} certdata2pem.py + cat ${certdata2pem} > certdata2pem.py + patch -p1 < ${./fix-unicode-ca-names.patch} ${optionalString includeEmail '' # Disable CAs used for mail signing substituteInPlace certdata2pem.py --replace \[\'CKA_TRUST_EMAIL_PROTECTION\'\] ''' diff --git a/pkgs/data/misc/cacert/fix-unicode-ca-names.patch b/pkgs/data/misc/cacert/fix-unicode-ca-names.patch new file mode 100644 index 000000000000..07d3629196a7 --- /dev/null +++ b/pkgs/data/misc/cacert/fix-unicode-ca-names.patch @@ -0,0 +1,20 @@ +--- a/certdata2pem.py 2017-08-01 23:10:00.000000000 +0300 ++++ b/certdata2pem.py 2017-08-01 23:08:21.131297636 +0300 +@@ -88,7 +88,7 @@ + \# Read blacklist. + blacklist = [] + if os.path.exists('blacklist.txt'): +- for line in open('blacklist.txt', 'r'): ++ for line in io.open('blacklist.txt', 'r', encoding='utf-8'): + line = line.strip() + if line.startswith('#') or len(line) == 0: + continue +@@ -101,7 +101,7 @@ + if obj['CKA_CLASS'] != 'CKO_NSS_TRUST': + continue + if obj['CKA_LABEL'] in blacklist: +- print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) ++ print("Certificate %s blacklisted, ignoring." % unicode(obj['CKA_LABEL']).encode('utf-8')) + elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': + trust[obj['CKA_LABEL']] = True + elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': |