From aadc609b0eb23eece4d7d940c15b09971eb803bd Mon Sep 17 00:00:00 2001
From: Sarah Brofeldt <sarah@qtr.dk>
Date: Tue, 20 Feb 2024 08:58:55 +0100
Subject: ceph: fix cryptography patching for in-expr version

---
 pkgs/tools/filesystems/ceph/default.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'pkgs/tools/filesystems')

diff --git a/pkgs/tools/filesystems/ceph/default.nix b/pkgs/tools/filesystems/ceph/default.nix
index 5d1c3249b98f..ebaf6532df52 100644
--- a/pkgs/tools/filesystems/ceph/default.nix
+++ b/pkgs/tools/filesystems/ceph/default.nix
@@ -195,6 +195,9 @@ let
           hash = "sha256-gFfDTc2QWBWHBCycVH1dYlCsWQMVcRZfOBIau+njtDU=";
         };
 
+        # Not using the normal `(old.patches or []) ++` pattern here to use
+        # the overridden package's patches, because current nixpkgs's `cryptography`
+        # has patches that do not apply on this old version.
         patches = [
           # Fix https://nvd.nist.gov/vuln/detail/CVE-2023-49083 which has no upstream backport.
           # See https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a#diff-f5134bf8f3cf0a5cc8601df55e50697acc866c603a38caff98802bd8e17976c5R1893
-- 
cgit 1.4.1