3
0
Fork 0
forked from mirrors/nixpkgs

cacert: Build directly from nss instead of our own tarball

This commit is contained in:
William A. Kennington III 2015-05-29 13:51:55 -07:00
parent 02895e8211
commit d6cbb061e3
2 changed files with 21 additions and 15 deletions

View file

@ -22,7 +22,7 @@ in
security.pki.certificateFiles = mkOption {
type = types.listOf types.path;
default = [];
example = literalExample "[ \"\${pkgs.cacert}/etc/ca-bundle.crt\" ]";
example = literalExample "[ \"\${pkgs.cacert}/ca-bundle.crt\" ]";
description = ''
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
@ -53,7 +53,7 @@ in
config = {
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ];
security.pki.certificateFiles = [ "${pkgs.cacert}/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;

View file

@ -1,23 +1,29 @@
{ stdenv, fetchurl }:
{ stdenv, nss, curl-full, perl, perlPackages }:
stdenv.mkDerivation rec {
name = "cacert-20140715";
name = "nss-cacert-${nss.version}";
src = fetchurl {
url = "http://tarballs.nixos.org/${name}.pem.bz2";
sha256 = "1l4j7z6ysnllx99isjzlc8zc34rbbgj4kzlg1y5sy9bgphc8cssl";
};
src = nss.src;
unpackPhase = "true";
postPatch = ''
unpackFile ${curl-full.src};
'';
installPhase =
''
mkdir -p $out/etc
bunzip2 < $src > $out/etc/ca-bundle.crt
'';
nativeBuildInputs = [ perl ] ++ (with perlPackages; [ LWP ]);
meta = {
buildPhase = ''
perl curl-*/lib/mk-ca-bundle.pl -d "file://$(pwd)/nss/lib/ckfw/builtins/certdata.txt" ca-bundle.crt
'';
installPhase = ''
mkdir -pv $out
cp -v ca-bundle.crt $out
'';
meta = with stdenv.lib; {
homepage = http://curl.haxx.se/docs/caextract.html;
description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";
platforms = platforms.all;
maintainers = with maintainers; [ wkennington ];
};
}