forked from mirrors/nixpkgs
cacert: Build directly from nss instead of our own tarball
This commit is contained in:
parent
02895e8211
commit
d6cbb061e3
|
@ -22,7 +22,7 @@ in
|
|||
security.pki.certificateFiles = mkOption {
|
||||
type = types.listOf types.path;
|
||||
default = [];
|
||||
example = literalExample "[ \"\${pkgs.cacert}/etc/ca-bundle.crt\" ]";
|
||||
example = literalExample "[ \"\${pkgs.cacert}/ca-bundle.crt\" ]";
|
||||
description = ''
|
||||
A list of files containing trusted root certificates in PEM
|
||||
format. These are concatenated to form
|
||||
|
@ -53,7 +53,7 @@ in
|
|||
|
||||
config = {
|
||||
|
||||
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ];
|
||||
security.pki.certificateFiles = [ "${pkgs.cacert}/ca-bundle.crt" ];
|
||||
|
||||
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
|
||||
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
|
||||
|
|
|
@ -1,23 +1,29 @@
|
|||
{ stdenv, fetchurl }:
|
||||
{ stdenv, nss, curl-full, perl, perlPackages }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "cacert-20140715";
|
||||
name = "nss-cacert-${nss.version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://tarballs.nixos.org/${name}.pem.bz2";
|
||||
sha256 = "1l4j7z6ysnllx99isjzlc8zc34rbbgj4kzlg1y5sy9bgphc8cssl";
|
||||
};
|
||||
src = nss.src;
|
||||
|
||||
unpackPhase = "true";
|
||||
postPatch = ''
|
||||
unpackFile ${curl-full.src};
|
||||
'';
|
||||
|
||||
installPhase =
|
||||
''
|
||||
mkdir -p $out/etc
|
||||
bunzip2 < $src > $out/etc/ca-bundle.crt
|
||||
'';
|
||||
nativeBuildInputs = [ perl ] ++ (with perlPackages; [ LWP ]);
|
||||
|
||||
meta = {
|
||||
buildPhase = ''
|
||||
perl curl-*/lib/mk-ca-bundle.pl -d "file://$(pwd)/nss/lib/ckfw/builtins/certdata.txt" ca-bundle.crt
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -pv $out
|
||||
cp -v ca-bundle.crt $out
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = http://curl.haxx.se/docs/caextract.html;
|
||||
description = "A bundle of X.509 certificates of public Certificate Authorities (CA)";
|
||||
platforms = platforms.all;
|
||||
maintainers = with maintainers; [ wkennington ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue