3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

50 commits

Author SHA1 Message Date
Robert Hensing 5d57104d84 cacert: Add Haskell x509-system compatibility
This allows cacert to be used with Haskell-based fetchers like
you would with regular OpenSSL-based fetchers:

  buildInputs = [ cacert ];
2021-07-08 19:27:09 +02:00
ajs124 e579e93b65 cacert: 3.63 -> 3.66
mozilla says this is CA version 2.50, up from 2.48 in nss 3.63
2021-06-01 23:12:06 +02:00
Andreas Rammhold 4e318bcca1
cacerts: Make updater script aware of the nss_latest attribute
Usually, on the stable channel, we have a nss_latest attribute that is
more up to date than the nss attribute (which is usually frozen during
branch-off and only receives security updates). Cacerts are a sensitive
matter and should be updated more frequently than the stable NSS package,
if required. By making the update script aware of the nss_latest
attribute we can prefer that when it exists.

By having this change in the unstable branch of Nixpgks we can carry it
from release to release without requiring more churn from those doing
the stable release maintenance.
2021-05-30 17:01:33 +02:00
github-actions[bot] 636e58e31b
Merge staging-next into staging 2021-04-02 00:21:46 +00:00
Vladimír Čunát 10cb065706
cacert: fix fetchurl invocation
It was breaking probably just the tarball job (difficult to localize).
https://hydra.nixos.org/build/140479925
2021-04-01 22:18:02 +02:00
ajs124 8dbc855b49 cacert: 3.60 -> 3.63 2021-03-20 16:42:40 +01:00
Dmitry Kalinkin 11ae139333 cacert.certdata2pem: add a download mirror from ubuntu 2021-03-20 09:11:48 +01:00
Dmitry Kalinkin 62d332feaf cacert: refactor to put certdata2pem on tarballs.nixos.org
nix-instantiate --eval --json --strict ./maintainers/scripts/find-tarballs.nix --arg expr '(import ./. {}).cacert' 2>/dev/null | jq '.[].name' | grep cert
"certdata2pem.py"
2021-03-20 09:11:48 +01:00
Ben Siraphob 4eb185bd6a pkgs/data: stdenv.lib -> lib 2021-01-15 14:29:18 +07:00
ajs124 11d6355308 cacert: 3.57 -> 3.60 2020-12-17 07:31:34 +01:00
Luke Granger-Brown 87f4676492 cacert: add lukegb as maintainer 2020-12-01 17:55:59 +00:00
Andreas Rammhold 17b1bde9c5
cacert: add myself as maintainer 2020-12-01 17:51:05 +01:00
Luke Granger-Brown b28436a7e9 cacert: remove broken includeEmail option
This doesn't do anything. Building with includeEmail = true produces
the same set as includeEmail = false, and the substitute rule removes
a random dictionary index operation.
2020-12-01 15:54:58 +00:00
Luke Granger-Brown b1f9e9c259 cacert: fix blacklist
It's broken under Python 3, ironically due to the patch we're carrying.
Fix it, and add a test to check it works.

Fixes #93230.
2020-12-01 15:54:58 +00:00
Andreas Rammhold 94448baf6d
cacert: decouple from NSS to reduce rebuild amount
In [#100765] @vcunat pointed out that we could decouple cacert from the
NSS package to make it more rebuild friendly. Just rebuilding packages
that depend on NSS seems to be about ~100. Rebuilding all the packages
that depend on cacert is >9k as of this writing. This makes it much more
feasible to upgrade high-profile packages that are (rightfully) pedantic
on their NSS version like firefox and thunderbird.

[#100765]: https://github.com/NixOS/nixpkgs/pull/100765
2020-11-18 20:13:22 +01:00
Markus Kowalewski 3ddeb521d8
nss-cacert: add license 2020-06-27 00:54:50 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar 3a8d826723
cacert: switch to python3 2019-12-15 01:50:34 +01:00
Matthew Bauer f7e4eeda6c
Merge pull request #68614 from nspin/pr/simplify-cacert-setup-hook
cacert: simplify setupHook
2019-09-20 17:59:34 -04:00
Nick Spinale e7ede726ba cacert: simplify setupHook
Triggering this setupHook for dependencies at targetOffset does not work
in cross-compilation cases where such a dependency is lacking. This
simplified setupHook is more robust.
2019-09-12 20:14:47 +00:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Vladimír Čunát 79bd4ad579
stdenv, cacert: consider $NIX_SSL_CERT_FILE in hooks
Some SSL libs don't react to $SSL_CERT_FILE.
That actually makes sense to me, as we add this behavior
as nixpkgs-specific, so it seems "safer" to use $NIX_*.
2019-05-09 08:46:22 +02:00
Jörg Thalheim b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
volth 52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Chaz Schlarp 933d7f37ac
cacert: fix certdata2pem url
Related to #39927

```
$ nix-prefetch-url https://salsa.debian.org/debian/ca-certificates/raw/debian/20170717/mozilla/certdata2pem.py
path is '/nix/store/0d00axdac4h8ffxrf90s5zh8xdw3r29z-certdata2pem.py'
1d4q27j1gss0186a5m8bs5dk786w07ccyq0qi6xmd2zr1a8q16wy
```
2018-06-01 17:56:53 -07:00
Michael Raskin c940d2e1ac
Merge pull request #37158 from oxij/pkgs/tor-browsers
update tor browsers
2018-03-16 18:06:50 +00:00
taku0 16ee6b5ed9 nss: 3.34.1 -> 3.35; cacert.certdata2pem: 20160104 -> 20170717 2018-03-16 03:42:09 +00:00
xeji c9a1639e20 cacert: add output "unbundled"
which contains all certs, each in a separate file.
This output is not installed by default.
2018-02-25 23:48:54 +01:00
Daiderd Jordan 406e162884
cacert: use addEnvHooks 2018-01-07 21:25:48 +01:00
Daiderd Jordan bfccf8e42c
cacert: add hook that sets SSL_CERT_FILE
Fixes #32981
2017-12-27 21:03:29 +01:00
Frederik Rietdijk 13bbaee21d Merge pull request #27881 from mimadrid/fix/http-https
Update homepage attributes: http -> https
2017-08-13 21:53:20 +02:00
Franz Pletz 2d5c1226c6
cacert: really fix utf-8 certname blacklists
See #27576.
2017-08-09 19:54:00 +02:00
mimadrid 09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Franz Pletz 55742a2044
cacert: fix unicode names in blacklist
Fixes #27576.
2017-07-31 12:26:23 +02:00
Franz Pletz 0d59fc1169
cacerts: refactor, add blacklist option
Previously, the list of CA certificates was generated with a perl script
which is included in curl. As this script is not very flexible, this commit
refactors the expression to use the python script that Debian uses to
generate their CA certificates from Mozilla's trust store in NSS.

Additionally, an option was added to the cacerts derivation and the
`security.pki` module to blacklist specific CAs.
2016-10-09 02:00:18 +02:00
Robert Helgesson 96fc1e19b8 cacert: remove dependency on LWP
The `mk-ca-bundle.pl` script manages quite well using only curl but
fails without LWP being present due to a `use` statement. This removes
the Perl import of the LWP library and adds curl as a build input.
2016-06-13 22:18:59 +02:00
Eelco Dolstra 0edfda814e Fix random ugliness 2015-07-31 01:36:41 +02:00
William A. Kennington III ffd0539eba cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out 2015-06-05 13:00:52 -07:00
Eelco Dolstra 6c878e0d05 Fix cacert 2015-06-04 14:54:52 +02:00
William A. Kennington III d6cbb061e3 cacert: Build directly from nss instead of our own tarball 2015-05-29 13:52:07 -07:00
Eelco Dolstra 6b67028383 cacert: Update to 20140715
This is generated with a more recent version of mk-ca-bundle.pl. The
previous version mistakenly dropped some certificates, like "Verisign
Class 3 Public Primary Certification Authority".
2014-08-05 10:43:25 +02:00
Eelco Dolstra b9c457ba12 cacert: Update to 20140704 2014-07-30 10:14:40 +02:00
Eelco Dolstra 3f799e7233 cacert: Update to 20131205 2013-12-20 18:29:06 +01:00
Eelco Dolstra acba9240cd nixos.org/tarballs -> tarballs.nixos.org
It's currently the same machine, but tarballs.nixos.org should become
an S3/CloudFront site eventually.
2013-06-25 14:12:16 +02:00
Eelco Dolstra d5c8f4cb60 cacert: Update to 20121229 2013-05-15 13:15:53 +02:00
Eelco Dolstra ebc1c7d6c7 cacert: Update to 20120628 2012-07-05 17:31:23 -04:00
Eelco Dolstra c556a6ea46 * "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
function, so obsolete it.

svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Eelco Dolstra f887ecef57 * Latest CA certificate bundle, now without DigiNotar certificate.
svn path=/nixpkgs/trunk/; revision=29269
2011-09-14 11:59:18 +00:00
Eelco Dolstra 353ec7a128 * CAcert bundle updated to the latest version (it was almost two years old).
svn path=/nixpkgs/trunk/; revision=28856
2011-08-28 16:02:18 +00:00
Eelco Dolstra f724089f6f * Added a bundle of CA certificates, useful for e.g. curl.
svn path=/nixpkgs/trunk/; revision=19571
2010-01-20 14:10:26 +00:00