diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-08-09 19:51:25 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-08-09 19:54:00 +0200 |
commit | 2d5c1226c65192a2f8c503e23f6d9738f47be206 (patch) | |
tree | 34614d5b8ef203713e62d59e043fec65e2bd0340 /pkgs/data/misc/cacert/default.nix | |
parent | 1ed786292b438930b510aeb78f7678917be21aba (diff) | |
download | nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.tar nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.tar.gz nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.tar.bz2 nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.tar.lz nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.tar.xz nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.tar.zst nixpkgs-2d5c1226c65192a2f8c503e23f6d9738f47be206.zip |
cacert: really fix utf-8 certname blacklists
See #27576.
Diffstat (limited to 'pkgs/data/misc/cacert/default.nix')
-rw-r--r-- | pkgs/data/misc/cacert/default.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix index fbf9af36f27..22cd14fe4ab 100644 --- a/pkgs/data/misc/cacert/default.nix +++ b/pkgs/data/misc/cacert/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, writeText, nss, python3 +{ stdenv, fetchurl, writeText, nss, python , blacklist ? [] , includeEmail ? false }: @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { src = nss.src; - nativeBuildInputs = [ python3 ]; + nativeBuildInputs = [ python ]; configurePhase = '' ln -s nss/lib/ckfw/builtins/certdata.txt @@ -29,7 +29,8 @@ stdenv.mkDerivation rec { ${concatStringsSep "\n" (map (c: ''"${c}"'') blacklist)} EOF - cp ${certdata2pem} certdata2pem.py + cat ${certdata2pem} > certdata2pem.py + patch -p1 < ${./fix-unicode-ca-names.patch} ${optionalString includeEmail '' # Disable CAs used for mail signing substituteInPlace certdata2pem.py --replace \[\'CKA_TRUST_EMAIL_PROTECTION\'\] ''' |