diff options
Diffstat (limited to 'pkgs/build-support/fetchurl/default.nix')
| -rw-r--r-- | pkgs/build-support/fetchurl/default.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index a0c48468dfa..c65738aef41 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -1,4 +1,6 @@ -{ lib, buildPackages ? { inherit stdenvNoCC; }, stdenvNoCC, curl }: # Note that `curl' may be `null', in case of the native stdenvNoCC. +{ lib, buildPackages ? { inherit stdenvNoCC; }, stdenvNoCC +, curl # Note that `curl' may be `null', in case of the native stdenvNoCC. +, cacert ? null }: let @@ -112,6 +114,7 @@ let else if sha512 != "" then { outputHashAlgo = "sha512"; outputHash = sha512; } else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; } else if sha1 != "" then { outputHashAlgo = "sha1"; outputHash = sha1; } + else if cacert != null then { outputHashAlgo = "sha256"; outputHash = ""; } else throw "fetchurl requires a hash for fixed-output derivation: ${lib.concatStringsSep ", " urls_}"; in @@ -134,6 +137,10 @@ stdenvNoCC.mkDerivation { # New-style output content requirements. inherit (hash_) outputHashAlgo outputHash; + SSL_CERT_FILE = if hash_.outputHash == "" + then "${cacert}/etc/ssl/certs/ca-bundle.crt" + else "/no-cert-file.crt"; + outputHashMode = if (recursiveHash || executable) then "recursive" else "flat"; inherit curlOpts showURLs mirrorsFile postFetch downloadToTemp executable; |