From cf3013b4c0df4e01ea761d2fa2c6b69a38f9a5a4 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Wed, 17 Nov 2021 00:56:36 +0100 Subject: p11-kit: add Fedora/RHEL trust store path Fedora and RHEL use a different location for the trust store, compared to other distros. Without this, validation of the CA root certificates fails in all nss applications. --- pkgs/development/libraries/p11-kit/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'pkgs/development/libraries/p11-kit') diff --git a/pkgs/development/libraries/p11-kit/default.nix b/pkgs/development/libraries/p11-kit/default.nix index 4ddc01ee6b2..34a3788d786 100644 --- a/pkgs/development/libraries/p11-kit/default.nix +++ b/pkgs/development/libraries/p11-kit/default.nix @@ -31,7 +31,11 @@ stdenv.mkDerivation rec { configureFlags = [ "--sysconfdir=/etc" "--localstatedir=/var" - "--with-trust-paths=/etc/ssl/trust-source:/etc/ssl/certs/ca-certificates.crt" + "--with-trust-paths=${lib.concatStringsSep ":" [ + "/etc/ssl/trust-source" # p11-kit trust source + "/etc/ssl/certs/ca-certificates.crt" # NixOS + Debian/Ubuntu/Arch/Gentoo... + "/etc/pki/tls/certs/ca-bundle.crt" # Fedora/CentOS + ]}" ]; enableParallelBuilding = true; -- cgit 1.4.1