prefetch-yarn-deps: add cacert to provide certificates during fetches

Ideally fetch-yarn-deps could do like some other fetchers and support
using SSL_CERT_FILE if it exists and also only verify integrity on FOD
hash unless using an empty/test hash.

But this should keep at least the same semantics as before the recent
Node.js change to stop using the built-in certificate store in favor of
the system one (which does not exist by default in the build sandbox).
This commit is contained in:
Lily Foster 2023-11-21 16:24:57 -05:00
parent e4ad989506
commit ab99231a36
No known key found for this signature in database
GPG Key ID: 49340081E484C893

View File

@ -62,7 +62,7 @@ in {
dontUnpack = src == null; dontUnpack = src == null;
dontInstall = true; dontInstall = true;
nativeBuildInputs = [ prefetch-yarn-deps ]; nativeBuildInputs = [ prefetch-yarn-deps cacert ];
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt"; GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = '' buildPhase = ''