From fb4c43dd8adbd7a10d1c52539b36e2da269f3f7f Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Fri, 10 Mar 2017 14:54:02 -0500 Subject: [PATCH] curl: Use CA bundle in nix default profile by default --- pkgs/tools/networking/curl/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index e9b438a6037b..bb9316512ecd 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -57,7 +57,9 @@ stdenv.mkDerivation rec { ''; configureFlags = [ - "--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt" + # OS X does not have a default system bundle, so we assume cacerts is installed in the default nix-env profile + # This sucks. We should probably just include the latest cacerts in the darwin bootstrap. + "--with-ca-bundle=${if stdenv.isDarwin then "/nix/var/nix/profiles/default" else ""}/etc/ssl/certs/ca-${if stdenv.isDarwin then "bundle" else "certificates"}.crt" "--disable-manual" ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" ) ( if gnutlsSupport then "--with-gnutls=${gnutls.dev}" else "--without-gnutls" )