4 Commits

Author	SHA1	Message	Date
ajs124	8e77380250	cacert: 3.74 -> 3.77	2022-04-03 13:14:08 +01:00
Luke Granger-Brown	91e4957081	cacert: extract certdata.txt from main package ... This allows users to specify custom CAs without needing to download the entirety of the NSS source code - just certdata.txt, which should end up in cache.nixos.org.	2021-10-08 01:21:57 +00:00
Andreas Rammhold	4e318bcca1	cacerts: Make updater script aware of the nss_latest attribute ... Usually, on the stable channel, we have a nss_latest attribute that is more up to date than the nss attribute (which is usually frozen during branch-off and only receives security updates). Cacerts are a sensitive matter and should be updated more frequently than the stable NSS package, if required. By making the update script aware of the nss_latest attribute we can prefer that when it exists. By having this change in the unstable branch of Nixpgks we can carry it from release to release without requiring more churn from those doing the stable release maintenance.	2021-05-30 17:01:33 +02:00
Andreas Rammhold	94448baf6d	cacert: decouple from NSS to reduce rebuild amount ... In [#100765] @vcunat pointed out that we could decouple cacert from the NSS package to make it more rebuild friendly. Just rebuilding packages that depend on NSS seems to be about ~100. Rebuilding all the packages that depend on cacert is >9k as of this writing. This makes it much more feasible to upgrade high-profile packages that are (rightfully) pedantic on their NSS version like firefox and thunderbird. [#100765]: https://github.com/NixOS/nixpkgs/pull/100765	2020-11-18 20:13:22 +01:00