From c9545d8c905a34cfbc0b1344d6998d9cc2ee03dd Mon Sep 17 00:00:00 2001 From: Andrey Golovizin Date: Fri, 5 Jan 2018 10:59:00 +0100 Subject: [PATCH] qca2 and qca-qt5: use system CA certificates CMakeLists.txt looks for the system CA bundle in several locations, including /etc/ssl/certs/ca-certificates.crt. This works for non-sandboxed builds but fails inside a sandbox. --- pkgs/development/libraries/qca-qt5/default.nix | 6 ++++++ pkgs/development/libraries/qca2/default.nix | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/pkgs/development/libraries/qca-qt5/default.nix b/pkgs/development/libraries/qca-qt5/default.nix index 9433eb87109f..0ea58e6c434f 100644 --- a/pkgs/development/libraries/qca-qt5/default.nix +++ b/pkgs/development/libraries/qca-qt5/default.nix @@ -11,6 +11,12 @@ stdenv.mkDerivation rec { buildInputs = [ openssl qtbase ]; nativeBuildInputs = [ cmake pkgconfig ]; + # tells CMake to use this CA bundle file if it is accessible + preConfigure = ''export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt''; + + # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox) + cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ]; + meta = with stdenv.lib; { description = "Qt 5 Cryptographic Architecture"; homepage = http://delta.affinix.com/qca; diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix index 2265d0df3949..4976399a66a6 100644 --- a/pkgs/development/libraries/qca2/default.nix +++ b/pkgs/development/libraries/qca2/default.nix @@ -14,6 +14,12 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + # tells CMake to use this CA bundle file if it is accessible + preConfigure = ''export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt''; + + # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox) + cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ]; + meta = with stdenv.lib; { description = "Qt Cryptographic Architecture"; license = "LGPL";