From f238aa983364b2ac8e5cfd7862b5edc19348a105 Mon Sep 17 00:00:00 2001 From: sohalt Date: Thu, 28 Apr 2022 17:56:03 +0200 Subject: [PATCH] dockerTools: add caCertificates helper Various tools (e.g. wget) expect the ca bundle to be available at /etc/ssl/certs/ca-certificates.crt --- pkgs/build-support/docker/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 5a4e30ede8a3..4eb88a33adec 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -773,6 +773,16 @@ rec { ln -s ${bashInteractive}/bin/bash $out/bin/sh ''; + # This provides the ca bundle in common locations + caCertificates = runCommand "ca-certificates" { } '' + # Old NixOS compatibility. + ln -s ${cacert}/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs/ca-bundle.crt + # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. + ln -s ${cacert}/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs/ca-certificates.crt + # CentOS/Fedora compatibility. + ln -s ${cacert}/etc/ssl/certs/ca-bundle.crt $out/etc/pki/tls/certs/ca-bundle.crt + ''; + # Build an image and populate its nix database with the provided # contents. The main purpose is to be able to use nix commands in # the container.