{ mode }: with import ./config.nix; mkDerivation ( { name = "ssl-export"; buildCommand = '' # Add some indirection, otherwise grepping into the debug output finds the string. report () { echo CERT_$1_IN_SANDBOX; } if [ -f /etc/ssl/certs/ca-certificates.crt ]; then content=$(</etc/ssl/certs/ca-certificates.crt) if [ "$content" == CERT_CONTENT ]; then report present fi else report missing fi # Always fail, because we do not want to bother with fixed-output # derivations being cached, and do not want to compute the right hash. false; ''; } // { fixed-output = { outputHash = "sha256:0000000000000000000000000000000000000000000000000000000000000000"; }; normal = { }; }.${mode} )