From a3be742bda0ca81dc9f340b29c522f97834f2155 Mon Sep 17 00:00:00 2001 From: Qyriad Date: Fri, 12 Apr 2024 06:45:51 -0600 Subject: [PATCH] binary tarball: include cacert in root paths 93cc06334 removed nss-cacert from the binary tarball, but they're necessary for global compatibility (and for our installer). This is what results in cacerts being in the default profile, so e.g. the daemon has TLS certs without having to use the system ones. There's a fallback behavior in the daemon script in case these wind up missing from the profile, but we don't want to have to rely on that, since the fallback fails if it doesn't recognize one of a handful of distros. Change-Id: I60d8e6f734469548e80d5f38113ef168f67cbf7d --- nix-support/binary-tarball.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/nix-support/binary-tarball.nix b/nix-support/binary-tarball.nix index 88c556c33..b73e59043 100644 --- a/nix-support/binary-tarball.nix +++ b/nix-support/binary-tarball.nix @@ -1,11 +1,17 @@ { buildPackages, + cacert, nix, system, version, }: let - installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix ]; }; + installerClosureInfo = buildPackages.closureInfo { + rootPaths = [ + nix + cacert + ]; + }; meta.description = "Distribution-independent Nix bootstrap binaries for ${system}"; in