cacert: refactor to put certdata2pem on tarballs.nixos.org

nix-instantiate --eval --json --strict ./maintainers/scripts/find-tarballs.nix --arg expr '(import ./. {}).cacert' 2>/dev/null | jq '.[].name' | grep cert "certdata2pem.py"
2021-03-18 16:44:09 -04:00 · 2021-03-18 16:44:09 -04:00 · 62d332feaf
commit 62d332feaf
parent 72aa2d1f78
1 changed files with 8 additions and 8 deletions
--- a/pkgs/data/misc/cacert/default.nix
+++ b/pkgs/data/misc/cacert/default.nix
@ -10,13 +10,6 @@
 with lib;

 let
-
-  certdata2pem = fetchurl {
-    name = "certdata2pem.py";
-    url = "https://salsa.debian.org/debian/ca-certificates/raw/debian/20170717/mozilla/certdata2pem.py";
-    sha256 = "1d4q27j1gss0186a5m8bs5dk786w07ccyq0qi6xmd2zr1a8q16wy";
-  };
-
  version = "3.60";
  underscoreVersion = builtins.replaceStrings ["."] ["_"] version;
 in
@ -29,6 +22,12 @@ stdenv.mkDerivation {
    sha256 = "hKvVV1q4dMU65RG9Rh5dCGjRobOE7kB1MVTN0dWQ/j0=";
  };

+  certdata2pem = fetchurl {
+    name = "certdata2pem.py";
+    url = "https://salsa.debian.org/debian/ca-certificates/raw/debian/20170717/mozilla/certdata2pem.py";
+    sha256 = "1d4q27j1gss0186a5m8bs5dk786w07ccyq0qi6xmd2zr1a8q16wy";
+  };
+
  outputs = [ "out" "unbundled" ];

  nativeBuildInputs = [ python3 ];
@ -40,7 +39,8 @@ stdenv.mkDerivation {
    ${concatStringsSep "\n" (map (c: ''"${c}"'') blacklist)}
    EOF

-    cat ${certdata2pem} > certdata2pem.py
+    # copy from the store, otherwise python will scan it for imports
+    cat "$certdata2pem" > certdata2pem.py
  '';

  buildPhase = ''