binary tarball: include cacert in root paths

93cc06334 removed nss-cacert from the binary tarball, but they're necessary for global compatibility (and for our installer). This is what results in cacerts being in the default profile, so e.g. the daemon has TLS certs without having to use the system ones. There's a fallback behavior in the daemon script in case these wind up missing from the profile, but we don't want to have to rely on that, since the fallback fails if it doesn't recognize one of a handful of distros. Change-Id: I60d8e6f734469548e80d5f38113ef168f67cbf7d
2024-04-12 06:45:51 -06:00 · 2024-04-12 06:45:51 -06:00 · a3be742bda
commit a3be742bda
parent 629351163d
1 changed files with 7 additions and 1 deletions
--- a/nix-support/binary-tarball.nix
+++ b/nix-support/binary-tarball.nix
@ -1,11 +1,17 @@
 {
  buildPackages,
+  cacert,
  nix,
  system,
  version,
 }:
 let
-  installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix ]; };
+  installerClosureInfo = buildPackages.closureInfo {
+    rootPaths = [
+      nix
+      cacert
+    ];
+  };

  meta.description = "Distribution-independent Nix bootstrap binaries for ${system}";
 in