From 62d332feaf3a61c117b43d66118cb33fc57043a2 Mon Sep 17 00:00:00 2001
From: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
Date: Thu, 18 Mar 2021 16:44:09 -0400
Subject: [PATCH] cacert: refactor to put certdata2pem on tarballs.nixos.org

nix-instantiate --eval --json --strict ./maintainers/scripts/find-tarballs.nix --arg expr '(import ./. {}).cacert' 2>/dev/null | jq '.[].name' | grep cert
"certdata2pem.py"
---
 pkgs/data/misc/cacert/default.nix | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix
index e50aa81656a..b397c1069e1 100644
--- a/pkgs/data/misc/cacert/default.nix
+++ b/pkgs/data/misc/cacert/default.nix
@@ -10,13 +10,6 @@
 with lib;
 
 let
-
-  certdata2pem = fetchurl {
-    name = "certdata2pem.py";
-    url = "https://salsa.debian.org/debian/ca-certificates/raw/debian/20170717/mozilla/certdata2pem.py";
-    sha256 = "1d4q27j1gss0186a5m8bs5dk786w07ccyq0qi6xmd2zr1a8q16wy";
-  };
-
   version = "3.60";
   underscoreVersion = builtins.replaceStrings ["."] ["_"] version;
 in
@@ -29,6 +22,12 @@ stdenv.mkDerivation {
     sha256 = "hKvVV1q4dMU65RG9Rh5dCGjRobOE7kB1MVTN0dWQ/j0=";
   };
 
+  certdata2pem = fetchurl {
+    name = "certdata2pem.py";
+    url = "https://salsa.debian.org/debian/ca-certificates/raw/debian/20170717/mozilla/certdata2pem.py";
+    sha256 = "1d4q27j1gss0186a5m8bs5dk786w07ccyq0qi6xmd2zr1a8q16wy";
+  };
+
   outputs = [ "out" "unbundled" ];
 
   nativeBuildInputs = [ python3 ];
@@ -40,7 +39,8 @@ stdenv.mkDerivation {
     ${concatStringsSep "\n" (map (c: ''"${c}"'') blacklist)}
     EOF
 
-    cat ${certdata2pem} > certdata2pem.py
+    # copy from the store, otherwise python will scan it for imports
+    cat "$certdata2pem" > certdata2pem.py
   '';
 
   buildPhase = ''