From b28436a7e9f38f9998e1351b9db7b22ba96ca675 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <git@lukegb.com>
Date: Tue, 1 Dec 2020 15:19:44 +0000
Subject: [PATCH] cacert: remove broken includeEmail option

This doesn't do anything. Building with includeEmail = true produces
the same set as includeEmail = false, and the substitute rule removes
a random dictionary index operation.
---
 pkgs/data/misc/cacert/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/pkgs/data/misc/cacert/default.nix b/pkgs/data/misc/cacert/default.nix
index 7ac6f96f66e..b6fb0107205 100644
--- a/pkgs/data/misc/cacert/default.nix
+++ b/pkgs/data/misc/cacert/default.nix
@@ -1,6 +1,5 @@
 { stdenv, fetchurl, nss, python3
 , blacklist ? []
-, includeEmail ? false
 
 # Used for tests only
 , runCommand
@@ -42,10 +41,6 @@ stdenv.mkDerivation {
     EOF
 
     cat ${certdata2pem} > certdata2pem.py
-    ${optionalString includeEmail ''
-      # Disable CAs used for mail signing
-      substituteInPlace certdata2pem.py --replace \[\'CKA_TRUST_EMAIL_PROTECTION\'\] '''
-    ''}
   '';
 
   buildPhase = ''