From cf756fdf3c1a804af726703a12ed2990ad6c2639 Mon Sep 17 00:00:00 2001
From: Alois Wohlschlager <alois1@gmx-topmail.de>
Date: Wed, 29 May 2024 18:16:18 +0200
Subject: libstore/build: copy ca-certificates too

In b469c6509ba616da6df8a27e4ccb205a877c66c9, the ca-certificates file was
missed. It should be copied too so that we don't end up bind-mounting a broken
symlink.

Change-Id: Ic9b292d602eb94b0e78f77f2a27a19d24665783c
---
 src/libstore/build/local-derivation-goal.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index 99468d420..7066f5c93 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -1847,8 +1847,12 @@ void LocalDerivationGoal::runChild()
                         copyFile(path, chrootRootDir + path, { .followSymlinks = true });
                     }
 
-                if (settings.caFile != "")
-                    pathsInChroot.try_emplace("/etc/ssl/certs/ca-certificates.crt", settings.caFile, true);
+                if (settings.caFile != "" && pathExists(settings.caFile)) {
+                    // For the same reasons as above, copy the CA certificates file too.
+                    // It should be even less likely to change during the build than resolv.conf.
+                    createDirs(chrootRootDir + "/etc/ssl/certs");
+                    copyFile(settings.caFile, chrootRootDir + "/etc/ssl/certs/ca-certificates.crt", { .followSymlinks = true });
+                }
             }
 
             for (auto & i : ss) pathsInChroot.emplace(i, i);
-- 
cgit v1.2.3