From ab99231a3648b0ba903b956d071aeea5d8d3e12f Mon Sep 17 00:00:00 2001
From: Lily Foster <lily@lily.flowers>
Date: Tue, 21 Nov 2023 16:24:57 -0500
Subject: [PATCH] prefetch-yarn-deps: add cacert to provide certificates during
 fetches

Ideally fetch-yarn-deps could do like some other fetchers and support
using SSL_CERT_FILE if it exists and also only verify integrity on FOD
hash unless using an empty/test hash.

But this should keep at least the same semantics as before the recent
Node.js change to stop using the built-in certificate store in favor of
the system one (which does not exist by default in the build sandbox).
---
 pkgs/build-support/node/fetch-yarn-deps/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/node/fetch-yarn-deps/default.nix b/pkgs/build-support/node/fetch-yarn-deps/default.nix
index 49c2f6cbfc98..06c82c8d8e2b 100644
--- a/pkgs/build-support/node/fetch-yarn-deps/default.nix
+++ b/pkgs/build-support/node/fetch-yarn-deps/default.nix
@@ -62,7 +62,7 @@ in {
       dontUnpack = src == null;
       dontInstall = true;
 
-      nativeBuildInputs = [ prefetch-yarn-deps ];
+      nativeBuildInputs = [ prefetch-yarn-deps cacert ];
       GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
 
       buildPhase = ''