From 828496d2b7a7782ce11eea0c42f83783863d19bb Mon Sep 17 00:00:00 2001
From: Matthias Andreas Benkard <code@mail.matthias.benkard.de>
Date: Sun, 8 Jan 2023 10:10:19 +0100
Subject: [PATCH] Update CA certificates to NSS 3.87.

Fixes #356.
---
 default.nix | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/default.nix b/default.nix
index 6bfb447f..8f511f76 100644
--- a/default.nix
+++ b/default.nix
@@ -1,6 +1,25 @@
 let sources = import ./nix/sources.nix; in
-with import sources.nixpkgs {};
+with import sources.nixpkgs
 {
-  marge-bot = callPackage ./marge.nix {};
-  docker-image = callPackage ./dockerize.nix {};
+  overlays = [
+    (self: super: {
+
+      # Update NSS to a more recent version so we have an up-to-date
+      # CA certificate bundle.
+      nss =
+        self.callPackage
+          (import
+            (builtins.fetchurl "https://raw.githubusercontent.com/NixOS/nixpkgs/2473837984348f435be4d7679133a19853690000/pkgs/development/libraries/nss/generic.nix")
+            {
+              version = "3.87";
+              sha256 = "sha256-aKGJRJbT0Vi6vHX4pd2j9Vt8FWBXOTbjsQGhD6SsFS0=";
+            })
+          { };
+    })
+  ];
+};
+
+{
+  marge-bot = callPackage ./marge.nix { };
+  docker-image = callPackage ./dockerize.nix { };
 }