openntpd: fix constraints feature on NixOS

The OpenNTPD constraints feature requires a valid chain of SSL certificates, but the default path in openntpd didn't match the one in NixOS. Unfortunately the configured certificate path becomes hardcoded into the binary, so this feature will likely still fail on other distributions/operating systems, unless the path coincides with the NixOS path or the user sets up a symlink. (cherry picked from commit f7616c4)
NixOS · Nov 3, 2017 · f2d4898 · f2d4898
1 parent 8c6dbd7
commit f2d4898
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/pkgs/tools/networking/openntpd/default.nix b/pkgs/tools/networking/openntpd/default.nix
@@ -17,6 +17,7 @@ stdenv.mkDerivation rec {
     "--with-privsep-user=${privsepUser}"
     "--sysconfdir=/etc"
     "--localstatedir=/var"
+    "--with-cacert=/etc/ssl/certs/ca-certificates.crt"
   ];
 
   buildInputs = [ libressl ];