From 276d8c97bb1a3de52a4eabf696cfdf708d334e85 Mon Sep 17 00:00:00 2001
From: "Wael M. Nasreddine" <wael.nasreddine@gmail.com>
Date: Fri, 15 Mar 2019 11:42:05 -0700
Subject: [PATCH] go_1_12: 1.12 -> 1.12.1

---
 pkgs/development/compilers/go/1.12.nix        |  5 +-
 .../compilers/go/ssl-cert-file-1.12.1.patch   | 59 +++++++++++++++++++
 2 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch

diff --git a/pkgs/development/compilers/go/1.12.nix b/pkgs/development/compilers/go/1.12.nix
index d7bbd4eaf0fc..0b8eb2dc19de 100644
--- a/pkgs/development/compilers/go/1.12.nix
+++ b/pkgs/development/compilers/go/1.12.nix
@@ -29,11 +29,11 @@ in
 
 stdenv.mkDerivation rec {
   name = "go-${version}";
-  version = "1.12";
+  version = "1.12.1";
 
   src = fetchurl {
     url = "https://dl.google.com/go/go${version}.src.tar.gz";
-    sha256 = "1wl8kq21fbzmv4plnaza5acz8dhbaaq6smjzk3r6cf3l6qrkvi09";
+    sha256 = "12l12mmgqvy3nbscy7sz83qj4m6iz5a322aq9sk45f7l9ml2gq8b";
   };
 
   # perl is used for testing go vet
@@ -127,6 +127,7 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./remove-tools-1.11.patch
+    ./ssl-cert-file-1.12.1.patch
     ./remove-test-pie.patch
     ./creds-test.patch
     ./go-1.9-skip-flaky-19608.patch
diff --git a/pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch b/pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch
new file mode 100644
index 000000000000..aa3116d76c12
--- /dev/null
+++ b/pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch
@@ -0,0 +1,59 @@
+diff -Naur a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
+--- a/src/crypto/x509/root_cgo_darwin.go	2019-03-15 11:33:55.920232337 -0700
++++ b/src/crypto/x509/root_cgo_darwin.go	2019-03-15 11:34:53.323180897 -0700
+@@ -270,11 +270,20 @@
+ import "C"
+ import (
+	"errors"
++	"io/ioutil"
++	"os"
+	"unsafe"
+ )
+
+ func loadSystemRoots() (*CertPool, error) {
+	roots := NewCertPool()
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+
+	var data C.CFDataRef = 0
+	var untrustedData C.CFDataRef = 0
+diff -Naur a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
+--- a/src/crypto/x509/root_darwin.go	2019-03-15 11:33:55.920232337 -0700
++++ b/src/crypto/x509/root_darwin.go	2019-03-15 11:36:21.205123541 -0700
+@@ -92,6 +92,14 @@
+		verifyCh    = make(chan rootCandidate)
+	)
+
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
++
+	// Using 4 goroutines to pipe into verify-cert seems to be
+	// about the best we can do. The verify-cert binary seems to
+	// just RPC to another server with coarse locking anyway, so
+diff -Naur a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
+--- a/src/crypto/x509/root_unix.go	2019-03-15 11:33:55.920232337 -0700
++++ b/src/crypto/x509/root_unix.go	2019-03-15 11:37:15.737326340 -0700
+@@ -38,6 +38,13 @@
+
+ func loadSystemRoots() (*CertPool, error) {
+	roots := NewCertPool()
++	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
++		data, err := ioutil.ReadFile(file)
++		if err == nil {
++			roots.AppendCertsFromPEM(data)
++			return roots, nil
++		}
++	}
+
+	files := certFiles
+	if f := os.Getenv(certFileEnv); f != "" {