From 44863a066786cb3918e8ff39aa1278d5544e9191 Mon Sep 17 00:00:00 2001
From: Jonathan Morley <morley.jonathan@gmail.com>
Date: Mon, 22 Jan 2024 12:17:36 -0500
Subject: [PATCH] security/pki: handle certificate paths with spaces

---
 modules/security/pki/default.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/modules/security/pki/default.nix b/modules/security/pki/default.nix
index 00d1f98c..29d750dd 100644
--- a/modules/security/pki/default.nix
+++ b/modules/security/pki/default.nix
@@ -9,13 +9,12 @@ let
     blacklist = cfg.caCertificateBlacklist;
   };
 
-  caCertificates = pkgs.runCommand "ca-certificates.crt"
-    { files =
-        cfg.certificateFiles ++
-        [ (builtins.toFile "extra.crt" (concatStringsSep "\n" cfg.certificates)) ];
-     }
+  caCertificates = pkgs.runCommand "ca-certificates.crt" {}
     ''
-      cat $files > $out
+      cat ${escapeShellArgs (
+        cfg.certificateFiles ++
+        [ (builtins.toFile "extra.crt" (concatStringsSep "\n" cfg.certificates)) ]
+      )} > $out
     '';
 in