Add cacert to wrapped-cabal runtimeInputs for SSL certificate support (#232)

curl requires CA certificates to validate HTTPS connections. In the
-env containers (rootless, no system CA store), OpenSSL falls back to
/no-cert-file.crt when cacert is not in the dependency closure. Adding
pkgs.cacert to runtimeInputs propagates it through nix-support/, and
its setup-hook sets SSL_CERT_FILE, NIX_SSL_CERT_FILE, and
SYSTEM_CERTIFICATE_PATH — enabling curl to verify HTTPS certificates
in the container environment.

Fixes: curl: (77) error adding trust anchors from file: /no-cert-file.crt

Author: angerman

cross-js.nix

@@ -19,7 +19,7 @@ let tool-version-map = (import ./tool-map.nix) self;
     # See writers.nix for why writeShellApplicationWithRuntime is needed.
     wrapped-cabal = writers.writeShellApplicationWithRuntime {
         name = "cabal";
-        runtimeInputs = [ cabal-install pkgs.curl ];
+        runtimeInputs = [ cabal-install pkgs.curl pkgs.cacert ];
         text = with pkgs; ''
         # We do not want to quote NIX_CABAL_FLAGS
         # it will leave an empty argument, if they are empty.

cross-windows.nix

@@ -81,7 +81,7 @@ let tool-version-map = (import ./tool-map.nix) self;
     # See writers.nix for why writeShellApplicationWithRuntime is needed.
     wrapped-cabal = writers.writeShellApplicationWithRuntime {
         name = "cabal";
-        runtimeInputs = [ cabal-install curl ];
+        runtimeInputs = [ cabal-install curl pkgs.pkgsBuildBuild.cacert ];
         text = ''
         # We do not want to quote NIX_CABAL_FLAGS
         # it will leave an empty argument, if they are empty.

dynamic.nix

@@ -46,7 +46,7 @@ let tool-version-map = (import ./tool-map.nix) self;
     # See writers.nix for why writeShellApplicationWithRuntime is needed.
     wrapped-cabal = writers.writeShellApplicationWithRuntime {
         name = "cabal";
-        runtimeInputs = [ cabal-install pkgs.curl ];
+        runtimeInputs = [ cabal-install pkgs.curl pkgs.cacert ];
         text = ''
         case "$1" in
             build) cabal "$@"

static.nix

@@ -35,7 +35,7 @@ let tool-version-map = (import ./tool-map.nix) self;
     # See writers.nix for why writeShellApplicationWithRuntime is needed.
     wrapped-cabal = writers.writeShellApplicationWithRuntime {
         name = "cabal";
-        runtimeInputs = [ cabal-install pkgs.curl ];
+        runtimeInputs = [ cabal-install pkgs.curl pkgs.cacert ];
         text = with pkgs; ''
         # We do not want to quote NIX_CABAL_FLAGS
         # it will leave an empty argument, if they are empty.