diff --git a/.github/workflows/test-container.yml b/.github/workflows/test-container.yml
index e153734..7294af3 100644
--- a/.github/workflows/test-container.yml
+++ b/.github/workflows/test-container.yml
@@ -10,7 +10,7 @@ on:
   pull_request:
 
 jobs:
-  test-unit:
+  test-container:
     runs-on: ubuntu-latest
     timeout-minutes: 30
 
diff --git a/package-manager.spec b/package-manager.spec
index 0532bc1..a795261 100644
--- a/package-manager.spec
+++ b/package-manager.spec
@@ -35,35 +35,36 @@ available on the system.
 %install
 rm -rf %{buildroot}
 install -d %{buildroot}%{_bindir}
-install -d %{buildroot}%{_libdir}/package-manager
+# Install project tree into a fixed, architecture-independent location.
+install -d %{buildroot}/usr/lib/package-manager
 
 # Copy full project source into /usr/lib/package-manager
-cp -a . %{buildroot}%{_libdir}/package-manager/
+cp -a . %{buildroot}/usr/lib/package-manager/
 
 # Wrapper
 install -m0755 scripts/pkgmgr-wrapper.sh %{buildroot}%{_bindir}/pkgmgr
 
 # Shared Nix init script (ensure it is executable in the installed tree)
-install -m0755 scripts/init-nix.sh %{buildroot}%{_libdir}/package-manager/init-nix.sh
+install -m0755 scripts/init-nix.sh %{buildroot}/usr/lib/package-manager/init-nix.sh
 
 # Remove packaging-only and development artefacts from the installed tree
 rm -rf \
-  %{buildroot}%{_libdir}/package-manager/PKGBUILD \
-  %{buildroot}%{_libdir}/package-manager/Dockerfile \
-  %{buildroot}%{_libdir}/package-manager/debian \
-  %{buildroot}%{_libdir}/package-manager/.git \
-  %{buildroot}%{_libdir}/package-manager/.github \
-  %{buildroot}%{_libdir}/package-manager/tests \
-  %{buildroot}%{_libdir}/package-manager/.gitignore \
-  %{buildroot}%{_libdir}/package-manager/__pycache__ \
-  %{buildroot}%{_libdir}/package-manager/.gitkeep || true
+  %{buildroot}/usr/lib/package-manager/PKGBUILD \
+  %{buildroot}/usr/lib/package-manager/Dockerfile \
+  %{buildroot}/usr/lib/package-manager/debian \
+  %{buildroot}/usr/lib/package-manager/.git \
+  %{buildroot}/usr/lib/package-manager/.github \
+  %{buildroot}/usr/lib/package-manager/tests \
+  %{buildroot}/usr/lib/package-manager/.gitignore \
+  %{buildroot}/usr/lib/package-manager/__pycache__ \
+  %{buildroot}/usr/lib/package-manager/.gitkeep || true
 
 %post
 # Initialize Nix (if needed) after installing the package-manager files.
-if [ -x %{_libdir}/package-manager/init-nix.sh ]; then
-    %{_libdir}/package-manager/init-nix.sh || true
+if [ -x /usr/lib/package-manager/init-nix.sh ]; then
+    /usr/lib/package-manager/init-nix.sh || true
 else
-    echo ">>> Warning: %{_libdir}/package-manager/init-nix.sh not found or not executable."
+    echo ">>> Warning: /usr/lib/package-manager/init-nix.sh not found or not executable."
 fi
 
 %postun
@@ -73,7 +74,7 @@ echo ">>> package-manager removed. Nix itself was not removed."
 %doc README.md
 %license LICENSE
 %{_bindir}/pkgmgr
-%{_libdir}/package-manager/
+/usr/lib/package-manager/
 
 %changelog
 * Sat Dec 06 2025 Kevin Veen-Birkenbach <info@veen.world> - 0.1.1-1
diff --git a/scripts/docker/entry.sh b/scripts/docker/entry.sh
index c7c3c13..b419b93 100755
--- a/scripts/docker/entry.sh
+++ b/scripts/docker/entry.sh
@@ -1,23 +1,41 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+# ---------------------------------------------------------------------------
+# Ensure Nix has access to a valid CA bundle (TLS trust store)
+# ---------------------------------------------------------------------------
+if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then
+  if [[ -f /etc/ssl/certs/ca-certificates.crt ]]; then
+    # Debian/Ubuntu-style path
+    export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
+  elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
+    # Fedora/RHEL/CentOS-style path
+    export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
+    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
+  else
+    echo "[docker] WARNING: No CA bundle found for Nix (NIX_SSL_CERT_FILE not set)."
+    echo "[docker] HTTPS access for Nix flakes may fail."
+  fi
+fi
+
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 echo "[docker] Starting package-manager container"
 
-# Distro-Info nur für Logging
+# Distro info for logging
 if [[ -f /etc/os-release ]]; then
   # shellcheck disable=SC1091
   . /etc/os-release
   echo "[docker] Detected distro: ${ID:-unknown} (like: ${ID_LIKE:-})"
 fi
 
-# Wir arbeiten immer aus /src (vom Host gemountet)
+# Always use /src (mounted from host) as working directory
 echo "[docker] Using /src as working directory"
 cd /src
 
 # ------------------------------------------------------------
-# DEV-Mode: aus dem aktuellen /src heraus Paket bauen/installieren
+# DEV mode: build/install package-manager from current /src
 # ------------------------------------------------------------
 if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
   echo "[docker] DEV mode enabled (PKGMGR_DEV=1)"
@@ -32,7 +50,7 @@ if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
 fi
 
 # ------------------------------------------------------------
-# Hand-off zu pkgmgr / beliebigem Kommando
+# Hand-off to pkgmgr / arbitrary command
 # ------------------------------------------------------------
 if [[ $# -eq 0 ]]; then
   echo "[docker] No arguments provided. Showing pkgmgr help..."