Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo: allow caller to override CARGO_HTTP_CAINFO #82496

Closed
wants to merge 1 commit into from
Closed

cargo: allow caller to override CARGO_HTTP_CAINFO #82496

wants to merge 1 commit into from

Conversation

kevinastock
Copy link
Contributor

Motivation for this change

Currently there seems to be no way to supply cargo with self signed certificates, this allows the user to set the environment variable that cargo uses to find cainfo.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@kevinastock kevinastock changed the base branch from staging to master March 13, 2020 15:31
@kevinastock
Copy link
Contributor Author

Sorry, I set it to merge to staging but didn't notice I pulled in 171 other commits. Switched back to master for now, if staging is the correct place to merge this, let me know and I'll update the PR.

@Mic92
Copy link
Member

Mic92 commented Mar 16, 2020

@LnL7 Sorry, I'm not sure I understand. Do you mean we should move the wrapProgram from here to where cargo is currently only inherited in pkgs/development/compilers/rust/default.nix?

I think he means we should only set the environment variable in our fetcher where we download cargo dependencies without any shell wrapper around cargo.

@LnL7
Copy link
Member

LnL7 commented Mar 16, 2020
edited

Yeah, and actually it's actually included there already. Based on the history I'm pretty sure this is all from the time before cacert automatically set SSL_CERT_FILE for you when it's included in a build environment.

nixpkgs/pkgs/build-support/rust/default.nix

Line 79 in cad8783

nativeBuildInputs = nativeBuildInputs ++ [ cacert git cargo rustc ];

There are a few places where cargo/rust are used directly but other than possibly having to add cacert to those we should be able to get rid of it in the cargo wrapper.

@Mic92 Mic92 mentioned this pull request Jun 5, 2020
Closed
@stale

This comment was marked as off-topic.

Sign in to view
@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Sep 12, 2020
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Apr 25, 2022
@FRidh
Copy link
Member

FRidh commented Apr 25, 2022

Related issue on how to handle certificates #8247.

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Oct 30, 2022
This was referenced Jan 12, 2023
Closed
Merged
linsui added a commit to linsui/nixpkgs that referenced this pull request Jan 31, 2023
@linsui
cargo: move cert info to fetch-cargo-tarball
6b94490 
As proposed in NixOS#82496, we should only set the related env vars for the fetcher instead of breaking the function of cargo itself.
zowoq pushed a commit that referenced this pull request Jan 31, 2023
@linsui @zowoq
cargo: move cert info to fetch-cargo-tarball
9bc4f34 
As proposed in #82496, we should only set the related env vars for the fetcher instead of breaking the function of cargo itself.
@zowoq
Copy link
Contributor

zowoq commented Jan 31, 2023

Superseded by #210366

@zowoq zowoq closed this Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LnL7 LnL7 LnL7 left review comments

@Mic92 Mic92 Awaiting requested review from Mic92 Mic92 is a code owner

Assignees
No one assigned
Labels
2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 6.topic: rust 8.has: clean-up 8.has: package (new) 10.rebuild-darwin: 501-1000 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+ 10.rebuild-linux: 1001-2500 12. first-time contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@kevinastock @alyssais @Mic92 @LnL7 @FRidh @zowoq @Janik-Haag