Skip to content

use NIX_SSL_CERT_FILE if set for vendoring cargo dependencies#378358

Closed
zickzackv wants to merge 1 commit intoNixOS:masterfrom
zickzackv:master
Closed

use NIX_SSL_CERT_FILE if set for vendoring cargo dependencies#378358
zickzackv wants to merge 1 commit intoNixOS:masterfrom
zickzackv:master

Conversation

@zickzackv
Copy link

@zickzackv zickzackv commented Jan 31, 2025

fix issue #304483 when running fetchCargoTarball behind a cooperate MITM ssl proxy

Things done

  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@zickzackv
use NIX_SSL_CERT_FILE if set for vendoring cargo dependencies
1fd9e61 
this should fix issue NixOS#304483. when running fetchCargoTarball behind a
cooperate MITM ssl proxy
@github-actions github-actions bot added the 6.topic: rust General-purpose programming language emphasizing performance, type safety, and concurrency. label Jan 31, 2025
@nix-owners nix-owners bot requested review from figsoda, winterqt and zowoq January 31, 2025 21:52
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. labels Jan 31, 2025
@NixOSInfra NixOSInfra added the 12.first-time contribution This PR is the author's first one; please be gentle! label Jan 31, 2025
@winterqt
Copy link
Member

winterqt commented Feb 1, 2025

Arguably moot now because of #378288.

@zickzackv
Copy link
Author

zickzackv commented Feb 1, 2025

well, what is the other way of pulling rust dependencies then and do these methods work under a cooperate MITM ssl proxy? Shall I close this PR?

@zickzackv
Copy link
Author

zickzackv commented Feb 1, 2025

... and if the old code after merging #378288 still runs but with a warn message should that could at least support MITM SSL Proxies?

@wegank wegank added the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 15, 2025
@zickzackv
Copy link
Author

zickzackv commented Feb 26, 2025

closing PR

@zickzackv zickzackv closed this Feb 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@winterqt winterqt Awaiting requested review from winterqt

@figsoda figsoda Awaiting requested review from figsoda

@zowoq zowoq Awaiting requested review from zowoq

Assignees

No one assigned

Labels

2.status: merge conflict This PR has merge conflicts with the target branch 6.topic: rust General-purpose programming language emphasizing performance, type safety, and concurrency. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux. 12.first-time contribution This PR is the author's first one; please be gentle!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zickzackv @winterqt @wegank @NixOSInfra