Skip to content

Unable to fetch Rust/Cargo dependencies through TLS-intercepting proxy #89526

New issue
New issue
Closed
Closed
Unable to fetch Rust/Cargo dependencies through TLS-intercepting proxy#89526
Labels
0.kind: bugSomething is broken6.topic: fetchFetchers (e.g. fetchgit, fetchsvn, ...)6.topic: rustGeneral-purpose programming language emphasizing performance, type safety, and concurrency.
@makefu

Description

@makefu
makefu
opened on Jun 5, 2020

Describe the bug
Nix is able to fetch source dependencies from github and other URLs but building a rust package fails when rust is trying to fetch the cargo dependencies.
CURL_CA_BUNDLE GIT_SSL_CAINFO and SSL_CERT_FILE contain paths to the certificate chain of the intercepting proxy.

To Reproduce
Steps to reproduce the behavior:

  1. set up TLS-Intercepting proxy (or work in a company which uses this tech)
  2. Set CURL_CA_BUNDLE, GIT_SSL_CAINFO and SSL_CERT_FILE to /etc/ssl/certs/ca-bundle.crt
  3. security.pki.certificates = [ (lib.readFile ./intercepting-proxy.pem ];
  4. build a rust package which is not cached by cache.nixos.org, e.g. this derivation: https://git.ingolf-wagner.de/palo/nixos-config/src/master/pkgs/navi/default.nix

Expected behavior
The package is built from source and can be used in configuration

Screenshots

building '/nix/store/dsi88ymq5wbm5ds86xxxnahkl1gk6p0f-navi-2.1.1-vendor.tar.gz.drv'...
unpacking sources
unpacking source archive /nix/store/4xhyh64vhlxxkfwpl7zbr1wcj0yxqafx-source
source root is source
patching sources
building
Updating crates.io index
warning: spurious network error (2 tries remaining): [56] Failure when receiving data from the peer; class=Net (12)
warning: spurious network error (1 tries remaining): [56] Failure when receiving data from the peer; class=Net (12)
error: failed to sync

Caused by:
failed to load pkg lockfile

Caused by:
failed to fetch https://github.com/rust-lang/crates.io-index

Caused by:
[56] Failure when receiving data from the peer; class=Net (12)

Additional context
Add any other context about the problem here.

Notify maintainers
@Ericson2314 @bhipple

Metadata

  • system: "x86_64-linux"
  • host os: Linux 5.4.35, NixOS, 20.09pre-git (Nightingale)
  • multi-user?: no
    • sandbox: yes
  • version: nix-env (Nix) 2.3.4
  • nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute: 
- rustplatform.buildRustPackage

Metadata

Metadata

Assignees

No one assigned

    Labels

    0.kind: bugSomething is broken6.topic: fetchFetchers (e.g. fetchgit, fetchsvn, ...)6.topic: rustGeneral-purpose programming language emphasizing performance, type safety, and concurrency.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions