I’m still trying to figure out what’s going on, but buildRustPackage
no longer works in the darwin sandbox. Specifically the cargoDeps
step fails with network errors:
Updating crates.io index
warning: spurious network error (2 tries remaining): [60] SSL peer certificate or SSH remote key was not OK; class=Net (12)
warning: spurious network error (1 tries remaining): [60] SSL peer certificate or SSH remote key was not OK; class=Net (12)
error: failed to sync
Caused by:
failed to load pkg lockfile
Caused by:
failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
[60] SSL peer certificate or SSH remote key was not OK; class=Net (12)
I can’t do a true bisect because I’m not willing to spend forever rebuilding the darwin stdenv or other dependencies, but I did manage to track this down to merge commit e50c67ad7ee
which is a merge of staging-next into master. This merge includes a bump of rustc from 1.41 → 1.42, which seems like the most likely culprit, but I can’t be sure.
This suggests to me that cargo 1.42 is changing how it fetches the index such that it’s no longer using NIX_SSL_CERT_FILE
, or even SSL_CERT_FILE
or CARGO_HTTP_CAINFO
(since we wrap cargo
to set those env vars to our ca-bundle.crt). However CARGO_HTTP_CAINFO
is still documented in latest master
as containing the CA bundle file. So I’m really not sure what’s going on.