I’m still trying to figure out what’s going on, but
buildRustPackage no longer works in the darwin sandbox. Specifically the
cargoDeps step fails with network errors:
Updating crates.io index warning: spurious network error (2 tries remaining):  SSL peer certificate or SSH remote key was not OK; class=Net (12) warning: spurious network error (1 tries remaining):  SSL peer certificate or SSH remote key was not OK; class=Net (12) error: failed to sync Caused by: failed to load pkg lockfile Caused by: failed to fetch `https://github.com/rust-lang/crates.io-index` Caused by:  SSL peer certificate or SSH remote key was not OK; class=Net (12)
I can’t do a true bisect because I’m not willing to spend forever rebuilding the darwin stdenv or other dependencies, but I did manage to track this down to merge commit
e50c67ad7ee which is a merge of staging-next into master. This merge includes a bump of rustc from 1.41 -> 1.42, which seems like the most likely culprit, but I can’t be sure.
This suggests to me that cargo 1.42 is changing how it fetches the index such that it’s no longer using
NIX_SSL_CERT_FILE, or even
CARGO_HTTP_CAINFO (since we wrap
cargo to set those env vars to our ca-bundle.crt). However
CARGO_HTTP_CAINFO is still documented in latest
master as containing the CA bundle file. So I’m really not sure what’s going on.