diff --git a/pkgs/build-support/rust/fetch-cargo-tarball/default.nix b/pkgs/build-support/rust/fetch-cargo-tarball/default.nix index 7ca306b613bc..36ab93169741 100644 --- a/pkgs/build-support/rust/fetch-cargo-tarball/default.nix +++ b/pkgs/build-support/rust/fetch-cargo-tarball/default.nix @@ -73,6 +73,9 @@ in stdenv.mkDerivation ({ ${cargoUpdateHook} + # Override the `http.cainfo` option usually specified in `.cargo/config`. + export CARGO_HTTP_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt + cargo vendor $name --respect-source-config | cargo-vendor-normalise > $CARGO_CONFIG # Create an empty vendor directory when there is no dependency to vendor diff --git a/pkgs/development/compilers/rust/cargo.nix b/pkgs/development/compilers/rust/cargo.nix index d04eebe7eadf..481b4195891c 100644 --- a/pkgs/development/compilers/rust/cargo.nix +++ b/pkgs/development/compilers/rust/cargo.nix @@ -1,6 +1,6 @@ { lib, stdenv, pkgsHostHost , file, curl, pkg-config, python3, openssl, cmake, zlib -, installShellFiles, makeWrapper, cacert, rustPlatform, rustc +, installShellFiles, makeWrapper, rustPlatform, rustc , CoreFoundation, Security , auditable ? false # TODO: change to true when this is the default }: @@ -28,7 +28,7 @@ rustPlatform.buildRustPackage { (lib.getDev pkgsHostHost.curl) zlib ]; - buildInputs = [ cacert file curl python3 openssl zlib ] + buildInputs = [ file curl python3 openssl zlib ] ++ lib.optionals stdenv.isDarwin [ CoreFoundation Security ]; # cargo uses git-rs which is made for a version of libgit2 from recent master that @@ -39,14 +39,7 @@ rustPlatform.buildRustPackage { RUSTC_BOOTSTRAP = 1; postInstall = '' - # NOTE: We override the `http.cainfo` option usually specified in - # `.cargo/config`. This is an issue when users want to specify - # their own certificate chain as environment variables take - # precedence - wrapProgram "$out/bin/cargo" \ - --suffix PATH : "${rustc}/bin" \ - --set CARGO_HTTP_CAINFO "${cacert}/etc/ssl/certs/ca-bundle.crt" \ - --set SSL_CERT_FILE "${cacert}/etc/ssl/certs/ca-bundle.crt" + wrapProgram "$out/bin/cargo" --suffix PATH : "${rustc}/bin" installManPage src/tools/cargo/src/etc/man/*