[PATCH core-updates 0/1] Allow cargo to use custom SSL certificates

Jean-Baptiste Note wrote on 30 Apr 16:11 +0200

Recipients:(address . guix-patches@gnu.org)(name . Jean-Baptiste Note)(address . jean-baptiste.note@m4x.org)

Message-ID:cover.1714485108.git.jean-baptiste.note@m4x.org

Cargo, just like git, allows certificate validation against a customized set

of certificates. Add the required native-path for this, just like

GIT_SSL_CAINFO for git.

Jean-Baptiste Note (1):

gnu: rust: Add CARGO_HTTP_CAINFO to native-search-path.

gnu/packages/rust.scm | 13 +++++++++++--

1 file changed, 11 insertions(+), 2 deletions(-)

2.41.0

Jean-Baptiste Note wrote on 30 Apr 16:17 +0200

[PATCH core-updates 1/1] gnu: rust: Add CARGO_HTTP_CAINFO to native-search-path.

Recipients:(address . 70674@debbugs.gnu.org)(name . Jean-Baptiste Note)(address . jean-baptiste.note@m4x.org)

Message-ID:2fc16ba2adb60b61fba0ebc7bd76ceac2da229e5.1714485108.git.jean-baptiste.note@m4x.org

* gnu/packages/rust.scm (rust-1.55): Add CARGO_HTTP_CAINFO native-search-path
so that Cargo honors custom certificates (a la GIT_SSL_CAINFO).
---
 gnu/packages/rust.scm | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

Toggle diff (27 lines)diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 60aa9b1ea0..aaba458933 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -539,9 +539,18 @@ (define-public rust-1.55
     (inputs
      `(("llvm" ,llvm-13)
        ("openssl" ,openssl)))
-    ;; rustc invokes gcc, so we need to set its search paths accordingly.
     (native-search-paths
-      %gcc-search-paths)
+     (cons
+      ;; For HTTPS access, Cargo reads from a single-file certificate
+      ;; specified with $CARGO_HTTP_CAINFO. See
+      ;; https://doc.rust-lang.org/cargo/reference/environment-variables.html
+      (search-path-specification
+       (variable "CARGO_HTTP_CAINFO")
+       (file-type 'regular)
+       (separator #f)              ;single entry
+       (files '("etc/ssl/certs/ca-certificates.crt")))
+      ;; rustc invokes gcc, so we need to set its search paths accordingly.
+      %gcc-search-paths))
     ;; Limit this to systems where the final rust compiler builds successfully.
     (supported-systems '("x86_64-linux" "aarch64-linux" "riscv64-linux"))
     (synopsis "Compiler for the Rust programming language")
-- 
2.41.0

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 70674@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 70674

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date