I just upgraded to Nix 1.11.7 and found that terraform breaks in a hard-to-track manner as a result. I think it's because all Go projects reimplement everything from scratch so none of our patches to standard HTTP libraries like curl affect it.
The tricky problem that arises is that each Go project pulls in its own full set of dependencies, often "vendored" right into the project repository, so there's no single place for us to patch the Go http libraries. I can fix Terraform in a one-off way since it's pretty painful, but we'll probably need a better solution to teach Go about NIX_CERT_FILE.
cc @edolstra @kamilchm
I just upgraded to Nix 1.11.7 and found that terraform breaks in a hard-to-track manner as a result. I think it's because all Go projects reimplement everything from scratch so none of our patches to standard HTTP libraries like
curlaffect it.The tricky problem that arises is that each Go project pulls in its own full set of dependencies, often "vendored" right into the project repository, so there's no single place for us to patch the Go http libraries. I can fix Terraform in a one-off way since it's pretty painful, but we'll probably need a better solution to teach Go about
NIX_CERT_FILE.cc @edolstra @kamilchm