You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
nimble build tries to download a resource from https://github... URL, but can't because it fails to validate the cert because No SSL/TLS CA certificates found
Nim Version
$ nim -v
Nim Compiler Version 2.0.2 [FreeBSD: amd64]
Compiled at 2024-04-10
Copyright (c) 2006-2023 by Andreas Rumpf
active boot switches: -d:release
This is installed from the FreeBSD 13 package repository.
Current Output
at the dependency verification stage...
Executing /usr/local/nim/bin/nim -v
Reading official package list
Prompt: No local packages.json found, download it from internet? -> [forced yes]
Downloading Official package list
Trying https://github.com/nim-lang/packages/raw/master/packages.json
Warning: Could not download: No SSL/TLS CA certificates found.
Trying https://irclogs.nim-lang.org/packages.json
Trying https://nim-lang.org/nimble/packages.json
packageinfo.nim(180) fetchList
Error: Refresh failed
... Could not download: No SSL/TLS CA certificates found.
Warning: Not removing temporary path because of debug verbosity: /tmp/nimble_3203
I looked for documentation and found something promising https://nim-lang.org/docs/ssl_certs.html
but disappointingly, these environment variables don't seem to affect the nimble behavior, and the other stuff I found while searching makes me think security isn't a very high priority.
### Expected Output
```text
Build finds dependencies and runs, without needing to disable supply-chain security measures like SSL cert validation.
Description
nimble build tries to download a resource from https://github... URL, but can't because it fails to validate the cert because
No SSL/TLS CA certificates found
Nim Version
This is installed from the FreeBSD 13 package repository.
Current Output
I looked for documentation and found something promising
https://nim-lang.org/docs/ssl_certs.html
but disappointingly, these environment variables don't seem to affect the nimble behavior, and the other stuff I found while searching makes me think security isn't a very high priority.
Possible Solution
Maybe nimble should use the std/ssl_certs module documented at https://nim-lang.org/docs/ssl_certs.html
Additional Information
I'm trying to set up some CI/CD builds, and this is a deal breaker.
The text was updated successfully, but these errors were encountered: