"Thompson, David" skribis: > The bigger problem to be aware of is this: No package in the gnutls > dependency graph may have its source code downloaded over HTTPS. Even > if we hack around this for pkg-config, I'm sure it will bite us again > when another upstream starts enforcing HTTPS. > > So, what can we do here? Nix recently added a ‘fetchurl’ primitive to the Nix language, in part to address this problem. The equivalent for us is to simply perform the download on the “host side” rather than on the “build side”, thus entirely side-stepping the issue. Moving code from one side to the other is obviously easy for us. One way to do that is by adding a new origin method, along the lines of this incomplete patch: