What happened?

On machines with a custom ssl cert (for mitm traffic monitoring, i.e. netskope) it's common to set NIX_SSL_CERT_FILE to point to the custom cert ssl/tls traffic works.

I noticed adding the package httpie somehow sets or resets this value, breaking other network requests in the project, in our case bundle install broke.

Nix shell on it's own doesn't seem to have this issue:

❯ echo $NIX_SSL_CERT_FILE
# /Library/Application Support/Netskope/STAgent/data/nscacert_combined.pem
❯ nix shell nixpkgs#httpie
❯ echo $NIX_SSL_CERT_FILE
# /Library/Application Support/Netskope/STAgent/data/nscacert_combined.pem

Steps to reproduce

# setup
❯ cd $(mktemp -d)
❯ devbox init

# env var is normally unmodified
❯ devbox run -- 'echo $NIX_SSL_CERT_FILE'
# /Library/Application Support/Netskope/STAgent/data/nscacert_combined.pem

# adding httpie somehow changes it
❯ devbox add httpie
❯ devbox run -- 'echo $NIX_SSL_CERT_FILE'
# /nix/store/6jjdj3lq3wd6fqljdvyrr2lad1wiy32k-nss-cacert-3.108/etc/ssl/certs/ca-bundle.crt

Command

No response

devbox.json

{
  "packages": ["httpie@latest"]
}

Devbox version

0.14.2

Nix version

2.26.2

What system does this bug occur on?

macOS (m1)

Debug logs

what I've looked at so far

I've had a look through the httpie nix package and there doesn't seems to be anything unusual happening there. I've also searched through devbox's code a little bit and found this reference to the env var but SourceProfile() seems like it only runs on system config, nothing from the project, so I don't think this could be related.

I don't have time to look into it further right now, and we've switched from httpie->curl as a workaround, so it's not a blocking issue. But I wanted to get it recorded.