Ssl error when trying to use nix flake command directly

Bug Reports
1

Hi there, this isn’t really a flox problem directly, but when I try to run nix flake and related commands directly using the nix cli installed by flox (not flox nix flake …) I’m getting ssl errors:

> nix develop
warning: Git tree '/Users/pauljohnson/Programming/blah' is dirty
warning: error: unable to download 'https://dl.google.com/dl/cloudsdk/channels/rapid/components/google-cloud-sdk-beta-20221101212107.tar.gz': SSL connect error (35); retrying in 330 ms
warning: error: unable to download 'https://dl.google.com/dl/cloudsdk/channels/rapid/components/google-cloud-sdk-beta-20221101212107.tar.gz': SSL connect error (35); retrying in 597 ms

When I download the files in my browser or using curl it downloads correctly. This is on an m1 mac mini.

flake.nix:

{
  description = "blah";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs";
    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs = { self, nixpkgs, flake-utils }:
    flake-utils.lib.eachDefaultSystem (system:
        let
            pkgs = nixpkgs.legacyPackages.${system};
            deps = with pkgs; [
                kubectl
                kubernetes-helm
                (google-cloud-sdk.withExtraComponents ([pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin]))
                terraform
                go
                cue
                devspace
                postgresql_13
                nodejs-16_x
            ];
        in {
            packages = deps;
            devShell = pkgs.mkShell { buildInputs = deps; };
        }
    );
}
2

This happens when using Nix on its own. Upstream installation mitigates this by modifying your bashrc/zshrc and so forth. We’ve taken the approach of not modifying your startup files as that can lead to its own problems.

When using flox develop or flox nix develop we take care of this for you because we set the NIX_SSL_CERT_FILE variable on your behalf (if it or SSL_CERT_FILE is not set already).

The references below show how to manually set this if you wish (for example: in order to set it to a custom organization-dependent certificate bundle).

References: