`blink-cmp` build fails due to SSL certificate errors with MITM proxy and `NIX_SSL_CERT_FILE`

[Jeomhps]

I have confirmed that this is a bug related to nvf

• This is a bug, and not an user error or a support request. I understand that my issue will be closed if it is not a bug in nvf.
• I have checked the issues tab and confirmed that my issue has not yet been reported. I understand that my issue will be closed if it is a duplicate.

Description

In a work environment using a MITM proxy with self-signed certificates, the blink-cmp package fails to build. The underlying mechanism appears to use Python's requests library, which does not respect the NIX_SSL_CERT_FILE environment variable or the PKI certificates configured in the NixOS configuration file. This results in SSL errors and a failed build.

I am unsure whether this is an issue with the nvf flake or the blink-cmp package in nixpkgs, as I am relatively new to Nix.

Unfortunately, I can't provide any log nor screenshots because of the nature of the work environment.

Installation Method

NixOS Module (nixosModules.default)

Installation Method (Other)

No response

nvf Version

master

Reproduction steps

1. Set up a MITM proxy that uses a self-signed certificate.
2. Add the proxy's certificate to the NixOS configuration file (e.g., /etc/nixos/configuration.nix).
3. Rebuild the system to ensure the certificate is in use:

   sudo nixos-rebuild switch

4. Add the nvf flake to your Nix configuration and enable blink-cmp.
5. Attempt to build the package. The build should fail with SSL certificate errors, as requests does not recognize the certificates provided by NIX_SSL_CERT_FILE or the NixOS configuration.

Expected behavior

he build should succeed, with blink-cmp respecting the certificates provided by NIX_SSL_CERT_FILE or the NixOS configuration, allowing it to communicate through the MITM proxy.

Actual Behavior

The build fails with SSL errors, as requests does not use the provided certificates, preventing the package from being built in a proxied environment.

System Information

- system: NixOS
- host os: NixOS-WSL
- multi-user: no
- sandbox: yes
- version: 25.05
- nixpkgs: unstable

Relevant log output

N/A

[horriblename]

I'm not familiar enough with networking shenanigans to help you, but this is probably not directly nvf's fault.

I am unsure whether this is an issue with the nvf flake or the blink-cmp package in nixpkgs, as I am relatively new to Nix.

we don't use plugins from nixpkgs because they tend to be slow to update. The blink package you are trying to build is from nvf, but the problem is likely with rustPlatform.buildRustPackage or fetchFromGitHub. See the blink package

as a workaround, you can try to use the built blink plugin from nixpkgs:

vim.pluginOverrides = {
  blink-cmp = pkgs.vimPlugins.blink-cmp;
}

[Jeomhps]

Hi, Yes I think you are totally correct on the fact that the issue arise from the rustPlatform.buildRustPackage or fetchFromGitHub, if I remember correctly I had seen one of thoses in the logs. I think that internally one of thoses two doesn't take into account the certificate use for the MITM proxy. If I have some spare time tomorrow, I'll try what your suggest (overriding the plugin). But I wonder whether It would be possible to kind of modify the files you pointed to (blink package) to make it work. Perhaps there is a way to make fetchFromGithub etc... aware of the certificate it should uses. Thank you for your help !