Forcing rustup to download gz instead of xz


#1

Is there a way to force rustup-init to download gz instead of xz from the server?

–help indicates not, but I wanted to make sure

Edit:
Alternatively, can I disable hash/signature checking?

Edit 2:
Maybe a bit more background will help.
I’m trying to setup a rustup server within an internal network at my workplace. (Completely cut off from the internet)

I have reserved “static.rust-lang.org” and set up a self-signed SSL certificate for it, and that part’s all good.

On the server, at the right location, I put a partial mirror of static.rust-lang.org, with only gz files mirrored (a personal fuck-up).

I also have a copy of rustup 1.6.0.
When I run it, it complains not finding the xz files. I can repack the gz as xz, but everything is signed using PGP (or so it seems), so that would be a wasted effort.


#2

I believe xz is reproducible, so that may not be a lost cause after all. This succeeds for me:

zcat rustc-1.22.1-src.tar.gz | xz --best | cmp rustc-1.22.1-src.tar.xz

(that’s a byte-for-byte comparison of a newly-created tar.xz to the existing one)


#3

Yeah, but unfortunatly I don’t have the signatures of the XZs in the network, so that won’t help me.

I’m trying to avoid bringing them in for now, because it’s a long process with lot’s of papers, and copying them byte-for-byte by hand won’t do.


#4

It looks like you could set RUSTUP_GPG_KEY to your own:

But I noticed this field isn’t used anywhere – see:
https://github.com/rust-lang-nursery/rustup.rs/issues/241

So for now, I think you could just edit the channel-*.toml to remove xz_url and xz_hash, then it should use the gz url and hash.


#5

Are they not signed as well? I noticed they have “asc” files near them, but I admit I didn’t look too closely


#6

It doesn’t matter that they’re signed if nothing validates it. You probably do need to update the toml.sha256 though.


#7

Thanks! I’ll look into it.

Edit: actually I did what you suggested (repacking) and it works just fine