4 files changed, 10 insertions, 108 deletions
diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md
index 97dc9e2ff531..cec3373cbee6 100644
--- a/doc/languages-frameworks/rust.section.md
+++ b/doc/languages-frameworks/rust.section.md
@@ -60,9 +60,9 @@ Nix depends on this file, so if it missing you can use `cargoPatches` to apply
 it in the `patchPhase`. Consider sending a PR upstream with a note to the
 maintainer describing why it's important to include in the application.
 
-Unless `legacyCargoFetcher` is set to `true`, the fetcher will also verify that
-the `Cargo.lock` file is in sync with the `src` attribute, and will compress the
-vendor directory into a tar.gz archive.
+The fetcher will verify that the `Cargo.lock` file is in sync with the `src`
+attribute, and fail the build if not. It will also will compress the vendor
+directory into a tar.gz archive.
 
 ### Building a crate for a different target
 
diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix
index f42f951680f7..7cfd03a4e265 100644
--- a/pkgs/build-support/rust/default.nix
+++ b/pkgs/build-support/rust/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, cacert, git, rust, cargo, rustc, fetchcargo, fetchCargoTarball, buildPackages, windows }:
+{ stdenv, cacert, git, rust, cargo, rustc, fetchCargoTarball, buildPackages, windows }:
 
 { name ? "${args.pname}-${args.version}"
 , cargoSha256 ? "unset"
@@ -14,7 +14,6 @@
 , cargoUpdateHook ? ""
 , cargoDepsHook ? ""
 , cargoBuildFlags ? []
-, legacyCargoFetcher ? false
 , buildType ? "release"
 , meta ? {}
 , target ? null
@@ -26,21 +25,17 @@ assert buildType == "release" || buildType == "debug";
 
 let
 
-  cargoFetcher = if legacyCargoFetcher
-                 then fetchcargo
-                 else fetchCargoTarball;
-
   cargoDeps = if cargoVendorDir == null
-    then cargoFetcher {
+    then fetchCargoTarball {
         inherit name src srcs sourceRoot unpackPhase cargoUpdateHook;
         patches = cargoPatches;
         sha256 = cargoSha256;
       }
     else null;
 
-  # If we're using the modern fetcher that always preserves the original Cargo.lock
-  # and have vendored deps, check them against the src attr for consistency.
-  validateCargoDeps = cargoSha256 != "unset" && !legacyCargoFetcher;
+  # If we have a cargoSha256 fixed-output derivation, validate it at build time
+  # against the src fixed-output derivation to check consistency.
+  validateCargoDeps = cargoSha256 != "unset";
 
   # Some cargo builds include build hooks that modify their own vendor
   # dependencies. This copies the vendor directory into the build tree and makes
@@ -50,8 +45,6 @@ let
     then (''
       unpackFile "$cargoDeps"
       cargoDepsCopy=$(stripHash $cargoDeps)
-    '' + stdenv.lib.optionalString legacyCargoFetcher ''
-      chmod -R +w "$cargoDepsCopy"
     '')
     else ''
       cargoDepsCopy="$sourceRoot/${cargoVendorDir}"
@@ -65,13 +58,9 @@ let
   cxxForHost="${stdenv.cc}/bin/${stdenv.cc.targetPrefix}c++";
   releaseDir = "target/${rustTarget}/${buildType}";
 
-  # Fetcher implementation choice should not be part of the hash in final
-  # derivation; only the cargoSha256 input matters.
-  filteredArgs = builtins.removeAttrs args [ "legacyCargoFetcher" ];
-
 in
 
-stdenv.mkDerivation (filteredArgs // {
+stdenv.mkDerivation (args // {
   inherit cargoDeps;
 
   patchRegistryDeps = ./patch-registry-deps;
diff --git a/pkgs/build-support/rust/fetchcargo.nix b/pkgs/build-support/rust/fetchcargo.nix
deleted file mode 100644
index 7a0ba38dce71..000000000000
--- a/pkgs/build-support/rust/fetchcargo.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-{ stdenv, cacert, git, cargo, python3 }:
-let cargo-vendor-normalise = stdenv.mkDerivation {
-  name = "cargo-vendor-normalise";
-  src = ./cargo-vendor-normalise.py;
-  nativeBuildInputs = [ python3.pkgs.wrapPython ];
-  dontUnpack = true;
-  installPhase = "install -D $src $out/bin/cargo-vendor-normalise";
-  pythonPath = [ python3.pkgs.toml ];
-  postFixup = "wrapPythonPrograms";
-  doInstallCheck = true;
-  installCheckPhase = ''
-    # check that ./fetchcargo-default-config.toml is a fix point
-    reference=${./fetchcargo-default-config.toml}
-    < $reference $out/bin/cargo-vendor-normalise > test;
-    cmp test $reference
-  '';
-  preferLocalBuild = true;
-};
-in
-{ name ? "cargo-deps"
-, src ? null
-, srcs ? []
-, patches ? []
-, sourceRoot
-, sha256
-, cargoUpdateHook ? ""
-, # whenever to also include the Cargo.lock in the output
-  copyLockfile ? false
-, ...
-} @ args:
-stdenv.mkDerivation ({
-  name = "${name}-vendor";
-  nativeBuildInputs = [ cacert git cargo-vendor-normalise cargo ];
-
-  phases = "unpackPhase patchPhase installPhase";
-
-  installPhase = ''
-    if [[ ! -f Cargo.lock ]]; then
-        echo
-        echo "ERROR: The Cargo.lock file doesn't exist"
-        echo
-        echo "Cargo.lock is needed to make sure that cargoSha256 doesn't change"
-        echo "when the registry is updated."
-        echo
-
-        exit 1
-    fi
-
-    # Keep the original around for copyLockfile
-    cp Cargo.lock Cargo.lock.orig
-
-    export CARGO_HOME=$(mktemp -d cargo-home.XXX)
-    CARGO_CONFIG=$(mktemp cargo-config.XXXX)
-
-    ${cargoUpdateHook}
-
-    mkdir -p $out
-    cargo vendor $out | cargo-vendor-normalise > $CARGO_CONFIG
-    # fetchcargo used to never keep the config output by cargo vendor
-    # and instead hardcode the config in ./fetchcargo-default-config.toml.
-    # This broke on packages needing git dependencies, so now we keep the config.
-    # But not to break old cargoSha256, if the previous behavior was enough,
-    # we don't store the config.
-    if ! cmp $CARGO_CONFIG ${./fetchcargo-default-config.toml} > /dev/null; then
-      install -D $CARGO_CONFIG $out/.cargo/config;
-    fi;
-
-  '' + stdenv.lib.optionalString copyLockfile ''
-    # add the Cargo.lock to allow hash invalidation
-    cp Cargo.lock.orig $out/Cargo.lock
-  '';
-
-  outputHashAlgo = "sha256";
-  outputHashMode = "recursive";
-  outputHash = sha256;
-
-  impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars;
-  preferLocalBuild = true;
-} // (builtins.removeAttrs args [
-  "name" "sha256" "cargoUpdateHook" "copyLockfile"
-]))
diff --git a/pkgs/development/compilers/rust/default.nix b/pkgs/development/compilers/rust/default.nix
index a5da7ee7a6d4..1673441575c0 100644
--- a/pkgs/development/compilers/rust/default.nix
+++ b/pkgs/development/compilers/rust/default.nix
@@ -30,14 +30,8 @@
       inherit cargo;
     };
 
-    # N.B. This is a legacy fetcher implementation that is being phased out and deleted.
-    # See ../../../build-support/rust/README.md for details.
-    fetchcargo = buildPackages.callPackage ../../../build-support/rust/fetchcargo.nix {
-      inherit cargo;
-    };
-
     buildRustPackage = callPackage ../../../build-support/rust {
-      inherit rustc cargo fetchcargo fetchCargoTarball;
+      inherit rustc cargo fetchCargoTarball;
     };
 
     rustcSrc = callPackage ./rust-src.nix {