buildRustPackage: Fix Cargo.lock being ignored

It turns out that `cargo`, with respect to registry dependencies, was
ignoring the package versions locked in `Cargo.lock` because we changed
the registry index URL.

Therefore, every time `rustRegistry` would be updated, we'd always try
to use the latest version available for every dependency and as a result
the deps' SHA256 hashes would almost always have to be changed.

To fix this, now we do a string substitution in `Cargo.lock` of the
`crates.io` registry URL with our URL. This should be safe because our
registry is just a copy of the `crates.io` registry at a certain point
in time.

Since now we don't always use the latest version of every dependency,
the build of `cargo` actually started to fail because two of the
dependencies specified in its `Cargo.lock` file have build failures.

To fix the latter problem, I've added a `cargoUpdateHook` variable that
gets ran both when fetching dependencies and just before building the
program. The purpose of `cargoUpdateHook` is to do any ad-hoc updating
of dependencies necessary to get the package to build. The use of the
'--precise' flag is needed so that cargo doesn't try to fetch an even
newer version whenever `rustRegistry` is updated (and therefore have to
change depsSha256 as a consequence).

pkgs/development/tools/build-managers/cargo/default.nix

@@ -15,7 +15,15 @@ buildRustPackage rec {
     leaveDotGit = true;
   };
 
-  depsSha256 = "1yi39asmnrya8w83jrjxym658cf1a5ffp8ym8502rqqvx30y0yx4";
+  cargoUpdateHook = ''
+    # Updating because version 2.1.4 has an invalid Cargo.toml
+    cargo update -p libressl-pnacl-sys --precise 2.1.5
+
+    # Updating because version 0.1.3 has a build failure with recent rustc
+    cargo update -p threadpool --precise 0.1.4
+  '';
+
+  depsSha256 = "12d2v4b85qabagrypvqiam2iybd4jwcg0sky0gqarfhjh2dhwfm6";
 
   buildInputs = [ file curl pkgconfig python openssl cmake zlib ];