nuget_archive does not support plain HTTP

[dpvdberg]

I'm trying to use the nuget_archive rule exported by rules_dotnet, but my nuget source is a plain HTTP (non-HTTPS) source.
The issue here is that during _get_package_urls, it attempts to download index.json, but that gives me the following error:

Error in download: java.io.IOException: No URLs left after removing plain http URLs due to missing checksum. Please provide either a checksum or an https download location.

However, I cannot provide a checksum for the index download in nuget_archive, only for the nuget package itself.
Is there any way to circumvent this, without the need for HTTPS? Or would this require an additional argument on the nuget_archive rule?

Reproduction: attempt to download a nuget package using nuget_archive and provide a non-HTTPS index.json url in the sources argument.

[purkhusid]

I want to fix this by removing the index.json download and instead let the nuget_archive expect the url to the .nuget file.
It would then be up to e.g. paket2bazel to figure out the correct url of a package by parsing the index.json. This would also fix the issue for those who user nuget_archive manually.