core/pkgs/build-support/rust/fetch-cargo-tarball/default.nix

144 lines
3.7 KiB
Nix
Raw Normal View History

2024-06-30 08:16:52 +00:00
{
lib,
stdenv,
cacert,
git,
cargo,
python3,
}:
let
cargo-vendor-normalise = stdenv.mkDerivation {
name = "cargo-vendor-normalise";
src = ./cargo-vendor-normalise.py;
nativeBuildInputs = [ python3.pkgs.wrapPython ];
dontUnpack = true;
installPhase = "install -D $src $out/bin/cargo-vendor-normalise";
pythonPath = [ python3.pkgs.toml ];
postFixup = "wrapPythonPrograms";
doInstallCheck = true;
installCheckPhase = ''
# check that ../fetchcargo-default-config.toml is a fix point
reference=${../fetchcargo-default-config.toml}
< $reference $out/bin/cargo-vendor-normalise > test;
cmp test $reference
'';
preferLocalBuild = true;
};
2024-05-02 00:46:19 +00:00
in
2024-06-30 08:16:52 +00:00
{
name ? "cargo-deps",
src ? null,
srcs ? [ ],
patches ? [ ],
sourceRoot ? "",
cargoUpdateHook ? "",
nativeBuildInputs ? [ ],
...
}@args:
let
hash_ =
if args ? hash then
{
outputHashAlgo = if args.hash == "" then "sha256" else null;
outputHash = args.hash;
}
else if args ? sha256 then
{
outputHashAlgo = "sha256";
outputHash = args.sha256;
}
else
throw "fetchCargoTarball requires a hash for ${name}";
in
stdenv.mkDerivation (
{
name = "${name}-vendor.tar.gz";
nativeBuildInputs = [
cacert
git
cargo-vendor-normalise
cargo
] ++ nativeBuildInputs;
buildPhase = ''
runHook preBuild
# Ensure deterministic Cargo vendor builds
export SOURCE_DATE_EPOCH=1
if [[ ! -f Cargo.lock ]]; then
echo
echo "ERROR: The Cargo.lock file doesn't exist"
echo
echo "Cargo.lock is needed to make sure that cargoHash/cargoSha256 doesn't change"
echo "when the registry is updated."
echo
exit 1
fi
# Keep the original around for copyLockfile
cp Cargo.lock Cargo.lock.orig
export CARGO_HOME=$(mktemp -d cargo-home.XXX)
CARGO_CONFIG=$(mktemp cargo-config.XXXX)
if [[ -n "$NIX_CRATES_INDEX" ]]; then
cat >$CARGO_HOME/config.toml <<EOF
[source.crates-io]
replace-with = 'mirror'
[source.mirror]
registry = "$NIX_CRATES_INDEX"
EOF
fi
${cargoUpdateHook}
# Override the `http.cainfo` option usually specified in `.cargo/config`.
export CARGO_HTTP_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
if grep '^source = "git' Cargo.lock; then
echo
echo "ERROR: The Cargo.lock contains git dependencies"
echo
echo "This is currently not supported in the fixed-output derivation fetcher."
echo "Use cargoLock.lockFile / importCargoLock instead."
echo
exit 1
fi
cargo vendor $name --respect-source-config | cargo-vendor-normalise > $CARGO_CONFIG
# Create an empty vendor directory when there is no dependency to vendor
mkdir -p $name
# Add the Cargo.lock to allow hash invalidation
cp Cargo.lock.orig $name/Cargo.lock
# Packages with git dependencies generate non-default cargo configs, so
# always install it rather than trying to write a standard default template.
install -D $CARGO_CONFIG $name/.cargo/config;
runHook postBuild
'';
# Build a reproducible tar, per instructions at https://reproducible-builds.org/docs/archives/
installPhase = ''
tar --owner=0 --group=0 --numeric-owner --format=gnu \
--sort=name --mtime="@$SOURCE_DATE_EPOCH" \
-czf $out $name
'';
inherit (hash_) outputHashAlgo outputHash;
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ "NIX_CRATES_INDEX" ];
}
// (builtins.removeAttrs args [
"name"
"sha256"
"cargoUpdateHook"
"nativeBuildInputs"
])
)