Merge https://github.com/NixOS/nixpkgs

1 files changed, 22 insertions, 1 deletions

diff --git a/nixpkgs/pkgs/build-support/flutter/default.nix b/nixpkgs/pkgs/build-support/flutter/default.nix
index 8d31482900a8..c109804680f3 100644
--- a/nixpkgs/pkgs/build-support/flutter/default.nix
+++ b/nixpkgs/pkgs/build-support/flutter/default.nix
@@ -1,6 +1,7 @@
 { lib
 , callPackage
 , stdenvNoCC
+, runCommand
 , makeWrapper
 , llvmPackages_13
 , cacert
@@ -26,6 +27,26 @@
 }@args:
 let
   flutterSetupScript = ''
+    # Pub needs SSL certificates. Dart normally looks in a hardcoded path.
+    # https://github.com/dart-lang/sdk/blob/3.1.0/runtime/bin/security_context_linux.cc#L48
+    #
+    # Dart does not respect SSL_CERT_FILE...
+    # https://github.com/dart-lang/sdk/issues/48506
+    # ...and Flutter does not support --root-certs-file, so the path cannot be manually set.
+    # https://github.com/flutter/flutter/issues/56607
+    # https://github.com/flutter/flutter/issues/113594
+    #
+    # libredirect is of no use either, as Flutter does not pass any
+    # environment variables (including LD_PRELOAD) to the Pub process.
+    #
+    # Instead, Flutter is patched to allow the path to the Dart binary used for
+    # Pub commands to be overriden.
+    export NIX_FLUTTER_PUB_DART="${runCommand "dart-with-certs" { nativeBuildInputs = [ makeWrapper ]; } ''
+      mkdir -p "$out/bin"
+      makeWrapper ${flutter.dart}/bin/dart "$out/bin/dart" \
+        --add-flags "--root-certs-file=${cacert}/etc/ssl/certs/ca-bundle.crt"
+    ''}/bin/dart"
+
     export HOME="$NIX_BUILD_TOP"
     flutter config --no-analytics &>/dev/null # mute first-run
     flutter config --enable-linux-desktop >/dev/null
@@ -129,7 +150,7 @@ let
       ${postFixup}
     '';
 
-    passthru = {
+    passthru = (args.passthru or {}) // {
       inherit (deps) depsListFile;
     };
   });