about summary refs log tree commit diff
path: root/pkgs/development/compilers/dotnet
diff options
context:
space:
mode:
authorDavid McFarland <corngood@gmail.com>2024-02-20 23:21:08 -0400
committerDavid McFarland <corngood@gmail.com>2024-03-03 15:15:08 -0400
commit043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c (patch)
treeecce5897d1bc8c7626497ae32f32adea1c9d1aec /pkgs/development/compilers/dotnet
parent845b559abe7dea12b2f3d4a98cf5326e0f1e195b (diff)
downloadnixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.tar
nixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.tar.gz
nixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.tar.bz2
nixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.tar.lz
nixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.tar.xz
nixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.tar.zst
nixlib-043eab9a5ac2ac3bdabd541fb3180e80c47c2b2c.zip
dotnetCorePackages.dotnet_8: init at 8.0.2
Diffstat (limited to 'pkgs/development/compilers/dotnet')
-rw-r--r--pkgs/development/compilers/dotnet/8/default.nix9
-rw-r--r--pkgs/development/compilers/dotnet/8/deps.nix10
-rw-r--r--pkgs/development/compilers/dotnet/8/release-info.json5
-rw-r--r--pkgs/development/compilers/dotnet/8/release.json9
-rw-r--r--pkgs/development/compilers/dotnet/build-dotnet.nix66
-rw-r--r--pkgs/development/compilers/dotnet/combine-deps.nix40
-rw-r--r--pkgs/development/compilers/dotnet/common.nix63
-rw-r--r--pkgs/development/compilers/dotnet/default.nix5
-rw-r--r--pkgs/development/compilers/dotnet/dotnet.nix50
-rw-r--r--pkgs/development/compilers/dotnet/fix-aspnetcore-portable-build.patch25
-rw-r--r--pkgs/development/compilers/dotnet/fix-tmp-path.patch27
-rw-r--r--pkgs/development/compilers/dotnet/packages.nix99
-rw-r--r--pkgs/development/compilers/dotnet/patch-nupkgs.nix62
-rw-r--r--pkgs/development/compilers/dotnet/patch-restored-packages.proj8
-rw-r--r--pkgs/development/compilers/dotnet/record-downloaded-packages.patch42
-rw-r--r--pkgs/development/compilers/dotnet/record-downloaded-packages.proj13
-rw-r--r--pkgs/development/compilers/dotnet/sign-apphost.nix10
-rw-r--r--pkgs/development/compilers/dotnet/sign-apphost.proj11
-rw-r--r--pkgs/development/compilers/dotnet/sigtool.nix27
-rw-r--r--pkgs/development/compilers/dotnet/stage0.nix126
-rw-r--r--pkgs/development/compilers/dotnet/stage1.nix27
-rw-r--r--pkgs/development/compilers/dotnet/stop-passing-bare-sdk-arg-to-swiftc.patch31
-rw-r--r--pkgs/development/compilers/dotnet/update.nix123
-rw-r--r--pkgs/development/compilers/dotnet/versions/8.0.102.nix179
-rw-r--r--pkgs/development/compilers/dotnet/vmr.nix332
25 files changed, 1341 insertions, 58 deletions
diff --git a/pkgs/development/compilers/dotnet/8/default.nix b/pkgs/development/compilers/dotnet/8/default.nix
new file mode 100644
index 000000000000..8b98aa962dc9
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/8/default.nix
@@ -0,0 +1,9 @@
+{ callPackage
+, dotnetCorePackages
+, bootstrapSdk
+}: callPackage ../dotnet.nix {
+  releaseManifestFile = ./release.json;
+  releaseInfoFile = ./release-info.json;
+  depsFile = ./deps.nix;
+  inherit bootstrapSdk;
+}
diff --git a/pkgs/development/compilers/dotnet/8/deps.nix b/pkgs/development/compilers/dotnet/8/deps.nix
new file mode 100644
index 000000000000..ce7ee48bb102
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/8/deps.nix
@@ -0,0 +1,10 @@
+{ fetchNuGet }: [
+  (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.NETCore.ILAsm"; sha256 = "8985f0b9855daaf8b4a38f32a91902bdbb99a2f1801a98c68a5013d94842524e"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.linux-arm64.microsoft.netcore.ilasm/8.0.1-servicing.23580.1/runtime.linux-arm64.microsoft.netcore.ilasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.NETCore.ILDAsm"; sha256 = "0496a403691e50662c5aef598248d8cd92ad1da1e93a859aedee5bb91bb9c821"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.linux-arm64.microsoft.netcore.ildasm/8.0.1-servicing.23580.1/runtime.linux-arm64.microsoft.netcore.ildasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.linux-x64.Microsoft.NETCore.ILAsm"; sha256 = "0c5k9ckp7zjspyqqzz817jr8pglnn7wxhmv2hfk700swb96qhg0w"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.linux-x64.microsoft.netcore.ilasm/8.0.1-servicing.23580.1/runtime.linux-x64.microsoft.netcore.ilasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.linux-x64.Microsoft.NETCore.ILDAsm"; sha256 = "1pyydnypv9x25p7y35j85f8pxnyxq3w2vc8i84klq90kzgzig5a8"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.linux-x64.microsoft.netcore.ildasm/8.0.1-servicing.23580.1/runtime.linux-x64.microsoft.netcore.ildasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.osx-arm64.Microsoft.NETCore.ILAsm"; sha256 = "7609cfc7fd617a580caba18d458ed644ab799346139b3ead9df9502abe8d0541"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.osx-arm64.microsoft.netcore.ilasm/8.0.1-servicing.23580.1/runtime.osx-arm64.microsoft.netcore.ilasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.osx-arm64.Microsoft.NETCore.ILDAsm"; sha256 = "6a969c2f6261834ab8ec9829cffed5a1a1f35667bf382b7c902d1b26db192e27"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.osx-arm64.microsoft.netcore.ildasm/8.0.1-servicing.23580.1/runtime.osx-arm64.microsoft.netcore.ildasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.osx-x64.Microsoft.NETCore.ILAsm"; sha256 = "a8b90caa9ead7defdf8b9570dcb3e0cec146dff892a88fb825fedb7ee0fe620f"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.osx-x64.microsoft.netcore.ilasm/8.0.1-servicing.23580.1/runtime.osx-x64.microsoft.netcore.ilasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+  (fetchNuGet { pname = "runtime.osx-x64.Microsoft.NETCore.ILDAsm"; sha256 = "eade428d642bdbb2271610c5d781a61ab367dbd3e776477a7b5948bda62252b5"; url = "https://pkgs.dev.azure.com/dnceng/9ee6d478-d288-47f7-aacc-f6e6d082ae6d/_packaging/a65e5cb4-26c0-410f-9457-06db3c5254be/nuget/v3/flat2/runtime.osx-x64.microsoft.netcore.ildasm/8.0.1-servicing.23580.1/runtime.osx-x64.microsoft.netcore.ildasm.8.0.1-servicing.23580.1.nupkg"; version = "8.0.1-servicing.23580.1"; })
+]
diff --git a/pkgs/development/compilers/dotnet/8/release-info.json b/pkgs/development/compilers/dotnet/8/release-info.json
new file mode 100644
index 000000000000..2a316ed2de94
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/8/release-info.json
@@ -0,0 +1,5 @@
+{
+  "tarballHash": "sha256-OTCFPhQ9PHnQ0f7UzgHryEsBIaKCOm/L6pkURw/RY2s=",
+  "artifactsUrl": "https://dotnetcli.azureedge.net/source-built-artifacts/assets/Private.SourceBuilt.Artifacts.8.0.101-servicing.23601.1.centos.8-x64.tar.gz",
+  "artifactsHash": "sha256-RLrEPFkB9NvnzJFJ0zSFbGNpMKR4EsyBu3T/JwAxgzc="
+}
diff --git a/pkgs/development/compilers/dotnet/8/release.json b/pkgs/development/compilers/dotnet/8/release.json
new file mode 100644
index 000000000000..de0aaf95f3eb
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/8/release.json
@@ -0,0 +1,9 @@
+{
+  "release": "8.0.2",
+  "channel": "8.0",
+  "tag": "v8.0.2",
+  "sdkVersion": "8.0.102",
+  "runtimeVersion": "8.0.2",
+  "sourceRepository": "https://github.com/dotnet/dotnet",
+  "sourceVersion": "d396b0c4d3e51c2d8d679b2f7233912bc5bfc2fa"
+}
diff --git a/pkgs/development/compilers/dotnet/build-dotnet.nix b/pkgs/development/compilers/dotnet/build-dotnet.nix
index be2ec26c55a7..8ee0bd9e7b3a 100644
--- a/pkgs/development/compilers/dotnet/build-dotnet.nix
+++ b/pkgs/development/compilers/dotnet/build-dotnet.nix
@@ -24,6 +24,7 @@ assert if type == "sdk" then packages != null else true;
 , runCommand
 , writeShellScript
 , mkNugetDeps
+, callPackage
 }:
 
 let
@@ -41,13 +42,10 @@ let
     sdk = ".NET SDK ${version}";
   };
 
-  packageDeps = if type == "sdk" then mkNugetDeps {
-    name = "${pname}-${version}-deps";
-    nugetDeps = packages;
-  } else null;
+  mkCommon = callPackage ./common.nix {};
 
 in
-stdenv.mkDerivation (finalAttrs: rec {
+mkCommon type rec {
   inherit pname version;
 
   # Some of these dependencies are `dlopen()`ed.
@@ -88,11 +86,6 @@ stdenv.mkDerivation (finalAttrs: rec {
     runHook postInstall
   '';
 
-  doInstallCheck = true;
-  installCheckPhase = ''
-    $out/bin/dotnet --info
-  '';
-
   # Tell autoPatchelf about runtime dependencies.
   # (postFixup phase is run before autoPatchelfHook.)
   postFixup = lib.optionalString stdenv.isLinux ''
@@ -112,23 +105,15 @@ stdenv.mkDerivation (finalAttrs: rec {
       $out/packs/Microsoft.NETCore.App.Host.linux-x64/*/runtimes/linux-x64/native/singlefilehost
   '';
 
-  setupHook = writeText "dotnet-setup-hook" ''
-    if [ ! -w "$HOME" ]; then
-      export HOME=$(mktemp -d) # Dotnet expects a writable home directory for its configuration files
-    fi
-
-    export DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1 # Dont try to expand NuGetFallbackFolder to disk
-    export DOTNET_NOLOGO=1 # Disables the welcome message
-    export DOTNET_CLI_TELEMETRY_OPTOUT=1
-    export DOTNET_SKIP_WORKLOAD_INTEGRITY_CHECK=1 # Skip integrity check on first run, which fails due to read-only directory
-  '';
-
   passthru = {
     inherit icu;
-    packages = packageDeps;
+  } // lib.optionalAttrs (type == "sdk") {
+    packages = mkNugetDeps {
+      name = "${pname}-${version}-deps";
+      nugetDeps = packages;
+    };
 
     updateScript =
-      if type == "sdk" then
       let
         majorVersion =
           with lib;
@@ -137,40 +122,7 @@ stdenv.mkDerivation (finalAttrs: rec {
       writeShellScript "update-dotnet-${majorVersion}" ''
         pushd pkgs/development/compilers/dotnet
         exec ${./update.sh} "${majorVersion}"
-      '' else null;
-
-    tests = {
-      version = testers.testVersion {
-        package = finalAttrs.finalPackage;
-      };
-
-      console = runCommand "dotnet-test-console" {
-        nativeBuildInputs = [ finalAttrs.finalPackage ];
-      } ''
-        HOME=$(pwd)/fake-home
-        dotnet new nugetconfig
-        dotnet nuget disable source nuget
-        dotnet new console -n test -o .
-        output="$(dotnet run)"
-        # yes, older SDKs omit the comma
-        [[ "$output" =~ Hello,?\ World! ]] && touch "$out"
-      '';
-
-      single-file = let build = runCommand "dotnet-test-build-single-file" {
-        nativeBuildInputs = [ finalAttrs.finalPackage ];
-      } ''
-        HOME=$(pwd)/fake-home
-        dotnet new nugetconfig
-        dotnet nuget disable source nuget
-        dotnet nuget add source ${finalAttrs.finalPackage.packages}
-        dotnet new console -n test -o .
-        dotnet publish --use-current-runtime -p:PublishSingleFile=true -o $out
-      ''; in runCommand "dotnet-test-run-single-file" {} ''
-        output="$(${build}/test)"
-        # yes, older SDKs omit the comma
-        [[ "$output" =~ Hello,?\ World! ]] && touch "$out"
       '';
-    };
   };
 
   meta = with lib; {
@@ -181,4 +133,4 @@ stdenv.mkDerivation (finalAttrs: rec {
     mainProgram = "dotnet";
     platforms = attrNames srcs;
   };
-})
+}
diff --git a/pkgs/development/compilers/dotnet/combine-deps.nix b/pkgs/development/compilers/dotnet/combine-deps.nix
new file mode 100644
index 000000000000..a7c4356b34b0
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/combine-deps.nix
@@ -0,0 +1,40 @@
+{
+  list,
+  baseRid,
+  otherRids,
+  pkgs ? import ../../../.. {}
+}:
+with pkgs.lib;
+let
+  inherit (pkgs) writeText;
+
+  fns = map (file: import file) list;
+  packages = unique
+    (concatMap (fn: fn { fetchNuGet = package: package; }) fns);
+
+  changePackageRid = package: rid:
+    let replace = replaceStrings [".${baseRid}"] [".${rid}"];
+    in rec {
+      pname = replace package.pname;
+      inherit (package) version;
+      url = replace package.url;
+      sha256 = builtins.hashFile "sha256" (builtins.fetchurl url);
+    };
+
+  expandPackage = package:
+    [ package ] ++
+    optionals (strings.match ".*\\.${baseRid}(\\..*|$)" package.pname != null)
+    (map (changePackageRid package) otherRids);
+
+  allPackages =
+    sortOn (package: [ package.pname package.version package ])
+    (concatMap expandPackage packages);
+
+  fetchExpr = package:
+    "  (fetchNuGet ${generators.toPretty { multiline = false; } package})";
+
+in writeText "deps.nix" ''
+  { fetchNuGet }: [
+  ${concatMapStringsSep "\n" fetchExpr allPackages}
+  ]
+''
diff --git a/pkgs/development/compilers/dotnet/common.nix b/pkgs/development/compilers/dotnet/common.nix
new file mode 100644
index 000000000000..0d8890e61da2
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/common.nix
@@ -0,0 +1,63 @@
+# TODO: switch to stdenvNoCC
+{ stdenv
+, lib
+, writeText
+, testers
+, runCommand
+}: type: args: stdenv.mkDerivation (finalAttrs: args // {
+  doInstallCheck = true;
+
+  # TODO: this should probably be postInstallCheck
+  # TODO: send output to /dev/null
+  installCheckPhase = args.installCheckPhase or "" + ''
+    $out/bin/dotnet --info
+  '';
+
+  # TODO: move this to sdk section?
+  setupHook = writeText "dotnet-setup-hook" (''
+    if [ ! -w "$HOME" ]; then
+      export HOME=$(mktemp -d) # Dotnet expects a writable home directory for its configuration files
+    fi
+
+    export DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1 # Dont try to expand NuGetFallbackFolder to disk
+    export DOTNET_NOLOGO=1 # Disables the welcome message
+    export DOTNET_CLI_TELEMETRY_OPTOUT=1
+    export DOTNET_SKIP_WORKLOAD_INTEGRITY_CHECK=1 # Skip integrity check on first run, which fails due to read-only directory
+  '' + args.setupHook or "");
+
+} // lib.optionalAttrs (type == "sdk") {
+  passthru = {
+    tests = {
+      version = testers.testVersion {
+        package = finalAttrs.finalPackage;
+      };
+
+      console = runCommand "dotnet-test-console" {
+        nativeBuildInputs = [ finalAttrs.finalPackage ];
+      } ''
+        HOME=$(pwd)/fake-home
+        dotnet new nugetconfig
+        dotnet nuget disable source nuget
+        dotnet new console -n test -o .
+        output="$(dotnet run)"
+        # yes, older SDKs omit the comma
+        [[ "$output" =~ Hello,?\ World! ]] && touch "$out"
+      '';
+
+      single-file = let build = runCommand "dotnet-test-build-single-file" {
+        nativeBuildInputs = [ finalAttrs.finalPackage ];
+      } ''
+        HOME=$(pwd)/fake-home
+        dotnet new nugetconfig
+        dotnet nuget disable source nuget
+        dotnet nuget add source ${finalAttrs.finalPackage.packages}
+        dotnet new console -n test -o .
+        dotnet publish --use-current-runtime -p:PublishSingleFile=true -o $out
+      ''; in runCommand "dotnet-test-run-single-file" {} ''
+        output="$(${build}/test)"
+        # yes, older SDKs omit the comma
+        [[ "$output" =~ Hello,?\ World! ]] && touch "$out"
+      '';
+    } // args.passthru.tests or {};
+  } // args.passthru or {};
+})
diff --git a/pkgs/development/compilers/dotnet/default.nix b/pkgs/development/compilers/dotnet/default.nix
index 814560e49bee..1960488f840a 100644
--- a/pkgs/development/compilers/dotnet/default.nix
+++ b/pkgs/development/compilers/dotnet/default.nix
@@ -5,7 +5,7 @@ dotnetCombined = with dotnetCorePackages; combinePackages [ sdk_6_0 aspnetcore_7
 Hashes and urls are retrieved from:
 https://dotnet.microsoft.com/download/dotnet
 */
-{ lib, config, callPackage }:
+{ lib, config, callPackage, recurseIntoAttrs }:
 let
   buildDotnet = attrs: callPackage (import ./build-dotnet.nix attrs) {};
   buildAttrs = {
@@ -18,6 +18,7 @@ let
   dotnet_6_0 = import ./versions/6.0.nix buildAttrs;
   dotnet_7_0 = import ./versions/7.0.nix buildAttrs;
   dotnet_8_0 = import ./versions/8.0.nix buildAttrs;
+  dotnet_8_0_102 = import ./versions/8.0.102.nix buildAttrs;
 
   runtimeIdentifierMap = {
     "x86_64-linux" = "linux-x64";
@@ -35,6 +36,8 @@ in
   inherit systemToDotnetRid;
 
   combinePackages = attrs: callPackage (import ./combine-packages.nix attrs) {};
+
+  dotnet_8 = recurseIntoAttrs (callPackage ./8 { bootstrapSdk = dotnet_8_0_102.sdk_8_0; });
 } // lib.optionalAttrs config.allowAliases {
   # EOL
   sdk_2_1 = throw "Dotnet SDK 2.1 is EOL, please use 6.0 (LTS) or 7.0 (Current)";
diff --git a/pkgs/development/compilers/dotnet/dotnet.nix b/pkgs/development/compilers/dotnet/dotnet.nix
new file mode 100644
index 000000000000..90541215f949
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/dotnet.nix
@@ -0,0 +1,50 @@
+{ callPackage
+, lib
+, releaseManifestFile
+, releaseInfoFile
+, allowPrerelease ? false
+, depsFile
+, bootstrapSdk
+, pkgsBuildHost
+}:
+
+let
+  inherit (lib.importJSON releaseInfoFile) tarballHash artifactsUrl artifactsHash;
+
+  pkgs = callPackage ./stage1.nix {
+    inherit releaseManifestFile tarballHash depsFile;
+    bootstrapSdk =
+      { stdenvNoCC
+      , dotnetCorePackages
+      , fetchurl
+      }: bootstrapSdk.overrideAttrs (old: {
+        passthru = old.passthru or {} // {
+          artifacts = stdenvNoCC.mkDerivation rec {
+            name = lib.nameFromURL artifactsUrl ".tar.gz";
+
+            src = fetchurl {
+              url = artifactsUrl;
+              hash = artifactsHash;
+            };
+
+            sourceRoot = ".";
+
+            installPhase = ''
+              mkdir -p $out
+              cp -r * $out/
+              ln -fs ${old.passthru.packages}/* $out/
+            '';
+          };
+        };
+      });
+  };
+
+in pkgs // {
+  vmr = pkgs.vmr.overrideAttrs(old: {
+    passthru = old.passthru // {
+      updateScript = pkgsBuildHost.callPackage ./update.nix {
+        inherit releaseManifestFile releaseInfoFile allowPrerelease;
+      };
+    };
+  });
+}
diff --git a/pkgs/development/compilers/dotnet/fix-aspnetcore-portable-build.patch b/pkgs/development/compilers/dotnet/fix-aspnetcore-portable-build.patch
new file mode 100644
index 000000000000..47c6f997a811
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/fix-aspnetcore-portable-build.patch
@@ -0,0 +1,25 @@
+From ebc2540f8d0aba2e5ec2f0d5f5889100475ad93e Mon Sep 17 00:00:00 2001
+From: David McFarland <corngood@gmail.com>
+Date: Mon, 1 Jan 2024 12:45:41 -0400
+Subject: [PATCH] fix aspnetcore portable build
+
+https://github.com/dotnet/installer/pull/15163#issuecomment-1873396096
+---
+ repo-projects/aspnetcore.proj | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/repo-projects/aspnetcore.proj b/repo-projects/aspnetcore.proj
+index e3f4b1664a..947532add9 100644
+--- a/repo-projects/aspnetcore.proj
++++ b/repo-projects/aspnetcore.proj
+@@ -8,6 +8,7 @@
+     <OverrideTargetRid Condition="'$(TargetOS)' == 'Windows_NT'">win-$(Platform)</OverrideTargetRid>
+     <_portableRidOverridden Condition="'$(TargetRid)' != '$(OverrideTargetRid)'">true</_portableRidOverridden>
+     <_portableRidOverridden Condition="'$(TargetRid)' == '$(OverrideTargetRid)'">false</_portableRidOverridden>
++    <_portableRidOverridden Condition="'$(PortableBuild)' != ''">$(PortableBuild)</_portableRidOverridden>
+ 
+     <!-- StandardSourceBuildArgs include -publish which is not supported by the aspnetcore build script. -->
+     <BuildCommandArgs>$(StandardSourceBuildArgs.Replace('--publish', ''))</BuildCommandArgs>
+-- 
+2.40.1
+
diff --git a/pkgs/development/compilers/dotnet/fix-tmp-path.patch b/pkgs/development/compilers/dotnet/fix-tmp-path.patch
new file mode 100644
index 000000000000..54d7cf2c81df
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/fix-tmp-path.patch
@@ -0,0 +1,27 @@
+From e0bd79c04c3647dd5abec5e60c031b1f2762a84c Mon Sep 17 00:00:00 2001
+From: David McFarland <corngood@gmail.com>
+Date: Wed, 10 Jan 2024 02:25:46 -0400
+Subject: [PATCH] fix-tmp-path
+
+---
+ build.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/build.sh b/build.sh
+index a1224e4369..555a88fc95 100755
+--- a/build.sh
++++ b/build.sh
+@@ -211,8 +211,8 @@ elif [ -d "$packagesArchiveDir" ]; then
+   if [ -f "${packagesPreviouslySourceBuiltDir}}PackageVersions.props" ]; then
+     packageVersionsPath=${packagesPreviouslySourceBuiltDir}PackageVersions.props
+   elif [ -f "$sourceBuiltArchive" ]; then
+-    tar -xzf "$sourceBuiltArchive" -C /tmp PackageVersions.props
+-    packageVersionsPath=/tmp/PackageVersions.props
++    tar -xzf "$sourceBuiltArchive" PackageVersions.props
++    packageVersionsPath=$PWD/PackageVersions.props
+   fi
+ fi
+ 
+-- 
+2.40.1
+
diff --git a/pkgs/development/compilers/dotnet/packages.nix b/pkgs/development/compilers/dotnet/packages.nix
new file mode 100644
index 000000000000..3eef77ff7144
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/packages.nix
@@ -0,0 +1,99 @@
+{ stdenv
+, callPackage
+, vmr
+}:
+
+let
+  mkCommon = callPackage ./common.nix {};
+  inherit (vmr) targetRid releaseManifest;
+
+in {
+  inherit vmr;
+  sdk = mkCommon "sdk" rec {
+    pname = "dotnet-sdk";
+    version = releaseManifest.sdkVersion;
+
+    src = vmr;
+    dontUnpack = true;
+
+    outputs = [ "out" "packages" "artifacts" ];
+
+    installPhase = ''
+      runHook preInstall
+
+      cp -r "$src"/dotnet-sdk-${version}-${targetRid} "$out"
+      chmod +w "$out"
+      mkdir "$out"/bin
+      ln -s "$out"/dotnet "$out"/bin/dotnet
+
+      mkdir "$packages"
+      # this roughly corresponds to the {sdk,aspnetcore}_packages in ../update.sh
+      cp -r "$src"/Private.SourceBuilt.Artifacts.*.${targetRid}/*Microsoft.{NET.ILLink.Tasks,NETCore,DotNet,AspNetCore}.*.nupkg "$packages"
+
+      cp -r "$src"/Private.SourceBuilt.Artifacts.*.${targetRid} "$artifacts"
+
+      runHook postInstall
+    '';
+
+    passthru = {
+      inherit (vmr) icu targetRid updateScript;
+    };
+
+    meta = vmr.meta // {
+      mainProgram = "dotnet";
+    };
+  };
+
+  runtime = mkCommon "runtime" rec {
+    pname = "dotnet-runtime";
+    version = releaseManifest.runtimeVersion;
+
+    src = vmr;
+    dontUnpack = true;
+
+    outputs = [ "out" ];
+
+    installPhase = ''
+      runHook preInstall
+
+      cp -r "$src/dotnet-runtime-${version}-${targetRid}" "$out"
+      chmod +w "$out"
+      mkdir "$out"/bin
+      ln -s "$out"/dotnet "$out"/bin/dotnet
+
+      runHook postInstall
+    '';
+
+    meta = vmr.meta // {
+      mainProgram = "dotnet";
+    };
+  };
+
+  aspnetcore = mkCommon "aspnetcore" rec {
+    pname = "dotnet-aspnetcore-runtime";
+    version = releaseManifest.aspnetcoreRuntimeVersion or releaseManifest.runtimeVersion;
+
+    src = vmr;
+    dontUnpack = true;
+
+    outputs = [ "out" ];
+
+    installPhase = ''
+      runHook preInstall
+
+      cp -r "$src/dotnet-runtime-${releaseManifest.runtimeVersion}-${targetRid}" "$out"
+      chmod +w "$out"
+      mkdir "$out"/bin
+      ln -s "$out"/dotnet "$out"/bin/dotnet
+
+      chmod +w "$out"/shared
+      cp -Tr "$src/aspnetcore-runtime-${version}-${targetRid}" "$out"
+
+      runHook postInstall
+    '';
+
+    meta = vmr.meta // {
+      mainProgram = "dotnet";
+    };
+  };
+}
diff --git a/pkgs/development/compilers/dotnet/patch-nupkgs.nix b/pkgs/development/compilers/dotnet/patch-nupkgs.nix
new file mode 100644
index 000000000000..0f1173056f04
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/patch-nupkgs.nix
@@ -0,0 +1,62 @@
+{ stdenv
+, lib
+, dotnetCorePackages
+, zlib
+, curl
+, icu
+, libunwind
+, libuuid
+, openssl
+, lttng-ust_2_12
+, writeShellScriptBin
+}:
+
+let
+  buildRid = dotnetCorePackages.systemToDotnetRid stdenv.buildPlatform.system;
+
+  binaryRPath = lib.makeLibraryPath ([
+    stdenv.cc.cc
+    zlib
+    curl
+    icu
+    libunwind
+    libuuid
+    openssl
+  ] ++ lib.optional stdenv.isLinux lttng-ust_2_12);
+
+in writeShellScriptBin "patch-nupkgs" ''
+  set -euo pipefail
+  shopt -s nullglob
+  isELF() {
+      local fn="$1"
+      local fd
+      local magic
+      exec {fd}< "$fn"
+      read -r -n 4 -u "$fd" magic
+      exec {fd}<&-
+      if [ "$magic" = $'\177ELF' ]; then return 0; else return 1; fi
+  }
+  cd "$1"
+  for x in *.${buildRid}/* *.${buildRid}.*/*; do
+    [[ -d "$x" ]] && [[ ! -f "$x"/.nix-patched ]] || continue
+    echo "Patching package $x"
+    pushd "$x"
+    for p in $(find -type f); do
+      if [[ "$p" != *.nix-patched ]] && isELF "$p"; then
+        tmp="$p".$$.nix-patched
+        # if this fails to copy then another process must have patched it
+        cp --reflink=auto "$p" "$tmp" || continue
+        echo "Patchelfing $p as $tmp"
+        patchelf \
+          --set-interpreter "${stdenv.cc.bintools.dynamicLinker}" \
+          "$tmp" ||:
+        patchelf \
+          --set-rpath "${binaryRPath}" \
+          "$tmp" ||:
+        mv "$tmp" "$p"
+      fi
+    done
+    touch .nix-patched
+    popd
+  done
+''
diff --git a/pkgs/development/compilers/dotnet/patch-restored-packages.proj b/pkgs/development/compilers/dotnet/patch-restored-packages.proj
new file mode 100644
index 000000000000..bef12d6308f9
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/patch-restored-packages.proj
@@ -0,0 +1,8 @@
+<Project>
+  <Target Name="PatchIlasm" AfterTargets="ResolveIlToolPaths">
+    <Exec Command="patch-nupkgs $(NUGET_PACKAGES) 2>&amp;1"/>
+  </Target>
+  <Target Name="PatchCrossgen" AfterTargets="Restore;_PrepareForReadyToRunCompilation;PrepareForCrossGen">
+    <Exec Command="patch-nupkgs $(NUGET_PACKAGES) 2>&amp;1"/>
+  </Target>
+</Project>
diff --git a/pkgs/development/compilers/dotnet/record-downloaded-packages.patch b/pkgs/development/compilers/dotnet/record-downloaded-packages.patch
new file mode 100644
index 000000000000..4c5b45939d76
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/record-downloaded-packages.patch
@@ -0,0 +1,42 @@
+From a5a4a77dd77ed5c997bec6519adf7b6be3108af2 Mon Sep 17 00:00:00 2001
+From: David McFarland <corngood@gmail.com>
+Date: Sun, 31 Dec 2023 01:48:31 -0400
+Subject: [PATCH 2/2] record downloaded packages
+
+---
+ .../buildBootstrapPreviouslySB.csproj         |  6 +++++
+ repo-projects/Directory.Build.targets         | 27 +++++++++++++++++++
+ 2 files changed, 33 insertions(+)
+
+diff --git a/eng/bootstrap/buildBootstrapPreviouslySB.csproj b/eng/bootstrap/buildBootstrapPreviouslySB.csproj
+index d85e32ca76..280c9eaf89 100644
+--- a/eng/bootstrap/buildBootstrapPreviouslySB.csproj
++++ b/eng/bootstrap/buildBootstrapPreviouslySB.csproj
+@@ -102,6 +102,12 @@
+     </ItemGroup>
+   </Target>
+ 
++  <Target Name="NuGetToNix" AfterTargets="Restore">
++    <Exec
++        Command="nuget-to-nix $(RestorePackagesPath) >$(ArchiveDir)deps.nix 2>&amp;1"
++        WorkingDirectory="$(MSBuildProjectDirectory)"/>
++  </Target>
++
+   <Target Name="BuildBoostrapPreviouslySourceBuilt"
+           AfterTargets="Restore"
+           DependsOnTargets="GetPackagesToDownload">
+diff --git a/repo-projects/Directory.Build.targets b/repo-projects/Directory.Build.targets
+index 3fa15da862..afd7b87088 100644
+--- a/repo-projects/Directory.Build.targets
++++ b/repo-projects/Directory.Build.targets
+@@ -471,6 +497,7 @@
+     <ItemGroup>
+       <LogFilesToCopy Include="$(ProjectDirectory)artifacts/**/*.log" />
+       <LogFilesToCopy Include="$(ProjectDirectory)artifacts/**/*.binlog" />
++      <LogFilesToCopy Include="$(ProjectDirectory)artifacts/**/deps.nix" />
+       <ObjFilesToCopy Include="$(ProjectDirectory)artifacts/**/project.assets.json" />
+     </ItemGroup>
+     <MakeDir Directories="$(BuildLogsDir)" Condition="Exists('$(ProjectDirectory)artifacts')"/>
+-- 
+2.40.1
+
diff --git a/pkgs/development/compilers/dotnet/record-downloaded-packages.proj b/pkgs/development/compilers/dotnet/record-downloaded-packages.proj
new file mode 100644
index 000000000000..f85da42ec2be
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/record-downloaded-packages.proj
@@ -0,0 +1,13 @@
+<Project>
+  <Target Name="NuGetToNix"
+    BeforeTargets="CopyInnerBuildRestoredPackages">
+    <ItemGroup>
+      <_NuGetToNixPackageCache Include="$(ProjectDirectory)artifacts/sb/package-cache/"/>
+      <_NuGetToNixPackageCache Include="$(ProjectDirectory)artifacts/source-build/self/package-cache/"/>
+    </ItemGroup>
+    <Exec
+      Command="nuget-to-nix '@(_NuGetToNixPackageCache)' >'$(ProjectDirectory)deps.nix' 2>'$(ProjectDirectory)deps.out'"
+      WorkingDirectory="$(ProjectDirectory)"
+      Condition="Exists('%(Identity)')"/>
+  </Target>
+</Project>
diff --git a/pkgs/development/compilers/dotnet/sign-apphost.nix b/pkgs/development/compilers/dotnet/sign-apphost.nix
new file mode 100644
index 000000000000..f804ab79d332
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/sign-apphost.nix
@@ -0,0 +1,10 @@
+{ substituteAll
+, callPackage
+}:
+let
+  sigtool = callPackage ./sigtool.nix {};
+
+in substituteAll {
+  src = ./sign-apphost.proj;
+  codesign = "${sigtool}/bin/codesign";
+}
diff --git a/pkgs/development/compilers/dotnet/sign-apphost.proj b/pkgs/development/compilers/dotnet/sign-apphost.proj
new file mode 100644
index 000000000000..e401739bdd70
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/sign-apphost.proj
@@ -0,0 +1,11 @@
+<Project>
+  <Target Name="SignAppHost" AfterTargets="_CreateAppHost" Condition="'$(AppHostIntermediatePath)' != ''">
+    <Exec Command='@codesign@ -f -s - "$(AppHostIntermediatePath)" 2>&amp;1'/>
+  </Target>
+  <Target Name="UnsignBundle" BeforeTargets="GenerateSingleFileBundle" Condition="'$(PublishedSingleFileName)' != ''">
+    <Exec Command='@codesign@ --remove-signature "@(FilesToBundle)" 2>&amp;1' Condition="'%(FilesToBundle.RelativePath)' == '$(PublishedSingleFileName)'"/>
+  </Target>
+  <Target Name="SignBundle" AfterTargets="GenerateSingleFileBundle" Condition="'$(PublishedSingleFilePath)' != ''">
+    <Exec Command='@codesign@ -f -s - "$(PublishedSingleFilePath)" 2>&amp;1'/>
+  </Target>
+</Project>
diff --git a/pkgs/development/compilers/dotnet/sigtool.nix b/pkgs/development/compilers/dotnet/sigtool.nix
new file mode 100644
index 000000000000..658ee578ae98
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/sigtool.nix
@@ -0,0 +1,27 @@
+{ darwin
+, fetchFromGitHub
+, makeWrapper
+}:
+let
+  cctools = darwin.cctools;
+
+in darwin.sigtool.overrideAttrs (old: {
+  # this is a fork of sigtool that supports -v and --remove-signature, which are
+  # used by the dotnet sdk
+  src = fetchFromGitHub {
+    owner = "corngood";
+    repo = "sigtool";
+    rev = "new-commands";
+    sha256 = "sha256-EVM5ZG3sAHrIXuWrnqA9/4pDkJOpWCeBUl5fh0mkK4k=";
+  };
+
+  nativeBuildInputs = old.nativeBuildInputs or [] ++ [
+    makeWrapper
+  ];
+
+  postInstall = old.postInstall or "" + ''
+    wrapProgram $out/bin/codesign \
+      --set-default CODESIGN_ALLOCATE \
+        "${cctools}/bin/${cctools.targetPrefix}codesign_allocate"
+  '';
+})
diff --git a/pkgs/development/compilers/dotnet/stage0.nix b/pkgs/development/compilers/dotnet/stage0.nix
new file mode 100644
index 000000000000..d12d1a6c3d13
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/stage0.nix
@@ -0,0 +1,126 @@
+{ stdenv
+, stdenvNoCC
+, callPackage
+, lib
+, writeShellScript
+, pkgsBuildHost
+, mkNugetDeps
+, nix
+, cacert
+, nuget-to-nix
+, dotnetCorePackages
+, xmlstarlet
+
+, releaseManifestFile
+, tarballHash
+, depsFile
+, bootstrapSdk
+}:
+
+let
+  mkPackages = callPackage ./packages.nix;
+  mkVMR = callPackage ./vmr.nix;
+
+  dotnetSdk = pkgsBuildHost.callPackage bootstrapSdk {};
+
+  patchNupkgs = pkgsBuildHost.callPackage ./patch-nupkgs.nix {};
+
+  signAppHost = callPackage ./sign-apphost.nix {};
+
+  deps = mkNugetDeps {
+    name = "dotnet-vmr-deps";
+    sourceFile = depsFile;
+  };
+
+  vmr = (mkVMR {
+    inherit releaseManifestFile tarballHash dotnetSdk;
+  }).overrideAttrs (old: rec {
+    prebuiltPackages = mkNugetDeps {
+      name = "dotnet-vmr-deps";
+      sourceFile = depsFile;
+    };
+
+    nativeBuildInputs =
+      old.nativeBuildInputs or []
+      ++ [ xmlstarlet ]
+      ++ lib.optional stdenv.isLinux patchNupkgs;
+
+    postPatch = old.postPatch or "" + lib.optionalString stdenv.isLinux ''
+      xmlstarlet ed \
+        --inplace \
+        -s //Project -t elem -n Import \
+        -i \$prev -t attr -n Project -v "${./patch-restored-packages.proj}" \
+        src/*/Directory.Build.targets
+    '' + lib.optionalString stdenv.isDarwin ''
+      xmlstarlet ed \
+        --inplace \
+        -s //Project -t elem -n Import \
+        -i \$prev -t attr -n Project -v "${signAppHost}" \
+        src/runtime/Directory.Build.targets
+    '';
+
+    postConfigure = old.postConfigure or "" + ''
+      [[ ! -v prebuiltPackages ]] || ln -sf "$prebuiltPackages"/* prereqs/packages/prebuilt/
+    '';
+
+    passthru = old.passthru or {} // { fetch-deps =
+      let
+        inherit (vmr) targetRid updateScript;
+        otherRids =
+          lib.remove targetRid (
+            map (system: dotnetCorePackages.systemToDotnetRid system)
+              vmr.meta.platforms);
+
+        pkg = vmr.overrideAttrs (old: {
+          nativeBuildInputs = old.nativeBuildInputs ++ [
+            nix
+            cacert
+            (nuget-to-nix.override { dotnet-sdk = dotnetSdk; })
+          ];
+          postPatch = old.postPatch or "" + ''
+            xmlstarlet ed \
+              --inplace \
+              -s //Project -t elem -n Import \
+              -i \$prev -t attr -n Project -v "${./record-downloaded-packages.proj}" \
+              repo-projects/Directory.Build.targets
+            # make nuget-client use the standard arcade package-cache dir, which
+            # is where we scan for dependencies
+            xmlstarlet ed \
+              --inplace \
+              -s //Project -t elem -n ItemGroup \
+              -s \$prev -t elem -n EnvironmentVariables \
+              -i \$prev -t attr -n Include -v 'NUGET_PACKAGES=$(ProjectDirectory)artifacts/sb/package-cache/' \
+              repo-projects/nuget-client.proj
+          '';
+          buildFlags = [ "--online" ] ++ old.buildFlags;
+          prebuiltPackages = null;
+        });
+
+        drv = builtins.unsafeDiscardOutputDependency pkg.drvPath;
+      in
+        writeShellScript "fetch-dotnet-sdk-deps" ''
+          ${nix}/bin/nix-shell --pure --run 'source /dev/stdin' "${drv}" << 'EOF'
+          set -e
+
+          tmp=$(mktemp -d)
+          trap 'rm -fr "$tmp"' EXIT
+
+          HOME=$tmp/.home
+          cd "$tmp"
+
+          phases="''${prePhases[*]:-} unpackPhase patchPhase ''${preConfigurePhases[*]:-} \
+            configurePhase ''${preBuildPhases[*]:-} buildPhase checkPhase" \
+            genericBuild
+
+          depsFiles=(./src/*/deps.nix)
+
+          cat $(nix-build ${toString ./combine-deps.nix} \
+            --arg list "[ ''${depsFiles[*]} ]" \
+            --argstr baseRid ${targetRid} \
+            --arg otherRids '${lib.generators.toPretty { multiline = false; } otherRids}' \
+            ) > "${toString prebuiltPackages.sourceFile}"
+          EOF
+        '';
+    };
+  });
+in mkPackages { inherit vmr; }
diff --git a/pkgs/development/compilers/dotnet/stage1.nix b/pkgs/development/compilers/dotnet/stage1.nix
new file mode 100644
index 000000000000..4212aaaab024
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/stage1.nix
@@ -0,0 +1,27 @@
+{ stdenv
+, lib
+, callPackage
+, pkgsBuildHost
+
+, releaseManifestFile
+, tarballHash
+, depsFile
+, bootstrapSdk
+}@args:
+
+let
+  mkPackages = callPackage ./packages.nix;
+  mkVMR = callPackage ./vmr.nix;
+
+  stage0 = pkgsBuildHost.callPackage ./stage0.nix args;
+
+  vmr = (mkVMR {
+    inherit releaseManifestFile tarballHash;
+    dotnetSdk = stage0.sdk;
+  }).overrideAttrs (old: {
+    passthru = old.passthru or {} // {
+      inherit (stage0.vmr) fetch-deps;
+    };
+  });
+
+in mkPackages { inherit vmr; }
diff --git a/pkgs/development/compilers/dotnet/stop-passing-bare-sdk-arg-to-swiftc.patch b/pkgs/development/compilers/dotnet/stop-passing-bare-sdk-arg-to-swiftc.patch
new file mode 100644
index 000000000000..fa2606c0c6cd
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/stop-passing-bare-sdk-arg-to-swiftc.patch
@@ -0,0 +1,31 @@
+From 85a940f3f039704da73ee177c1848cd4b6ed029f Mon Sep 17 00:00:00 2001
+From: David McFarland <corngood@gmail.com>
+Date: Tue, 9 Jan 2024 15:10:00 -0400
+Subject: [PATCH] stop passing bare sdk arg to swiftc
+
+---
+ .../CMakeLists.txt                                          | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native.Apple/CMakeLists.txt b/src/runtime/src/native/libs/System.Security.Cryptography.Native.Apple/CMakeLists.txt
+index b847f5c3cd..cf8344ead0 100644
+--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native.Apple/CMakeLists.txt
++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native.Apple/CMakeLists.txt
+@@ -49,9 +49,13 @@ if (NOT SWIFT_COMPILER_TARGET AND CLR_CMAKE_TARGET_OSX)
+     set(SWIFT_COMPILER_TARGET "${CMAKE_OSX_ARCHITECTURES}-apple-${SWIFT_PLATFORM}${SWIFT_DEPLOYMENT_TARGET}${SWIFT_PLATFORM_SUFFIX}")
+ endif()
+ 
++if (CMAKE_OSX_SYSROOT)
++    set(SWIFT_ARGS -sdk ${CMAKE_OSX_SYSROOT})
++endif()
++
+ add_custom_command(
+     OUTPUT pal_swiftbindings.o
+-    COMMAND xcrun swiftc -emit-object -static -parse-as-library -runtime-compatibility-version none -sdk ${CMAKE_OSX_SYSROOT} -target ${SWIFT_COMPILER_TARGET} ${CMAKE_CURRENT_SOURCE_DIR}/pal_swiftbindings.swift -o pal_swiftbindings.o
++    COMMAND xcrun swiftc -emit-object -static -parse-as-library -runtime-compatibility-version none ${SWIFT_ARGS} -target ${SWIFT_COMPILER_TARGET} ${CMAKE_CURRENT_SOURCE_DIR}/pal_swiftbindings.swift -o pal_swiftbindings.o
+     MAIN_DEPENDENCY ${CMAKE_CURRENT_SOURCE_DIR}/pal_swiftbindings.swift
+     COMMENT "Compiling Swift file pal_swiftbindings.swift"
+ )
+-- 
+2.42.0
+
diff --git a/pkgs/development/compilers/dotnet/update.nix b/pkgs/development/compilers/dotnet/update.nix
new file mode 100644
index 000000000000..89291d2461d8
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/update.nix
@@ -0,0 +1,123 @@
+{ stdenvNoCC
+, lib
+, fetchurl
+, writeScript
+, nix
+, runtimeShell
+, curl
+, cacert
+, jq
+, yq
+, gnupg
+
+, releaseManifestFile
+, releaseInfoFile
+, allowPrerelease
+}:
+
+let
+  inherit (lib.importJSON releaseManifestFile) channel release;
+
+  pkg = stdenvNoCC.mkDerivation {
+    name = "update-dotnet-vmr-env";
+
+    nativeBuildInputs = [
+      nix
+      curl
+      cacert
+      jq
+      yq
+      gnupg
+    ];
+  };
+
+  releaseKey = fetchurl {
+    url = "https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc";
+    hash = "sha256-F668QB55md0GQvoG0jeA66Fb2RbrsRhFTzTbXIX3GUo=";
+  };
+
+  drv = builtins.unsafeDiscardOutputDependency pkg.drvPath;
+
+in writeScript "update-dotnet-vmr.sh" ''
+  #! ${nix}/bin/nix-shell
+  #! nix-shell -i ${runtimeShell} --pure ${drv}
+  set -euo pipefail
+
+  query=$(cat <<EOF
+      map(
+          select(
+              ${lib.optionalString (!allowPrerelease) ".prerelease == false and"}
+              .draft == false and
+              (.name | startswith(".NET ${channel}")))) |
+      first | (
+          .name,
+          .tag_name,
+          (.assets |
+              .[] |
+              select(.name == "release.json") |
+              .browser_download_url),
+          (.assets |
+              .[] |
+              select(.name | endswith(".tar.gz.sig")) |
+              .browser_download_url))
+  EOF
+  )
+
+  (
+      curl -fsL https://api.github.com/repos/dotnet/dotnet/releases | \
+      jq -r "$query" \
+  ) | (
+      read name
+      read tagName
+      read releaseUrl
+      read sigUrl
+
+      if [[ "$name" == ".NET ${release}" ]]; then
+          >&2 echo "release is already $name"
+          exit
+      fi
+
+      tmp="$(mktemp -d)"
+      trap 'rm -rf "$tmp"' EXIT
+
+      tarballUrl=https://github.com/dotnet/dotnet/archive/refs/tags/$tagName.tar.gz
+
+      mapfile -t prefetch < <(nix-prefetch-url --print-path "$tarballUrl")
+      tarballHash=$(nix-hash --to-sri --type sha256 "''${prefetch[0]}")
+      tarball=''${prefetch[1]}
+
+      cd "$tmp"
+      curl -L "$sigUrl" -o release.sig
+
+      export GNUPGHOME=$PWD/.gnupg
+      gpg --batch --import ${releaseKey}
+      gpg --batch --verify release.sig "$tarball"
+
+      tar --strip-components=1 --no-wildcards-match-slash --wildcards -xzf "$tarball" \*/eng/Versions.props
+      artifactsVersion=$(xq -r '.Project.PropertyGroup |
+          map(select(.PrivateSourceBuiltArtifactsVersion))
+          | .[] | .PrivateSourceBuiltArtifactsVersion' eng/Versions.props)
+
+      if [[ "$artifactsVersion" != "" ]]; then
+          artifactsUrl=https://dotnetcli.azureedge.net/source-built-artifacts/assets/Private.SourceBuilt.Artifacts.$artifactsVersion.centos.8-x64.tar.gz
+      else
+          artifactsUrl=$(xq -r '.Project.PropertyGroup |
+              map(select(.PrivateSourceBuiltArtifactsUrl))
+              | .[] | .PrivateSourceBuiltArtifactsUrl' eng/Versions.props)
+      fi
+
+      artifactsHash=$(nix-hash --to-sri --type sha256 "$(nix-prefetch-url "$artifactsUrl")")
+
+      jq --null-input \
+          --arg _0 "$tarballHash" \
+          --arg _1 "$artifactsUrl" \
+          --arg _2 "$artifactsHash" \
+          '{
+              "tarballHash": $_0,
+              "artifactsUrl": $_1,
+              "artifactsHash": $_2,
+          }' > "${toString releaseInfoFile}"
+
+      curl -fsL "$releaseUrl" -o ${toString releaseManifestFile}
+  )
+''
diff --git a/pkgs/development/compilers/dotnet/versions/8.0.102.nix b/pkgs/development/compilers/dotnet/versions/8.0.102.nix
new file mode 100644
index 000000000000..2cbba9f84f37
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/versions/8.0.102.nix
@@ -0,0 +1,179 @@
+{ buildAspNetCore, buildNetRuntime, buildNetSdk }:
+
+# v8.0 (active)
+{
+  aspnetcore_8_0 = buildAspNetCore {
+    version = "8.0.2";
+    srcs = {
+      x86_64-linux = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/d6d79cc3-df2f-4680-96ff-a7198f461139/df025000eaf5beb85d9137274a8c53ea/aspnetcore-runtime-8.0.2-linux-x64.tar.gz";
+        sha512  = "c8d4f9ad45cc97570ac607c0d14064da6c1215ef864afd73688ec7470af774f80504a937cbb5aadbb0083250122aae361770d2bca68f30ac7b62b4717bee6fca";
+      };
+      aarch64-linux = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/bdfd0216-539e-4dfd-81ea-1b7a77dda929/59a62884bdb8684ef0e4f434eaea0ca3/aspnetcore-runtime-8.0.2-linux-arm64.tar.gz";
+        sha512  = "9e5733a0d40705df17a1c96025783fd2544ad344ac98525f9d11947ea6ef632a23b0d2bf536314e4aeda8ae9c0f65b8f8feee184e1a1aabfda30059f59b1b9a6";
+      };
+      x86_64-darwin = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/a44da2c3-cb74-4ffe-af5a-34286598a885/263f113228e88df3f654510c9092f68b/aspnetcore-runtime-8.0.2-osx-x64.tar.gz";
+        sha512  = "a7edf091509305d27275d5d7911c3c61a2546e0d3b5b0fe9fcb9e704daf3c550ea0a5ae659272a29b5e218d02f28b7d331ab0905e9459711624692f1589d7285";
+      };
+      aarch64-darwin = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/a5692569-6092-4db1-9d5c-4862265a7b5b/7173de926da466e21ab9c7666a31dee3/aspnetcore-runtime-8.0.2-osx-arm64.tar.gz";
+        sha512  = "9e79556cf58f9d0b0f302a50ef9724122a9b18daba70e715b7334f9ed97a4983be0386e4132f5273d120f00d18f8af8a8ad7ea1ef0a82c610e268a33e76a30e4";
+      };
+    };
+  };
+
+  runtime_8_0 = buildNetRuntime {
+    version = "8.0.2";
+    srcs = {
+      x86_64-linux = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/307e4bf7-53c1-4b03-a2e5-379151ab3a04/140e7502609d45dfd83e4750b4bb5178/dotnet-runtime-8.0.2-linux-x64.tar.gz";
+        sha512  = "f30f72f55b9e97e36107f920e932477183867726a963ea0d4d151f291981877ba253a7175614c60b386b6a37f9192d97d7402dafdad2529369f512698cb9d1dd";
+      };
+      aarch64-linux = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/9de452db-acbe-48eb-b3f0-305a4e48e32a/515bbe7e3e1deef5ab9a4b8123b901ca/dotnet-runtime-8.0.2-linux-arm64.tar.gz";
+        sha512  = "12c5f49b7bd63d73cae57949e1520eaebc47732f559f68199ecd3bcca597f2da702352313a20aa100c667ede1d701dc6822f7a4eee9063d1c73d1f451ed832ac";
+      };
+      x86_64-darwin = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/414af43f-fdc6-4e8e-bbff-8b544a6627a8/0719a2eafa1d0d5f73ee0a7aae4ce670/dotnet-runtime-8.0.2-osx-x64.tar.gz";
+        sha512  = "e8945057f5fdf55994675caeff07ff53ba96324edbfe148ea60f58c883548be59cd1d891552b55ed5a594c1cfa549bd783ce9e25b5467ae48ab3f97590f36003";
+      };
+      aarch64-darwin = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/c7b73f69-39ca-4d2a-bd02-a72abb3a4fc5/6d68aa25f4576b70fff4925fb4e69c4b/dotnet-runtime-8.0.2-osx-arm64.tar.gz";
+        sha512  = "c410f56283f0d51484d26755349a7b62364e2c54650c87dcee6fea0a370fa84b14b4ebc8c5e121e2b3ea4f0ac2880ebe40a43bcb02aa30ce360fd0dbc12fbfbb";
+      };
+    };
+  };
+
+  sdk_8_0 = buildNetSdk {
+    version = "8.0.102";
+    srcs = {
+      x86_64-linux = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/672cfd95-c7fe-42e3-8b68-30c74f7af88e/ecdaa65fe42b6572ed37d407c26de8a2/dotnet-sdk-8.0.102-linux-x64.tar.gz";
+        sha512  = "f5928f5b947441065f2f34b25ae8de1fbf7dbae2c0ba918bfb4224d2d08849c79cbdc1825c0d42a5822f12757f78efa58e295a8ee0f0e6fce39cc7c6ed977b8f";
+      };
+      aarch64-linux = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/23568042-614a-41d3-a6b9-51e178e42977/cb1e1f4f5fb5d46080a60cd14d631660/dotnet-sdk-8.0.102-linux-arm64.tar.gz";
+        sha512  = "5e0b5762ab2f038de50859a2e18a3964ea6b754faa01d72f9824100546a271148908e84d666bb63d25e5d9a92038bc8a2f944d0342bbf8834cb5d5e936878c76";
+      };
+      x86_64-darwin = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/e60574bc-0bb6-45c6-ad3f-5c5fa29c75b7/1d903893164d767b98e9998153ed4c88/dotnet-sdk-8.0.102-osx-x64.tar.gz";
+        sha512  = "963432c5c7d7d0b204a92248c61d1be227369c6bc1d47f977c913c416c61584451fd05d0e95a6fbe51f0e1958e1c1a71f2530f478dd036ed2b0e123944b3ce00";
+      };
+      aarch64-darwin = {
+        url     = "https://download.visualstudio.microsoft.com/download/pr/e89e4d12-89c6-419c-a2be-9b2ec96b209f/0f393a6b611b26d7e4599694dff857e2/dotnet-sdk-8.0.102-osx-arm64.tar.gz";
+        sha512  = "69d702b561ae7ddf4c47fe228c16472fd8d7065de1a4a206fc07c6906db49e7da25b21c06f0ef080f41658aeddc0f3c0a23ce1de7e65b830c308bfe13cf95fe8";
+      };
+    };
+    packages = { fetchNuGet }: [
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm"; version = "8.0.2"; sha256 = "06s21b9k4niwb2qlrz4faccfmqyxfv08vzd85izla3zjxmqv3jxb"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "8.0.2"; sha256 = "1bxsrlsyvia4v3fswxl9pnf9107zwf1n1hlwffyxs0kd5iq7jabr"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"; version = "8.0.2"; sha256 = "14yysn896flzsisnc3bhfc98slj2xg3f5jr39m62w2p54km0jcrj"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"; version = "8.0.2"; sha256 = "1486lnpn9al764f4q9p2xry38qrk1127m62j5n8ikcx8iazrbkqm"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "8.0.2"; sha256 = "0fh2lvjrl41r1r4q3v9mylr16arb190x4xs0m5nsg6qak93y6pip"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.osx-x64"; version = "8.0.2"; sha256 = "0ihhhsypb0f8lffl5lbm4nw0l9cwcv6dgylxbgvs10yfpvpix8av"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.win-arm64"; version = "8.0.2"; sha256 = "1pfwb7j3gg62z10k799w2hr8yqmiv9gjvqzw6g72navzk322901s"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.win-x64"; version = "8.0.2"; sha256 = "0anifybcb7yipazd0qsiz6g1kj7liw6qz3lmqhkw3ipbr0zip0vv"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.win-x86"; version = "8.0.2"; sha256 = "0ag84bb4p9w41njyf7yh5h2wgz49qgx1xzhb6q4ls0m03mknp2g6"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "8.0.2"; sha256 = "1iv12b2pdngn9pzd9cx0n7v3q6dsw8c38vx1ypd6fb27qqwrdrr6"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"; version = "8.0.2"; sha256 = "1a0zy0sfd4k7pwwk7fkgyd4vph91nfbxhjzvha96ravdh8isxngx"; })
+      (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.osx-arm64"; version = "8.0.2"; sha256 = "0xfwnqbbzg1xb6zxlms5v1dj3jh46lh6vzfjbqxj55fj87qr73yi"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm"; version = "8.0.2"; sha256 = "1217mw4mw978f2d84h0vf0bbzl55kp8z1n4620rphqh6l4r1gr52"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "8.0.2"; sha256 = "1pi4s9sn64cyvarba1vgb17k92ank7q95xmn7dz9zb1z9n6v19hm"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-musl-arm64"; version = "8.0.2"; sha256 = "13ckd4w7ysa5ay5wmklsnws7hhzw6nnlblhcda7r11m0fjfly6lr"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-musl-x64"; version = "8.0.2"; sha256 = "0vy2r79sgr6p665943rb44d1m5xv8m6h96rqlr03g6ipk1gzz6xw"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "8.0.2"; sha256 = "1kbdpqfq64h3dy2mj90sfi2pjks77fmp74fqkvps35fh3lacb3dq"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.osx-x64"; version = "8.0.2"; sha256 = "1xlnlp4ckqn0myl5pzsqhmpall1pnbmqhb62rr7m61dy83xhvm6l"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.win-arm64"; version = "8.0.2"; sha256 = "131kgy0787a38zmb3y002yr1lrnkfc4mk2xmh8jx5pqkl7bp5p67"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.win-x64"; version = "8.0.2"; sha256 = "1p7152v1wyhrxh1mqq29bm06xcfilzngr89cl8kxv5lcars3yc00"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.win-x86"; version = "8.0.2"; sha256 = "0yyix9cypm53b0q6zfw5bqbm18x2s54ns7a1w7apxfzs8cckjfp7"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm"; version = "8.0.2"; sha256 = "0j31y9qwcm76zsxbid52zn4350sbq489pa7znmkzdrxgbcn19dmq"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "8.0.2"; sha256 = "1g2n69s8sa9ik9jhkc6xcdjcvghwr5m9glbxr1f22dbj6nw433c4"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-musl-arm64"; version = "8.0.2"; sha256 = "0h148hmzrplhw2cx9yd2jmrw6ilpc9ys98w6jcaphzb7n184y374"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-musl-x64"; version = "8.0.2"; sha256 = "1xcfs5yxsxis9hx1dkp5bkhgl0n95ja2ibwwnxmg2agc8134y935"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "8.0.2"; sha256 = "0zvivfiz8lja1k6vcmwswh4lz6ch8x0nlap3x35psfw3p7j51163"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.osx-x64"; version = "8.0.2"; sha256 = "0x3fsfkv2gcilhsj31pjgg2vfibq2xvqhprw3hpm4gig4c2qi4fg"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.win-arm64"; version = "8.0.2"; sha256 = "1w6bads6vyiikbfds95zpw91qmb87a20my67c5pri3q6qqwcny6d"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.win-x64"; version = "8.0.2"; sha256 = "1cfd2bq41y3m86528hxlh3cj975rvhj8gigalfxaw5jsv8hw6cdm"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.win-x86"; version = "8.0.2"; sha256 = "0s92zdr0midkjk5xip0l3s8md7gcfh4dz81pqz2p7wwhcm29k1hq"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0c99m8sh056wkk7h3f9bj8l67dxwzwnmz0ix398ff1w1pdpiabcm"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "13l2xa4fxnm6i6kpjwr173hyd61s2ks7sjzp2ah3l1n71wds3vag"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "16qhn61di7gz5a68sc2rg5y2y4293rsbks4rvplyjr68scnba4hb"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "0mz7h7silzjgf6p4f0qk8izvjf0dlppvxjf44f381kkamm6viiqd"; })
+      (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0bvivl9ffgpsq4rbv8n8ivw9jr8yykbsp8r77n23xjm5vz8fcaks"; })
+      (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "1k6vv7mpa81pjx1v8wd8d7ns3wr3ydql1ihx59s6cfg8fx18j5w9"; })
+      (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "05480dq2mzzfvk9whlz16lq0rs2kzy55d905cl832df6j36yzy9w"; })
+      (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "1gm5yrbyh6h09lsr7izbg7izqiq3nwf7cx4y12hwk63544hprh2j"; })
+      (fetchNuGet { pname = "runtime.linux-arm.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0wqdx4h3isn1la8wbm8mvip0ai3fspvr8q2g2hx04lylpilcwnfy"; })
+      (fetchNuGet { pname = "runtime.linux-arm.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "16l4dzmqsjnppl8ra3dz3062na1324zqpibcb9kk6aliayzkwjmp"; })
+      (fetchNuGet { pname = "runtime.linux-arm.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "0qzqbpwa79qizj7yzmmk2kr1ibwdg0m104rp2ava2qp8c9mxx1lq"; })
+      (fetchNuGet { pname = "runtime.linux-arm.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "10k85lqnczpdnzw43ylkma0iv1wxzqv9x4pfr31zwfb5z5p3m7ja"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0yd9vf8z1p264411p4y2aka4dnzhjvi7zhxc9dy6yfjwndlqfz03"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "1vhi86iwln4pv2k0v6xfx5rp2vk5l6l4p399rj63wmm928n3v2la"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "0i7l7zw99nfq1s43d4cyhs9p5bx719x0q1fmlkp8am4mwga554kf"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "1ny0hjyip2n9mv0iiv2rpikb3apk4cjhvcdi17xn6vf3m79xxbwi"; })
+      (fetchNuGet { pname = "runtime.linux-musl-x64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0cllix46qh7lxihkaaxhb3islwn8vqn5lkr4c8c3bynvyblskjvw"; })
+      (fetchNuGet { pname = "runtime.linux-musl-x64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "1f20gw4sq0s8idysdbpgrdh5l8ik3lry0i3nq60km9z9n183svxd"; })
+      (fetchNuGet { pname = "runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "0c31vfab355bi27wlz18azpyir9y89nn8dcg43j074whc469q0vx"; })
+      (fetchNuGet { pname = "runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "1xmy68m6vslqbl4njllgqscdslqj7xgkgjzpx4pq344mxh6r9agc"; })
+      (fetchNuGet { pname = "runtime.linux-x64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0s93dmisai8wgjid697rgdx3lw2a0s0krr1gcnaav8jz9dg9i8lc"; })
+      (fetchNuGet { pname = "runtime.linux-x64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "0ikwfn1q8jkvzyx77b8ycm7k7004j2w8zgjzkf8kgyw55gy8xfjm"; })
+      (fetchNuGet { pname = "runtime.linux-x64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "0gcwjjaw1lajqmwaji0x03w24721dczgnqrzqjw5ayjh8ib3dir2"; })
+      (fetchNuGet { pname = "runtime.linux-x64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "1i6wijgpksz81hg01c2pwi06k413x6vni4x8v3y38jyazg7qkfp0"; })
+      (fetchNuGet { pname = "runtime.osx-x64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0hsby9ssa974cqkcc29xrjrrqmxyhfkkssmmhrrimh46n7sxzqab"; })
+      (fetchNuGet { pname = "runtime.osx-x64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "0vwlfcpvbjhw0qmqnscnin75a5lb5llhzjizcp3nh5mjnkdghd8q"; })
+      (fetchNuGet { pname = "runtime.osx-x64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "00kv6ijg6yway8km36yj7jq9y1p87iw8b8ysga66qv05y4fvjch1"; })
+      (fetchNuGet { pname = "runtime.osx-x64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "05dz9mxc94y59y6ja05zamdp63qfdss831816y28kjjw4v4crz1q"; })
+      (fetchNuGet { pname = "runtime.win-arm64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "0qbm5zgvcwmmqlcj4jaixbw4a1zzyrf8ap81nlqjfdxp03bv9zqa"; })
+      (fetchNuGet { pname = "runtime.win-arm64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "1jsnxh1hgy7jrjhbz4kf6gq2x3smfx071cb2w1fa3a740h3i0f4m"; })
+      (fetchNuGet { pname = "runtime.win-arm64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "1738mc91wy3yn2bf4srs2wxksd864hm565nmll396q6gw97a4df4"; })
+      (fetchNuGet { pname = "runtime.win-arm64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "152jc4v2zxcax55vmd9xrsxq76q4cqpjlgrd1mfszipnngrlrc71"; })
+      (fetchNuGet { pname = "runtime.win-x64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "1z9fa5ryi23sn163j7jry45f64rxqkgv7v91r04b9cpb4hc1qgym"; })
+      (fetchNuGet { pname = "runtime.win-x64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "14qz0ypylcwldyjn1ins8syjzbqpmfsy4nfkzri12mfn0626qmn2"; })
+      (fetchNuGet { pname = "runtime.win-x64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "136ss58j9wpxp6sj81mijlk32l2f6h81rvaq4l7x0s8wb9fzzbb5"; })
+      (fetchNuGet { pname = "runtime.win-x64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "02562zc9nrkfwikzff7km6mixxb1qf632r60jpzykizgx6w0nrck"; })
+      (fetchNuGet { pname = "runtime.win-x86.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "1sylbjvrr1jnlgd1215czr3xql2gdqy5h5sz7rnfq31hb1j5nc20"; })
+      (fetchNuGet { pname = "runtime.win-x86.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "0ia1igli2r5gnli0r0yzqm012l56zrjf1jk42viahlil2ic3i144"; })
+      (fetchNuGet { pname = "runtime.win-x86.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "0h1kydv3dxnd9s32fd68x44jhc2pm79gv44mb7jf4227lr1dcxss"; })
+      (fetchNuGet { pname = "runtime.win-x86.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "1njywfwlq2785yk4b0114nzdb33zsgsmqj5fhpr6ii1crym649hl"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-musl-arm"; version = "8.0.2"; sha256 = "16lp15z1msadrhiqlwwp0ni9k0slp3am05gqs5bagzwk35mcn27q"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Host.osx-arm64"; version = "8.0.2"; sha256 = "1v8nngksh0cp51g221bizz52jjpc4rzm1avcy5psl81ywmkwmj93"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-musl-arm"; version = "8.0.2"; sha256 = "142s1ricyk351nqg298w5qlzd4scz8pc66x5mw9qh75vcyxsr83f"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.osx-arm64"; version = "8.0.2"; sha256 = "116rkq5ri5dbhp5g7zyc71ml2v92vb5bw5f3nx96llb1pqk74grh"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "8.0.2"; sha256 = "1c2n7cfc7b6sjgk84hxppv57sh1n4dy49cmdd16ki1l6yl2f3j9d"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.linux-arm"; version = "8.0.2"; sha256 = "0c6v2mdfshy5966fl2pfkfhgfs8y1sd0r47lfx7d4igy933dqfga"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.linux-arm64"; version = "8.0.2"; sha256 = "1g8asdz9f3i0mjyh1mkxzfc6x8x77z0d88fa6irpyhh0w45qfccw"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64"; version = "8.0.2"; sha256 = "14djb55i8nwsr3170b82lr89dqxjghnkkghxxy2sl4d2bxw0bsfa"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.linux-x64"; version = "8.0.2"; sha256 = "0h0cc31c1izakpx554kivjqw3s5030a9zy3q4a2apwyj16znv2cw"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.osx-arm64"; version = "8.0.2"; sha256 = "18599d4y8n4y0w489pg7zm4nd4a23iz4zwx317pr5z57b4wrk61k"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.osx-x64"; version = "8.0.2"; sha256 = "04wvf035rr5kw6bj46ici8353lx5k95slydpm42kv1fcy3slqb4p"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.win-x64"; version = "8.0.2"; sha256 = "1adxkh9y3y9cxisrn52c75dmzgfkbnz9aqs2p97ln9qdxxvhzhc2"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.Mono.win-x86"; version = "8.0.2"; sha256 = "0721kp5l7k25ivi2sdxx12kjpddas5l6y5qjmfw8pjcyximhqn0b"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "1kkjmyhrnghihhfvm3qjrkrjbml2nqv8vyslj0g79pjanaqv3prs"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "1j5qhbgy9d1d89xcgdyjcnww0ziad846nd6x5l8fa109z8wvsnki"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "12n0m0rbxp05ggrkxa9yr6kn46pnn3pc4c22p6kkv5ijyg8nhd74"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "1mhwggjfpwssyzxl2mj3j9017xc8qwnw4xlm2rn96yfgsd1pxfpv"; })
+      (fetchNuGet { pname = "runtime.osx-arm64.Microsoft.NETCore.DotNetAppHost"; version = "8.0.2"; sha256 = "1nvis5p0gvymv6sdrmgpgg94sr2w3maskm0c3d8p861wfiwwh0hv"; })
+      (fetchNuGet { pname = "runtime.osx-arm64.Microsoft.NETCore.DotNetHost"; version = "8.0.2"; sha256 = "1vjrnga6inham84hggkx1kkpx4yn7v7z1xnwxas9lisxd0ych7k1"; })
+      (fetchNuGet { pname = "runtime.osx-arm64.Microsoft.NETCore.DotNetHostPolicy"; version = "8.0.2"; sha256 = "0rrblgydpz3yf5gj9kpjc8b17x739nzr1956pwwyarhvh9y0vqrd"; })
+      (fetchNuGet { pname = "runtime.osx-arm64.Microsoft.NETCore.DotNetHostResolver"; version = "8.0.2"; sha256 = "0xpsaxi54g0xac80gy5nv7qk5b513ak1s397b36vwg7mivwc4yhh"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.linux-musl-arm"; version = "8.0.2"; sha256 = "1nm6ibys303xlawqibqygpg1gqc8wm1nxb6pl6vgwmp5w4q02r5h"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.linux-musl-arm64"; version = "8.0.2"; sha256 = "0h6wwlz3mqb8758laczcaq7a0wmnmjf797dh5xwyiq50j1ss1mhw"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.linux-musl-x64"; version = "8.0.2"; sha256 = "09id8hnx0s4x5qvmvifb6jhkfaxzj53yvhl84pvrr4wv4p6ns7cm"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.linux-arm"; version = "8.0.2"; sha256 = "0cg7b57fysgw809m77nb9dqr56g48ya6bjlh7x880ih5b76bnlak"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.linux-arm64"; version = "8.0.2"; sha256 = "1rqr95ix3khc7mbaji520l2vv8vjbrg8zzpv6h1i3p3rdbzjm3l2"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.linux-x64"; version = "8.0.2"; sha256 = "0kzvyghyj95p2qxidp1g8nx5d9qd7wlchpg1a5dqbpv9skljdn7m"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.osx-x64"; version = "8.0.2"; sha256 = "0hmk25bvlpn3sfx4vlvysj2myx4dd8fc2pv3gmhfgb2y01dnswjh"; })
+      (fetchNuGet { pname = "Microsoft.NETCore.App.Crossgen2.osx-arm64"; version = "8.0.2"; sha256 = "1z76l5mpvik3517lcl3qygsfsws4yp37j37sslb4sq7gls4aa0w2"; })
+      (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "1kjlc67bqz7d04ga42l7jm9d3jm773a9i77zc5w7cd591wa8vbbv"; })
+      (fetchNuGet { pname = "runtime.linux-musl-arm64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "0bx7jv4q8dapx6fb6dbk1im057qmk43isvzygp5ci6nd07p419qf"; })
+      (fetchNuGet { pname = "runtime.linux-musl-x64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "1nf6m85f10j5qcyk0w18qxd06n79w0jvnifis08shdsq1isz403z"; })
+      (fetchNuGet { pname = "runtime.linux-x64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "0pl0w114qrlb8bv6d4jw1gv29dz2cs86y3r0nj5z2fxd1r30khym"; })
+      (fetchNuGet { pname = "runtime.osx-x64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "05bs32vhcvpd1dbvmk1rgqm2swp4gn5yv4mwfsisa4q5qi2xlaza"; })
+      (fetchNuGet { pname = "runtime.win-arm64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "12q0adp0hakl9qrf4bqzkvfsy4az55im6sm1nv7g3k5q4vwkqh30"; })
+      (fetchNuGet { pname = "runtime.win-x64.Microsoft.DotNet.ILCompiler"; version = "8.0.2"; sha256 = "1k1iwpsranma2mrljfz9yr63pxbv5l9j4n0zmancbsxlhx31m30s"; })
+      (fetchNuGet { pname = "Microsoft.NET.ILLink.Tasks"; version = "8.0.2"; sha256 = "1fd7ws4qf0354np3lvd735p5r1mdj3zy6gbmv5fzz5cx2bdlplwy"; })
+    ];
+  };
+}
diff --git a/pkgs/development/compilers/dotnet/vmr.nix b/pkgs/development/compilers/dotnet/vmr.nix
new file mode 100644
index 000000000000..36b75c40e6c8
--- /dev/null
+++ b/pkgs/development/compilers/dotnet/vmr.nix
@@ -0,0 +1,332 @@
+{ clangStdenv
+, stdenvNoCC
+, lib
+, fetchurl
+, fetchFromGitHub
+, dotnetCorePackages
+, jq
+, curl
+, git
+, cmake
+, pkg-config
+, llvm
+, zlib
+, icu
+, lttng-ust_2_12
+, libkrb5
+, glibcLocales
+, ensureNewerSourcesForZipFilesHook
+, darwin
+, xcbuild
+, swiftPackages
+, openssl
+, getconf
+, makeWrapper
+, python3
+, xmlstarlet
+, callPackage
+
+, dotnetSdk
+, releaseManifestFile
+, tarballHash
+}:
+
+let
+  stdenv = if clangStdenv.isDarwin
+    then swiftPackages.stdenv
+    else clangStdenv;
+
+  inherit (stdenv)
+    isLinux
+    isDarwin
+    buildPlatform
+    targetPlatform;
+  inherit (darwin) cctools;
+  inherit (swiftPackages) apple_sdk swift;
+
+  releaseManifest = lib.importJSON releaseManifestFile;
+  inherit (releaseManifest) release sourceRepository tag;
+
+  buildRid = dotnetCorePackages.systemToDotnetRid buildPlatform.system;
+  targetRid = dotnetCorePackages.systemToDotnetRid targetPlatform.system;
+  targetArch = lib.elemAt (lib.splitString "-" targetRid) 1;
+
+  sigtool = callPackage ./sigtool.nix {};
+
+  # we need dwarfdump from cctools, but can't have e.g. 'ar' overriding stdenv
+  dwarfdump = stdenvNoCC.mkDerivation {
+    name = "dwarfdump-wrapper";
+    dontUnpack = true;
+    installPhase = ''
+      mkdir -p "$out/bin"
+      ln -s "${cctools}/bin/dwarfdump" "$out/bin"
+    '';
+  };
+
+  _icu = if isDarwin then darwin.ICU else icu;
+
+in stdenv.mkDerivation rec {
+  pname = "dotnet-vmr";
+  version = release;
+
+  # TODO: fix this in the binary sdk packages
+  preHook = lib.optionalString stdenv.isDarwin ''
+    addToSearchPath DYLD_LIBRARY_PATH "${_icu}/lib"
+    export DYLD_LIBRARY_PATH
+  '';
+
+  src = fetchurl {
+    url = "${sourceRepository}/archive/refs/tags/${tag}.tar.gz";
+    hash = tarballHash;
+  };
+
+  nativeBuildInputs = [
+    ensureNewerSourcesForZipFilesHook
+    jq
+    curl.bin
+    git
+    cmake
+    pkg-config
+    python3
+    xmlstarlet
+  ]
+  ++ lib.optionals isDarwin [
+    getconf
+  ];
+
+  buildInputs = [
+    # this gets copied into the tree, but we still want the hooks to run
+    dotnetSdk
+    # the propagated build inputs in llvm.dev break swift compilation
+    llvm.out
+    zlib
+    _icu
+    openssl
+  ]
+  ++ lib.optionals isLinux [
+    libkrb5
+    lttng-ust_2_12
+  ]
+  ++ lib.optionals isDarwin (with apple_sdk.frameworks; [
+    xcbuild.xcrun
+    swift
+    (libkrb5.overrideAttrs (old: {
+      # the propagated build inputs break swift compilation
+      buildInputs = old.buildInputs ++ old.propagatedBuildInputs;
+      propagatedBuildInputs = [];
+    }))
+    dwarfdump
+    sigtool
+    Foundation
+    CoreFoundation
+    CryptoKit
+    System
+  ]);
+
+  # This is required to fix the error:
+  # > CSSM_ModuleLoad(): One or more parameters passed to a function were not valid.
+  # The error occurs during
+  # AppleCryptoNative_X509ImportCollection -> ReadX509 -> SecItemImport
+  # while importing trustedroots/codesignctl.pem. This happens during any dotnet
+  # restore operation.
+  # Enabling com.apple.system.opendirectoryd.membership causes swiftc to use
+  # /var/folders for its default cache path, so the swiftc -module-cache-path
+  # patch below is required.
+  sandboxProfile = ''
+    (allow file-read* (subpath "/private/var/db/mds/system"))
+    (allow mach-lookup (global-name "com.apple.SecurityServer")
+                       (global-name "com.apple.system.opendirectoryd.membership"))
+  '';
+
+  patches = [
+    ./fix-aspnetcore-portable-build.patch
+    ./fix-tmp-path.patch
+  ]
+  ++ lib.optionals isDarwin [
+    ./stop-passing-bare-sdk-arg-to-swiftc.patch
+  ];
+
+  postPatch = ''
+    # set the sdk version in global.json to match the bootstrap sdk
+    jq '(.tools.dotnet=$dotnet)' global.json --arg dotnet "$(${dotnetSdk}/bin/dotnet --version)" > global.json~
+    mv global.json{~,}
+
+    patchShebangs $(find -name \*.sh -type f -executable)
+
+    # I'm not sure why this is required, but these files seem to use the wrong
+    # property name.
+    # TODO: not needed in 9.0?
+    [[ ! -f src/xliff-tasks/eng/Versions.props ]] || \
+      sed -i 's:\bVersionBase\b:VersionPrefix:g' \
+        src/xliff-tasks/eng/Versions.props
+
+    # at least in 9.0 preview 1, this package depends on a specific beta build
+    # of System.CommandLine
+    xmlstarlet ed \
+      --inplace \
+      -s //Project -t elem -n PropertyGroup \
+      -s \$prev -t elem -n NoWarn -v '$(NoWarn);NU1603' \
+      src/nuget-client/src/NuGet.Core/NuGet.CommandLine.XPlat/NuGet.CommandLine.XPlat.csproj
+
+    # AD0001 crashes intermittently in source-build-reference-packages with
+    # CSC : error AD0001: Analyzer 'Microsoft.NetCore.CSharp.Analyzers.Runtime.CSharpDetectPreviewFeatureAnalyzer' threw an exception of type 'System.NullReferenceException' with message 'Object reference not set to an instance of an object.'.
+    # possibly related to https://github.com/dotnet/runtime/issues/90356
+    xmlstarlet ed \
+      --inplace \
+      -s //Project -t elem -n PropertyGroup \
+      -s \$prev -t elem -n NoWarn -v '$(NoWarn);AD0001' \
+      src/source-build-reference-packages/src/referencePackages/Directory.Build.props
+
+    # https://github.com/microsoft/ApplicationInsights-dotnet/issues/2848
+    xmlstarlet ed \
+      --inplace \
+      -u //_:Project/_:PropertyGroup/_:BuildNumber -v 0 \
+      src/source-build-externals/src/application-insights/.props/_GlobalStaticVersion.props
+
+    # this fixes compile errors with clang 15 (e.g. darwin)
+    substituteInPlace \
+      src/runtime/src/native/libs/CMakeLists.txt \
+      --replace-fail 'add_compile_options(-Weverything)' 'add_compile_options(-Wall)'
+  ''
+  + lib.optionalString isLinux ''
+    substituteInPlace \
+      src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.c \
+      --replace-fail '"libssl.so"' '"${openssl.out}/lib/libssl.so"'
+
+    substituteInPlace \
+      src/runtime/src/native/libs/System.Net.Security.Native/pal_gssapi.c \
+      --replace-fail '"libgssapi_krb5.so.2"' '"${libkrb5}/lib/libgssapi_krb5.so.2"'
+
+    substituteInPlace \
+      src/runtime/src/native/libs/System.Globalization.Native/pal_icushim.c \
+      --replace-fail '"libicui18n.so"' '"${icu}/lib/libicui18n.so"' \
+      --replace-fail '"libicuuc.so"' '"${icu}/lib/libicuuc.so"'
+
+    # TODO: we should really make sure the first one (9.0) or the rest (8.0)
+    # works, but --replace-fail results in an empty file
+    substituteInPlace \
+      src/runtime/src/native/libs/System.Globalization.Native/pal_icushim.c \
+      --replace-warn '#define VERSIONED_LIB_NAME_LEN 64' '#define VERSIONED_LIB_NAME_LEN 256' \
+      --replace-warn 'libicuucName[64]' 'libicuucName[256]' \
+      --replace-warn 'libicui18nName[64]' 'libicui18nName[256]'
+  ''
+  + lib.optionalString isDarwin ''
+    substituteInPlace \
+      src/runtime/src/mono/CMakeLists.txt \
+      src/runtime/src/native/libs/System.Globalization.Native/CMakeLists.txt \
+      --replace-fail '/usr/lib/libicucore.dylib' '${darwin.ICU}/lib/libicucore.dylib'
+
+    substituteInPlace \
+      src/runtime/src/installer/managed/Microsoft.NET.HostModel/HostModelUtils.cs \
+      src/sdk/src/Tasks/Microsoft.NET.Build.Tasks/targets/Microsoft.NET.Sdk.targets \
+      --replace-fail '/usr/bin/codesign' '${sigtool}/bin/codesign'
+
+    # [...]/build.proj(123,5): error : Did not find PDBs for the following SDK files:
+    # [...]/build.proj(123,5): error : sdk/8.0.102/System.Resources.Extensions.dll
+    # [...]/build.proj(123,5): error : sdk/8.0.102/System.CodeDom.dll
+    # [...]/build.proj(123,5): error : sdk/8.0.102/FSharp/System.Resources.Extensions.dll
+    # [...]/build.proj(123,5): error : sdk/8.0.102/FSharp/System.CodeDom.dll
+    substituteInPlace \
+      build.proj \
+      --replace-warn 'FailOnMissingPDBs="true"' 'FailOnMissingPDBs="false"'
+
+    # [...]/installer.singlerid.targets(434,5): error MSB3073: The command "pkgbuild [...]" exited with code 127
+    xmlstarlet ed \
+      --inplace \
+      -s //Project -t elem -n PropertyGroup \
+      -s \$prev -t elem -n InnerBuildArgs -v '$(InnerBuildArgs) /p:SkipInstallerBuild=true' \
+      src/runtime/eng/SourceBuild.props
+
+    # fixes swift errors, see sandboxProfile
+    # <unknown>:0: error: unable to open output file '/var/folders/[...]/C/clang/ModuleCache/[...]/SwiftShims-[...].pcm': 'Operation not permitted'
+    # <unknown>:0: error: could not build Objective-C module 'SwiftShims'
+    substituteInPlace \
+      src/runtime/src/native/libs/System.Security.Cryptography.Native.Apple/CMakeLists.txt \
+      --replace-fail 'xcrun swiftc' 'xcrun swiftc -module-cache-path "$ENV{HOME}/.cache/module-cache"'
+  '';
+
+  prepFlags = [
+    "--no-artifacts"
+    "--no-prebuilts"
+  ];
+
+  configurePhase = ''
+    runHook preConfigure
+
+    # The build process tries to overwrite some things in the sdk (e.g.
+    # SourceBuild.MSBuildSdkResolver.dll), so it needs to be mutable.
+    cp -Tr ${dotnetSdk} .dotnet
+    chmod -R +w .dotnet
+
+    ./prep.sh $prepFlags
+
+    runHook postConfigure
+  '';
+
+  dontUseCmakeConfigure = true;
+
+  # https://github.com/NixOS/nixpkgs/issues/38991
+  # bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
+  LOCALE_ARCHIVE = lib.optionalString isLinux
+    "${glibcLocales}/lib/locale/locale-archive";
+
+  buildFlags = [
+    "--with-packages" dotnetSdk.artifacts
+    "--clean-while-building"
+    "--release-manifest" releaseManifestFile
+    "--"
+    "-p:PortableBuild=true"
+  ] ++ lib.optional (targetRid != buildRid) "-p:TargetRid=${targetRid}";
+
+  buildPhase = ''
+    runHook preBuild
+
+    # on darwin, in a sandbox, this causes:
+    # CSSM_ModuleLoad(): One or more parameters passed to a function were not valid.
+    export DOTNET_GENERATE_ASPNET_CERTIFICATE=0
+
+    # CLR_CC/CXX need to be set to stop the build system from using clang-11,
+    # which is unwrapped
+    version= \
+    CLR_CC=$(command -v clang) \
+    CLR_CXX=$(command -v clang++) \
+      ./build.sh $buildFlags
+
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir "$out"
+
+    pushd "artifacts/${targetArch}/Release"
+    for archive in *.tar.gz; do
+      target=$out/''${archive%.tar.gz}
+      mkdir "$target"
+      tar -C "$target" -xzf "$PWD/$archive"
+    done
+    popd
+
+    runHook postInstall
+  '';
+
+  passthru = {
+    inherit releaseManifest buildRid targetRid;
+    icu = _icu;
+  };
+
+  meta = with lib; {
+    description = "Core functionality needed to create .NET Core projects, that is shared between Visual Studio and CLI";
+    homepage = "https://dotnet.github.io/";
+    license = licenses.mit;
+    maintainers = with maintainers; [ corngood ];
+    mainProgram = "dotnet";
+    platforms = [
+      "x86_64-linux"
+      "aarch64-linux"
+      "x86_64-darwin"
+      "aarch64-darwin"
+    ];
+  };
+}