diff options
Diffstat (limited to 'pkgs/build-support')
| -rw-r--r-- | pkgs/build-support/fetchdarcs/default.nix | 5 | ||||
| -rw-r--r-- | pkgs/build-support/fetchs3/default.nix | 29 | ||||
| -rw-r--r-- | pkgs/build-support/fetchurl/default.nix | 2 | ||||
| -rwxr-xr-x | pkgs/build-support/rust/fetch-cargo-deps | 32 | ||||
| -rw-r--r-- | pkgs/build-support/setup-hooks/make-wrapper.sh | 3 |
5 files changed, 69 insertions, 2 deletions
diff --git a/pkgs/build-support/fetchdarcs/default.nix b/pkgs/build-support/fetchdarcs/default.nix index 2644a20d0a53..c28cc35219c5 100644 --- a/pkgs/build-support/fetchdarcs/default.nix +++ b/pkgs/build-support/fetchdarcs/default.nix @@ -1,10 +1,13 @@ -{stdenv, darcs, nix}: {url, rev ? null, context ? null, md5 ? "", sha256 ? ""}: +{stdenv, darcs, nix, cacert}: + +{url, rev ? null, context ? null, md5 ? "", sha256 ? ""}: if md5 != "" then throw "fetchdarcs does not support md5 anymore, please use sha256" else stdenv.mkDerivation { name = "fetchdarcs"; + SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; builder = ./builder.sh; buildInputs = [darcs]; diff --git a/pkgs/build-support/fetchs3/default.nix b/pkgs/build-support/fetchs3/default.nix new file mode 100644 index 000000000000..a5cdbd150b8b --- /dev/null +++ b/pkgs/build-support/fetchs3/default.nix @@ -0,0 +1,29 @@ +{ stdenv, runCommand, awscli }: + +{ s3url +, sha256 +, region ? "us-east-1" +, credentials ? null # Default to looking at local EC2 metadata service +, executable ? false +, recursiveHash ? false +, postFetch ? null +}: + +let + credentialAttrs = stdenv.lib.optionalAttrs (credentials != null) { + AWS_ACCESS_KEY_ID = credentials.access_key_id; + AWS_SECRET_ACCESS_KEY = credentials.secret_access_key; + AWS_SESSION_TOKEN = credentials.session_token ? null; + }; +in runCommand "foo" ({ + buildInputs = [ awscli ]; + outputHashAlgo = "sha256"; + outputHash = sha256; + outputHashMode = if recursiveHash then "recursive" else "flat"; +} // credentialAttrs) (if postFetch != null then '' + downloadedFile="$(mktemp)" + aws s3 cp ${s3url} $downloadedFile + ${postFetch} +'' else '' + aws s3 cp ${s3url} $out +'') diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix index 1e872fbc57a4..fea06e22ab46 100644 --- a/pkgs/build-support/fetchurl/default.nix +++ b/pkgs/build-support/fetchurl/default.nix @@ -92,7 +92,7 @@ let in -if md5 != "" then throw "fetchsvnssh does not support md5 anymore, please use sha256 or sha512" +if md5 != "" then throw "fetchurl does not support md5 anymore, please use sha256 or sha512" else if (!hasHash) then throw "Specify hash for fetchurl fixed-output derivation: ${stdenv.lib.concatStringsSep ", " urls_}" else stdenv.mkDerivation { name = diff --git a/pkgs/build-support/rust/fetch-cargo-deps b/pkgs/build-support/rust/fetch-cargo-deps index 54593994990f..76661a4f9ecc 100755 --- a/pkgs/build-support/rust/fetch-cargo-deps +++ b/pkgs/build-support/rust/fetch-cargo-deps @@ -1,3 +1,18 @@ +# copied from libgit2 source code 'repo-template.h' +makeGitTemplate() { + local target="$1" + mkdir -p -m777 "$target/info" "$target/pack" "$target/objects" "$target/refs" + mkdir -p -m777 "$target/refs/heads" "$target/refs/tags" "$target/objects/info" "$target/objects/pack" + cat <<'EOF' > "$target/description" +Unnamed repository; edit this file 'description' to name the repository. +EOF + chmod 666 "$target/description" + cat <<'EOF' > "$target/info/exclude" +# File patterns to ignore; see `git help ignore` for more information. +# Lines that start with '#' are comments. +EOF +} + fetchCargoDeps() { src=$(realpath $1) out=$(realpath $2) @@ -6,6 +21,23 @@ fetchCargoDeps() { mkdir $out + # Configure git template dir to make libgit2 more deterministic + # + # Without a template dir, libgit2 defaults to /usr/share/git-core/templates, + # which can vary between systems if sandboxed builds aren't used. + # + # Note: we explictly set --tmpdir for mktemp here to make it more friendly + # for nix-shell users, where $TMPDIR is not necessarily set to NIX_BUILD_TOP + echo "Setting up git templatedir" + export GIT_TEMPLATE_DIR="$(mktemp -d --tmpdir=$NIX_BUILD_TOP git-template.XXX)" + makeGitTemplate "$GIT_TEMPLATE_DIR" + export XDG_CONFIG_HOME="$(mktemp -d --tmpdir=$NIX_BUILD_TOP home.XXX)" + mkdir -p $XDG_CONFIG_HOME/git + cat <<EOF > $XDG_CONFIG_HOME/git/config +[init] + templatedir = $GIT_TEMPLATE_DIR +EOF + # Configure cargo to fetch from a local copy of the crates.io registry echo "Using rust registry from $rustRegistry" diff --git a/pkgs/build-support/setup-hooks/make-wrapper.sh b/pkgs/build-support/setup-hooks/make-wrapper.sh index 96e50773138b..eebde886a884 100644 --- a/pkgs/build-support/setup-hooks/make-wrapper.sh +++ b/pkgs/build-support/setup-hooks/make-wrapper.sh @@ -132,6 +132,9 @@ wrapProgram() { local prog="$1" local hidden hidden="$(dirname "$prog")/.$(basename "$prog")"-wrapped + while [ -e "$hidden" ]; do + hidden="${hidden}_" + done mv "$prog" "$hidden" # Silence warning about unexpanded $0: # shellcheck disable=SC2016 |