From 8021b5241c550c6b81f657421874db12327473a7 Mon Sep 17 00:00:00 2001 From: Eric Merritt Date: Sat, 16 Jan 2016 13:47:21 -0800 Subject: rebar3: refactor to make hermetic This adds changes to the rebar3 expression that patch rebar3 to force it to be hermetic. Now, by default, rebar3 literally can't download anything. A 'rebar3-open' expression was added for those folks whe want the normal rebar3. --- .../tools/build-managers/rebar3/default.nix | 14 ++- .../build-managers/rebar3/hermetic-rebar3.patch | 108 +++++++++++++++++++++ 2 files changed, 120 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/tools/build-managers/rebar3/hermetic-rebar3.patch (limited to 'pkgs/development/tools') diff --git a/pkgs/development/tools/build-managers/rebar3/default.nix b/pkgs/development/tools/build-managers/rebar3/default.nix index dccb67efaf4c..35a5b1b4d405 100644 --- a/pkgs/development/tools/build-managers/rebar3/default.nix +++ b/pkgs/development/tools/build-managers/rebar3/default.nix @@ -1,5 +1,5 @@ { stdenv, writeText, callPackage, fetchurl, - fetchHex, erlang, rebar3-nix-bootstrap, tree, fetchFromGitHub }: + fetchHex, erlang, hermeticRebar3 ? true, rebar3-nix-bootstrap, tree, fetchFromGitHub }: let @@ -67,6 +67,12 @@ let version = "0.2.0"; sha256 = "03kiszlbgzscfd2ns7na6bzbfzmcqdb5cx3p6qy3657jk2fai332"; }; + # {eunit_formatters, "0.2.0"} + rebar3_hex = fetchHex { + pkg = "rebar3_hex"; + version = "1.12.0"; + sha256 = "45467e93ae8d776c6038fdaeaffbc55d8f2f097f300a54dab9b81c6d1cf21f73"; + }; in stdenv.mkDerivation { @@ -78,7 +84,9 @@ stdenv.mkDerivation { sha256 = "0px66scjdia9aaa5z36qzxb848r56m0k98g0bxw065a2narsh4xy"; }; - patches = [ ./hermetic-bootstrap.patch ]; + patches = if hermeticRebar3 == true + then [ ./hermetic-bootstrap.patch ./hermetic-rebar3.patch ] + else []; buildInputs = [ erlang tree ]; propagatedBuildInputs = [ registrySnapshot rebar3-nix-bootstrap ]; @@ -88,6 +96,7 @@ stdenv.mkDerivation { rebar3-nix-bootstrap registry-only echo "$ERL_LIBS" mkdir -p _build/default/lib/ + mkdir -p _build/default/plugins cp --no-preserve=mode -R ${erlware_commons} _build/default/lib/erlware_commons cp --no-preserve=mode -R ${providers} _build/default/lib/providers cp --no-preserve=mode -R ${getopt} _build/default/lib/getopt @@ -98,6 +107,7 @@ stdenv.mkDerivation { cp --no-preserve=mode -R ${eunit_formatters} _build/default/lib/eunit_formatters cp --no-preserve=mode -R ${relx} _build/default/lib/relx cp --no-preserve=mode -R ${ssl_verify_hostname} _build/default/lib/ssl_verify_hostname + cp --no-preserve=mode -R ${rebar3_hex} _build/default/plugins/rebar3_hex ''; buildPhase = '' diff --git a/pkgs/development/tools/build-managers/rebar3/hermetic-rebar3.patch b/pkgs/development/tools/build-managers/rebar3/hermetic-rebar3.patch new file mode 100644 index 000000000000..8da323ab8235 --- /dev/null +++ b/pkgs/development/tools/build-managers/rebar3/hermetic-rebar3.patch @@ -0,0 +1,108 @@ +diff --git a/src/rebar3.erl b/src/rebar3.erl +index 2b73844..af1d871 100644 +--- a/src/rebar3.erl ++++ b/src/rebar3.erl +@@ -282,9 +282,11 @@ start_and_load_apps(Caller) -> + ensure_running(crypto, Caller), + ensure_running(asn1, Caller), + ensure_running(public_key, Caller), +- ensure_running(ssl, Caller), +- inets:start(), +- inets:start(httpc, [{profile, rebar}]). ++ ensure_running(ssl, Caller). ++%% Removed due to the hermicity requirements of Nix ++%% ++%% inets:start(), ++%% inets:start(httpc, [{profile, rebar}]). + + ensure_running(App, Caller) -> + case application:start(App) of +@@ -339,4 +341,4 @@ safe_define_test_macro(Opts) -> + test_defined([{d, 'TEST'}|_]) -> true; + test_defined([{d, 'TEST', true}|_]) -> true; + test_defined([_|Rest]) -> test_defined(Rest); +-test_defined([]) -> false. +\ No newline at end of file ++test_defined([]) -> false. +diff --git a/src/rebar_hermicity.erl b/src/rebar_hermicity.erl +new file mode 100644 +index 0000000..d814e2a +--- /dev/null ++++ b/src/rebar_hermicity.erl +@@ -0,0 +1,42 @@ ++%% -*- erlang-indent-level: 4;indent-tabs-mode: nil -*- ++%% ex: ts=4 sw=4 et ++%% ------------------------------------------------------------------- ++%% ++%% rebar: Erlang Build Tools ++%% ++%% Copyright (c) 2016 Eric Merritt (eric@merritt.tech) ++%% ++%% Permission is hereby granted, free of charge, to any person obtaining a copy ++%% of this software and associated documentation files (the "Software"), to deal ++%% in the Software without restriction, including without limitation the rights ++%% to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++%% copies of the Software, and to permit persons to whom the Software is ++%% furnished to do so, subject to the following conditions: ++%% ++%% The above copyright notice and this permission notice shall be included in ++%% all copies or substantial portions of the Software. ++%% ++%% THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++%% IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++%% FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++%% AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++%% LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++%% OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++%% THE SOFTWARE. ++%% ------------------------------------------------------------------- ++-module(rebar_hermicity). ++ ++-export([request/5]). ++ ++-include("rebar.hrl"). ++ ++%% ==================================================================== ++%% Public API ++%% ==================================================================== ++ ++request(Method, {Url, _Headers}, _HTTPOptions, _Options, _Profile) -> ++ ?ERROR("A request is being made that violates Nix hermicity " ++ "This request has been stopped. Details of the request " ++ "are as follows:", []), ++ ?ERROR("Requesnt: ~p ~s", [Method, Url]), ++ erlang:halt(1). +diff --git a/src/rebar_pkg_resource.erl b/src/rebar_pkg_resource.erl +index 4f55ad1..f76fd5d 100644 +--- a/src/rebar_pkg_resource.erl ++++ b/src/rebar_pkg_resource.erl +@@ -100,10 +100,10 @@ make_vsn(_) -> + {error, "Replacing version of type pkg not supported."}. + + request(Url, ETag) -> +- case httpc:request(get, {Url, [{"if-none-match", ETag} || ETag =/= false]}, +- [{ssl, ssl_opts(Url)}, {relaxed, true}], +- [{body_format, binary}], +- rebar) of ++ case rebar_hermicity:request(get, {Url, [{"if-none-match", ETag} || ETag =/= false]}, ++ [{ssl, ssl_opts(Url)}, {relaxed, true}], ++ [{body_format, binary}], ++ rebar) of + {ok, {{_Version, 200, _Reason}, Headers, Body}} -> + ?DEBUG("Successfully downloaded ~s", [Url]), + {"etag", ETag1} = lists:keyfind("etag", 1, Headers), +diff --git a/src/rebar_prv_update.erl b/src/rebar_prv_update.erl +index 6637ebe..d82c1d8 100644 +--- a/src/rebar_prv_update.erl ++++ b/src/rebar_prv_update.erl +@@ -44,8 +44,8 @@ do(State) -> + TmpFile = filename:join(TmpDir, "packages.gz"), + + Url = rebar_state:get(State, rebar_packages_cdn, ?DEFAULT_HEX_REGISTRY), +- case httpc:request(get, {Url, []}, +- [], [{stream, TmpFile}, {sync, true}], ++ case rebar_hermicity:request(get, {Url, []}, ++ [], [{stream, TmpFile}, {sync, true}], + rebar) of + {ok, saved_to_file} -> + {ok, Data} = file:read_file(TmpFile), -- cgit 1.4.1