3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/build-support/rust/fetchCargoTarball.nix
Benjamin Hipple 2115a2037c fetchcargo: use flat tar.gz file for vendored src instead of recursive hash dir
This has several advantages:

1. It takes up less space on disk in-between builds in the nix store.
2. It uses less space in the binary cache for vendor derivation packages.
3. It uses less network traffic downloading from the binary cache.
4. It plays nicely with hashed mirrors like tarballs.nixos.org, which only
   substitute --flat hashes on single files (not recursive directory hashes).
5. It's consistent with how simple `fetchurl` src derivations work.
6. It provides a stronger abstraction between input src-package and output
   package, e.g., it's harder to accidentally depend on the src derivation at
   runtime by referencing something like `${src}/etc/index.html`. Likewise, in
   the store it's harder to get confused with something that is just there as a
   build-time dependency vs. a runtime dependency, since the build-time
   src dependencies are tarred up.

Disadvantages are:
1. It takes slightly longer to untar at the start of a build.

As currently implemented, this attaches the compacted vendor.tar.gz feature as a
rider on `verifyCargoDeps`, since both of them are relatively newly implemented
behavior that change the `cargoSha256`.

If this PR is accepted, I will push forward the remaining rust packages with a
series of treewide PRs to update the `cargoSha256`s.
2020-02-10 10:17:29 -05:00

82 lines
2.3 KiB
Nix

{ stdenv, cacert, git, cargo, python3 }:
let cargo-vendor-normalise = stdenv.mkDerivation {
name = "cargo-vendor-normalise";
src = ./cargo-vendor-normalise.py;
nativeBuildInputs = [ python3.pkgs.wrapPython ];
dontUnpack = true;
installPhase = "install -D $src $out/bin/cargo-vendor-normalise";
pythonPath = [ python3.pkgs.toml ];
postFixup = "wrapPythonPrograms";
doInstallCheck = true;
installCheckPhase = ''
# check that ./fetchcargo-default-config.toml is a fix point
reference=${./fetchcargo-default-config.toml}
< $reference $out/bin/cargo-vendor-normalise > test;
cmp test $reference
'';
preferLocalBuild = true;
};
in
{ name ? "cargo-deps"
, src ? null
, srcs ? []
, patches ? []
, sourceRoot
, sha256
, cargoUpdateHook ? ""
, ...
} @ args:
stdenv.mkDerivation ({
name = "${name}-vendor.tar.gz";
nativeBuildInputs = [ cacert git cargo-vendor-normalise cargo ];
phases = "unpackPhase patchPhase buildPhase installPhase";
buildPhase = ''
# Ensure deterministic Cargo vendor builds
export SOURCE_DATE_EPOCH=1
if [[ ! -f Cargo.lock ]]; then
echo
echo "ERROR: The Cargo.lock file doesn't exist"
echo
echo "Cargo.lock is needed to make sure that cargoSha256 doesn't change"
echo "when the registry is updated."
echo
exit 1
fi
# Keep the original around for copyLockfile
cp Cargo.lock Cargo.lock.orig
export CARGO_HOME=$(mktemp -d cargo-home.XXX)
CARGO_CONFIG=$(mktemp cargo-config.XXXX)
${cargoUpdateHook}
cargo vendor $name | cargo-vendor-normalise > $CARGO_CONFIG
# Add the Cargo.lock to allow hash invalidation
cp Cargo.lock.orig $name/Cargo.lock
# Packages with git dependencies generate non-default cargo configs, so
# always install it rather than trying to write a standard default template.
install -D $CARGO_CONFIG $name/.cargo/config;
'';
# Build a reproducible tar, per instructions at https://reproducible-builds.org/docs/archives/
installPhase = ''
tar --owner=0 --group=0 --numeric-owner --format=gnu \
--sort=name --mtime="@$SOURCE_DATE_EPOCH" \
-czf $out $name
'';
outputHashAlgo = "sha256";
outputHash = sha256;
impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars;
} // (builtins.removeAttrs args [
"name" "sha256" "cargoUpdateHook"
]))