pkgs/build-support/fetchurl/default.nix at 23.11-beta

pyrox.dev / nixpkgs
fork atom
lol
fork atom
nixpkgs / pkgs / build-support / fetchurl / default.nix
at 23.11-beta 190 lines 6.5 kB view raw
wrap content
nicoo fetchurl: Correctly handle { outputHash != ""; outputHashAlgo = "" } 2y ago
af5682b3
  1{ lib, buildPackages ? { inherit stdenvNoCC; }, stdenvNoCC
  2, curl # Note that `curl' may be `null', in case of the native stdenvNoCC.
  3, cacert ? null }:
  4
  5let
  6
  7  mirrors = import ./mirrors.nix;
  8
  9  # Write the list of mirrors to a file that we can reuse between
 10  # fetchurl instantiations, instead of passing the mirrors to
 11  # fetchurl instantiations via environment variables.  This makes the
 12  # resulting store derivations (.drv files) much smaller, which in
 13  # turn makes nix-env/nix-instantiate faster.
 14  mirrorsFile =
 15    buildPackages.stdenvNoCC.mkDerivation ({
 16      name = "mirrors-list";
 17      strictDeps = true;
 18      builder = ./write-mirror-list.sh;
 19      preferLocalBuild = true;
 20    } // mirrors);
 21
 22  # Names of the master sites that are mirrored (i.e., "sourceforge",
 23  # "gnu", etc.).
 24  sites = builtins.attrNames mirrors;
 25
 26  impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [
 27    # This variable allows the user to pass additional options to curl
 28    "NIX_CURL_FLAGS"
 29
 30    # This variable allows the user to override hashedMirrors from the
 31    # command-line.
 32    "NIX_HASHED_MIRRORS"
 33
 34    # This variable allows overriding the timeout for connecting to
 35    # the hashed mirrors.
 36    "NIX_CONNECT_TIMEOUT"
 37  ] ++ (map (site: "NIX_MIRRORS_${site}") sites);
 38
 39in
 40
 41{ # URL to fetch.
 42  url ? ""
 43
 44, # Alternatively, a list of URLs specifying alternative download
 45  # locations.  They are tried in order.
 46  urls ? []
 47
 48, # Additional curl options needed for the download to succeed.
 49  # Warning: Each space (no matter the escaping) will start a new argument.
 50  # If you wish to pass arguments with spaces, use `curlOptsList`
 51  curlOpts ? ""
 52
 53, # Additional curl options needed for the download to succeed.
 54  curlOptsList ? []
 55
 56, # Name of the file.  If empty, use the basename of `url' (or of the
 57  # first element of `urls').
 58  name ? ""
 59
 60  # for versioned downloads optionally take pname + version.
 61, pname ? ""
 62, version ? ""
 63
 64, # SRI hash.
 65  hash ? ""
 66
 67, # Legacy ways of specifying the hash.
 68  outputHash ? ""
 69, outputHashAlgo ? ""
 70, sha1 ? ""
 71, sha256 ? ""
 72, sha512 ? ""
 73
 74, recursiveHash ? false
 75
 76, # Shell code to build a netrc file for BASIC auth
 77  netrcPhase ? null
 78
 79, # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes)
 80  # needed for netrcPhase
 81  netrcImpureEnvVars ? []
 82
 83, # Shell code executed after the file has been fetched
 84  # successfully. This can do things like check or transform the file.
 85  postFetch ? ""
 86
 87, # Whether to download to a temporary path rather than $out. Useful
 88  # in conjunction with postFetch. The location of the temporary file
 89  # is communicated to postFetch via $downloadedFile.
 90  downloadToTemp ? false
 91
 92, # If true, set executable bit on downloaded file
 93  executable ? false
 94
 95, # If set, don't download the file, but write a list of all possible
 96  # URLs (resulting from resolving mirror:// URLs) to $out.
 97  showURLs ? false
 98
 99, # Meta information, if any.
100  meta ? {}
101
102  # Passthru information, if any.
103, passthru ? {}
104  # Doing the download on a remote machine just duplicates network
105  # traffic, so don't do that by default
106, preferLocalBuild ? true
107
108  # Additional packages needed as part of a fetch
109, nativeBuildInputs ? [ ]
110}:
111
112let
113  urls_ =
114    if urls != [] && url == "" then
115      (if lib.isList urls then urls
116       else throw "`urls` is not a list")
117    else if urls == [] && url != "" then
118      (if lib.isString url then [url]
119       else throw "`url` is not a string")
120    else throw "fetchurl requires either `url` or `urls` to be set";
121
122  hash_ =
123    if with lib.lists; length (filter (s: s != "") [ hash outputHash sha1 sha256 sha512 ]) > 1
124    then throw "multiple hashes passed to fetchurl" else
125
126    if hash != "" then { outputHashAlgo = null; outputHash = hash; }
127    else if outputHash != "" then
128      if outputHashAlgo != "" then { inherit outputHashAlgo outputHash; }
129      else throw "fetchurl was passed outputHash without outputHashAlgo"
130    else if sha512 != "" then { outputHashAlgo = "sha512"; outputHash = sha512; }
131    else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; }
132    else if sha1   != "" then { outputHashAlgo = "sha1";   outputHash = sha1; }
133    else if cacert != null then { outputHashAlgo = "sha256"; outputHash = ""; }
134    else throw "fetchurl requires a hash for fixed-output derivation: ${lib.concatStringsSep ", " urls_}";
135in
136
137assert (lib.isList curlOpts) -> lib.warn ''
138    fetchurl for ${toString (builtins.head urls_)}: curlOpts is a list (${lib.generators.toPretty { multiline = false; } curlOpts}), which is not supported anymore.
139    - If you wish to get the same effect as before, for elements with spaces (even if escaped) to expand to multiple curl arguments, use a string argument instead:
140      curlOpts = ${lib.strings.escapeNixString (toString curlOpts)};
141    - If you wish for each list element to be passed as a separate curl argument, allowing arguments to contain spaces, use curlOptsList instead:
142      curlOptsList = [ ${lib.concatMapStringsSep " " lib.strings.escapeNixString curlOpts} ];'' true;
143
144stdenvNoCC.mkDerivation ((
145  if (pname != "" && version != "") then
146    { inherit pname version; }
147  else
148    { name =
149      if showURLs then "urls"
150      else if name != "" then name
151      else baseNameOf (toString (builtins.head urls_));
152    }
153) // {
154  builder = ./builder.sh;
155
156  nativeBuildInputs = [ curl ] ++ nativeBuildInputs;
157
158  urls = urls_;
159
160  # If set, prefer the content-addressable mirrors
161  # (http://tarballs.nixos.org) over the original URLs.
162  preferHashedMirrors = true;
163
164  # New-style output content requirements.
165  inherit (hash_) outputHashAlgo outputHash;
166
167  SSL_CERT_FILE = if (hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash)
168                  then "${cacert}/etc/ssl/certs/ca-bundle.crt"
169                  else "/no-cert-file.crt";
170
171  outputHashMode = if (recursiveHash || executable) then "recursive" else "flat";
172
173  inherit curlOpts;
174  curlOptsList = lib.escapeShellArgs curlOptsList;
175  inherit showURLs mirrorsFile postFetch downloadToTemp executable;
176
177  impureEnvVars = impureEnvVars ++ netrcImpureEnvVars;
178
179  nixpkgsVersion = lib.trivial.release;
180
181  inherit preferLocalBuild;
182
183  postHook = if netrcPhase == null then null else ''
184    ${netrcPhase}
185    curlOpts="$curlOpts --netrc-file $PWD/netrc"
186  '';
187
188  inherit meta;
189  passthru = { inherit url; } // passthru;
190})