mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-18 10:53:52 +00:00
buildRustPackage: add cargoHash
for SRI hashes of vendored deps
`buildRustPackage` currently accepts `cargoSha256` as a hash for vendored dependencies. This change adds `cargoHash` which accepts SRI hashes, setting `outputHashAlgo` to `null`. The hash mismatch message still uses `cargoSha256` as an example, which it probably should until we completely switch to SRI hashes.
This commit is contained in:
parent
3d2ffa3dbf
commit
67a10c88bb
@ -15,7 +15,13 @@
|
||||
}:
|
||||
|
||||
{ name ? "${args.pname}-${args.version}"
|
||||
, cargoSha256 ? "unset"
|
||||
|
||||
# SRI hash
|
||||
, cargoHash ? ""
|
||||
|
||||
# Legacy hash
|
||||
, cargoSha256 ? ""
|
||||
|
||||
, src ? null
|
||||
, srcs ? null
|
||||
, unpackPhase ? null
|
||||
@ -46,7 +52,7 @@
|
||||
, buildAndTestSubdir ? null
|
||||
, ... } @ args:
|
||||
|
||||
assert cargoVendorDir == null -> cargoSha256 != "unset";
|
||||
assert cargoVendorDir == null -> !(cargoSha256 == "" && cargoHash == "");
|
||||
assert buildType == "release" || buildType == "debug";
|
||||
|
||||
let
|
||||
@ -54,6 +60,7 @@ let
|
||||
cargoDeps = if cargoVendorDir == null
|
||||
then fetchCargoTarball ({
|
||||
inherit name src srcs sourceRoot unpackPhase cargoUpdateHook;
|
||||
hash = cargoHash;
|
||||
patches = cargoPatches;
|
||||
sha256 = cargoSha256;
|
||||
} // depsExtraArgs)
|
||||
@ -61,7 +68,7 @@ let
|
||||
|
||||
# If we have a cargoSha256 fixed-output derivation, validate it at build time
|
||||
# against the src fixed-output derivation to check consistency.
|
||||
validateCargoDeps = cargoSha256 != "unset";
|
||||
validateCargoDeps = !(cargoHash == "" && cargoSha256 == "");
|
||||
|
||||
# Some cargo builds include build hooks that modify their own vendor
|
||||
# dependencies. This copies the vendor directory into the build tree and makes
|
||||
|
@ -22,11 +22,17 @@ in
|
||||
, srcs ? []
|
||||
, patches ? []
|
||||
, sourceRoot
|
||||
, sha256
|
||||
, hash ? ""
|
||||
, sha256 ? ""
|
||||
, cargoUpdateHook ? ""
|
||||
, ...
|
||||
} @ args:
|
||||
stdenv.mkDerivation ({
|
||||
|
||||
let hash_ =
|
||||
if hash != "" then { outputHashAlgo = null; outputHash = hash; }
|
||||
else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; }
|
||||
else throw "fetchCargoTarball requires a hash for ${name}";
|
||||
in stdenv.mkDerivation ({
|
||||
name = "${name}-vendor.tar.gz";
|
||||
nativeBuildInputs = [ cacert git cargo-vendor-normalise cargo ];
|
||||
|
||||
@ -40,7 +46,7 @@ stdenv.mkDerivation ({
|
||||
echo
|
||||
echo "ERROR: The Cargo.lock file doesn't exist"
|
||||
echo
|
||||
echo "Cargo.lock is needed to make sure that cargoSha256 doesn't change"
|
||||
echo "Cargo.lock is needed to make sure that cargoHash/cargoSha256 doesn't change"
|
||||
echo "when the registry is updated."
|
||||
echo
|
||||
|
||||
@ -72,8 +78,7 @@ stdenv.mkDerivation ({
|
||||
-czf $out $name
|
||||
'';
|
||||
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash = sha256;
|
||||
inherit (hash_) outputHashAlgo outputHash;
|
||||
|
||||
impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars;
|
||||
} // (builtins.removeAttrs args [
|
||||
|
@ -18,7 +18,7 @@ rustPlatform.buildRustPackage rec {
|
||||
sha256 = "04nidx43w4nnccgbrw30wg9ai8p7hbklxpn1gc6gr2325yhqvwhl";
|
||||
};
|
||||
|
||||
cargoSha256 = "1bzq0dsdnmxniwnb6989wlhih28c4lyd11sci821whs11lhlfpz0";
|
||||
cargoHash = "sha256-4F9HIQ1BQx4EikyH0DwlDAkYIeUJJbMsj7ZX23QD+K8=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
|
Loading…
Reference in New Issue
Block a user