Using fetchurl like this means that, if you build the `flutter`
derivation first, you will get a file named "LICENSE" in your store with
the correct hash. `flutter37` will then build because this file is
already in your store, even though the LICENSE to which _it_ refers is
different. This is dangerous in this case - but an intentional design
decision in the way fetchurl works to allow artifacts which are the same
to be fetched from arbitrary sources, or even pre-populated into the
store.
To avoid this, explicitly tag the fetchurl with a name and the commit
hash we're fetching from. This means we _must_ fetch these separately
for each flutter version and avoids the problem of accidentally reusing
artifacts for a different build.
This brings the following benefits:
- Artifacts missing in the SDK tarball (such as prebuilts for linux-aarch64) can be obtained
- Artifacts can be patched more granularly (e.g. libflutter_linux_gtk is patchelf-ed for GTK3, and the linux-aarch64 assets have a postPatch to add some missing files)
- Minimal Flutter packages can be generated (e.g. mkFlutterApp only needs prebuilts for desktop Linux, and developers that don't care for desktop Linux can exclude the artifacts and dependencies)
It also paves the way for including manually built engine facts.
