Previously only .nupkg files directly in the deps directory were copied.
This is a regression because it breaks `projectReferences = [ ... ];` in
buildDotnetModule.
A directory full of *.nupkg files is a valid nuget source. We do not need mono
and the Nuget command line tool to create this structure. This has two
advantages:
- Nuget is currently broken due to a kernel bug affecting mono (#229476).
Replacing the mkNugetSource implementation allows affected users on 6.1+
kernels compile .NET core packages again.
- It removes mono from the build closure of .NET core packages. .NET core
builds should not depend on .NET framework tools like mono.
There is no equivalent of the `nuget init` command in .NET core. The closest
command is `dotnet nuget push`, which just copies the *.nupkg files around
anyway, just like this PR does with `cp`.
`nuget init` used to extract the *.nuspec files from the nupkgs, this new
implementation doesn't. .NET core doesn't care, but it makes the license
extraction more difficult. What was previously done with find/grep/xml2 is now
a python script (extract-licenses-from-nupkgs.py).
This allows packages that require several dotnet versions to build (like
BeatSaberModManager) to properly depend on the dotnet-sdk specific deps.
This in turns avoids having to regenerate the deps of those packages
after each dotnet-sdk update.
This also changes nuget-to-nix to accept a file with a list of
exclusions instead of a folder.
Previously, you had to provide the path to the deps.nix of the package inside
your Nixpkgs checkout as an argument manually. Now it just does that by default
when no argument is passed.
Inside `nix-shell`, `TMPDIR` (used by `mktemp`) is set to
`/run/user/<uid>` which is usually a tmpfs stored in RAM.
When fetching a large dotnet deps tree to this tmpdir from a
nix-shell (e.g. via `btcpayserver/update.sh`), this can easily exceed
system RAM and `fetch-deps` fails.
mktemp arg `-t` is deprecated and can be omitted.
The source used to download a particular package still isn't
deterministic in nuget. Even worse, the hash of the package can vary
between sources. This makes nuget use the first enabled source
containing the package.
The order of the dependencies may be slightly different because it now
uses glob order of the lower-case package names and versions, instead of
sorting the output.
If the package actually downloaded was the first source that contains
the package, then it will be hashed from disk to avoid downloading it
again.
Previously we had an assert that would complain when nugetDeps wasnt set,
which also didnt allow any passthru attributes (like fetch-deps) to be
build. That causes a cycle where you need nugetDeps to fetch the nuget
deps, but arent able to build the script to do so.