mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-25 14:24:40 +00:00
bed19bdf39
The intent was for TLS verification to be enabled when transfering credentials only, and normally disabled for long-term reproducibility. See https://github.com/nix-community/poetry2nix/issues/1740
71 lines
1.7 KiB
Nix
71 lines
1.7 KiB
Nix
# Fetch from PyPi legacy API as documented in https://warehouse.pypa.io/api-reference/legacy.html
|
|
{
|
|
runCommand,
|
|
lib,
|
|
python3,
|
|
cacert,
|
|
}@pkgs:
|
|
let
|
|
inherit (lib)
|
|
optionalAttrs
|
|
fetchers
|
|
optional
|
|
inPureEvalMode
|
|
filter
|
|
head
|
|
concatStringsSep
|
|
escapeShellArg
|
|
;
|
|
|
|
impureEnvVars = fetchers.proxyImpureEnvVars ++ optional inPureEvalMode "NETRC";
|
|
in
|
|
lib.makeOverridable (
|
|
{
|
|
# package name
|
|
pname,
|
|
# Package index
|
|
url ? null,
|
|
# Multiple package indices to consider
|
|
urls ? [ ],
|
|
# filename including extension
|
|
file,
|
|
# SRI hash
|
|
hash,
|
|
# allow overriding the derivation name
|
|
name ? null,
|
|
# allow overriding cacert using src.override { cacert = cacert.override { extraCertificateFiles = [ ./path/to/cert.pem ]; }; }
|
|
cacert ? pkgs.cacert,
|
|
}:
|
|
let
|
|
urls' = urls ++ optional (url != null) url;
|
|
|
|
pathParts = filter ({ prefix, path }: "NETRC" == prefix) builtins.nixPath;
|
|
netrc_file = if (pathParts != [ ]) then (head pathParts).path else "";
|
|
|
|
in
|
|
# Assert that we have at least one URL
|
|
assert urls' != [ ];
|
|
runCommand file
|
|
(
|
|
{
|
|
nativeBuildInputs = [
|
|
python3
|
|
cacert
|
|
];
|
|
inherit impureEnvVars;
|
|
outputHashMode = "flat";
|
|
# if hash is empty select a default algo to let nix propose the actual hash.
|
|
outputHashAlgo = if hash == "" then "sha256" else null;
|
|
outputHash = hash;
|
|
}
|
|
// optionalAttrs (name != null) { inherit name; }
|
|
// optionalAttrs (!inPureEvalMode) { env.NETRC = netrc_file; }
|
|
)
|
|
''
|
|
python ${./fetch-legacy.py} ${
|
|
concatStringsSep " " (map (url: "--url ${escapeShellArg url}") urls')
|
|
} --pname ${pname} --filename ${file}
|
|
mv ${file} $out
|
|
''
|
|
)
|