mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-26 00:43:20 +00:00
ab99231a36
Ideally fetch-yarn-deps could do like some other fetchers and support using SSL_CERT_FILE if it exists and also only verify integrity on FOD hash unless using an empty/test hash. But this should keep at least the same semantics as before the recent Node.js change to stop using the built-in certificate store in favor of the system one (which does not exist by default in the build sandbox).
85 lines
2.3 KiB
Nix
85 lines
2.3 KiB
Nix
{ stdenv, lib, makeWrapper, coreutils, nix-prefetch-git, fetchurl, nodejs-slim, prefetch-yarn-deps, cacert, callPackage, nix }:
|
|
|
|
let
|
|
yarnpkg-lockfile-tar = fetchurl {
|
|
url = "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz";
|
|
hash = "sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==";
|
|
};
|
|
|
|
tests = callPackage ./tests {};
|
|
|
|
in {
|
|
prefetch-yarn-deps = stdenv.mkDerivation {
|
|
name = "prefetch-yarn-deps";
|
|
|
|
dontUnpack = true;
|
|
|
|
nativeBuildInputs = [ makeWrapper ];
|
|
buildInputs = [ coreutils nix-prefetch-git nodejs-slim nix ];
|
|
|
|
buildPhase = ''
|
|
runHook preBuild
|
|
|
|
mkdir libexec
|
|
tar --strip-components=1 -xf ${yarnpkg-lockfile-tar} package/index.js
|
|
mv index.js libexec/yarnpkg-lockfile.js
|
|
cp ${./.}/*.js libexec/
|
|
patchShebangs libexec
|
|
|
|
runHook postBuild
|
|
'';
|
|
|
|
installPhase = ''
|
|
runHook preInstall
|
|
|
|
mkdir -p $out/bin
|
|
cp -r libexec $out
|
|
makeWrapper $out/libexec/index.js $out/bin/prefetch-yarn-deps \
|
|
--prefix PATH : ${lib.makeBinPath [ coreutils nix-prefetch-git nix ]}
|
|
makeWrapper $out/libexec/fixup.js $out/bin/fixup-yarn-lock
|
|
|
|
runHook postInstall
|
|
'';
|
|
|
|
passthru = { inherit tests; };
|
|
};
|
|
|
|
fetchYarnDeps = let
|
|
f = {
|
|
name ? "offline",
|
|
src ? null,
|
|
hash ? "",
|
|
sha256 ? "",
|
|
...
|
|
}@args: let
|
|
hash_ =
|
|
if hash != "" then { outputHashAlgo = null; outputHash = hash; }
|
|
else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; }
|
|
else { outputHashAlgo = "sha256"; outputHash = lib.fakeSha256; };
|
|
in stdenv.mkDerivation ({
|
|
inherit name;
|
|
|
|
dontUnpack = src == null;
|
|
dontInstall = true;
|
|
|
|
nativeBuildInputs = [ prefetch-yarn-deps cacert ];
|
|
GIT_SSL_CAINFO = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
|
|
buildPhase = ''
|
|
runHook preBuild
|
|
|
|
yarnLock=''${yarnLock:=$PWD/yarn.lock}
|
|
mkdir -p $out
|
|
(cd $out; prefetch-yarn-deps --verbose --builder $yarnLock)
|
|
|
|
runHook postBuild
|
|
'';
|
|
|
|
outputHashMode = "recursive";
|
|
} // hash_ // (removeAttrs args ["src" "name" "hash" "sha256"]));
|
|
|
|
in lib.setFunctionArgs f (lib.functionArgs f) // {
|
|
inherit tests;
|
|
};
|
|
}
|