diff options
3 files changed, 62 insertions, 1 deletions
diff --git a/pkgs/build-support/dart/fetch-dart-deps/default.nix b/pkgs/build-support/dart/fetch-dart-deps/default.nix index e523b60797e..d6920a35e20 100644 --- a/pkgs/build-support/dart/fetch-dart-deps/default.nix +++ b/pkgs/build-support/dart/fetch-dart-deps/default.nix @@ -79,7 +79,13 @@ let installPhase = '' _pub_get() { - ${pubGetScript} + ( + # Dart does not respect SSL_CERT_FILE. + # https://github.com/dart-lang/sdk/issues/48506 + export DART_VM_OPTIONS="--root-certs-file=$SSL_CERT_FILE" + + ${pubGetScript} + ) } # so we can use lock, diff yaml diff --git a/pkgs/build-support/flutter/default.nix b/pkgs/build-support/flutter/default.nix index 8d31482900a..06f6e2770be 100644 --- a/pkgs/build-support/flutter/default.nix +++ b/pkgs/build-support/flutter/default.nix @@ -1,6 +1,7 @@ { lib , callPackage , stdenvNoCC +, runCommand , makeWrapper , llvmPackages_13 , cacert @@ -26,6 +27,26 @@ }@args: let flutterSetupScript = '' + # Pub needs SSL certificates. Dart normally looks in a hardcoded path. + # https://github.com/dart-lang/sdk/blob/3.1.0/runtime/bin/security_context_linux.cc#L48 + # + # Dart does not respect SSL_CERT_FILE... + # https://github.com/dart-lang/sdk/issues/48506 + # ...and Flutter does not support --root-certs-file, so the path cannot be manually set. + # https://github.com/flutter/flutter/issues/56607 + # https://github.com/flutter/flutter/issues/113594 + # + # libredirect is of no use either, as Flutter does not pass any + # environment variables (including LD_PRELOAD) to the Pub process. + # + # Instead, Flutter is patched to allow the path to the Dart binary used for + # Pub commands to be overriden. + export NIX_FLUTTER_PUB_DART="${runCommand "dart-with-certs" { nativeBuildInputs = [ makeWrapper ]; } '' + mkdir -p "$out/bin" + makeWrapper ${flutter.dart}/bin/dart "$out/bin/dart" \ + --add-flags "--root-certs-file=${cacert}/etc/ssl/certs/ca-bundle.crt" + ''}/bin/dart" + export HOME="$NIX_BUILD_TOP" flutter config --no-analytics &>/dev/null # mute first-run flutter config --enable-linux-desktop >/dev/null diff --git a/pkgs/development/compilers/flutter/patches/flutter3/flutter-pub-dart-override.patch b/pkgs/development/compilers/flutter/patches/flutter3/flutter-pub-dart-override.patch new file mode 100644 index 00000000000..9d1de65c320 --- /dev/null +++ b/pkgs/development/compilers/flutter/patches/flutter3/flutter-pub-dart-override.patch @@ -0,0 +1,34 @@ +From ddb81649092776ecac635af7040685588798b5a5 Mon Sep 17 00:00:00 2001 +From: hacker1024 <hacker1024@users.sourceforge.net> +Date: Sun, 27 Aug 2023 22:47:24 +1000 +Subject: [PATCH] Allow replacing the Dart binary used for Pub commands with + NIX_FLUTTER_PUB_DART + +--- + packages/flutter_tools/lib/src/dart/pub.dart | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/packages/flutter_tools/lib/src/dart/pub.dart b/packages/flutter_tools/lib/src/dart/pub.dart +index 40e60f9005..22fd3cebc7 100644 +--- a/packages/flutter_tools/lib/src/dart/pub.dart ++++ b/packages/flutter_tools/lib/src/dart/pub.dart +@@ -3,6 +3,7 @@ + // found in the LICENSE file. + + import 'dart:async'; ++import 'dart:io' as io; + + import 'package:meta/meta.dart'; + import 'package:package_config/package_config.dart'; +@@ -544,7 +545,7 @@ class _DefaultPub implements Pub { + + List<String> _computePubCommand() { + // TODO(zanderso): refactor to use artifacts. +- final String sdkPath = _fileSystem.path.joinAll(<String>[ ++ final String sdkPath = io.Platform.environment['NIX_FLUTTER_PUB_DART'] ?? _fileSystem.path.joinAll(<String>[ + Cache.flutterRoot!, + 'bin', + 'cache', +-- +2.41.0 + |