summary refs log tree commit diff
path: root/pkgs/build-support/flutter/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/build-support/flutter/default.nix')
-rw-r--r--pkgs/build-support/flutter/default.nix21
1 files changed, 21 insertions, 0 deletions
diff --git a/pkgs/build-support/flutter/default.nix b/pkgs/build-support/flutter/default.nix
index 8d31482900a..06f6e2770be 100644
--- a/pkgs/build-support/flutter/default.nix
+++ b/pkgs/build-support/flutter/default.nix
@@ -1,6 +1,7 @@
 { lib
 , callPackage
 , stdenvNoCC
+, runCommand
 , makeWrapper
 , llvmPackages_13
 , cacert
@@ -26,6 +27,26 @@
 }@args:
 let
   flutterSetupScript = ''
+    # Pub needs SSL certificates. Dart normally looks in a hardcoded path.
+    # https://github.com/dart-lang/sdk/blob/3.1.0/runtime/bin/security_context_linux.cc#L48
+    #
+    # Dart does not respect SSL_CERT_FILE...
+    # https://github.com/dart-lang/sdk/issues/48506
+    # ...and Flutter does not support --root-certs-file, so the path cannot be manually set.
+    # https://github.com/flutter/flutter/issues/56607
+    # https://github.com/flutter/flutter/issues/113594
+    #
+    # libredirect is of no use either, as Flutter does not pass any
+    # environment variables (including LD_PRELOAD) to the Pub process.
+    #
+    # Instead, Flutter is patched to allow the path to the Dart binary used for
+    # Pub commands to be overriden.
+    export NIX_FLUTTER_PUB_DART="${runCommand "dart-with-certs" { nativeBuildInputs = [ makeWrapper ]; } ''
+      mkdir -p "$out/bin"
+      makeWrapper ${flutter.dart}/bin/dart "$out/bin/dart" \
+        --add-flags "--root-certs-file=${cacert}/etc/ssl/certs/ca-bundle.crt"
+    ''}/bin/dart"
+
     export HOME="$NIX_BUILD_TOP"
     flutter config --no-analytics &>/dev/null # mute first-run
     flutter config --enable-linux-desktop >/dev/null
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 20:14:22 +0000