diff options
Diffstat (limited to 'pkgs/build-support/rust')
-rw-r--r-- | pkgs/build-support/rust/default.nix | 19 | ||||
-rw-r--r-- | pkgs/build-support/rust/fetchcargo.nix | 18 |
2 files changed, 36 insertions, 1 deletions
diff --git a/pkgs/build-support/rust/default.nix b/pkgs/build-support/rust/default.nix index 4634d32f6ac..27601e481c6 100644 --- a/pkgs/build-support/rust/default.nix +++ b/pkgs/build-support/rust/default.nix @@ -13,6 +13,9 @@ , cargoUpdateHook ? "" , cargoDepsHook ? "" , cargoBuildFlags ? [] +, # Set to true to verify if the cargo dependencies are up to date. + # This will change the value of cargoSha256. + verifyCargoDeps ? false , buildType ? "release" , meta ? {} @@ -26,6 +29,7 @@ let cargoDeps = if cargoVendorDir == null then fetchcargo { inherit name src srcs sourceRoot cargoUpdateHook; + copyLockfile = verifyCargoDeps; patches = cargoPatches; sha256 = cargoSha256; } @@ -95,6 +99,21 @@ stdenv.mkDerivation (args // { unset cargoDepsCopy export RUST_LOG=${logLevel} + '' + stdenv.lib.optionalString verifyCargoDeps '' + if ! diff source/Cargo.lock $cargoDeps/Cargo.lock ; then + echo + echo "ERROR: cargoSha256 is out of date." + echo + echo "Cargo.lock is not the same in $cargoDeps." + echo + echo "To fix the issue:" + echo '1. Use "1111111111111111111111111111111111111111111111111111" as the cargoSha256 value' + echo "2. Build the derivation and wait it to fail with a hash mismatch" + echo "3. Copy the 'got: sha256:' value back into the cargoSha256 field" + echo + + exit 1 + fi '' + (args.postUnpack or ""); configurePhase = args.configurePhase or '' diff --git a/pkgs/build-support/rust/fetchcargo.nix b/pkgs/build-support/rust/fetchcargo.nix index bc80db0947b..a515ce9c6eb 100644 --- a/pkgs/build-support/rust/fetchcargo.nix +++ b/pkgs/build-support/rust/fetchcargo.nix @@ -17,7 +17,16 @@ let cargo-vendor-normalise = stdenv.mkDerivation { preferLocalBuild = true; }; in -{ name ? "cargo-deps", src, srcs, patches, sourceRoot, sha256, cargoUpdateHook ? "" }: +{ name ? "cargo-deps" +, src +, srcs +, patches +, sourceRoot +, sha256 +, cargoUpdateHook ? "" +, # whenever to also include the Cargo.lock in the output + copyLockfile ? false +}: stdenv.mkDerivation { name = "${name}-vendor"; nativeBuildInputs = [ cacert git cargo-vendor-normalise cargo ]; @@ -37,6 +46,9 @@ stdenv.mkDerivation { exit 1 fi + # Keep the original around for copyLockfile + cp Cargo.lock Cargo.lock.orig + export CARGO_HOME=$(mktemp -d cargo-home.XXX) CARGO_CONFIG=$(mktemp cargo-config.XXXX) @@ -52,6 +64,10 @@ stdenv.mkDerivation { if ! cmp $CARGO_CONFIG ${./fetchcargo-default-config.toml} > /dev/null; then install -D $CARGO_CONFIG $out/.cargo/config; fi; + + '' + stdenv.lib.optionalString copyLockfile '' + # add the Cargo.lock to allow hash invalidation + cp Cargo.lock.orig $out/Cargo.lock ''; outputHashAlgo = "sha256"; |