{
lib,
stdenv,
fetchFromGitHub,
buildGoModule,
makeWrapper,
cacert,
moreutils,
jq,
git,
pkg-config,
yarn,
python3,
esbuild,
nodejs,
node-gyp,
libsecret,
libkrb5,
xorg,
ripgrep,
AppKit,
Cocoa,
Security,
cctools,
nixosTests,
}:
let
system = stdenv.hostPlatform.system;
yarn' = yarn.override { inherit nodejs; };
defaultYarnOpts = [
"frozen-lockfile"
"non-interactive"
"no-progress"
];
vsBuildTarget =
x86_64-linux = "linux-x64";
aarch64-linux = "linux-arm64";
x86_64-darwin = "darwin-x64";
aarch64-darwin = "darwin-arm64";
}
.${system} or (throw "Unsupported system ${system}");
esbuild' = esbuild.override {
buildGoModule =
args:
buildGoModule (
args
// rec {
version = "0.17.14";
src = fetchFromGitHub {
owner = "evanw";
repo = "esbuild";
rev = "v${version}";
hash = "sha256-4TC1d5FOZHUMuEMTcTOBLZZM+sFUswhyblI5HVWyvPA=";
};
vendorHash = "sha256-+BfxCyg0KkDQpHt/wycy/8CTG6YBA/VJvJFhhzUnSiQ=";
);
# replaces esbuild's download script with a binary from nixpkgs
patchEsbuild = path: version: ''
mkdir -p ${path}/node_modules/esbuild/bin
jq "del(.scripts.postinstall)" ${path}/node_modules/esbuild/package.json | sponge ${path}/node_modules/esbuild/package.json
sed -i 's/${version}/${esbuild'.version}/g' ${path}/node_modules/esbuild/lib/main.js
ln -s -f ${esbuild'}/bin/esbuild ${path}/node_modules/esbuild/bin/esbuild
'';
in
stdenv.mkDerivation (finalAttrs: {
pname = "openvscode-server";
version = "1.88.1";
owner = "gitpod-io";
repo = "openvscode-server";
rev = "openvscode-server-v${finalAttrs.version}";
hash = "sha256-Yc16L13Z8AmsGoSFbvy+4+KBdHxvqLMwZLeU2/dAQVU=";
yarnCache = stdenv.mkDerivation {
name = "${finalAttrs.pname}-${finalAttrs.version}-${system}-yarn-cache";
inherit (finalAttrs) src;
nativeBuildInputs = [
cacert
yarn'
git
buildPhase = ''
export HOME=$PWD
yarn config set yarn-offline-mirror $out
find "$PWD" -name "yarn.lock" -printf "%h\n" | \
xargs -I {} yarn --cwd {} \
--frozen-lockfile --ignore-scripts --ignore-platform \
--ignore-engines --no-progress --non-interactive
installPhase = ''
echo yarnCache
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "sha256-89c6GYLT2RzHqwxBKegYqB6g5rEJ6/nH53cnfV7b0Ts=";
nodejs
python3
pkg-config
makeWrapper
jq
moreutils
buildInputs =
lib.optionals (!stdenv.hostPlatform.isDarwin) [ libsecret ]
++ (with xorg; [
libX11
libxkbfile
libkrb5
])
++ lib.optionals stdenv.hostPlatform.isDarwin [
AppKit
Cocoa
Security
cctools
patches = [
# Patch out remote download of nodejs from build script
./remove-node-download.patch
# Disable NAPI_EXPERIMENTAL to allow to build with Node.js≥18.20.0.
env.NIX_CFLAGS_COMPILE = "-DNODE_API_EXPERIMENTAL_NOGC_ENV_OPT_OUT";
postPatch = ''
# remove all built-in extensions, as these are 3rd party extensions that
# get downloaded from vscode marketplace
jq --slurp '.[0] * .[1]' "product.json" <(
cat << EOF
"builtInExtensions": []
EOF
) | sponge product.json
configurePhase = ''
runHook preConfigure
# set default yarn opts
${lib.concatMapStrings (option: ''
yarn --offline config set ${option}
'') defaultYarnOpts}
# set offline mirror to yarn cache we created in previous steps
yarn --offline config set yarn-offline-mirror "${finalAttrs.yarnCache}"
# set nodedir to prevent node-gyp from downloading headers
# taken from https://nixos.org/manual/nixpkgs/stable/#javascript-tool-specific
mkdir -p $HOME/.node-gyp/${nodejs.version}
echo 9 > $HOME/.node-gyp/${nodejs.version}/installVersion
ln -sfv ${nodejs}/include $HOME/.node-gyp/${nodejs.version}
export npm_config_nodedir=${nodejs}
# use updated node-gyp. fixes the following error on Darwin:
# PermissionError: [Errno 1] Operation not permitted: '/usr/sbin/pkgutil'
export npm_config_node_gyp=${node-gyp}/lib/node_modules/node-gyp/bin/node-gyp.js
runHook postConfigure
buildPhase =
''
runHook preBuild
# install dependencies
yarn --offline --ignore-scripts
# run yarn install everywhere, skipping postinstall so we can patch esbuild
find . -path "*node_modules" -prune -o \
-path "./*/*" -name "yarn.lock" -printf "%h\n" | \
--frozen-lockfile --offline --ignore-scripts --ignore-engines
${patchEsbuild "./build" "0.12.6"}
${patchEsbuild "./extensions" "0.11.23"}
# patch shebangs of node_modules to allow binary packages to build
patchShebangs ./remote/node_modules
# put ripgrep binary into bin so postinstall does not try to download it
find -path "*@vscode/ripgrep" -type d \
-execdir mkdir -p {}/bin \; \
-execdir ln -s ${ripgrep}/bin/rg {}/bin/rg \;
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
# use prebuilt binary for @parcel/watcher, which requires macOS SDK 10.13+
# (see issue #101229)
pushd ./remote/node_modules/@parcel/watcher
mkdir -p ./build/Release
mv ./prebuilds/darwin-x64/node.napi.glibc.node ./build/Release/watcher.node
jq "del(.scripts) | .gypfile = false" ./package.json | sponge ./package.json
popd
+ ''
export NODE_OPTIONS=--openssl-legacy-provider
# rebuild binaries, we use npm here, as yarn does not provide an alternative
# that would not attempt to try to reinstall everything and break our
# patching attempts
npm --prefix ./remote rebuild --build-from-source
# run postinstall scripts after patching
xargs -I {} sh -c 'jq -e ".scripts.postinstall" {}/package.json >/dev/null && yarn --cwd {} postinstall --frozen-lockfile --offline || true'
# build and minify
yarn --offline gulp vscode-reh-web-${vsBuildTarget}-min
runHook postBuild
runHook preInstall
mkdir -p $out
cp -R -T ../vscode-reh-web-${vsBuildTarget} $out
ln -s ${nodejs}/bin/node $out
runHook postInstall
passthru.tests = {
inherit (nixosTests) openvscode-server;
meta = {
description = "Run VS Code on a remote machine";
longDescription = ''
Run upstream VS Code on a remote machine with access through a modern web
browser from any device, anywhere.
homepage = "https://github.com/gitpod-io/openvscode-server";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [
dguenther
ghuntley
emilytrau
platforms = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
mainProgram = "openvscode-server";
})