depot/third_party/nixpkgs/pkgs/build-support/dotnet/make-nuget-deps/default.nix

{ linkFarmFromDrvs, fetchurl, runCommand, zip }:
{ name, nugetDeps ? import sourceFile, sourceFile ? null }:
linkFarmFromDrvs "${name}-nuget-deps" (nugetDeps {
  fetchNuGet = { pname, version, sha256 ? "", hash ? ""
    , url ? "https://www.nuget.org/api/v2/package/${pname}/${version}" }:
    let
      src = fetchurl {
        name = "${pname}.${version}.nupkg";
        # There is no need to verify whether both sha256 and hash are
        # valid here, because nuget-to-nix does not generate a deps.nix
        # containing both.
        inherit url sha256 hash;
      };
    in
    # NuGet.org edits packages by signing them during upload, which makes
    # those packages nondeterministic depending on which source you
    # get them from. We fix this by stripping out the signature file.
    # Signing logic is https://github.com/NuGet/NuGet.Client/blob/128a5066b1438627ac69a2ffe9de564b2c09ee4d/src/NuGet.Core/NuGet.Packaging/Signing/Archive/SignedPackageArchiveIOUtility.cs#L518
    # Non-NuGet.org sources might not have a signature file; in that case, zip
    # exits with code 12 ("zip has nothing to do", per `man zip`).
    runCommand src.name
      {
        inherit src;
        nativeBuildInputs = [ zip ];
      }
      ''
        zip "$src" --temp-path "$TMPDIR" --output-file "$out" --delete .signature.p7s || {
          (( $? == 12 ))
          install -Dm644 "$src" "$out"
        }
      '';
})
// {
  inherit sourceFile;
}
Project import generated by Copybara. GitOrigin-RevId: b73c2221a46c13557b1b3be9c2070cc42cf01eb3 2024-07-27 06:49:29 +00:00			`{ linkFarmFromDrvs, fetchurl, runCommand, zip }:`
Project import generated by Copybara. GitOrigin-RevId: 6143fc5eeb9c4f00163267708e26191d1e918932 2024-04-21 15:54:59 +00:00			`{ name, nugetDeps ? import sourceFile, sourceFile ? null }:`
Project import generated by Copybara. GitOrigin-RevId: f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5 2022-06-26 10:26:21 +00:00			`linkFarmFromDrvs "${name}-nuget-deps" (nugetDeps {`
Project import generated by Copybara. GitOrigin-RevId: b73c2221a46c13557b1b3be9c2070cc42cf01eb3 2024-07-27 06:49:29 +00:00			`fetchNuGet = { pname, version, sha256 ? "", hash ? ""`
Project import generated by Copybara. GitOrigin-RevId: f2537a505d45c31fe5d9c27ea9829b6f4c4e6ac5 2022-06-26 10:26:21 +00:00			`, url ? "https://www.nuget.org/api/v2/package/${pname}/${version}" }:`
Project import generated by Copybara. GitOrigin-RevId: b73c2221a46c13557b1b3be9c2070cc42cf01eb3 2024-07-27 06:49:29 +00:00			`let`
			`src = fetchurl {`
			`name = "${pname}.${version}.nupkg";`
			`# There is no need to verify whether both sha256 and hash are`
			`# valid here, because nuget-to-nix does not generate a deps.nix`
			`# containing both.`
			`inherit url sha256 hash;`
			`};`
			`in`
			`# NuGet.org edits packages by signing them during upload, which makes`
			`# those packages nondeterministic depending on which source you`
			`# get them from. We fix this by stripping out the signature file.`
			`# Signing logic is https://github.com/NuGet/NuGet.Client/blob/128a5066b1438627ac69a2ffe9de564b2c09ee4d/src/NuGet.Core/NuGet.Packaging/Signing/Archive/SignedPackageArchiveIOUtility.cs#L518`
			`# Non-NuGet.org sources might not have a signature file; in that case, zip`
			# exits with code 12 ("zip has nothing to do", per `man zip`).
			`runCommand src.name`
			`{`
			`inherit src;`
			`nativeBuildInputs = [ zip ];`
			`}`
			`''`
			`zip "$src" --temp-path "$TMPDIR" --output-file "$out" --delete .signature.p7s \|\| {`
			`(( $? == 12 ))`
			`install -Dm644 "$src" "$out"`
			`}`
			`'';`
			`})`
			`// {`
Project import generated by Copybara. GitOrigin-RevId: 6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222 2023-07-15 17:15:38 +00:00			`inherit sourceFile;`
			`}`