35 lines
1.4 KiB
Nix
35 lines
1.4 KiB
Nix
{ linkFarmFromDrvs, fetchurl, runCommand, zip }:
|
|
{ name, nugetDeps ? import sourceFile, sourceFile ? null }:
|
|
linkFarmFromDrvs "${name}-nuget-deps" (nugetDeps {
|
|
fetchNuGet = { pname, version, sha256 ? "", hash ? ""
|
|
, url ? "https://www.nuget.org/api/v2/package/${pname}/${version}" }:
|
|
let
|
|
src = fetchurl {
|
|
name = "${pname}.${version}.nupkg";
|
|
# There is no need to verify whether both sha256 and hash are
|
|
# valid here, because nuget-to-nix does not generate a deps.nix
|
|
# containing both.
|
|
inherit url sha256 hash;
|
|
};
|
|
in
|
|
# NuGet.org edits packages by signing them during upload, which makes
|
|
# those packages nondeterministic depending on which source you
|
|
# get them from. We fix this by stripping out the signature file.
|
|
# Signing logic is https://github.com/NuGet/NuGet.Client/blob/128a5066b1438627ac69a2ffe9de564b2c09ee4d/src/NuGet.Core/NuGet.Packaging/Signing/Archive/SignedPackageArchiveIOUtility.cs#L518
|
|
# Non-NuGet.org sources might not have a signature file; in that case, zip
|
|
# exits with code 12 ("zip has nothing to do", per `man zip`).
|
|
runCommand src.name
|
|
{
|
|
inherit src;
|
|
nativeBuildInputs = [ zip ];
|
|
}
|
|
''
|
|
zip "$src" --temp-path "$TMPDIR" --output-file "$out" --delete .signature.p7s || {
|
|
(( $? == 12 ))
|
|
install -Dm644 "$src" "$out"
|
|
}
|
|
'';
|
|
})
|
|
// {
|
|
inherit sourceFile;
|
|
}
|