mirror of
https://github.com/unclechu/gRPC-haskell.git
synced 2024-11-05 10:49:42 +01:00
Use deterministic bootstrapping for nixpkgs (#40)
This commit is contained in:
parent
19125b42be
commit
4ef32ccf42
3 changed files with 62 additions and 26 deletions
51
fetch-nixpkgs.nix
Normal file
51
fetch-nixpkgs.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
{ rev # The Git revision of nixpkgs to fetch
|
||||
, sha256 # The SHA256 of the downloaded data
|
||||
, system ? builtins.currentSystem # This is overridable if necessary
|
||||
}:
|
||||
|
||||
with {
|
||||
ifThenElse = { bool, thenValue, elseValue }: (
|
||||
if bool then thenValue else elseValue);
|
||||
};
|
||||
|
||||
ifThenElse {
|
||||
bool = (0 <= builtins.compareVersions builtins.nixVersion "1.12");
|
||||
|
||||
# In Nix 1.12, we can just give a `sha256` to `builtins.fetchTarball`.
|
||||
thenValue = (
|
||||
builtins.fetchTarball {
|
||||
url = "https://github.com/NixOS/nixpkgs/archive/${rev}.tar.gz";
|
||||
inherit sha256;
|
||||
});
|
||||
|
||||
# This hack should at least work for Nix 1.11
|
||||
elseValue = (
|
||||
(rec {
|
||||
tarball = import <nix/fetchurl.nix> {
|
||||
url = "https://github.com/NixOS/nixpkgs/archive/${rev}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
builtin-paths = import <nix/config.nix>;
|
||||
|
||||
script = builtins.toFile "nixpkgs-unpacker" ''
|
||||
"$coreutils/mkdir" "$out"
|
||||
cd "$out"
|
||||
"$gzip" --decompress < "$tarball" | "$tar" -x --strip-components=1
|
||||
'';
|
||||
|
||||
nixpkgs = builtins.derivation {
|
||||
name = "nixpkgs-${builtins.substring 0 6 rev}";
|
||||
|
||||
builder = builtins.storePath builtin-paths.shell;
|
||||
|
||||
args = [ script ];
|
||||
|
||||
inherit tarball system;
|
||||
|
||||
tar = builtins.storePath builtin-paths.tar;
|
||||
gzip = builtins.storePath builtin-paths.gzip;
|
||||
coreutils = builtins.storePath builtin-paths.coreutils;
|
||||
};
|
||||
}).nixpkgs);
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs.git",
|
||||
"rev": "1849e695b00a54cda86cb75202240d949c10c7ce",
|
||||
"date": "2017-03-30T18:32:09+02:00",
|
||||
"sha256": "1fw9ryrz1qzbaxnjqqf91yxk1pb9hgci0z0pzw53f675almmv9q2"
|
||||
}
|
31
nixpkgs.nix
31
nixpkgs.nix
|
@ -1,21 +1,12 @@
|
|||
let
|
||||
# NOTE: This is the only non-deterministic part of our system since we need a
|
||||
# a starting point in order to be able to fetch the pinned `nixpkgs`. From
|
||||
# that point forward our build is deterministic and pinned
|
||||
#
|
||||
# We only use this for the `fetchFromGitHub` utility so as long as that
|
||||
# remains stable then we shouldn't have migration issues.
|
||||
inherit (import <nixpkgs> { }) fetchFromGitHub;
|
||||
# Given a Git revision hash `<rev>`, you get the new SHA256 by running:
|
||||
#
|
||||
# ```bash
|
||||
# $ nix-prefetch-url "https://github.com/NixOS/nixpkgs/archive/<rev>.tar.gz"
|
||||
# ```
|
||||
#
|
||||
# The SHA256 will be printed as the last line of stdout.
|
||||
|
||||
# In order to update `nixpkgs.json` to a specific revision, run:
|
||||
#
|
||||
# ```bash
|
||||
# $ nix-prefetch-git https://github.com/NixOS/nixpkgs.git "${REVISION}" > nixpkgs.json
|
||||
# ```
|
||||
nixpkgs = builtins.fromJSON (builtins.readFile ./nixpkgs.json);
|
||||
in
|
||||
fetchFromGitHub {
|
||||
owner = "NixOS";
|
||||
repo = "nixpkgs";
|
||||
inherit (nixpkgs) rev sha256;
|
||||
}
|
||||
import ./fetch-nixpkgs.nix {
|
||||
rev = "1849e695b00a54cda86cb75202240d949c10c7ce";
|
||||
sha256 = "1riv7n11rqbfdnikr2wm263fcppzh0760kqhwn5gscl89qmliw2y";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue