Add sha256 to source-repository-packages for restricted eval mode #170
Conversation
| fetchRepo = repo: (pkgs.fetchgit { | ||
| url = repo.location; | ||
| rev = repo.tag; | ||
| sha256 = repo."--sha256"; |
There was a problem hiding this comment.
Initially, I thought "surely fetchgit is okay if you supply a rev?". Weirdly, it's allowed with --pure-eval, but not with --restrict-eval 🤔 Maybe this is a bug? It seems like --pure-eval has a more sensible notion of what "pure" things are.
There was a problem hiding this comment.
(I can now see the need for this trick, but it makes me a bit sad)
There was a problem hiding this comment.
It might actually be a nice feature for cabal if it could check the sha256 of source-repository-package. Perhaps less important when the location is https, but when it is http it would probably be nice. It would also make sense if/when cabal source-repository-package gets tarball support.
There was a problem hiding this comment.
Shouldn't the git sha be enough? Definitely useful for tarball support, I agree.
There was a problem hiding this comment.
Shouldn't the git sha be enough? Definitely useful for tarball support, I agree.
I'm not sure why, but nixpkgs.fetchgit does not support using just the git sha. I don't think that is likely to change soon.
hamishmack
force-pushed
the
hkm/hydra-source-repos
branch
3 times, most recently
from
c6a5aad to
42b740a
Compare
angerman
left a comment
angerman
left a comment
There was a problem hiding this comment.
I still have mixed feelings about this. And I'm a bit suspicious about the source-repo replacement with nix. That seems something a shell script could do faster and may be even easier to read? Certainly easy to debug as it would be something that could be tried in isolation.
The Could we leave replacing the |
hamishmack
force-pushed
the
hkm/hydra-source-repos
branch
4 times, most recently
from
abca1ae to
627658c
Compare
This allows source-repository-package to be downloaded and replaced in with `package: /nix/store/...` by callCabalPackageToNix so that `cabal` and `plan-to-nix` do not need to download them.
hamishmack
force-pushed
the
hkm/hydra-source-repos
branch
from
627658c to
b5f1c0b
Compare
angerman
left a comment
angerman
left a comment
There was a problem hiding this comment.
I think we should stop calling out hydra, it is essentially the restricted eval mode, and thus applies to anything that uses restricted eval, hydra or not.
angerman
changed the title
This allows source-repository-package to be downloaded and replaced in
with
package: /nix/store/...by callCabalPackageToNix so thatcabaland
plan-to-nixdo not need to download them.