haskell.nix/mk-local-hackage-repo/default.nix

# Create a local hackage repo, we can use as a repository in a cabal config
#
# This will include:
# - 01-index.tar.gz (the index file)
# - root.json and
# - mirrors.json as metadata items.
# - snapshot.json that records the index, root and mirrors.
# - timestamp.json that will record the snapshot.json
#
# This is all part of The Update Framework (TUF) and the specific implementation
# cabal-install (via hackage-security) does of it.
#
# We will create a completely unsigned bare repository.  Using signing keys within
# nix would be pointless as we'd have to hardcode them to produce the same output
# reproducibly.
#
pkgs:
{ name, index }:

pkgs.buildPackages.runCommand "hackage-repo-${name}" { preferLocalBuild = true; } ''
mkdir -p $out
export expires="4000-01-01T00:00:00Z"

ln -sf ${index} $out/01-index.tar.gz
export index_md5=$(md5sum ${index} | awk '{ print $1 }')
export index_sha256=$(sha256sum ${index} | awk '{ print $1 }')
${
  # When possible check the hash we calculate here against the `outputHash`
  # of the index derivation (when the `extra-hackages` feature is used the index
  # may not have an outputHash).
  pkgs.lib.optionalString (index ? outputHash) ''
    if [[ "${index.outputHash}" != "$index_sha256" ]]; then
      echo "ERROR See https://github.com/input-output-hk/haskell.nix/issues/884"
      exit 1
    fi
''}
export index_length=$(stat --printf="%s" ${index})

substituteAll ${./root.json} $out/root.json
export root_md5=$(md5sum $out/root.json | awk '{ print $1 }')
export root_sha256=$(sha256sum $out/root.json | awk '{ print $1 }')
export root_length=$(stat --printf="%s" $out/root.json)

substituteAll ${./mirrors.json} $out/mirrors.json
export mirrors_md5=$(md5sum $out/mirrors.json | awk '{ print $1 }')
export mirrors_sha256=$(sha256sum $out/mirrors.json | awk '{ print $1 }')
export mirrors_length=$(stat --printf="%s" $out/mirrors.json)

substituteAll ${./snapshot.json} $out/snapshot.json
export snapshot_md5=$(md5sum $out/snapshot.json | awk '{ print $1 }')
export snapshot_sha256=$(sha256sum $out/snapshot.json | awk '{ print $1 }')
export snapshot_length=$(stat --printf="%s" $out/snapshot.json)

substituteAll ${./timestamp.json} $out/timestamp.json
''
Spelling, typo and whitespace fixes (#833) * Spelling and typo fixes in doc and code comments * Trailing whitespace or whitespace only truncation * readTheDocs formatting corrections 2020-08-31 02:08:25 +03:00			`# Create a local hackage repo, we can use as a repository in a cabal config`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`#`
			`# This will include:`
			`# - 01-index.tar.gz (the index file)`
			`# - root.json and`
			`# - mirrors.json as metadata items.`
			`# - snapshot.json that records the index, root and mirrors.`
			`# - timestamp.json that will record the snapshot.json`
			`#`
			`# This is all part of The Update Framework (TUF) and the specific implementation`
			`# cabal-install (via hackage-security) does of it.`
			`#`
			`# We will create a completely unsigned bare repository. Using signing keys within`
			`# nix would be pointless as we'd have to hardcode them to produce the same output`
Spelling, typo and whitespace fixes (#833) * Spelling and typo fixes in doc and code comments * Trailing whitespace or whitespace only truncation * readTheDocs formatting corrections 2020-08-31 02:08:25 +03:00			`# reproducibly.`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`#`
External hackages (#535) * Add support for external Hackage repositories Currently haskell.nix is not able to build Cabal projects that depend on packages from private Hackage repositories, as it make only main Hackage available to cabal. This is unfortunate. This commit adds this functionality, by allowing the user to pass `extra-hackages` and `extra-hackage-tarballs` to `mkPkgSet` and `callCabalToNix` respectively, to add as much extra repositories as needed. This repositories are first made available to Cabal when calling `v2-configure`, resulting in correct plans. Later they are combined with global Hackage when building dependencies of the local packages. * Use cabal.project.freeze if available Currently callCabalProjectToNix does not copy `cabal.project.freeze` from source directory, leading to different build plans when building components with nix and when building project with `cabal new-build` inside `nix-shell`. This behavior is undesired, so this commits fixes it. * Add tests for extra-hackages functionality Co-authored-by: Moritz Angermann <moritz.angermann@gmail.com> 2020-05-02 13:16:34 +03:00			`pkgs:`
			`{ name, index }:`

Add `evalSystem` and `evalPackages` project args (#1546) This adds a way to specify the `evalSystem` or `evalPackages` explicitly when calling the `project` functions. Currently if we want to make a `flake` that supports multiple systems we have few options: * Require builders for all the supported systems (even just for `nix flake show`). * Pass `--impure` so that haskell.nix can see `builtins.currentSystem` to set up `pkgs.evalPackages` to use that. Unfortunately this prevents nix from caching some of the work it does and often results in it recalculating for each supported system when it would otherwise be cached and take no time at all. * Add an overlay to replace `evalPackages`. This works, but it is not straight forward. * Materialize the nix files for the project. This change allows `evalSystem = "x86_64-linux";` to be passed telling `haskell.nix` to run `cabal` and `nix-tools` on that system. The user will have to have a builder for that system, but does not need to have builders for the others (unless building outputs for them). 2022-07-28 11:03:05 +03:00			`pkgs.buildPackages.runCommand "hackage-repo-${name}" { preferLocalBuild = true; } ''`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`mkdir -p $out`
			`export expires="4000-01-01T00:00:00Z"`

			`ln -sf ${index} $out/01-index.tar.gz`
Improve support for external Hackage repositories (#1370) * Improve support for external Hackage repositories This change builds #535. `repository` blocks in `cabal.project` parsed and `cabal` is used to automatically downloaded them. Then `hackage-to-nix` is used to produce the nix required. To make it work with restricted eval (on hydra for instance) we need to include a sha256 like this: ``` repository ghcjs-overlay url: https://input-output-hk.github.io/hackage-overlay-ghcjs secure: True root-keys: key-threshold: 0 --sha256: sha256-EPlLYPmIGtxeahlOspRzwJv+60N5mqrNC2BY4jZKceE= ``` To find the correct `sha256` put in an invalid one and attempt a build. 2022-02-17 14:42:11 +03:00			`export index_md5=$(md5sum ${index} \| awk '{ print $1 }')`
			`export index_sha256=$(sha256sum ${index} \| awk '{ print $1 }')`
Guard against #884 by checking sha256 (#885) Not sure what caused #884, but this check should prevent the erroneous output from making it into the binary cache if it happens again. 2020-10-21 11:51:23 +03:00			`${`
			# When possible check the hash we calculate here against the `outputHash`
			# of the index derivation (when the `extra-hackages` feature is used the index
			`# may not have an outputHash).`
			`pkgs.lib.optionalString (index ? outputHash) ''`
			`if [[ "${index.outputHash}" != "$index_sha256" ]]; then`
			`echo "ERROR See https://github.com/input-output-hk/haskell.nix/issues/884"`
Throw better error when conf files are missing (#1030) * Throw better error when conf files are missing Previously, if some directories were missing .conf files, an error like this would be thrown: cp: missing destination file operand after '/nix/store/pnmrz06g0sa4s3yx53hgmr9k8jrh6ww0-ouroboros-network-framework-lib-ouroboros-network-framework-0.1.0.0-haddock-config/lib/ghc-8.6.5/package.conf.d' While normally this shouldn't occur, I've seen it happen in CI anyways, with the problem disappearing if the store path that's missing the files was rebuilt a couple times. With this commit, it becomes much easier to figure out which store path is missing the files, which would be very hard to figure out from the previous message. 2021-02-07 17:13:31 +03:00			`exit 1`
Guard against #884 by checking sha256 (#885) Not sure what caused #884, but this check should prevent the erroneous output from making it into the binary cache if it happens again. 2020-10-21 11:51:23 +03:00			`fi`
			`''}`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`export index_length=$(stat --printf="%s" ${index})`

			`substituteAll ${./root.json} $out/root.json`
Improve support for external Hackage repositories (#1370) * Improve support for external Hackage repositories This change builds #535. `repository` blocks in `cabal.project` parsed and `cabal` is used to automatically downloaded them. Then `hackage-to-nix` is used to produce the nix required. To make it work with restricted eval (on hydra for instance) we need to include a sha256 like this: ``` repository ghcjs-overlay url: https://input-output-hk.github.io/hackage-overlay-ghcjs secure: True root-keys: key-threshold: 0 --sha256: sha256-EPlLYPmIGtxeahlOspRzwJv+60N5mqrNC2BY4jZKceE= ``` To find the correct `sha256` put in an invalid one and attempt a build. 2022-02-17 14:42:11 +03:00			`export root_md5=$(md5sum $out/root.json \| awk '{ print $1 }')`
			`export root_sha256=$(sha256sum $out/root.json \| awk '{ print $1 }')`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`export root_length=$(stat --printf="%s" $out/root.json)`

			`substituteAll ${./mirrors.json} $out/mirrors.json`
Improve support for external Hackage repositories (#1370) * Improve support for external Hackage repositories This change builds #535. `repository` blocks in `cabal.project` parsed and `cabal` is used to automatically downloaded them. Then `hackage-to-nix` is used to produce the nix required. To make it work with restricted eval (on hydra for instance) we need to include a sha256 like this: ``` repository ghcjs-overlay url: https://input-output-hk.github.io/hackage-overlay-ghcjs secure: True root-keys: key-threshold: 0 --sha256: sha256-EPlLYPmIGtxeahlOspRzwJv+60N5mqrNC2BY4jZKceE= ``` To find the correct `sha256` put in an invalid one and attempt a build. 2022-02-17 14:42:11 +03:00			`export mirrors_md5=$(md5sum $out/mirrors.json \| awk '{ print $1 }')`
			`export mirrors_sha256=$(sha256sum $out/mirrors.json \| awk '{ print $1 }')`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`export mirrors_length=$(stat --printf="%s" $out/mirrors.json)`

			`substituteAll ${./snapshot.json} $out/snapshot.json`
Improve support for external Hackage repositories (#1370) * Improve support for external Hackage repositories This change builds #535. `repository` blocks in `cabal.project` parsed and `cabal` is used to automatically downloaded them. Then `hackage-to-nix` is used to produce the nix required. To make it work with restricted eval (on hydra for instance) we need to include a sha256 like this: ``` repository ghcjs-overlay url: https://input-output-hk.github.io/hackage-overlay-ghcjs secure: True root-keys: key-threshold: 0 --sha256: sha256-EPlLYPmIGtxeahlOspRzwJv+60N5mqrNC2BY4jZKceE= ``` To find the correct `sha256` put in an invalid one and attempt a build. 2022-02-17 14:42:11 +03:00			`export snapshot_md5=$(md5sum $out/snapshot.json \| awk '{ print $1 }')`
			`export snapshot_sha256=$(sha256sum $out/snapshot.json \| awk '{ print $1 }')`
Call cabal project to nix (now with hackage-truncate) (#135) * This adds more logic for the cabalProjectToNix idf That is, something like this: ``` nix-build --expr 'with import ./. {}; callCabalProjectToNix { index-state = "2019-04-30T00:00:00Z"; src = /some/path; }' ``` should produce something that can be build with mkCabalProjectPkgSet. * Make sure the hackageTarball's store path doesn't change previously the fetchurl would produce a different store path each and every time as hackage's index is a moving target. With this impurity setup, we can ignore this. * Fix test * Proper name * Re-enable test * Allow to parameterize over the `system` for the test default.nix * Copy instead of link for ifds. This makes me really sad. 2019-05-21 15:05:03 +03:00			`export snapshot_length=$(stat --printf="%s" $out/snapshot.json)`

			`substituteAll ${./timestamp.json} $out/timestamp.json`
			`''`