mirror of
https://github.com/ilyakooo0/haskell.nix.git
synced 2024-10-06 04:17:18 +03:00
8c0b7c27b4
This produces a pretty big store path (>1GB), and is very quick to build. Prefer building it locally.
56 lines
2.2 KiB
Nix
56 lines
2.2 KiB
Nix
# Create a local hackage repo, we can use as a repository in a cabal config
|
|
#
|
|
# This will include:
|
|
# - 01-index.tar.gz (the index file)
|
|
# - root.json and
|
|
# - mirrors.json as metadata items.
|
|
# - snapshot.json that records the index, root and mirrors.
|
|
# - timestamp.json that will record the snapshot.json
|
|
#
|
|
# This is all part of The Update Framework (TUF) and the specific implementation
|
|
# cabal-install (via hackage-security) does of it.
|
|
#
|
|
# We will create a completely unsigned bare repository. Using signing keys within
|
|
# nix would be pointless as we'd have to hardcode them to produce the same output
|
|
# reproducibly.
|
|
#
|
|
pkgs:
|
|
{ name, index }:
|
|
|
|
pkgs.evalPackages.runCommandLocal "hackage-repo-${name}" { nativeBuildInputs = [ pkgs.evalPackages.nix ]; } ''
|
|
mkdir -p $out
|
|
export expires="4000-01-01T00:00:00Z"
|
|
|
|
ln -sf ${index} $out/01-index.tar.gz
|
|
export index_md5=$(nix-hash --flat --type md5 ${index})
|
|
export index_sha256=$(nix-hash --flat --type sha256 ${index})
|
|
${
|
|
# When possible check the hash we calculate here against the `outputHash`
|
|
# of the index derivation (when the `extra-hackages` feature is used the index
|
|
# may not have an outputHash).
|
|
pkgs.lib.optionalString (index ? outputHash) ''
|
|
if [[ "${index.outputHash}" != "$index_sha256" ]]; then
|
|
echo "ERROR See https://github.com/input-output-hk/haskell.nix/issues/884"
|
|
exit 0
|
|
fi
|
|
''}
|
|
export index_length=$(stat --printf="%s" ${index})
|
|
|
|
substituteAll ${./root.json} $out/root.json
|
|
export root_md5=$(nix-hash --flat --type md5 $out/root.json)
|
|
export root_sha256=$(nix-hash --flat --type sha256 $out/root.json)
|
|
export root_length=$(stat --printf="%s" $out/root.json)
|
|
|
|
substituteAll ${./mirrors.json} $out/mirrors.json
|
|
export mirrors_md5=$(nix-hash --flat --type md5 $out/mirrors.json)
|
|
export mirrors_sha256=$(nix-hash --flat --type sha256 $out/mirrors.json)
|
|
export mirrors_length=$(stat --printf="%s" $out/mirrors.json)
|
|
|
|
substituteAll ${./snapshot.json} $out/snapshot.json
|
|
export snapshot_md5=$(nix-hash --flat --type md5 $out/snapshot.json)
|
|
export snapshot_sha256=$(nix-hash --flat --type sha256 $out/snapshot.json)
|
|
export snapshot_length=$(stat --printf="%s" $out/snapshot.json)
|
|
|
|
substituteAll ${./timestamp.json} $out/timestamp.json
|
|
''
|