buildGoModule: support impure modules (#76532)

When modSha256 is null, disable the nix sandbox instead of using a fixed-output derivation. This requires the nix-daemon to have `sandbox = relaxed` set in their config to work properly. Because the output is (hopefully) deterministic based on the inputs, this should give a reproducible output. This is useful for development outside of nixpkgs where re-generating the modSha256 on each mod.sum changes is cumbersome. Don't use this in nixpkgs! This is why null is not the default value.
2024-11-20 00:53:12 +03:00 · 2019-12-28 20:36:42 +00:00 · 2019-12-28 20:36:42 +00:00 · f373ecec8f
commit f373ecec8f
parent 596fa28448
2 changed files with 23 additions and 4 deletions
--- a/doc/languages-frameworks/go.xml
+++ b/doc/languages-frameworks/go.xml
@ -66,6 +66,15 @@ pet = buildGoModule rec {
    </callout>
   </calloutlist>
  </para>
+
+  <para>
+    <varname>modSha256</varname> can also take <varname>null</varname> as an input.
+
+    When `null` is used as a value, the derivation won't be a
+    fixed-output derivation but disable the build sandbox instead. This can be useful outside
+    of nixpkgs where re-generating the modSha256 on each mod.sum changes is cumbersome,
+    but will fail to build by Hydra, as builds with a disabled sandbox are discouraged.
+  </para>
 </section>

 <section xml:id="ssec-go-legacy">
--- a/pkgs/development/go-modules/generic/default.nix
+++ b/pkgs/development/go-modules/generic/default.nix
@ -14,6 +14,10 @@
 , modRoot ? "./"

 # modSha256 is the sha256 of the vendored dependencies
+#
+# CAUTION: if `null` is used as a value, the derivation won't be a
+# fixed-output derivation but disable the build sandbox instead. Don't use
+# this in nixpkgs as Hydra won't build those packages.
 , modSha256

 # We want parallel builds by default
@ -84,10 +88,16 @@ let
    '';

    dontFixup = true;
-    outputHashMode = "recursive";
-    outputHashAlgo = "sha256";
-    outputHash = modSha256;
-  }; in modArgs // overrideModAttrs modArgs);
+  }; in modArgs // (
+    if modSha256 == null then
+      { __noChroot = true; }
+    else
+      {
+        outputHashMode = "recursive";
+        outputHashAlgo = "sha256";
+        outputHash = modSha256;
+      }
+  ) // overrideModAttrs modArgs);

  package = go.stdenv.mkDerivation (args // {
    nativeBuildInputs = [ removeReferencesTo go ] ++ nativeBuildInputs;