* Source vendoring is passed as a standalone attribute to
`mkCargoDerivation`, meaning it does not automagically get spliced
with the correct local/cross system inputs (i.e. what would happen if
it was a `depsBuildBuild` entry)
* To fix this we need to make sure that `vendorCargoDeps` and all of its
transitive dependencies always use `runCommand` (and friends) from
their `pkgsBuildBuild` equivalent. This should always be safe to do
(even for cross-builds) since this amounts to building up a bunch of
sources which will be read by the build system
* Unfortunately I had to manually specify `pkgsBuildBuild.whatever` in
multiple places as I could not get things to work by messing with the
`callPackage` definition. Perhaps we should be using
`makeScopeWithSplicing'` instead of `makeScope` when constructing the
library, but I couldn't get it working (and I couldn't find any decent
docs on how to use it online) so this will make do for the time being.
This makes it possible to evaluate crane in a nixos test without network
as well as allow to backup all fetched input derivations properly in a
binary cache, whereas fetchGit will fallback to downloading from a
repository, which also requires a `git` binary to be present.
Co-authored-by: Ivan Petkov <ivanppetkov@gmail.com>
For example, commands which extract a tarball should be cached (i.e
should use `runCommand` not `runCommandLocal`) because it allows builds
to download the unpacked result instead of having to write both to the
store
Crates from git repos are vendored in a flattened directory where each crate shows up at the root of the vendor directory. Since the vendoring step effectively breaks workspace structures, any crates which use workspace inheritance (e.g. package.version.workspace = true will fail to resolve.
To work around this we inspect the crate's workspace manifest (if it exists) and attempt to manually merge the values while copying the contents to the vendor directory.
For example, the Cargo git repo contains multiple "case" Cargo.toml
files in the testsuite. Let's ignore them like what Cargo does [1].
Co-authored-by: Ivan Petkov <ivanppetkov@gmail.com>
* When Nix fetches a git repo it will only look for the specified
revision only starting from the main branch (apparently fetching
arbitrary revisions from a repository has some security implications)
* If a ref (i.e. branch or tag) is not specified, Nix will only fetch
the repo's main branch
* To remedy this we will supply Nix with the branch or tag (if specified
in the Cargo.lock) to help it find the specified revision
* If cargo does not specify a branch or tag for us, we'll set `allRefs =
true` so that Nix can try fetching all possible branches and tags
before trying to check out the locked revision
