* Source vendoring is passed as a standalone attribute to
`mkCargoDerivation`, meaning it does not automagically get spliced
with the correct local/cross system inputs (i.e. what would happen if
it was a `depsBuildBuild` entry)
* To fix this we need to make sure that `vendorCargoDeps` and all of its
transitive dependencies always use `runCommand` (and friends) from
their `pkgsBuildBuild` equivalent. This should always be safe to do
(even for cross-builds) since this amounts to building up a bunch of
sources which will be read by the build system
* Unfortunately I had to manually specify `pkgsBuildBuild.whatever` in
multiple places as I could not get things to work by messing with the
`callPackage` definition. Perhaps we should be using
`makeScopeWithSplicing'` instead of `makeScope` when constructing the
library, but I couldn't get it working (and I couldn't find any decent
docs on how to use it online) so this will make do for the time being.
This makes it possible to evaluate crane in a nixos test without network
as well as allow to backup all fetched input derivations properly in a
binary cache, whereas fetchGit will fallback to downloading from a
repository, which also requires a `git` binary to be present.
Co-authored-by: Ivan Petkov <ivanppetkov@gmail.com>
* When Nix fetches a git repo it will only look for the specified
revision only starting from the main branch (apparently fetching
arbitrary revisions from a repository has some security implications)
* If a ref (i.e. branch or tag) is not specified, Nix will only fetch
the repo's main branch
* To remedy this we will supply Nix with the branch or tag (if specified
in the Cargo.lock) to help it find the specified revision
* If cargo does not specify a branch or tag for us, we'll set `allRefs =
true` so that Nix can try fetching all possible branches and tags
before trying to check out the locked revision
