nvfetcher
nvfetcher copied to clipboard
berberman
Feature Request: buildGoModule Support
Hi :wave:
buildGoModule requires a vendorSha256 field to be built. I was wondering if this could be supported by nvfetcher like it is for Rust?
Thanks!
The vendorSha256 in buildGoModule is output hash of an intermediate drv, and it seems that there's no way to calculate it before actually building the package: https://discourse.nixos.org/t/buildgomodule-how-to-get-vendorsha256/9317. This is different from the situation of rust packages -- everything can be calculated from Cargo.lock without building the drv.
I'm not familiar with this project's code, but can't we run this nix-prefetch to get the vendorSha256?
nix-prefetch '{ sha256 }: golangci-lint.go-modules.overrideAttrs (_: { modSha256 = sha256; })'
Where golangci-lint is the name of the package? Of course this would not work for local packages as it stands :thinking:
but can't we run this nix-prefetch to get the vendorSha256?
No, because nvfetcher runs before we have the derivation, whereas using nix-prefetch like that requires the derivation.
vendorSha256 can be computed (or built) from go.sum alone, just like with Cargo.lock, however the process is harder due the the obscure tree hashing scheme of go modules. A somehow working example can be found here: https://gist.github.com/NickCao/e2135fae47b31798c5d03cae1d242cb3
To make the situation worse, go.sum generated by go pre 1.16 and go 1.17 differs slightly and is generally incompatible.
With the introduction of impure derivations in recent versions of nix, the approach in https://gist.github.com/NickCao/e2135fae47b31798c5d03cae1d242cb3 is now feasible (without considering pouring tens of thousands of derivations into your nix store).
In some cases you can pass null to vendorSha256 to use vendored dependencies from your source repo. There is also the legacy buildGoPackage, which requires goDeps generated with go2nix
