rustPlatform.fetchCargo: handle custom Cargo.lock patchfiles with validation

Previously, we would asssert that the lockfiles are consistent during the unpackPhase, but if the pkg has a patch for the lockfile itself then we must wait until the patchPhase is complete to check. This also removes an implicity dependency on the src attribute coming from `fetchzip` / `fetchFromGitHub`, which happens to name the source directory "source". Now we glob for it, so different fetchers will work consistently.
4 years ago · ad30a30488
parent 71d5e1595c
commit ad30a30488
6 changed files with 1092 additions and 23 deletions
--- a/doc/languages-frameworks/rust.section.md
+++ b/doc/languages-frameworks/rust.section.md
@ -53,10 +53,12 @@ all crate sources of this package. Currently it is obtained by inserting a
 fake checksum into the expression and building the package once. The correct
 checksum can be then take from the failed build.

-When the `Cargo.lock`, provided by upstream, is not in sync with the
-`Cargo.toml`, it is possible to use `cargoPatches` to update it. All patches
-added in `cargoPatches` will also be prepended to the patches in `patches` at
-build-time.
+Per the instructions in the [Cargo Book](https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html)
+best practices guide, Rust applications should always commit the `Cargo.lock`
+file in git to ensure a reproducible build. However, a few packages do not, and
+Nix depends on this file, so if it missing you can use `cargoPatches` to apply
+it in the `patchPhase`. Consider sending a PR upstream with a note to the
+maintainer describing why it's important to include in the application.

 Unless `legacyCargoFetcher` is set to `true`, the fetcher will also verify that
 the `Cargo.lock` file is in sync with the `src` attribute, and will compress the
--- a/pkgs/applications/science/misc/rink/default.nix
+++ b/pkgs/applications/science/misc/rink/default.nix
@ -10,12 +10,11 @@ rustPlatform.buildRustPackage rec {
    rev = "v${version}";
    sha256 = "0vl996y58a9b62d8sqrpfn2h8qkya7qbg5zqsmy7nxhph1vhbspj";
  };
-  cargoPatches = [ ./cargo-lock.patch ];

-  # Delete this on next update; see #79975 for details
-  legacyCargoFetcher = true;
+  # Upstreamed in https://github.com/tiffany352/rink-rs/pull/53
+  cargoPatches = [ ./cargo-lock.patch ];

-  cargoSha256 = "0q2g1hkqyzq9lsas4fhsbpk3jn5hikchh6i1jf9c08ca2xm136c2";
+  cargoSha256 = "0shlh0m9k0iqxpv9zmiw7a6v197swrvpz9x6qzhximzkdwni9gz9";

  buildInputs = [ pkgconfig ];
  propagatedBuildInputs = [ openssl gmp ncurses ];
--- a/pkgs/applications/virtualization/crosvm/default.nix
+++ b/pkgs/applications/virtualization/crosvm/default.nix
@ -53,10 +53,7 @@ in
      ./default-seccomp-policy-dir.diff
    ];

-  # Delete this on next update; see #79975 for details
-  legacyCargoFetcher = true;
-
-    cargoSha256 = "1d7y07wkliy5qnlyx5zj6ni39avhs3s48sqgvwxm5g5zrahg2a85";
+    cargoSha256 = "1s9nfgfqk140hg08i0xzylnrgrx84dqss0vnvhxnydwy9q03nk7r";

    nativeBuildInputs = [ pkgconfig ];

--- a/pkgs/applications/virtualization/railcar/default.nix
+++ b/pkgs/applications/virtualization/railcar/default.nix
@ -11,15 +11,11 @@ rustPlatform.buildRustPackage rec {
    sha256 = "09zn160qxd7760ii6rs5nhr00qmaz49x1plclscznxh9hinyjyh9";
  };

-  # Delete this on next update; see #79975 for details
-  legacyCargoFetcher = true;
-
-  cargoSha256 = "1k4y37x783fsd8li17k56vlx5ziwmrz167a0w5mcb9sgyd2kc19a";
-
-  buildInputs = [ libseccomp ];
-
  # Submitted upstream https://github.com/oracle/railcar/pull/44
  cargoPatches = [ ./cargo-lock.patch ];
+  cargoSha256 = "10qxkxpdprl2rcgy52s3q5gyg3i75qmx68rpl7cx1bgjzppfn9c3";
+
+  buildInputs = [ libseccomp ];

  meta = with lib; {
    description = "Rust implementation of the Open Containers Initiative oci-runtime";
--- a/pkgs/build-support/rust/default.nix
+++ b/pkgs/build-support/rust/default.nix
@ -114,15 +114,37 @@ stdenv.mkDerivation (filteredArgs // {
    EOF

    export RUST_LOG=${logLevel}
-  '' + stdenv.lib.optionalString validateCargoDeps ''
-    if ! diff source/Cargo.lock $cargoDepsCopy/Cargo.lock ; then
+  '' + (args.postUnpack or "");
+
+  # After unpacking and applying patches, check that the Cargo.lock matches our
+  # src package. Note that we do this after the patchPhase, because the
+  # patchPhase may create the Cargo.lock if upstream has not shipped one.
+  postPatch = (args.postPatch or "") + stdenv.lib.optionalString validateCargoDeps ''
+    cargoDepsLockfile=$NIX_BUILD_TOP/$cargoDepsCopy/Cargo.lock
+    srcLockfile=$NIX_BUILD_TOP/$sourceRoot/Cargo.lock
+
+    echo "Validating consistency between $srcLockfile and $cargoDepsLockfile"
+    if ! diff $srcLockfile $cargoDepsLockfile; then
+
+      # If the diff failed, first double-check that the file exists, so we can
+      # give a friendlier error msg.
+      if ! [ -e $srcLockfile ]; then
+        echo "ERROR: Missing Cargo.lock from src. Expected to find it at: $srcLockfile"
+        exit 1
+      fi
+
+      if ! [ -e $cargoDepsLockfile ]; then
+        echo "ERROR: Missing lockfile from cargo vendor. Expected to find it at: $cargoDepsLockfile"
+        exit 1
+      fi
+
      echo
      echo "ERROR: cargoSha256 is out of date"
      echo
      echo "Cargo.lock is not the same in $cargoDepsCopy"
      echo
      echo "To fix the issue:"
-      echo '1. Use "1111111111111111111111111111111111111111111111111111" as the cargoSha256 value'
+      echo '1. Use "0000000000000000000000000000000000000000000000000000" as the cargoSha256 value'
      echo "2. Build the derivation and wait it to fail with a hash mismatch"
      echo "3. Copy the 'got: sha256:' value back into the cargoSha256 field"
      echo
@ -131,7 +153,7 @@ stdenv.mkDerivation (filteredArgs // {
    fi
  '' + ''
    unset cargoDepsCopy
-  '' + (args.postUnpack or "");
+  '';

  configurePhase = args.configurePhase or ''
    runHook preConfigure
--- a/pkgs/development/tools/rust/cargo-make/cargo.patch
+++ b/pkgs/development/tools/rust/cargo-make/cargo.patch