| 17 Jan 2024 |
 @kstiehl:matrix.numericas.de | In reply to @lily:lily.flowers
ah, can you share your updated derivation too? i'll try to look sometime today if no one else is able to help before i'm at my computer again Lily Foster: hi did you find the time to have a look? If not that's fine too. Just want to know whether i should keep my hopes up😅 | 16:28:07 |
 h7x4 | Hello. I'm having some trouble with the lockfile fixup stage of npm-config-hook
One of the dependencies are listed as git+https://git.sr.ht/~cadence/nodejs-discord-markdown#abc56d544072a1dc5624adfea455b0e902adf7b3, which successfully gets rewritten to https://git.sr.ht/~cadence/nodejs-discord-markdown/archive/abc56d544072a1dc5624adfea455b0e902adf7b3.tar.gz during the cache creation stage, and written to package.metadata.url. But during the lockfile fixup it can't retrieve the hash, seemingly because it tries to match up the first untouched URL with the second rewritten one.
Since we're doing this kind of rewriting for all kinds of URLs, I'm wondering whether I've misunderstood something? Is there some kind of mechanism in place for the other URLs to ensure we're able to look them up from the cache after rewriting their URLs?
| 19:08:56 |
 Dandellion | For added context this is the same package as we previously talked about in https://matrix.to/#/!NhAsaYbbgmzHtXTPQJ:funklause.de/$dTuHZBRPJkPGn0WSjuBWwhnp1IiEt9yqDbkCA7uXXpU?via=nixos.org&via=matrix.org&via=nixos.dev | 19:19:12 |
 Lily Foster | In reply to @kstiehl:matrix.numericas.de
Lily Foster: hi did you find the time to have a look? If not that's fine too. Just want to know whether i should keep my hopes up😅 i've not had time, sorry :( | 23:15:48 |
| Lily Foster | In reply to @h7x4:nani.wtf
Hello. I'm having some trouble with the lockfile fixup stage of npm-config-hook
One of the dependencies are listed as git+https://git.sr.ht/~cadence/nodejs-discord-markdown#abc56d544072a1dc5624adfea455b0e902adf7b3, which successfully gets rewritten to https://git.sr.ht/~cadence/nodejs-discord-markdown/archive/abc56d544072a1dc5624adfea455b0e902adf7b3.tar.gz during the cache creation stage, and written to package.metadata.url. But during the lockfile fixup it can't retrieve the hash, seemingly because it tries to match up the first untouched URL with the second rewritten one.
Since we're doing this kind of rewriting for all kinds of URLs, I'm wondering whether I've misunderstood something? Is there some kind of mechanism in place for the other URLs to ensure we're able to look them up from the cache after rewriting their URLs?
it's a bug. i've found it and am about to submit a PR in a few | 23:19:03 |
| Lily Foster | err wait, no maybe i haven't found the bug. that didn't work. give me a few | 23:20:45 |
| h7x4 | No worries 😄 Ping me if you'd like the package file with the current failing setup. | 23:23:45 |
| Lily Foster | In reply to @h7x4:nani.wtf
No worries 😄 Ping me if you'd like the package file with the current failing setup. sure, i made my own super quickly but that would probably help too | 23:25:48 |
| Lily Foster | i'm starting to wonder if this is just an npm bug? at least in my reproducer, it has nothing to do with lockfile fixup afaict | 23:30:04 |
| Lily Foster | npm says "tarball data seems to be corrupted" even though hash matches and the tarball seems valid 🤔 | 23:30:38 |
| h7x4 | I've bundled a patch, likely introducing IFD, but good enough for testing.
{ lib
, buildNpmPackage
, fetchNpmDeps
, fetchFromGitea
, git
, cacert
, writeText
}:
# Smaller version of the problem
# fetchNpmDeps {
# name = "out-of-your-element-deps";
# src = fetchFromGitea {
# domain = "gitdab.com";
# owner = "cadence";
# repo = "out-of-your-element";
# rev = "v1.3";
# hash = "sha256-dLDm3xOMoprkGU7D9IFX1hjMfCR3YjVgXb3c5IEuUTQ";
# };
# patches = [ ./add-discord-markdown-dep-integrity.patch ];
# npmDepsHash = "sha256-k2MeejRWteIzY1Q+iNLCLDLnE1z9+cBaAGYAIlQHa/4=";
# };
buildNpmPackage rec {
pname = "out-of-your-element";
version = "1.3";
src = fetchFromGitea {
domain = "gitdab.com";
owner = "cadence";
repo = "out-of-your-element";
rev = "v${version}";
hash = "sha256-dLDm3xOMoprkGU7D9IFX1hjMfCR3YjVgXb3c5IEuUTQ";
};
patches = [ (writeText "add-discord-markdown-dep-integrity.patch" ''
diff --git i/package-lock.json w/package-lock.json
index 3847ee1..79a3ac0 100644
--- i/package-lock.json
+++ w/package-lock.json
@@ -1060,6 +1060,7 @@
"node_modules/discord-markdown": {
"version": "2.4.1",
"resolved": "git+https://git.sr.ht/~cadence/nodejs-discord-markdown#abc56d544072a1dc5624adfea455b0e902adf7b3",
+ "integrity": "sha512-mPjPXXNgL3prKagvj/guOzAEMcJdcr6S95u7MRlYZvsgeUiacQDQatYrJgYAf53vJw+U0JvEPUwRHZY02oX1og==",
"license": "MIT",
"dependencies": {
"simple-markdown": "^0.7.2"
'') ];
dontNpmBuild = true;
npmDepsHash = "sha256-fPTFyX2GYSdMeIzVKXBacZxhTTj8fvlMFEGOxN0/cm8=";
meta = with lib; {
homepage = "https://gitdab.com/cadence/out-of-your-element";
description = "Modern Matrix-to-Discord appservice bridge";
changelog = "https://gitdab.com/cadence/out-of-your-element/releases/tag/${src.rev}";
license = licenses.agpl3Plus;
mainProgram = "start.js";
};
}
| 23:34:11 |
