| 4 Jul 2023 |
 Lily Foster | The yarn lockfile format is custom cancer | 08:42:54 |
 @janne.hess:helsinki-systems.de | the v2 is a lot better, that's proper yaml | 08:43:04 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
Parsing the lock is actually very easy, resolving the resolution to a usable URL is absolutely not Also this | 08:43:06 |
| @janne.hess:helsinki-systems.de | but it doesn't have a URL | 08:43:09 |
| Lily Foster | Oh really đź’€ | 08:43:20 |
| Lily Foster | I hadn't looked at the yarn-berry stuff yet. It's just been on my todo list | 08:43:37 |
| @janne.hess:helsinki-systems.de | In reply to @janne.hess:helsinki-systems.de
but it doesn't have a URL
reference: 'npm:2.0.4'
| 08:44:39 |
| Lily Foster | I more or less expect to get to it after the current in-progress PRs are dealt with on the node project board on github, and after npmCheckHook and buildYarnPackage are merged too | 08:45:30 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
reference: 'npm:2.0.4'
Yeah, was worried they'd have done that. The references are unfortunate because they're entirely dependent on the locally configured registry (reminds me of another registry we have.... âť„) | 08:46:36 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
reference: 'npm:2.0.4'
They still have integrity hashes at least, right? | 08:47:30 |
| @janne.hess:helsinki-systems.de | Say - instead of parsing the lock, couldn't I just:
echo 'yarn-offline-mirror "./yarn-offline-mirror"' >> .yarn.conf
yarn install
nix-store --add ./yarn-offline-mirror
or something like this?
| 08:47:42 |
| @janne.hess:helsinki-systems.de | In reply to @lily:lily.flowers
They still have integrity hashes at least, right? There is a checksum field which looks like a sha512 hash | 08:48:22 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
Say - instead of parsing the lock, couldn't I just:
echo 'yarn-offline-mirror "./yarn-offline-mirror"' >> .yarn.conf
yarn install
nix-store --add ./yarn-offline-mirror
or something like this?
Possibly. The thing is I know they removed --offline with v2 so we gotta make sure we can still prevent it from needing anything online | 08:48:55 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
There is a checksum field which looks like a sha512 hash Is it sri or just bare sha512? | 08:49:12 |
| @janne.hess:helsinki-systems.de | In reply to @lily:lily.flowers
Is it sri or just bare sha512?
checksum: d415fb2f063a024e2d382e8dc5e66929d0d9bf94f2c22e03cde201dc2fa03e15d21274dbe5c23a26ce016a4cac3db93ad99fb454de76fd94bc1600fd7062eebe
| 08:49:21 |
| @janne.hess:helsinki-systems.de | In reply to @lily:lily.flowers
Possibly. The thing is I know they removed --offline with v2 so we gotta make sure we can still prevent it from needing anything online I will try. 5 lines of bash is probably a lot easier than having custom node code that parses 2 different lock files ;) | 08:49:41 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
I will try. 5 lines of bash is probably a lot easier than having custom node code that parses 2 different lock files ;) Oh you mean for fetching. I'm not sure if lockfile fixup is still required for git deps for yarn berry or not. It was for yarn1 and so needed a custom fetcher | 08:50:41 |
| @janne.hess:helsinki-systems.de | In reply to @lily:lily.flowers
Oh you mean for fetching. I'm not sure if lockfile fixup is still required for git deps for yarn berry or not. It was for yarn1 and so needed a custom fetcher No I mean for generating the hash for fetchYarnDeps | 08:51:14 |
| Lily Foster | If lockfile fixup is not needed and their cache format is reproducible, sure that could maybe work | 08:51:29 |
| @janne.hess:helsinki-systems.de | In reply to @janne.hess:helsinki-systems.de
No I mean for generating the hash for fetchYarnDeps Ah both actually… | 08:51:53 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
No I mean for generating the hash for fetchYarnDeps No fetchYarnDeps is not the same cache format technically | 08:51:56 |
| Lily Foster | If you're trying to get something specific working, there is a yarn v2+ to yarn v1 lockfile rewriter in nixpkgs that some packages have used | 08:53:05 |
| @janne.hess:helsinki-systems.de | In reply to @lily:lily.flowers
If you're trying to get something specific working, there is a yarn v2+ to yarn v1 lockfile rewriter in nixpkgs that some packages have used That's possible? đź‘€ | 08:53:19 |
| Lily Foster | I thought it was. I may be misremembering?
(If it is though, it might be easier if yarn berry turns out to be a lot of trouble to create new tooling for atm) | 08:54:09 |
| @janne.hess:helsinki-systems.de | So good news: a yarn offline cache appears to be reproducible | 10:56:58 |
| @janne.hess:helsinki-systems.de | offlineCache = stdenvNoCC.mkDerivation {
name = "cal.com-${version}-offline-cache";
inherit src;
nativeBuildInputs = [ yarn ];
HOME = "/build";
buildPhase = ''
yarn config set enableTelemetry 0
yarn config set cacheFolder $out
yarn
'';
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "sha256-w/nwiMntMsi+G55iZF9QwdA7ZFe/XOtA19AUqboLFWA=";
};
| 10:57:05 |
| @janne.hess:helsinki-systems.de | (we will see if this also builds in a couple of months…) | 10:57:39 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
(we will see if this also builds in a couple of months…) Wait this would still be yarn v1 right? We don't have yarn-berry in nixpkgs yet I thought | 11:02:39 |
| Lily Foster | (Oops meant to set that as a reply to the other message) | 11:02:55 |
| Lily Foster | * (Oops, meant to set that as a reply to the other message) | 11:03:03 |
