| 29 Mar 2023 |
 ma27 | that won't be doable in nixpkgs then, tl;dr for why we use e.g. pkgs.fetchgit rather than builtins.fetchgit: https://discourse.nixos.org/t/replace-nixpkgs-fetchers-with-nix-builtins-fetchers/26106 | 08:14:37 |
| ma27 | In reply to @tgerbet:matrix.org
If I remember correctly no, Composer does not set shasum for "Git" packages (even if it uses the GitHub API to download the package...) oof, I looked at the wrong key, namely content and not shasum... good morning ma27 (and sorry for the confusion!) 🙃 | 08:15:52 |
| ma27 | unless we manage to sneak this into composer somehow I doubt that it'll be feasible (as it is with Rust for instance) | 08:18:13 |
|  Pol changed their profile picture. | 08:34:02 |
| Pol | Catching up the backlog, got in a meeting. Reading your messages. | 08:37:31 |
| Pol | In reply to @philipp:xndr.de
Is there an example of it's usage in nixpkgs somewhere? here? https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/typesetting/typst/default.nix | 08:38:56 |
| Pol | In reply to @tgerbet:matrix.org
I do not think it's possible, we do not always have the shasum in the composer lockfile We can ask Jordi to add it :) | 08:39:18 |
 tgerbet | Hum yes but it would take a while to propagate to the whole ecosystem and it is likely on purpose. You do not get the same content if you --prefer-dist or --prefer-source | 08:41:28 |
| Pol | Ah ?! | 08:42:23 |
 philipp | Oh, it's even documented! https://nixos.org/manual/nixpkgs/stable/#rust They seem to have the same problem with git hashes and solve it by providing them in the call tho cargoLock. | 08:42:53 |
| Pol | Therefore, buildRustPackage also supports vendoring dependencies directly from a Cargo.lock file using the cargoLock argument. This will retrieve the dependencies using fixed-output derivations from the specified lockfile. | 08:45:02 |
| Pol | We should do that for PHP :) | 08:45:10 |
| philipp | * Oh, it's even documented! https://nixos.org/manual/nixpkgs/stable/#rust They seem to have the same problem with git hashes and solve it by providing them in the call to cargoLock. | 08:48:40 |
| tgerbet | In reply to @drupol:matrix.org
Ah ?! Yes, when using prefer-dist Composer will try to get the tarball directly from GH/GL/whatever which will use the export-ignorethat the dep might have set in .gitattributes. When using prefer-source it will do a git clone directly | 08:50:17 |
| Pol | In reply to @tgerbet:matrix.org
Yes, when using prefer-dist Composer will try to get the tarball directly from GH/GL/whatever which will use the export-ignorethat the dep might have set in .gitattributes. When using prefer-source it will do a git clone directly We could imagine to have rules. If we want to have Nix to build a PHP library or app, the composer.json must have been built using --prefer-source (or whatever). Since this lock file must be in Nix, it's fine. | 08:51:42 |
| Pol | See here, the Cargo.lock is inside nixpkgs: https://github.com/NixOS/nixpkgs/tree/master/pkgs/tools/typesetting/typst | 08:52:18 |
| Pol | I had a meeting with Dan Leech this morning, he needed some help with Nix. I told him about the deprecations I had when using phpbench with php81. He told me he's going to bump the proper dependency and do a new release today.
I'm going to set my PR in draft until there. | 08:53:30 |
| Pol | (Dan Leech is the author of PHPBench) | 08:54:41 |
| tgerbet | Yes but that means that during lockfile generation Composer will always be forced to get the dist tarball, unpack it and then compute the checksum to put it in the lockfile
I'm not sure Composer will be willing to always do that due to the performance implication and that you are more likely to reach the rate limits of the platform | 09:56:06 |
| philipp | tgerbet: What about doing it like the cargo implementation and adding the missing hashes to the nix file? | 09:57:49 |
| tgerbet | In our case it would like be all/the majority of the deps so at this point it is not really different than what composer2nix does 😄 | 09:59:07 |
| 3 Apr 2023 |
| Pol | Can we move on with this issue? https://github.com/NixOS/nixpkgs/pull/221845 | 06:45:03 |
| Pol | There's also this issue: https://github.com/NixOS/nixpkgs/issues/224457 I guess there is nothing to mention on our side? | 13:21:57 |
| Pol | It would be nice to have that PR though https://github.com/NixOS/nixpkgs/pull/221845 ! | 13:22:11 |
| tgerbet | In reply to @drupol:matrix.org
There's also this issue: https://github.com/NixOS/nixpkgs/issues/224457 I guess there is nothing to mention on our side? Maybe we could switch the default php to 8.2 and we need to drop 8.0 because it will be outside the security support window upstream before 23.05 | 13:38:25 |
| Pol | 
Download image.png | 13:40:09 |
| Pol | The current version is 8.1. Let me check the EOL | 13:40:22 |
| Pol | https://www.php.net/supported-versions.php | 13:40:37 |
| Pol | Until 25 Nov 2023(in 7 months) | 13:41:14 |
| Pol | Should we switch to 8.2 ? I don't know. | 13:41:22 |
