| 25 Dec 2024 |
 π° xiaoxiangmoe | Here | 16:02:45 |
| π° xiaoxiangmoe | * Here is my pkg definition | 16:02:56 |
| π° xiaoxiangmoe | * Here is my pkg definition
{
buildGoModule,
fetchFromGitHub,
lib,
nix-update-script,
}:
buildGoModule rec {
pname = "lipo-go";
version = "0.9.3";
src = fetchFromGitHub {
owner = "konoui";
repo = "lipo";
rev = "b7b34565565e3cde8037d1b5ee95dd2bb3579ef1";
# tag = "v${version}";
hash = "sha256-mDx1kQ5FzM4b/1LWccRbaGAt68ez4Bs+7N04aQUUaQg=";
};
env = {
GIT_VERSION = version;
GIT_REVISION = "b7b34565565e3cde8037d1b5ee95dd2bb3579ef1";
};
passthru.updateScript = nix-update-script { };
vendorHash = "sha256-7M6CRxJd4fgYQLJDkNa3ds3f7jOp3dyloOZtwMtCBQk=";
postPatch = ''
# remove the test that requires access permit to /bin
sed -i '/bin := filepath.Join/a info, err := os.Stat(bin);if err != nil || info.Mode().Perm()&0444 != 0444 { continue }' pkg/lipo/archs_test.go
'';
buildPhase = ''
make build VERSION=$GIT_VERSION REVISION=$GIT_REVISION BINARY=$out/bin/lipo
'';
meta = {
description = "This lipo is designed to be compatible with macOS lipo, written in golang.";
homepage = "https://github.com/konoui/lipo";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ xiaoxiangmoe ];
};
}
| 16:03:07 |
 Perchun Pak [don't ping; dm instead] | it is much easier to just set GIT_REVISION to an empty string or a git tag. in case if you want to do it the perfect way, you can write your own update script which calls nix-update and then replaces the GIT_REVISION to the correct one | 18:23:55 |
| π° xiaoxiangmoe | I found a workaround for this
{
buildGoModule,
fetchFromGitHub,
lib,
nix-update-script,
}:
buildGoModule rec {
pname = "lipo-go";
version = "0.9.3";
src = fetchFromGitHub {
owner = "konoui";
repo = "lipo";
rev = "refs/tags/v${version}";
hash = "sha256-lZgOoN+oibo2h6bw5KHXuiwQvQecTQiqu400sGfaMi0=";
# populate values that require us to use git. By doing this in postFetch we
# can delete .git afterwards and maintain better reproducibility of the src.
leaveDotGit = true;
postFetch = ''
cd "$out"
git rev-parse --short HEAD > "$out/CI_COMMIT_SHORT_SHA"
find "$out" -name .git -print0 | xargs -0 rm -rf
'';
};
passthru.updateScript = nix-update-script { };
vendorHash = "sha256-7M6CRxJd4fgYQLJDkNa3ds3f7jOp3dyloOZtwMtCBQk=";
postPatch = ''
# remove the test that requires access permit to /bin
sed -i '/bin := filepath.Join/a info, err := os.Stat(bin);if err != nil || info.Mode().Perm()&0444 != 0444 { continue }' pkg/lipo/archs_test.go
'';
buildPhase = ''
make build VERSION=${version} REVISION=$(<CI_COMMIT_SHORT_SHA) BINARY=$out/bin/lipo
'';
meta = {
description = "This lipo is designed to be compatible with macOS lipo, written in golang.";
homepage = "https://github.com/konoui/lipo";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ xiaoxiangmoe ];
};
}
| 18:33:14 |
 K900 | Absolutely do not do that | 18:33:56 |
| K900 | leaveDotGit is not reproducible | 18:34:00 |
| K900 | And not consistent | 18:34:02 |
| π° xiaoxiangmoe | But I must get CI_COMMIT_SHORT_SHA for build | 18:34:24 |
| K900 | Get it from the update script then | 18:34:35 |
| π° xiaoxiangmoe | find "$out" -name .git -print0 | xargs -0 rm -rf
Will keep it reproducible
| 18:34:39 |
| K900 | Not guaranteed, technically | 18:35:09 |
| π° xiaoxiangmoe | Okay | 18:35:19 |
| π° xiaoxiangmoe | Maybe I should create a PR for fetchFromGitHub to support update both CI_COMMIT_SHA and version? | 18:36:57 |
| K900 | No, we should not be encouraging people to hardcode git revisions in random places | 18:39:47 |
| π° xiaoxiangmoe | How about this?
src = fetchFromGitHub {
owner = "konoui";
repo = "lipo";
tag = "v${version}";
rev = "4f0dadbf38ee4cf4cc38cbc232b7708fddf965bc";
hash = "sha256-lZgOoN+oibo2h6bw5KHXuiwQvQecTQiqu400sGfaMi0=";
}
| 18:41:27 |
| K900 | That is completely duplicate information | 18:41:58 |
| π° xiaoxiangmoe | tag may change | 18:42:18 |
| π° xiaoxiangmoe | rev is the only source of truth | 18:42:27 |
| K900 | Then you shouldn't provide the tag | 18:42:39 |
| π° xiaoxiangmoe | But the tag is needed for version | 18:42:58 |
| π° xiaoxiangmoe | nixpkg need version field | 18:43:06 |
| K900 | Look | 18:43:11 |
| K900 | We can't be making accommodations in nixpkgs for every stupid decision an upstream makes | 18:43:29 |
| π° xiaoxiangmoe | Okay | 18:43:50 |
| π° xiaoxiangmoe | Also, builtins.fetchGit { url= "https://github.com/konoui/lipo.git"; } can provide lastModified, lastModifiedDate, rev, shortRev attr | 18:47:52 |
| π° xiaoxiangmoe | Should fetchFromGitHub also provide this? | 18:48:04 |
| π° xiaoxiangmoe | nix-repl> builtins.fetchGit { url= "https://github.com/konoui/lipo.git"; }
copying '«git+https://github.com/konoui/lipo.git?exportIgnore=1&ref=refs/heads/main&rev=d405c7e62772120bf98ea326b26799bde8d5a128»«unkn{
lastModified = 1735092575;
lastModifiedDate = "20241225020935";
narHash = "sha256-T4V6VDjwMJ1/uopxbotrCgjNkG8lc3ecYKWRjqT3GnU=";
outPath = "/nix/store/na175bylllrcnn0yq8irfj9q7w3xhh2k-source";
rev = "d405c7e62772120bf98ea326b26799bde8d5a128";
revCount = 134;
shortRev = "d405c7e";
submodules = false;
}
| 18:48:28 |
 linj | In reply to @k900:0upti.me
Not guaranteed, technically I am curious why removing .git does not guarante reproducibility. Could you elaborate? | 18:52:23 |
| π° xiaoxiangmoe | Also, I'm curious whether passthru.updateScript will work for unfree apps or not. I found passthru.tests will not run in nixpkgs ci for unfree apps. | 18:57:23 |
