take a look at: maintainers/scripts/update-dotnet-lockfiles.nix

It abuses update.nix to find packages that have fetch-deps. It's probably not perfect (e.g. I know godot3-mono uses make-deps for some reason).

In reply to@gggkiller:matrix.org
man, I wish there was an easy way to list all packages that use buildDotnetModule in nixpkgs

Sort of a tangent, but I've taken to running fetch-deps (and update scripts) in firejail, out of paranoia, since it's not sandboxed. I couldn't think of a way to take advantage of the nix sandbox to do it...

NIX_PATH= firejail --private-tmp --whitelist=$PWD --protocol=netlink nix-shell --pure ./maintainers/scripts/update-dotnet-lockfiles.nix --argstr keep-going true

In reply to @corngood:corngood.com
I don't think we should be using binary packages from nuget.org at all, which means nixpkgs would have to know how to build everything from source.

--protocol=netlink being only required for msbuild.fetch-deps afaict, due to some ridiculous old dotnet thing

even more so since fetch-deps runs the packages' code, it might have untrusted code running

Yeah, if I'm regenerating all lockfiles, or doing mass updates, that's a lot of peoples code being run. Lots of new packages going in without any real audits.

Could end up bad either through malice or accident.

In reply to @gggkiller:matrix.org
technically contributors should've audited it before adding all of that to nixpkgs, but you can never be too safe

Yeah, that part of the dotnet ecosystem is a mess. Actual build recipes would be the dream.

My favourite recent example was finding Avalonia.BuildServices, which is on nuget.org, but they don't even release the source for it. :|

https://github.com/AvaloniaUI/Avalonia/discussions/16878

I don't know how relevant this is, but the thing that comes to mind is how we patch the dll imports in the source-built version of avalonia:

          substituteInPlace src/Avalonia.X11/ICELib.cs \
            --replace-fail '"libICE.so.6"' '"${lib.getLib libICE}/lib/libICE.so.6"'
          substituteInPlace src/Avalonia.X11/SMLib.cs \
            --replace-fail '"libSM.so.6"' '"${lib.getLib libSM}/lib/libSM.so.6"'
          substituteInPlace src/Avalonia.X11/XLib.cs \
            --replace-fail '"libX11.so.6"' '"${lib.getLib libX11}/lib/libX11.so.6"' \
            --replace-fail '"libXrandr.so.2"' '"${lib.getLib libXrandr}/lib/libXrandr.so.2"' \
            --replace-fail '"libXext.so.6"' '"${lib.getLib libXext}/lib/libXext.so.6"' \
            --replace-fail '"libXi.so.6"' '"${lib.getLib libXi}/lib/libXi.so.6"' \
            --replace-fail '"libXcursor.so.1"' '"${lib.getLib libXcursor}/lib/libXcursor.so.1"'