nixpkgs-suyu/pkgs/build-support/go/module.nix
Doron Behar a82c8611ce
buildGoModule: don't inherit build hooks when building go-modules (#225349)
* buildGoModule: don't inherit postBuild hook when building go-modules

This is a slight revert of 5ce647b8bf
(#212800).

Inheriting these hooks in the `.go-modules` derivation can be confusing:
One doesn't expect them to run when generating the fixed output modules
derivation, but only on the main derivation. A `postBuild` hook that
adds some files to $out will cause a very hard to debug issue[1].

This commit adds support for a dedicated `modPostBuild` hook that will
be used only by the derivation building `.go-modules`. Additionally,
`go.section.md` now explains these attributes behavior better.

[1]:
https://discourse.nixos.org/t/cant-update-a-go-package-getting-go-inconsistent-vendoring/27063/6

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2023-04-22 11:08:54 +10:00

328 lines
9.3 KiB
Nix

{ go, cacert, git, lib, stdenv }:
{ name ? "${args'.pname}-${args'.version}"
, src
, buildInputs ? []
, nativeBuildInputs ? []
, passthru ? {}
, patches ? []
# Go linker flags, passed to go via -ldflags
, ldflags ? []
# Go tags, passed to go via -tag
, tags ? []
# A function to override the go-modules derivation
, overrideModAttrs ? (_oldAttrs : {})
# path to go.mod and go.sum directory
, modRoot ? "./"
# vendorHash is the SRI hash of the vendored dependencies
#
# if vendorHash is null, then we won't fetch any dependencies and
# rely on the vendor folder within the source.
, vendorHash ? "_unset"
# same as vendorHash, but outputHashAlgo is hardcoded to sha256
# so regular base32 sha256 hashes work
, vendorSha256 ? "_unset"
# Whether to delete the vendor folder supplied with the source.
, deleteVendor ? false
# Whether to fetch (go mod download) and proxy the vendor directory.
# This is useful if your code depends on c code and go mod tidy does not
# include the needed sources to build or if any dependency has case-insensitive
# conflicts which will produce platform dependant `vendorHash` checksums.
, proxyVendor ? false
# We want parallel builds by default
, enableParallelBuilding ? true
# Do not enable this without good reason
# IE: programs coupled with the compiler
, allowGoReference ? false
, CGO_ENABLED ? go.CGO_ENABLED
, meta ? {}
# Not needed with buildGoModule
, goPackagePath ? ""
# needed for buildFlags{,Array} warning
, buildFlags ? ""
, buildFlagsArray ? ""
, ... }@args':
with builtins;
assert goPackagePath != "" -> throw "`goPackagePath` is not needed with `buildGoModule`";
assert (vendorSha256 == "_unset" && vendorHash == "_unset") -> throw "either `vendorHash` or `vendorSha256` is required";
assert (vendorSha256 != "_unset" && vendorHash != "_unset") -> throw "both `vendorHash` and `vendorSha256` set. only one can be set.";
let
hasAnyVendorHash = (vendorSha256 != null && vendorSha256 != "_unset") || (vendorHash != null && vendorHash != "_unset");
vendorHashType =
if hasAnyVendorHash then
if vendorSha256 != null && vendorSha256 != "_unset" then
"sha256"
else
"sri"
else
null;
args = removeAttrs args' [ "overrideModAttrs" "vendorSha256" "vendorHash" ];
go-modules = if hasAnyVendorHash then stdenv.mkDerivation (let modArgs = {
name = "${name}-go-modules";
nativeBuildInputs = (args.nativeBuildInputs or []) ++ [ go git cacert ];
inherit (args) src;
inherit (go) GOOS GOARCH;
# The following inheritence behavior is not trivial to expect, and some may
# argue it's not ideal. Changing it may break vendor hashes in Nixpkgs and
# out in the wild. In anycase, it's documented in:
# doc/languages-frameworks/go.section.md
prePatch = args.prePatch or "";
patches = args.patches or [];
patchFlags = args.patchFlags or [];
postPatch = args.postPatch or "";
preBuild = args.preBuild or "";
postBuild = args.modPostBuild or "";
sourceRoot = args.sourceRoot or "";
GO111MODULE = "on";
impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [
"GIT_PROXY_COMMAND" "SOCKS_SERVER" "GOPROXY"
];
configurePhase = args.modConfigurePhase or ''
runHook preConfigure
export GOCACHE=$TMPDIR/go-cache
export GOPATH="$TMPDIR/go"
cd "${modRoot}"
runHook postConfigure
'';
buildPhase = args.modBuildPhase or (''
runHook preBuild
'' + lib.optionalString deleteVendor ''
if [ ! -d vendor ]; then
echo "vendor folder does not exist, 'deleteVendor' is not needed"
exit 10
else
rm -rf vendor
fi
'' + ''
if [ -d vendor ]; then
echo "vendor folder exists, please set 'vendorHash = null;' or 'vendorSha256 = null;' in your expression"
exit 10
fi
${if proxyVendor then ''
mkdir -p "''${GOPATH}/pkg/mod/cache/download"
go mod download
'' else ''
if (( "''${NIX_DEBUG:-0}" >= 1 )); then
goModVendorFlags+=(-v)
fi
go mod vendor "''${goModVendorFlags[@]}"
''}
mkdir -p vendor
runHook postBuild
'');
installPhase = args.modInstallPhase or ''
runHook preInstall
${if proxyVendor then ''
rm -rf "''${GOPATH}/pkg/mod/cache/download/sumdb"
cp -r --reflink=auto "''${GOPATH}/pkg/mod/cache/download" $out
'' else ''
cp -r --reflink=auto vendor $out
''}
if ! [ "$(ls -A $out)" ]; then
echo "vendor folder is empty, please set 'vendorHash = null;' or 'vendorSha256 = null;' in your expression"
exit 10
fi
runHook postInstall
'';
dontFixup = true;
}; in modArgs // (
{
outputHashMode = "recursive";
} // (if (vendorHashType == "sha256") then {
outputHashAlgo = "sha256";
outputHash = vendorSha256;
} else {
outputHash = vendorHash;
}) // (lib.optionalAttrs (vendorHashType == "sri" && vendorHash == "") {
outputHashAlgo = "sha256";
})
) // overrideModAttrs modArgs) else "";
package = stdenv.mkDerivation (args // {
nativeBuildInputs = [ go ] ++ nativeBuildInputs;
inherit (go) GOOS GOARCH;
GO111MODULE = "on";
GOFLAGS = lib.optionals (!proxyVendor) [ "-mod=vendor" ] ++ lib.optionals (!allowGoReference) [ "-trimpath" ];
inherit CGO_ENABLED enableParallelBuilding;
configurePhase = args.configurePhase or (''
runHook preConfigure
export GOCACHE=$TMPDIR/go-cache
export GOPATH="$TMPDIR/go"
export GOPROXY=off
export GOSUMDB=off
cd "$modRoot"
'' + lib.optionalString hasAnyVendorHash ''
${if proxyVendor then ''
export GOPROXY=file://${go-modules}
'' else ''
rm -rf vendor
cp -r --reflink=auto ${go-modules} vendor
''}
'' + ''
# currently pie is only enabled by default in pkgsMusl
# this will respect the `hardening{Disable,Enable}` flags if set
if [[ $NIX_HARDENING_ENABLE =~ "pie" ]]; then
export GOFLAGS="-buildmode=pie $GOFLAGS"
fi
runHook postConfigure
'');
buildPhase = args.buildPhase or (''
runHook preBuild
exclude='\(/_\|examples\|Godeps\|testdata'
if [[ -n "$excludedPackages" ]]; then
IFS=' ' read -r -a excludedArr <<<$excludedPackages
printf -v excludedAlternates '%s\\|' "''${excludedArr[@]}"
excludedAlternates=''${excludedAlternates%\\|} # drop final \| added by printf
exclude+='\|'"$excludedAlternates"
fi
exclude+='\)'
buildGoDir() {
local cmd="$1" dir="$2"
. $TMPDIR/buildFlagsArray
declare -a flags
flags+=($buildFlags "''${buildFlagsArray[@]}")
flags+=(''${tags:+-tags=${lib.concatStringsSep "," tags}})
flags+=(''${ldflags:+-ldflags="$ldflags"})
flags+=("-p" "$NIX_BUILD_CORES")
if [ "$cmd" = "test" ]; then
flags+=(-vet=off)
flags+=($checkFlags)
fi
local OUT
if ! OUT="$(go $cmd "''${flags[@]}" $dir 2>&1)"; then
if ! echo "$OUT" | grep -qE '(no( buildable| non-test)?|build constraints exclude all) Go (source )?files'; then
echo "$OUT" >&2
return 1
fi
fi
if [ -n "$OUT" ]; then
echo "$OUT" >&2
fi
return 0
}
getGoDirs() {
local type;
type="$1"
if [ -n "$subPackages" ]; then
echo "$subPackages" | sed "s,\(^\| \),\1./,g"
else
find . -type f -name \*$type.go -exec dirname {} \; | grep -v "/vendor/" | sort --unique | grep -v "$exclude"
fi
}
if (( "''${NIX_DEBUG:-0}" >= 1 )); then
buildFlagsArray+=(-x)
fi
if [ ''${#buildFlagsArray[@]} -ne 0 ]; then
declare -p buildFlagsArray > $TMPDIR/buildFlagsArray
else
touch $TMPDIR/buildFlagsArray
fi
if [ -z "$enableParallelBuilding" ]; then
export NIX_BUILD_CORES=1
fi
for pkg in $(getGoDirs ""); do
echo "Building subPackage $pkg"
buildGoDir install "$pkg"
done
'' + lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) ''
# normalize cross-compiled builds w.r.t. native builds
(
dir=$GOPATH/bin/${go.GOOS}_${go.GOARCH}
if [[ -n "$(shopt -s nullglob; echo $dir/*)" ]]; then
mv $dir/* $dir/..
fi
if [[ -d $dir ]]; then
rmdir $dir
fi
)
'' + ''
runHook postBuild
'');
doCheck = args.doCheck or true;
checkPhase = args.checkPhase or ''
runHook preCheck
# We do not set trimpath for tests, in case they reference test assets
export GOFLAGS=''${GOFLAGS//-trimpath/}
for pkg in $(getGoDirs test); do
buildGoDir test "$pkg"
done
runHook postCheck
'';
installPhase = args.installPhase or ''
runHook preInstall
mkdir -p $out
dir="$GOPATH/bin"
[ -e "$dir" ] && cp -r $dir $out
runHook postInstall
'';
strictDeps = true;
disallowedReferences = lib.optional (!allowGoReference) go;
passthru = passthru // { inherit go go-modules vendorSha256 vendorHash; };
meta = {
# Add default meta information
platforms = go.meta.platforms or lib.platforms.all;
} // meta;
});
in
lib.warnIf (buildFlags != "" || buildFlagsArray != "")
"Use the `ldflags` and/or `tags` attributes instead of `buildFlags`/`buildFlagsArray`"
package