diff options
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/php/hooks/composer-install-hook.sh | 44 | ||||
-rw-r--r-- | pkgs/build-support/php/hooks/composer-repository-hook.sh | 22 | ||||
-rw-r--r-- | pkgs/build-support/php/hooks/default.nix | 10 |
3 files changed, 65 insertions, 11 deletions
diff --git a/pkgs/build-support/php/hooks/composer-install-hook.sh b/pkgs/build-support/php/hooks/composer-install-hook.sh index 86d17d0f50f79..b1b5e2ac553dc 100644 --- a/pkgs/build-support/php/hooks/composer-install-hook.sh +++ b/pkgs/build-support/php/hooks/composer-install-hook.sh @@ -22,13 +22,47 @@ composerInstallConfigureHook() { fi if [[ ! -f "composer.lock" ]]; then - echo "No composer.lock file found, consider adding one to your repository to ensure reproducible builds." + composer \ + --no-ansi \ + --no-install \ + --no-interaction \ + ${composerNoDev:+--no-dev} \ + ${composerNoPlugins:+--no-plugins} \ + ${composerNoScripts:+--no-scripts} \ + update + + mkdir -p $out + cp composer.lock $out/ + + echo + echo 'No composer.lock file found, consider adding one to your repository to ensure reproducible builds.' + echo "In the meantime, a composer.lock file has been generated for you in $out/composer.lock" + echo + echo 'To fix the issue:' + echo "1. Copy the composer.lock file from $out/composer.lock to the project's source:" + echo " cp $out/composer.lock <path>" + echo '2. Add the composerLock attribute, pointing to the copied composer.lock file:' + echo ' composerLock = ./composer.lock;' + echo - if [[ -f "${composerRepository}/composer.lock" ]]; then - cp ${composerRepository}/composer.lock composer.lock - fi + exit 1 + fi - echo "Using an autogenerated composer.lock file." + echo "Validating consistency between composer.lock and ${composerRepository}/composer.lock" + if [[! @diff@ composer.lock "${composerRepository}/composer.lock"]]; then + echo + echo "ERROR: vendorHash is out of date" + echo + echo "composer.lock is not the same in $composerRepository" + echo + echo "To fix the issue:" + echo '1. Set vendorHash to an empty string: `vendorHash = "";`' + echo '2. Build the derivation and wait for it to fail with a hash mismatch' + echo '3. Copy the "got: sha256-..." value back into the vendorHash field' + echo ' You should have: vendorHash = "sha256-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=";' + echo + + exit 1 fi chmod +w composer.json composer.lock diff --git a/pkgs/build-support/php/hooks/composer-repository-hook.sh b/pkgs/build-support/php/hooks/composer-repository-hook.sh index 057acf1fcc30e..779f07347548a 100644 --- a/pkgs/build-support/php/hooks/composer-repository-hook.sh +++ b/pkgs/build-support/php/hooks/composer-repository-hook.sh @@ -17,7 +17,6 @@ composerRepositoryConfigureHook() { fi if [[ ! -f "composer.lock" ]]; then - echo "No composer.lock file found, consider adding one to your repository to ensure reproducible builds." composer \ --no-ansi \ --no-install \ @@ -26,7 +25,22 @@ composerRepositoryConfigureHook() { ${composerNoPlugins:+--no-plugins} \ ${composerNoScripts:+--no-scripts} \ update - echo "Using an autogenerated composer.lock file." + + mkdir -p $out + cp composer.lock $out/ + + echo + echo 'No composer.lock file found, consider adding one to your repository to ensure reproducible builds.' + echo "In the meantime, a composer.lock file has been generated for you in $out/composer.lock" + echo + echo 'To fix the issue:' + echo "1. Copy the composer.lock file from $out/composer.lock to the project's source:" + echo " cp $out/composer.lock <path>" + echo '2. Add the composerLock attribute, pointing to the copied composer.lock file:' + echo ' composerLock = ./composer.lock;' + echo + + exit 1 fi echo "Finished composerRepositoryConfigureHook" @@ -61,8 +75,8 @@ composerRepositoryInstallHook() { cp -ar repository/. $out/ - # Copy the composer.lock files to the output directory, in case it has been - # autogenerated. + # Copy the composer.lock files to the output directory, to be able to validate consistency with + # the src composer.lock file where this fixed-output derivation is used cp composer.lock $out/ echo "Finished composerRepositoryInstallHook" diff --git a/pkgs/build-support/php/hooks/default.nix b/pkgs/build-support/php/hooks/default.nix index 5ff69a877863d..c19bc757581f2 100644 --- a/pkgs/build-support/php/hooks/default.nix +++ b/pkgs/build-support/php/hooks/default.nix @@ -1,9 +1,11 @@ -{ makeSetupHook +{ lib +, makeSetupHook , jq , moreutils , makeBinaryWrapper , php , cacert +, buildPackages }: { @@ -18,6 +20,10 @@ { name = "composer-install-hook.sh"; propagatedBuildInputs = [ jq makeBinaryWrapper moreutils php cacert ]; - substitutions = { }; + substitutions = { + # Specify the stdenv's `diff` by abspath to ensure that the user's build + # inputs do not cause us to find the wrong `diff`. + diff = "${lib.getBin buildPackages.diffutils}/bin/diff"; + }; } ./composer-install-hook.sh; } |