[Nix-dev] Proposal: adding fetchapt support to nixpkgs
Profpatsch
mail at profpatsch.de
Fri Nov 11 13:34:16 CET 2016
On 16-10-25 04:42am, Chuan-kai Lin wrote:
> Adding support for fetching binary packages in Debian format from an APT
> repository would solve this problem. I envision that a nixpkg would
> specify:
> - the APT repository base URL
> - the release name (e.g., stable, testing, or unstable),
> - the binary package name,
> - repository signing key (for repositories that implement secure APT,
> https://wiki.debian.org/SecureApt).
>
> And the fetchapt derivation would:
> - Fetch Release and Release.gpg files from the repository
> - Verify digital signature
> - Fetch Packages file
> - Check hash value of Packages file against the hash value listed in
> Release file
> - Extract binary package path that correspond to the given package name
> from Packages file
> - Fetch the binary package
> - Check hash value of binary package against the hash value listed in
> Packages file
That doesn’t work, and it’s by design.
In order for nix (the package manager) to be able to install something,
it needs to know the input files *beforehand*, by hash. So nix **cannot**
evaluate a derivation where the source hash changes.
The one thing that could be done is completely automating the
version-bumping process, that is write a program that follows debian
releases, bumps the hashes, tests the functionality of the resulting
executables (!!) and then commits the new version to nixpkgs.
--
Proudly written in Mutt with Vim on NixOS.
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
May take up to five days to read your message. If it’s urgent, call me.
More information about the nix-dev
mailing list