{ lib, buildPackages ? { inherit stdenvNoCC; }, stdenvNoCC, curl, # Note that `curl' may be `null', in case of the native stdenvNoCC. cacert ? null, rewriteURL, hashedMirrors, }: let mirrors = import ./mirrors.nix // { inherit hashedMirrors; }; # Write the list of mirrors to a file that we can reuse between # fetchurl instantiations, instead of passing the mirrors to # fetchurl instantiations via environment variables. This makes the # resulting store derivations (.drv files) much smaller, which in # turn makes nix-env/nix-instantiate faster. mirrorsFile = buildPackages.stdenvNoCC.mkDerivation ( { name = "mirrors-list"; strictDeps = true; builder = ./write-mirror-list.sh; preferLocalBuild = true; } // mirrors ); # Names of the master sites that are mirrored (i.e., "sourceforge", # "gnu", etc.). sites = builtins.attrNames mirrors; impureEnvVars = lib.fetchers.proxyImpureEnvVars ++ [ # This variable allows the user to pass additional options to curl "NIX_CURL_FLAGS" # This variable allows the user to override hashedMirrors from the # command-line. "NIX_HASHED_MIRRORS" # This variable allows overriding the timeout for connecting to # the hashed mirrors. "NIX_CONNECT_TIMEOUT" ] ++ (map (site: "NIX_MIRRORS_${site}") sites); in lib.extendMkDerivation { constructDrv = stdenvNoCC.mkDerivation; excludeDrvArgNames = [ # Passed via passthru "url" # Additional stdenv.mkDerivation arguments from derived fetchers. "derivationArgs" # Hash attributes will be map to the corresponding outputHash* "hash" "sha1" "sha256" "sha512" ]; extendDrvArgs = finalAttrs: { # URL to fetch. url ? "", # Alternatively, a list of URLs specifying alternative download # locations. They are tried in order. urls ? [ ], # Additional curl options needed for the download to succeed. # Warning: Each space (no matter the escaping) will start a new argument. # If you wish to pass arguments with spaces, use `curlOptsList` curlOpts ? "", # Additional curl options needed for the download to succeed. curlOptsList ? [ ], # Name of the file when pname + version is unspecified. # Default to the basename of `url' (or of the first element of `urls'). name ? null, # for versioned downloads optionally take pname + version. pname ? null, version ? null, # SRI hash. hash ? "", # Legacy ways of specifying the hash. outputHash ? "", outputHashAlgo ? "", sha1 ? "", sha256 ? "", sha512 ? "", recursiveHash ? false, # Shell code to build a netrc file for BASIC auth netrcPhase ? null, # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes) # needed for netrcPhase netrcImpureEnvVars ? [ ], # Shell code executed after the file has been fetched # successfully. This can do things like check or transform the file. postFetch ? "", # Whether to download to a temporary path rather than $out. Useful # in conjunction with postFetch. The location of the temporary file # is communicated to postFetch via $downloadedFile. downloadToTemp ? false, # If true, set executable bit on downloaded file executable ? false, # If set, don't download the file, but write a list of all possible # URLs (resulting from resolving mirror:// URLs) to $out. showURLs ? false, # Meta information, if any. meta ? { }, # Passthru information, if any. passthru ? { }, # Doing the download on a remote machine just duplicates network # traffic, so don't do that by default preferLocalBuild ? true, # Additional packages needed as part of a fetch nativeBuildInputs ? [ ], # Additional stdenvNoCC.mkDerivation arguments. # It is typically for derived fetchers to pass down additional arguments, # and the specified arguments have lower precedence than other mkDerivation arguments. derivationArgs ? { }, }@args: let preRewriteUrls = if urls != [ ] && url == "" then ( if lib.isList urls then urls else throw "`urls` is not a list: ${lib.generators.toPretty { } urls}" ) else if urls == [ ] && url != "" then ( if lib.isString url then [ url ] else throw "`url` is not a string: ${lib.generators.toPretty { } urls}" ) else throw "fetchurl requires either `url` or `urls` to be set: ${lib.generators.toPretty { } args}"; urls_ = let u = lib.lists.filter (url: lib.isString url) (map rewriteURL preRewriteUrls); in if u == [ ] then throw "urls is empty after rewriteURL (was ${toString preRewriteUrls})" else u; hash_ = if with lib.lists; length ( filter (s: s != "") [ hash outputHash sha1 sha256 sha512 ] ) > 1 then throw "multiple hashes passed to fetchurl: ${lib.generators.toPretty { } urls_}" else if hash != "" then { outputHashAlgo = null; outputHash = hash; } else if outputHash != "" then if outputHashAlgo != "" then { inherit outputHashAlgo outputHash; } else throw "fetchurl was passed outputHash without outputHashAlgo: ${lib.generators.toPretty { } urls_}" else if sha512 != "" then { outputHashAlgo = "sha512"; outputHash = sha512; } else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; } else if sha1 != "" then { outputHashAlgo = "sha1"; outputHash = sha1; } else if cacert != null then { outputHashAlgo = "sha256"; outputHash = ""; } else throw "fetchurl requires a hash for fixed-output derivation: ${lib.generators.toPretty { } urls_}"; resolvedUrl = let mirrorSplit = lib.match "mirror://([[:alpha:]]+)/(.+)" url; mirrorName = lib.head mirrorSplit; mirrorList = if lib.hasAttr mirrorName mirrors then mirrors."${mirrorName}" else throw "unknown mirror:// site ${mirrorName}"; in if mirrorSplit == null || mirrorName == null then url else "${lib.head mirrorList}${lib.elemAt mirrorSplit 1}"; in derivationArgs // { name = if finalAttrs.pname or null != null && finalAttrs.version or null != null then "${finalAttrs.pname}-${finalAttrs.version}" else if showURLs then "urls" else if name != null then name else baseNameOf (toString (lib.head urls_)); builder = ./builder.sh; nativeBuildInputs = [ curl ] ++ nativeBuildInputs; urls = urls_; # If set, prefer the content-addressable mirrors # (http://tarballs.nixos.org) over the original URLs. preferHashedMirrors = false; # New-style output content requirements. inherit (hash_) outputHashAlgo outputHash; # Disable TLS verification only when we know the hash and no credentials are # needed to access the resource SSL_CERT_FILE = if ( hash_.outputHash == "" || hash_.outputHash == lib.fakeSha256 || hash_.outputHash == lib.fakeSha512 || hash_.outputHash == lib.fakeHash || netrcPhase != null ) then "${cacert}/etc/ssl/certs/ca-bundle.crt" else "/no-cert-file.crt"; outputHashMode = if (recursiveHash || executable) then "recursive" else "flat"; curlOpts = lib.warnIf (lib.isList curlOpts) ( let url = toString (builtins.head urls_); curlOptsRepresentation = lib.generators.toPretty { multiline = false; } curlOpts; curlOptsAsStringRepresentation = lib.strings.escapeNixString (toString curlOpts); curlOptsListElementsRepresentation = lib.concatMapStringsSep " " lib.strings.escapeNixString curlOpts; in '' fetchurl for ${url}: curlOpts is a list (${curlOptsRepresentation}), which is not supported anymore. - If you wish to get the same effect as before, for elements with spaces (even if escaped) to expand to multiple curl arguments, use a string argument instead: curlOpts = ${curlOptsAsStringRepresentation}; - If you wish for each list element to be passed as a separate curl argument, allowing arguments to contain spaces, use curlOptsList instead: curlOptsList = [ ${curlOptsListElementsRepresentation} ]; '' ) curlOpts; curlOptsList = lib.escapeShellArgs curlOptsList; inherit showURLs mirrorsFile postFetch downloadToTemp executable ; impureEnvVars = impureEnvVars ++ netrcImpureEnvVars; nixpkgsVersion = lib.trivial.release; inherit preferLocalBuild; postHook = if netrcPhase == null then null else '' ${netrcPhase} curlOpts="$curlOpts --netrc-file $PWD/netrc" ''; inherit meta; passthru = { inherit url resolvedUrl; } // passthru; }; # No ellipsis inheritFunctionArgs = false; }