7 curl, # Note that `curl' may be `null', in case of the native stdenvNoCC.
13 mirrors = import ./mirrors.nix;
15 # Write the list of mirrors to a file that we can reuse between
16 # fetchurl instantiations, instead of passing the mirrors to
17 # fetchurl instantiations via environment variables. This makes the
18 # resulting store derivations (.drv files) much smaller, which in
19 # turn makes nix-env/nix-instantiate faster.
20 mirrorsFile = buildPackages.stdenvNoCC.mkDerivation (
22 name = "mirrors-list";
24 builder = ./write-mirror-list.sh;
25 preferLocalBuild = true;
30 # Names of the master sites that are mirrored (i.e., "sourceforge",
32 sites = builtins.attrNames mirrors;
35 lib.fetchers.proxyImpureEnvVars
37 # This variable allows the user to pass additional options to curl
40 # This variable allows the user to override hashedMirrors from the
44 # This variable allows overriding the timeout for connecting to
48 ++ (map (site: "NIX_MIRRORS_${site}") sites);
56 # Alternatively, a list of URLs specifying alternative download
57 # locations. They are tried in order.
60 # Additional curl options needed for the download to succeed.
61 # Warning: Each space (no matter the escaping) will start a new argument.
62 # If you wish to pass arguments with spaces, use `curlOptsList`
65 # Additional curl options needed for the download to succeed.
68 # Name of the file. If empty, use the basename of `url' (or of the
69 # first element of `urls').
72 # for versioned downloads optionally take pname + version.
79 # Legacy ways of specifying the hash.
86 recursiveHash ? false,
88 # Shell code to build a netrc file for BASIC auth
91 # Impure env vars (https://nixos.org/nix/manual/#sec-advanced-attributes)
92 # needed for netrcPhase
93 netrcImpureEnvVars ? [ ],
95 # Shell code executed after the file has been fetched
96 # successfully. This can do things like check or transform the file.
99 # Whether to download to a temporary path rather than $out. Useful
100 # in conjunction with postFetch. The location of the temporary file
101 # is communicated to postFetch via $downloadedFile.
102 downloadToTemp ? false,
104 # If true, set executable bit on downloaded file
107 # If set, don't download the file, but write a list of all possible
108 # URLs (resulting from resolving mirror:// URLs) to $out.
111 # Meta information, if any.
114 # Passthru information, if any.
116 # Doing the download on a remote machine just duplicates network
117 # traffic, so don't do that by default
118 preferLocalBuild ? true,
120 # Additional packages needed as part of a fetch
121 nativeBuildInputs ? [ ],
126 if urls != [ ] && url == "" then
127 (if lib.isList urls then urls else throw "`urls` is not a list")
128 else if urls == [ ] && url != "" then
129 (if lib.isString url then [ url ] else throw "`url` is not a string")
131 throw "fetchurl requires either `url` or `urls` to be set";
137 filter (s: s != "") [
146 throw "multiple hashes passed to fetchurl"
151 outputHashAlgo = null;
154 else if outputHash != "" then
155 if outputHashAlgo != "" then
156 { inherit outputHashAlgo outputHash; }
158 throw "fetchurl was passed outputHash without outputHashAlgo"
159 else if sha512 != "" then
161 outputHashAlgo = "sha512";
164 else if sha256 != "" then
166 outputHashAlgo = "sha256";
169 else if sha1 != "" then
171 outputHashAlgo = "sha1";
174 else if cacert != null then
176 outputHashAlgo = "sha256";
180 throw "fetchurl requires a hash for fixed-output derivation: ${lib.concatStringsSep ", " urls_}";
184 (lib.isList curlOpts)
186 fetchurl for ${toString (builtins.head urls_)}: curlOpts is a list (${
187 lib.generators.toPretty { multiline = false; } curlOpts
188 }), which is not supported anymore.
189 - If you wish to get the same effect as before, for elements with spaces (even if escaped) to expand to multiple curl arguments, use a string argument instead:
190 curlOpts = ${lib.strings.escapeNixString (toString curlOpts)};
191 - If you wish for each list element to be passed as a separate curl argument, allowing arguments to contain spaces, use curlOptsList instead:
192 curlOptsList = [ ${lib.concatMapStringsSep " " lib.strings.escapeNixString curlOpts} ];'' true;
194 stdenvNoCC.mkDerivation (
196 if (pname != "" && version != "") then
197 { inherit pname version; }
203 else if name != "" then
206 baseNameOf (toString (builtins.head urls_));
210 builder = ./builder.sh;
212 nativeBuildInputs = [ curl ] ++ nativeBuildInputs;
216 # If set, prefer the content-addressable mirrors
217 # (http://tarballs.nixos.org) over the original URLs.
218 preferHashedMirrors = true;
220 # New-style output content requirements.
221 inherit (hash_) outputHashAlgo outputHash;
223 # Disable TLS verification only when we know the hash and no credentials are
224 # needed to access the resource
228 hash_.outputHash == ""
229 || hash_.outputHash == lib.fakeSha256
230 || hash_.outputHash == lib.fakeSha512
231 || hash_.outputHash == lib.fakeHash
232 || netrcPhase != null
235 "${cacert}/etc/ssl/certs/ca-bundle.crt"
239 outputHashMode = if (recursiveHash || executable) then "recursive" else "flat";
242 curlOptsList = lib.escapeShellArgs curlOptsList;
251 impureEnvVars = impureEnvVars ++ netrcImpureEnvVars;
253 nixpkgsVersion = lib.trivial.release;
255 inherit preferLocalBuild;
258 if netrcPhase == null then
263 curlOpts="$curlOpts --netrc-file $PWD/netrc"