edit: for the solution, see my comment below

I’m trying to package a go application (beszel) that bundles a bunch of html stuff built with bun (think, npm).

The html is generated by running bun install and bun run and then embedded in the go binary with //go:embed.

Being completely ignorant of the javascript ecosystem, my first idea was to just replicate what they do in the Makefile

postConfigure = ''
bun install --cwd ./site
bun run     --cwd ./site build
'' 

but, since bun install downloads dependencies from the net, that fails.

I guess the “clean” solution would be to look for buildNpmPackage or similar (assuming that exists) and let nix manage all the dependencies, but… it’s some 800+ dependencies (at least, bun install ... --dry-run lists 800+ things) so that’s a hard pass.

I then tried to look at how buildGoPackage handles the vendoring of dependencies, with the idea of replicating that (it dowloads what’s needed and then compare a hash of what was downloaded with a hash provided in the nix package definition), but… I can’t for the life of me decipher how nixpkgs’ pkgs/build-support/go/module.nix works.

Do you know how to implement this kind of vendoring in a nix derivation?

  • gompOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    15 days ago

    Given that it downloads random shit from the internet

    You seem to trust the javascript ecosystem just as much as I do :)

    Jokes aside, the repo has a lock file so it should actually be fine (time will tell)

    • Atemu
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 days ago

      Having a record which defines exactly what to fetch is the necessary condition, not the sufficient condition.

      The actual artifacts fetched to disk must be stable, not just the record.

      • Atemu
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 days ago

        That’d hit the source fetcher just as much. That’s an issue on a different layer.