Merge pull request #89885 from matthewbauer/fetchurl-no-hash

fetchurl: allow empty hash
author: Matthew Bauer <mjbauer95@gmail.com> 2020-07-06 14:41:57 -0400
committer: GitHub <noreply@github.com> 2020-07-06 14:41:57 -0400
commit: a2c2a8648828cbfb8e022e244ccfa7787072443c (patch)
tree: 6aae259f4cb74db7ffc42f1342cb16fca28966c6
parent: a07576adfa22725f214cd73d28b982d54a30fe2a (diff)
parent: 669eb09bd5b4f539e8d93383697a4ddfdacac239 (diff)
4 files changed, 36 insertions, 26 deletions
diff --git a/pkgs/build-support/fetchurl/builder.sh b/pkgs/build-support/fetchurl/builder.sh
index e93c98419a67..5b04a702aff4 100644
--- a/pkgs/build-support/fetchurl/builder.sh
+++ b/pkgs/build-support/fetchurl/builder.sh
@@ -15,8 +15,14 @@ curl=(
     --retry 3
     --disable-epsv
     --cookie-jar cookies
-    --insecure
     --user-agent "curl/$curlVersion Nixpkgs/$nixpkgsVersion"
+)
+
+if ! [ -f "$SSL_CERT_FILE" ]; then
+    curl+=(--insecure)
+fi
+
+curl+=(
     $curlOpts
     $NIX_CURL_FLAGS
 )
diff --git a/pkgs/build-support/fetchurl/default.nix b/pkgs/build-support/fetchurl/default.nix
index a0c48468dfac..c65738aef41a 100644
--- a/pkgs/build-support/fetchurl/default.nix
+++ b/pkgs/build-support/fetchurl/default.nix
@@ -1,4 +1,6 @@
-{ lib, buildPackages ? { inherit stdenvNoCC; }, stdenvNoCC, curl }: # Note that `curl' may be `null', in case of the native stdenvNoCC.
+{ lib, buildPackages ? { inherit stdenvNoCC; }, stdenvNoCC
+, curl # Note that `curl' may be `null', in case of the native stdenvNoCC.
+, cacert ? null }:
 
 let
 
@@ -112,6 +114,7 @@ let
     else if sha512 != "" then { outputHashAlgo = "sha512"; outputHash = sha512; }
     else if sha256 != "" then { outputHashAlgo = "sha256"; outputHash = sha256; }
     else if sha1   != "" then { outputHashAlgo = "sha1";   outputHash = sha1; }
+    else if cacert != null then { outputHashAlgo = "sha256"; outputHash = ""; }
     else throw "fetchurl requires a hash for fixed-output derivation: ${lib.concatStringsSep ", " urls_}";
 in
 
@@ -134,6 +137,10 @@ stdenvNoCC.mkDerivation {
   # New-style output content requirements.
   inherit (hash_) outputHashAlgo outputHash;
 
+  SSL_CERT_FILE = if hash_.outputHash == ""
+                  then "${cacert}/etc/ssl/certs/ca-bundle.crt"
+                  else "/no-cert-file.crt";
+
   outputHashMode = if (recursiveHash || executable) then "recursive" else "flat";
 
   inherit curlOpts showURLs mirrorsFile postFetch downloadToTemp executable;
diff --git a/pkgs/development/arduino/arduino-core/default.nix b/pkgs/development/arduino/arduino-core/default.nix
index 2a7387c4378a..1c537edd0b42 100644
--- a/pkgs/development/arduino/arduino-core/default.nix
+++ b/pkgs/development/arduino/arduino-core/default.nix
@@ -68,13 +68,14 @@ let
     xorg.libXxf86vm
     zlib
   ];
-  teensy_architecture =
-    lib.optionalString (stdenv.hostPlatform.system == "x86_64-linux") "linux64"
-    + lib.optionalString (stdenv.hostPlatform.system == "i686-linux") "linux32"
-    + lib.optionalString (stdenv.hostPlatform.system == "aarch64-linux") "linuxaarch64"
-    + lib.optionalString (builtins.match "armv[67]l-linux" stdenv.hostPlatform.system != null) "linuxarm";
-  flavor = ( if withTeensyduino then "teensyduino" else "arduino")
-    + stdenv.lib.optionalString (!withGui) "-core";
+  teensy_architecture = if stdenv.hostPlatform.isx86_32 then "linux32"
+                        else if stdenv.hostPlatform.isx86_64 then "linux64"
+                        else if stdenv.hostPlatform.isAarch64 then "linuxaarch64"
+                        else if stdenv.hostPlatform.isAarch32 then "linuxarm"
+                        else throw "${stdenv.hostPlatform.system} is not supported in teensy";
+
+  flavor = (if withTeensyduino then "teensyduino" else "arduino")
+             + stdenv.lib.optionalString (!withGui) "-core";
 in
 stdenv.mkDerivation rec {
   version = "1.8.12";
@@ -90,28 +91,23 @@ stdenv.mkDerivation rec {
   teensyduino_version = "151";
   teensyduino_src = fetchurl {
     url = "https://www.pjrc.com/teensy/td_${teensyduino_version}/TeensyduinoInstall.${teensy_architecture}";
-    sha256 =
-      lib.optionalString (teensy_architecture == "linux64")
-        "0q8mw9bm2vb5vwa98gwcs6ad164i98hc1qqh2qw029yhwm599pn0"
-      + lib.optionalString (teensy_architecture == "linux32")
-        "1rq6sx0048ab200jy0cz5vznwxi99avidngj42rjnh7kcfas5c4m"
-      + lib.optionalString (teensy_architecture == "linuxaarch64")
-        "09k78dycn1vcpcx37c1dak8bgjv8gs34l89n9r9s0c3rqmv3pg4x"
-      + lib.optionalString (teensy_architecture == "linuxarm")
-        "19j55bq36040rpdpfxcqimda76rkbx137q15bs8nvxj13wrbl4ip";
+    sha256 = {
+      linux64 = "0q8mw9bm2vb5vwa98gwcs6ad164i98hc1qqh2qw029yhwm599pn0";
+      linux32 = "1rq6sx0048ab200jy0cz5vznwxi99avidngj42rjnh7kcfas5c4m";
+      linuxarm = "19j55bq36040rpdpfxcqimda76rkbx137q15bs8nvxj13wrbl4ip";
+      linuxaarch64 = "09k78dycn1vcpcx37c1dak8bgjv8gs34l89n9r9s0c3rqmv3pg4x";
+    }.${teensy_architecture} or (throw "No arduino binaries for ${teensy_architecture}");
   };
   # Used because teensyduino requires jars be a specific size
   arduino_dist_src = fetchurl {
     url = "http://downloads.arduino.cc/arduino-${version}-${teensy_architecture}.tar.xz";
     sha256 =
-      lib.optionalString (teensy_architecture == "linux64")
-        "128f34kkxz7ab6ir5mqyr8d1mgxig8f9jygwxy44pdnq2rk6gmh9"
-      + lib.optionalString (teensy_architecture == "linux32")
-        "11n85lwsn1w4ysfacyw08v85s3f3zvl8j8ac7rld19yxgjslvisi"
-      + lib.optionalString (teensy_architecture == "linuxaarch64")
-        "04v2nhyjhahml6nmz23bfb63c0an4a7zxgcgxqqq442i8vd304wa"
-      + lib.optionalString (teensy_architecture == "linuxarm")
-        "1k8yjivaydm6y16mplrjyblgx7l0wjzm3mjxh5saxrjq7drswmxx";
+      {
+        linux64 = "128f34kkxz7ab6ir5mqyr8d1mgxig8f9jygwxy44pdnq2rk6gmh9";
+        linux32 = "11n85lwsn1w4ysfacyw08v85s3f3zvl8j8ac7rld19yxgjslvisi";
+        linuxarm = "1k8yjivaydm6y16mplrjyblgx7l0wjzm3mjxh5saxrjq7drswmxx";
+        linuxaarch64 = "04v2nhyjhahml6nmz23bfb63c0an4a7zxgcgxqqq442i8vd304wa";
+      }.${teensy_architecture} or (throw "No arduino binaries for ${teensy_architecture}");
   };
 
 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 109c39e804f1..467e38a565fe 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -335,6 +335,7 @@ in
    then buildPackages.fetchurl # No need to do special overrides twice,
    else makeOverridable (import ../build-support/fetchurl) {
     inherit lib stdenvNoCC buildPackages;
+    inherit cacert;
     curl = buildPackages.curl.override (old: rec {
       # break dependency cycles
       fetchurl = stdenv.fetchurlBoot;
author	Matthew Bauer <mjbauer95@gmail.com>	2020-07-06 14:41:57 -0400
committer	GitHub <noreply@github.com>	2020-07-06 14:41:57 -0400
commit	a2c2a8648828cbfb8e022e244ccfa7787072443c (patch)
tree	6aae259f4cb74db7ffc42f1342cb16fca28966c6
parent	a07576adfa22725f214cd73d28b982d54a30fe2a (diff)
parent	669eb09bd5b4f539e8d93383697a4ddfdacac239 (diff)