Feature Request: buildGoModule Support

[diogox]

Hi 👋

buildGoModule requires a vendorSha256 field to be built. I was wondering if this could be supported by nvfetcher like it is for Rust?

Thanks!

[berberman]

The vendorSha256 in buildGoModule is output hash of an intermediate drv, and it seems that there's no way to calculate it before actually building the package: https://discourse.nixos.org/t/buildgomodule-how-to-get-vendorsha256/9317. This is different from the situation of rust packages -- everything can be calculated from Cargo.lock without building the drv.

[diogox]

I'm not familiar with this project's code, but can't we run this nix-prefetch to get the vendorSha256?

nix-prefetch '{ sha256 }: golangci-lint.go-modules.overrideAttrs (_: { modSha256 = sha256; })'

Where golangci-lint is the name of the package? Of course this would not work for local packages as it stands 🤔

[berberman]

but can't we run this nix-prefetch to get the vendorSha256?

No, because nvfetcher runs before we have the derivation, whereas using nix-prefetch like that requires the derivation.

[NickCao]

vendorSha256 can be computed (or built) from go.sum alone, just like with Cargo.lock, however the process is harder due the the obscure tree hashing scheme of go modules. A somehow working example can be found here: https://gist.github.com/NickCao/e2135fae47b31798c5d03cae1d242cb3

[NickCao]

To make the situation worse, go.sum generated by go pre 1.16 and go 1.17 differs slightly and is generally incompatible.

[NickCao]

With the introduction of impure derivations in recent versions of nix, the approach in https://gist.github.com/NickCao/e2135fae47b31798c5d03cae1d242cb3 is now feasible (without considering pouring tens of thousands of derivations into your nix store).

[bandithedoge]

In some cases you can pass null to vendorSha256 to use vendored dependencies from your source repo. There is also the legacy buildGoPackage, which requires goDeps generated with go2nix