Prefetch-less crate2nix by using builtin.fetchGit again, once it has submodule support

[kolloch]

I would love to make crate2nix not needing expensive prefetches in the normal case.

• "Crates.io" checksums should be contained in the Cargo.lock file.

• Once the builtin fetchGit has submodule support, at least git fetches with revision checksums should also not need a prefetch. (See e.g. Add fetchSubmodules to builtins.fetchGit NixOS/nix#3166)

We do not have private repository support yet but I guess it should work similarly.

I'd love to understand why some people would not like using Cargo.lock files for this. I heard that some people don't check in Cargo.lock files to avoid conflicts. Rust 1.41 even changed the lock file format for this to make conflicts less likely.

[kolloch]

I learned that:

1. builtins.fetch* run as part of the eval phase.
2. Output derivations such as pkgs.fetchurl run during the instantiation phase.

Therefore, using builts.fetchurl might lead to non-parallel fetches :( Tell me if I understood incorrectly. @nmattia

[nmattia]

@kolloch here are some thoughts:

if people don't commit the Cargo.lock then they probably don't care about reproducible builds. Then you might as well have a first derivation that downloads the crates (before the build). You can use cargo-vendor and use a fixed-output derivation (that's what nixpkgs uses) or simply disable the sandbox (or set it to relaxed and use __noChroot = true). The fixed-output derivation is likely to break builds though, since building the derivation twice will likely result in different shas being produced (depending on the state of crates.io). Alternatively you can take the napalm approach and start a local registry with a snapshot.

Hope it helps!

[kolloch]

I think for now I will actually keep prefetching for git sources because than the fetching can run in the instantiation phase...

[balsoft]

Related: #154