diff --git a/pkgs/development/compilers/dotnet/build-dotnet.nix b/pkgs/development/compilers/dotnet/build-dotnet.nix index ede86ad04eb47..d39acd1a5e673 100644 --- a/pkgs/development/compilers/dotnet/build-dotnet.nix +++ b/pkgs/development/compilers/dotnet/build-dotnet.nix @@ -98,7 +98,7 @@ let in mkWrapper type ( - stdenv.mkDerivation rec { + stdenv.mkDerivation (finalAttrs: { inherit pname version; # Some of these dependencies are `dlopen()`ed. @@ -194,19 +194,29 @@ mkWrapper type ( { inherit icu hasILCompiler; } - // lib.optionalAttrs (type == "sdk") { - packages = commonPackages ++ hostPackages.${hostRid} ++ targetPackages.${targetRid}; - inherit targetPackages runtime aspnetcore; - - updateScript = - let - majorVersion = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version)); - in - [ - ./update.sh - majorVersion - ]; - }; + // lib.optionalAttrs (type == "sdk") ( + let + # force evaluation of the SDK package to ensure evaluation failures + # (e.g. due to vulnerabilities) propagate to the nuget packages + forceSDKEval = builtins.seq finalAttrs.finalPackage.drvPath; + in + { + packages = map forceSDKEval ( + commonPackages ++ hostPackages.${hostRid} ++ targetPackages.${targetRid} + ); + targetPackages = lib.mapAttrs (_: v: map forceSDKEval v) targetPackages; + inherit runtime aspnetcore; + + updateScript = + let + majorVersion = lib.concatStringsSep "." (lib.take 2 (lib.splitVersion version)); + in + [ + ./update.sh + majorVersion + ]; + } + ); meta = with lib; { description = builtins.getAttr type descriptions; @@ -239,5 +249,5 @@ mkWrapper type ( "Dotnet SDK ${version} is EOL, please use 8.0 (LTS) or 9.0 (Current)" ]; }; - } + }) )