This way, any package can create a fixed-output build derivation with network access in order to pull additional files during the build process without breaking the build determinism:
Once we introduce networking capabilities inside the container, we need to provision it with certificates so it's able to authenticate secure connections to the outside world. In order to achieve this, we would need to include the `certs` package first:
Then, we can include the certificate bundle at the package level through the `inputs` keyword argument:
Additionally, we're going to need a few environment variables pointing to the actual certificate directory, because it won't be at the standard location:
Now, we need to enable the new module system through the `GO111MODULE` environment variable, as it's being disabled by default from [`guix/build/go-build-system.scm`] due to the previous lack of support. As this proposal is highly experimental and every package expects it set to `off`, it's probably better to toggle it on an the package level:
* I've been unable to uncomment the `FIXME` line at `guix/build-system/go.scm` without getting an undecipherable [for me] stack trace. This should be fixed to keep compatibility with other hashing algorithms.
* We're only installing the built binary packages to the root of the derivation output, but there might be more interesting build artifacts to be added to use this package as a module.