···
inherit (targetPlatform) system;
30
-
# See discussion at https://github.com/NixOS/nixpkgs/pull/25304#issuecomment-298385426
31
-
# for why this defaults to false, but I (@copumpkin) want to default it to true soon.
32
-
shouldCheckMeta = config.checkMeta or false;
34
-
allowUnfree = config.allowUnfree or false || builtins.getEnv "NIXPKGS_ALLOW_UNFREE" == "1";
36
-
whitelist = config.whitelistedLicenses or [];
37
-
blacklist = config.blacklistedLicenses or [];
ifDarwin = attrs: if system == "x86_64-darwin" then attrs else {};
41
-
onlyLicenses = list:
42
-
lib.lists.all (license:
43
-
let l = lib.licenses.${license.shortName or "BROKEN"} or false; in
44
-
if license == l then true else
45
-
throw ''‘${showLicense license}’ is not an attribute of lib.licenses''
48
-
mutuallyExclusive = a: b:
49
-
(builtins.length a) == 0 ||
50
-
(!(builtins.elem (builtins.head a) b) &&
51
-
mutuallyExclusive (builtins.tail a) b);
53
-
areLicenseListsValid =
54
-
if mutuallyExclusive whitelist blacklist then
55
-
assert onlyLicenses whitelist; assert onlyLicenses blacklist; true
57
-
throw "whitelistedLicenses and blacklistedLicenses are not mutually exclusive.";
60
-
attrs ? meta.license;
62
-
hasWhitelistedLicense = assert areLicenseListsValid; attrs:
63
-
hasLicense attrs && builtins.elem attrs.meta.license whitelist;
65
-
hasBlacklistedLicense = assert areLicenseListsValid; attrs:
66
-
hasLicense attrs && builtins.elem attrs.meta.license blacklist;
68
-
allowBroken = config.allowBroken or false || builtins.getEnv "NIXPKGS_ALLOW_BROKEN" == "1";
70
-
isUnfree = licenses: lib.lists.any (l:
71
-
!l.free or true || l == "unfree" || l == "unfree-redistributable") licenses;
73
-
# Alow granular checks to allow only some unfree packages
77
-
# allowUnfree = false;
78
-
# allowUnfreePredicate = (x: pkgs.lib.hasPrefix "flashplayer-" x.name);
80
-
allowUnfreePredicate = config.allowUnfreePredicate or (x: false);
82
-
# Check whether unfree packages are allowed and if not, whether the
83
-
# package has an unfree license and is not explicitely allowed by the
84
-
# `allowUNfreePredicate` function.
85
-
hasDeniedUnfreeLicense = attrs:
88
-
isUnfree (lib.lists.toList attrs.meta.license) &&
89
-
!allowUnfreePredicate attrs;
91
-
allowInsecureDefaultPredicate = x: builtins.elem x.name (config.permittedInsecurePackages or []);
92
-
allowInsecurePredicate = x: (config.allowUnfreePredicate or allowInsecureDefaultPredicate) x;
94
-
hasAllowedInsecure = attrs:
95
-
(attrs.meta.knownVulnerabilities or []) == [] ||
96
-
allowInsecurePredicate attrs ||
97
-
builtins.getEnv "NIXPKGS_ALLOW_INSECURE" == "1";
99
-
showLicense = license: license.shortName or "unknown";
defaultNativeBuildInputs = extraBuildInputs ++
[ ../../build-support/setup-hooks/move-docs.sh
../../build-support/setup-hooks/compress-man-pages.sh
···
138
-
, pos ? null # position used in error messages and for meta.position
69
+
, pos ? # position used in error messages and for meta.position
70
+
(if attrs.meta.description or null != null
71
+
then builtins.unsafeGetAttrPos "description" attrs.meta
72
+
else builtins.unsafeGetAttrPos "name" attrs)
, separateDebugInfo ? false
···
(map (drv: drv.crossDrv or drv) propagatedBuildInputs)
157
-
if pos != null then
159
-
else if attrs.meta.description or null != null then
160
-
builtins.unsafeGetAttrPos "description" attrs.meta
162
-
builtins.unsafeGetAttrPos "name" attrs;
163
-
pos'' = if pos' != null then "‘" + pos'.file + ":" + toString pos'.line + "’" else "«unknown-file»";
167
-
unfree = remediate_whitelist "Unfree";
168
-
broken = remediate_whitelist "Broken";
169
-
blacklisted = x: "";
170
-
insecure = remediate_insecure;
171
-
unknown-meta = x: "";
173
-
remediate_whitelist = allow_attr: attrs:
175
-
a) For `nixos-rebuild` you can set
176
-
{ nixpkgs.config.allow${allow_attr} = true; }
177
-
in configuration.nix to override this.
179
-
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
180
-
{ allow${allow_attr} = true; }
181
-
to ~/.config/nixpkgs/config.nix.
184
-
remediate_insecure = attrs:
189
-
'' + (lib.fold (issue: default: "${default} - ${issue}\n") "" attrs.meta.knownVulnerabilities) + ''
191
-
You can install it anyway by whitelisting this package, using the
194
-
a) for `nixos-rebuild` you can add ‘${attrs.name or "«name-missing»"}’ to
195
-
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
199
-
nixpkgs.config.permittedInsecurePackages = [
200
-
"${attrs.name or "«name-missing»"}"
204
-
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
205
-
‘${attrs.name or "«name-missing»"}’ to `permittedInsecurePackages` in
206
-
~/.config/nixpkgs/config.nix, like so:
209
-
permittedInsecurePackages = [
210
-
"${attrs.name or "«name-missing»"}"
217
-
throwEvalHelp = { reason , errormsg ? "" }:
219
-
Package ‘${attrs.name or "«name-missing»"}’ in ${pos''} ${errormsg}, refusing to evaluate.
221
-
'' + ((builtins.getAttr reason remediation) attrs));
223
-
metaTypes = with lib.types; rec {
224
-
# These keys are documented
226
-
longDescription = str;
229
-
downloadPage = str;
230
-
license = either (listOf lib.types.attrs) (either lib.types.attrs str);
231
-
maintainers = listOf str;
233
-
platforms = listOf str;
234
-
hydraPlatforms = listOf str;
237
-
# Weirder stuff that doesn't appear in the documentation?
240
-
updateWalker = bool;
241
-
executables = listOf str;
242
-
outputsToInstall = listOf str;
244
-
repositories = attrsOf str;
245
-
isBuildPythonPackage = platforms;
246
-
schedulingPriority = str;
247
-
downloadURLRegexp = str;
248
-
isFcitxEngine = bool;
249
-
isIbusEngine = bool;
252
-
checkMetaAttr = k: v:
253
-
if metaTypes?${k} then
254
-
if metaTypes.${k}.check v then null else "key '${k}' has a value ${v} of an invalid type ${builtins.typeOf v}; expected ${metaTypes.${k}.description}"
255
-
else "key '${k}' is unrecognized; expected one of: \n\t [${lib.concatMapStringsSep ", " (x: "'${x}'") (lib.attrNames metaTypes)}]";
256
-
checkMeta = meta: if shouldCheckMeta then lib.remove null (lib.mapAttrsToList checkMetaAttr meta) else [];
258
-
# Check if a derivation is valid, that is whether it passes checks for
259
-
# e.g brokenness or license.
261
-
# Return { valid: Bool } and additionally
262
-
# { reason: String; errormsg: String } if it is not valid, where
263
-
# reason is one of "unfree", "blacklisted" or "broken".
264
-
checkValidity = attrs:
265
-
if hasDeniedUnfreeLicense attrs && !(hasWhitelistedLicense attrs) then
266
-
{ valid = false; reason = "unfree"; errormsg = "has an unfree license (‘${showLicense attrs.meta.license}’)"; }
267
-
else if hasBlacklistedLicense attrs then
268
-
{ valid = false; reason = "blacklisted"; errormsg = "has a blacklisted license (‘${showLicense attrs.meta.license}’)"; }
269
-
else if !allowBroken && attrs.meta.broken or false then
270
-
{ valid = false; reason = "broken"; errormsg = "is marked as broken"; }
271
-
else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then
272
-
{ valid = false; reason = "broken"; errormsg = "is not supported on ‘${result.system}’"; }
273
-
else if !(hasAllowedInsecure attrs) then
274
-
{ valid = false; reason = "insecure"; errormsg = "is marked as insecure"; }
275
-
else let res = checkMeta (attrs.meta or {}); in if res != [] then
276
-
{ valid = false; reason = "unknown-meta"; errormsg = "has an invalid meta attrset:${lib.concatMapStrings (x: "\n\t - " + x) res}"; }
277
-
else { valid = true; };
···
in [ nativeBuildInputs buildInputs ];
propagatedDependencies' = map lib.chooseDevOutputs propagatedDependencies;
295
-
# Throw an error if trying to evaluate an non-valid derivation
296
-
assert let v = checkValidity attrs;
298
-
then throwEvalHelp (removeAttrs v ["valid"])
301
-
lib.addPassthru (derivation (
["meta" "passthru" "crossAttrs" "pos"
"__impureHostDeps" "__propagatedImpureHostDeps"
···
__propagatedImpureHostDeps = computedPropagatedImpureHostDeps ++ __propagatedImpureHostDeps;
} // (if outputs' != [ "out" ] then {
348
-
overrideAttrs = f: mkDerivation (attrs // (f attrs));
349
-
# The meta attribute is passed in the resulting attribute set,
350
-
# but it's not part of the actual derivation, i.e., it's not
351
-
# passed to the builder and is not a dependency. But since we
352
-
# include it in the result, it *is* available to nix-env for queries.
354
-
# If the packager hasn't specified `outputsToInstall`, choose a default,
355
-
# which is the name of `p.bin or p.out or p`;
356
-
# if he has specified it, it will be overridden below in `// meta`.
357
-
# Note: This default probably shouldn't be globally configurable.
358
-
# Services and users should specify outputs explicitly,
359
-
# unless they are comfortable with this default.
360
-
// { outputsToInstall =
362
-
outs = outputs'; # the value passed to derivation primitive
363
-
hasOutput = out: builtins.elem out outs;
364
-
in [( lib.findFirst hasOutput null (["bin" "out"] ++ outs) )];
367
-
# Fill `meta.position` to identify the source location of the package.
368
-
// lib.optionalAttrs (pos' != null)
369
-
{ position = pos'.file + ":" + toString pos'.line; }
373
-
# Pass through extra attributes that are not inputs, but
374
-
# should be made available to Nix expressions using the
375
-
# derivation (e.g., in assertions).
153
+
# The meta attribute is passed in the resulting attribute set,
154
+
# but it's not part of the actual derivation, i.e., it's not
155
+
# passed to the builder and is not a dependency. But since we
156
+
# include it in the result, it *is* available to nix-env for queries.
158
+
# If the packager hasn't specified `outputsToInstall`, choose a default,
159
+
# which is the name of `p.bin or p.out or p`;
160
+
# if he has specified it, it will be overridden below in `// meta`.
161
+
# Note: This default probably shouldn't be globally configurable.
162
+
# Services and users should specify outputs explicitly,
163
+
# unless they are comfortable with this default.
164
+
// { outputsToInstall =
166
+
outs = outputs'; # the value passed to derivation primitive
167
+
hasOutput = out: builtins.elem out outs;
168
+
in [( lib.findFirst hasOutput null (["bin" "out"] ++ outs) )];
170
+
// attrs.meta or {}
171
+
# Fill `meta.position` to identify the source location of the package.
172
+
// lib.optionalAttrs (pos != null)
173
+
{ position = pos.file + ":" + toString pos.line; }
179
+
(derivation (import ./check-meta.nix
181
+
inherit lib config meta derivationArg;
182
+
mkDerivationArg = attrs;
183
+
inherit system; # TODO: cross-compilation?
186
+
overrideAttrs = f: mkDerivation (attrs // (f attrs));
187
+
inherit meta passthru;
189
+
# Pass through extra attributes that are not inputs, but
190
+
# should be made available to Nix expressions using the
191
+
# derivation (e.g., in assertions).
# The stdenv that we are producing.
pyrox.dev