54 lines
1.6 KiB
Nix
54 lines
1.6 KiB
Nix
|
{ lib
|
||
|
, pkgsBuildHost
|
||
|
, ...
|
||
|
}:
|
||
|
|
||
|
let
|
||
|
removeKnownVulnerabilities = pkg: pkg.overrideAttrs (old: {
|
||
|
meta = (old.meta or { }) // { knownVulnerabilities = [ ]; };
|
||
|
});
|
||
|
# We are removing `meta.knownVulnerabilities` from `python27`,
|
||
|
# and setting it in `resholve` itself.
|
||
|
python27' = (removeKnownVulnerabilities pkgsBuildHost.python27).override {
|
||
|
self = python27';
|
||
|
pkgsBuildHost = pkgsBuildHost // { python27 = python27'; };
|
||
|
# strip down that python version as much as possible
|
||
|
openssl = null;
|
||
|
bzip2 = null;
|
||
|
readline = null;
|
||
|
ncurses = null;
|
||
|
gdbm = null;
|
||
|
sqlite = null;
|
||
|
rebuildBytecode = false;
|
||
|
stripBytecode = true;
|
||
|
strip2to3 = true;
|
||
|
stripConfig = true;
|
||
|
stripIdlelib = true;
|
||
|
stripTests = true;
|
||
|
enableOptimizations = false;
|
||
|
};
|
||
|
callPackage = lib.callPackageWith (pkgsBuildHost // { python27 = python27'; });
|
||
|
source = callPackage ./source.nix { };
|
||
|
deps = callPackage ./deps.nix { };
|
||
|
in
|
||
|
rec {
|
||
|
# not exposed in all-packages
|
||
|
resholveBuildTimeOnly = removeKnownVulnerabilities resholve;
|
||
|
# resholve itself
|
||
|
resholve = (callPackage ./resholve.nix {
|
||
|
inherit (source) rSrc version;
|
||
|
inherit (deps.oil) oildev;
|
||
|
inherit (deps) configargparse;
|
||
|
inherit resholve-utils;
|
||
|
# used only in tests
|
||
|
resholve = resholveBuildTimeOnly;
|
||
|
});
|
||
|
# funcs to validate and phrase invocations of resholve
|
||
|
# and use those invocations to build packages
|
||
|
resholve-utils = callPackage ./resholve-utils.nix {
|
||
|
# we can still use resholve-utils without triggering a security warn
|
||
|
# this is safe since we will only use `resholve` at build time
|
||
|
resholve = resholveBuildTimeOnly;
|
||
|
};
|
||
|
}
|