Project import generated by Copybara.
GitOrigin-RevId: c04d5652cfa9742b1d519688f65d1bbccea9eb7e
This commit is contained in:
parent
5dca899b3a
commit
159e378cbb
10621 changed files with 671816 additions and 347606 deletions
15
third_party/nixpkgs/.git-blame-ignore-revs
vendored
15
third_party/nixpkgs/.git-blame-ignore-revs
vendored
|
@ -154,5 +154,20 @@ bdfde18037f8d9f9b641a4016c8ada4dc4cbf856
|
|||
# nixos/ollama: format with nixfmt-rfc-style (#329561)
|
||||
246d1ee533810ac1946d863bbd9de9b525818d56
|
||||
|
||||
# steam: cleanup (#216972)
|
||||
ad815aebfbfe1415ff6436521d545029c803c3fb
|
||||
|
||||
# nixos/nvidia: apply nixfmt-rfc-style (#313440)
|
||||
fbdcdde04a7caa007e825a8b822c75fab9adb2d6
|
||||
|
||||
# step-cli: format package.nix with nixfmt (#331629)
|
||||
fc7a83f8b62e90de5679e993d4d49ca014ea013d
|
||||
|
||||
# darwin.stdenv: format with nixfmt-rfc-style (#333962)
|
||||
93c10ac9e561c6594d3baaeaff2341907390d9b8
|
||||
|
||||
# nrr: format with nixfmt-rfc-style (#334578)
|
||||
cffc27daf06c77c0d76bc35d24b929cb9d68c3c9
|
||||
|
||||
# nixos/kanidm: inherit lib, nixfmt
|
||||
8f18393d380079904d072007fb19dc64baef0a3a
|
||||
|
|
53
third_party/nixpkgs/.github/CODEOWNERS
vendored
53
third_party/nixpkgs/.github/CODEOWNERS
vendored
|
@ -14,9 +14,10 @@
|
|||
# CI
|
||||
/.github/workflows @NixOS/Security @Mic92 @zowoq
|
||||
/.github/workflows/check-nix-format.yml @infinisil
|
||||
/ci @infinisil @NixOS/Security
|
||||
/.github/workflows/nixpkgs-vet.yml @infinisil @philiptaron
|
||||
/ci @infinisil @philiptaron @NixOS/Security
|
||||
|
||||
# Develompent support
|
||||
# Development support
|
||||
/.editorconfig @Mic92 @zowoq
|
||||
/shell.nix @infinisil @NixOS/Security
|
||||
|
||||
|
@ -43,9 +44,12 @@
|
|||
/pkgs/top-level/stage.nix @Ericson2314
|
||||
/pkgs/top-level/splice.nix @Ericson2314
|
||||
/pkgs/top-level/release-cross.nix @Ericson2314
|
||||
/pkgs/top-level/by-name-overlay.nix @infinisil @philiptaron
|
||||
/pkgs/stdenv @philiptaron
|
||||
/pkgs/stdenv/generic @Ericson2314
|
||||
/pkgs/stdenv/generic/check-meta.nix @Ericson2314
|
||||
/pkgs/stdenv/cross @Ericson2314
|
||||
/pkgs/build-support @philiptaron
|
||||
/pkgs/build-support/cc-wrapper @Ericson2314
|
||||
/pkgs/build-support/bintools-wrapper @Ericson2314
|
||||
/pkgs/build-support/setup-hooks @Ericson2314
|
||||
|
@ -56,12 +60,6 @@
|
|||
/pkgs/pkgs-lib/formats/libconfig @h7x4
|
||||
/pkgs/pkgs-lib/formats/hocon @h7x4
|
||||
|
||||
# pkgs/by-name
|
||||
/pkgs/test/check-by-name @infinisil
|
||||
/pkgs/by-name/README.md @infinisil
|
||||
/pkgs/top-level/by-name-overlay.nix @infinisil
|
||||
/.github/workflows/check-by-name.yml @infinisil
|
||||
|
||||
# Nixpkgs build-support
|
||||
/pkgs/build-support/writers @lassulus @Profpatsch
|
||||
|
||||
|
@ -73,8 +71,8 @@
|
|||
# @raitobezarius is not "code owner", but is listed here to be notified of changes
|
||||
# pertaining to the Nix package manager.
|
||||
# i.e. no authority over those files.
|
||||
pkgs/tools/package-management/nix/ @raitobezarius
|
||||
nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
|
||||
pkgs/tools/package-management/nix/ @NixOS/nix-team @raitobezarius
|
||||
nixos/modules/installer/tools/nix-fallback-paths.nix @NixOS/nix-team @raitobezarius
|
||||
|
||||
# Nixpkgs documentation
|
||||
/maintainers/scripts/db-to-md.sh @jtojnar @ryantm
|
||||
|
@ -89,6 +87,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
|
|||
/doc/README.md @infinisil
|
||||
/nixos/README.md @infinisil
|
||||
/pkgs/README.md @infinisil
|
||||
/pkgs/by-name/README.md @infinisil
|
||||
/maintainers/README.md @infinisil
|
||||
|
||||
# User-facing development documentation
|
||||
|
@ -109,7 +108,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
|
|||
/nixos/virtualisation/qemu-vm.nix @raitobezarius
|
||||
|
||||
# ACME
|
||||
/nixos/modules/security/acme @arianvp @flokli @aanderse # no merge permission: @m1cr0man @emilazy
|
||||
/nixos/modules/security/acme @arianvp @flokli @aanderse @emilazy # no merge permission: @m1cr0man
|
||||
|
||||
# Systemd
|
||||
/nixos/modules/system/boot/systemd.nix @NixOS/systemd
|
||||
|
@ -139,13 +138,13 @@ nixos/modules/installer/tools/nix-fallback-paths.nix @raitobezarius
|
|||
/pkgs/top-level/release-python.nix @natsukium
|
||||
|
||||
# Haskell
|
||||
/doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn @ncfavier
|
||||
/maintainers/scripts/haskell @sternenseemann @maralorn @ncfavier
|
||||
/pkgs/development/compilers/ghc @sternenseemann @maralorn @ncfavier
|
||||
/pkgs/development/haskell-modules @sternenseemann @maralorn @ncfavier
|
||||
/pkgs/test/haskell @sternenseemann @maralorn @ncfavier
|
||||
/pkgs/top-level/release-haskell.nix @sternenseemann @maralorn @ncfavier
|
||||
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn @ncfavier
|
||||
/doc/languages-frameworks/haskell.section.md @sternenseemann @maralorn
|
||||
/maintainers/scripts/haskell @sternenseemann @maralorn
|
||||
/pkgs/development/compilers/ghc @sternenseemann @maralorn
|
||||
/pkgs/development/haskell-modules @sternenseemann @maralorn
|
||||
/pkgs/test/haskell @sternenseemann @maralorn
|
||||
/pkgs/top-level/release-haskell.nix @sternenseemann @maralorn
|
||||
/pkgs/top-level/haskell-packages.nix @sternenseemann @maralorn
|
||||
|
||||
# Perl
|
||||
/pkgs/development/interpreters/perl @stigtsp @zakame @marcusramberg
|
||||
|
@ -252,6 +251,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
|
|||
|
||||
# Idris
|
||||
/pkgs/development/idris-modules @Infinisil
|
||||
/pkgs/development/compilers/idris2 @mattpolzin
|
||||
|
||||
# Bazel
|
||||
/pkgs/development/tools/build-managers/bazel @Profpatsch
|
||||
|
@ -267,6 +267,9 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
|
|||
/pkgs/applications/editors/emacs @adisbladis
|
||||
/pkgs/top-level/emacs-packages.nix @adisbladis
|
||||
|
||||
# Kakoune
|
||||
/pkgs/applications/editors/kakoune @philiptaron
|
||||
|
||||
# Neovim
|
||||
/pkgs/applications/editors/neovim @figsoda @teto
|
||||
|
||||
|
@ -320,7 +323,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
|
|||
|
||||
# Forgejo
|
||||
nixos/modules/services/misc/forgejo.nix @adamcstephens @bendlas @emilylange
|
||||
pkgs/by-name/fo/forgejo/package.nix @adamcstephens @bendlas @emilylange
|
||||
pkgs/by-name/fo/forgejo/ @adamcstephens @bendlas @emilylange
|
||||
|
||||
# Dotnet
|
||||
/pkgs/build-support/dotnet @corngood
|
||||
|
@ -364,16 +367,13 @@ nixos/modules/services/web-apps/pretalx.nix @mweinelt
|
|||
nixos/tests/web-apps/pretix.nix @mweinelt
|
||||
nixos/tests/web-apps/pretalx.nix @mweinelt
|
||||
|
||||
# incus/lxc/lxd
|
||||
nixos/maintainers/scripts/lxd/ @adamcstephens
|
||||
# incus/lxc
|
||||
nixos/maintainers/scripts/incus/ @adamcstephens
|
||||
nixos/modules/virtualisation/incus.nix @adamcstephens
|
||||
nixos/modules/virtualisation/lxc* @adamcstephens
|
||||
nixos/modules/virtualisation/lxd* @adamcstephens
|
||||
nixos/tests/incus/ @adamcstephens
|
||||
nixos/tests/lxd/ @adamcstephens
|
||||
pkgs/by-name/in/incus/ @adamcstephens
|
||||
pkgs/by-name/lx/lxc* @adamcstephens
|
||||
pkgs/by-name/lx/lxd* @adamcstephens
|
||||
|
||||
# ExpidusOS, Flutter
|
||||
/pkgs/development/compilers/flutter @RossComputerGuy
|
||||
|
@ -387,3 +387,8 @@ pkgs/by-name/lx/lxd* @adamcstephens
|
|||
/pkgs/os-specific/linux/checkpolicy @RossComputerGuy
|
||||
/pkgs/os-specific/linux/libselinux @RossComputerGuy
|
||||
/pkgs/os-specific/linux/libsepol @RossComputerGuy
|
||||
|
||||
# installShellFiles
|
||||
/pkgs/by-name/in/installShellFiles/* @Ericson2314
|
||||
/pkgs/test/install-shell-files/* @Ericson2314
|
||||
/doc/hooks/installShellFiles.section.md @Ericson2314
|
||||
|
|
|
@ -21,7 +21,7 @@ For new packages please briefly describe the package or provide a link to its ho
|
|||
- [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
|
||||
- and/or [package tests](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#package-tests)
|
||||
- or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test)
|
||||
- made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
|
||||
- made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages
|
||||
- [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
|
||||
- [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
|
||||
- [24.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) (or backporting [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) and [24.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) Release notes)
|
||||
|
|
6
third_party/nixpkgs/.github/labeler.yml
vendored
6
third_party/nixpkgs/.github/labeler.yml
vendored
|
@ -270,6 +270,12 @@
|
|||
- changed-files:
|
||||
- any-glob-to-any-file:
|
||||
- .github/**/*
|
||||
- CONTRIBUTING.md
|
||||
- pkgs/README.md
|
||||
- nixos/README.md
|
||||
- maintainers/README.md
|
||||
- lib/README.md
|
||||
- doc/README.md
|
||||
|
||||
"6.topic: printing":
|
||||
- any:
|
||||
|
|
|
@ -15,6 +15,7 @@ permissions:
|
|||
|
||||
jobs:
|
||||
tests:
|
||||
name: basic-eval-checks
|
||||
runs-on: ubuntu-latest
|
||||
# we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
|
||||
steps:
|
||||
|
|
|
@ -1,123 +0,0 @@
|
|||
# Checks pkgs/by-name (see pkgs/by-name/README.md)
|
||||
# using the nixpkgs-check-by-name tool (see https://github.com/NixOS/nixpkgs-check-by-name)
|
||||
#
|
||||
# When you make changes to this workflow, also update pkgs/test/check-by-name/run-local.sh adequately
|
||||
name: Check pkgs/by-name
|
||||
|
||||
on:
|
||||
# Using pull_request_target instead of pull_request avoids having to approve first time contributors
|
||||
pull_request_target:
|
||||
# This workflow depends on the base branch of the PR,
|
||||
# but changing the base branch is not included in the default trigger events,
|
||||
# which would be `opened`, `synchronize` or `reopened`.
|
||||
# Instead it causes an `edited` event, so we need to add it explicitly here
|
||||
# While `edited` is also triggered when the PR title/body is changed,
|
||||
# this PR action is fairly quick, and PR's don't get edited that often,
|
||||
# so it shouldn't be a problem
|
||||
# There is a feature request for adding a `base_changed` event:
|
||||
# https://github.com/orgs/community/discussions/35058
|
||||
types: [opened, synchronize, reopened, edited]
|
||||
|
||||
permissions: {}
|
||||
|
||||
# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit
|
||||
# trigger), and contributers would get notified on any canceled run.
|
||||
# There is a feature request for supressing notifications on concurrency-canceled runs:
|
||||
# https://github.com/orgs/community/discussions/13015
|
||||
|
||||
jobs:
|
||||
check:
|
||||
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases
|
||||
runs-on: ubuntu-latest
|
||||
# This should take 1 minute at most, but let's be generous.
|
||||
# The default of 6 hours is definitely too long
|
||||
timeout-minutes: 10
|
||||
steps:
|
||||
# This step has to be in this file,
|
||||
# because it's needed to determine which revision of the repository to fetch,
|
||||
# and we can only use other files from the repository once it's fetched.
|
||||
- name: Resolving the merge commit
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
run: |
|
||||
# This checks for mergeability of a pull request as recommended in
|
||||
# https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
|
||||
|
||||
# Retry the API query this many times
|
||||
retryCount=5
|
||||
# Start with 5 seconds, but double every retry
|
||||
retryInterval=5
|
||||
while true; do
|
||||
echo "Checking whether the pull request can be merged"
|
||||
prInfo=$(gh api \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||||
/repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }})
|
||||
mergeable=$(jq -r .mergeable <<< "$prInfo")
|
||||
mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo")
|
||||
|
||||
if [[ "$mergeable" == "null" ]]; then
|
||||
if (( retryCount == 0 )); then
|
||||
echo "Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com/"
|
||||
exit 1
|
||||
else
|
||||
(( retryCount -= 1 )) || true
|
||||
|
||||
# null indicates that GitHub is still computing whether it's mergeable
|
||||
# Wait a couple seconds before trying again
|
||||
echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)"
|
||||
sleep "$retryInterval"
|
||||
|
||||
(( retryInterval *= 2 )) || true
|
||||
fi
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ "$mergeable" == "true" ]]; then
|
||||
echo "The PR can be merged, checking the merge commit $mergedSha"
|
||||
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
|
||||
else
|
||||
echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
|
||||
fi
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
if: env.mergedSha
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: ${{ env.mergedSha }}
|
||||
# Fetches the merge commit and its parents
|
||||
fetch-depth: 2
|
||||
- name: Checking out base branch
|
||||
if: env.mergedSha
|
||||
run: |
|
||||
base=$(mktemp -d)
|
||||
git worktree add "$base" "$(git rev-parse HEAD^1)"
|
||||
echo "base=$base" >> "$GITHUB_ENV"
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
if: env.mergedSha
|
||||
- name: Fetching the pinned tool
|
||||
if: env.mergedSha
|
||||
# Update the pinned version using pkgs/test/check-by-name/update-pinned-tool.sh
|
||||
run: |
|
||||
# The pinned version of the tooling to use
|
||||
toolVersion=$(<pkgs/test/check-by-name/pinned-version.txt)
|
||||
# Fetch the x86_64-linux-specific release artifact containing the Gzipped NAR of the pre-built tool
|
||||
toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-check-by-name/releases/download/"$toolVersion"/x86_64-linux.nar.gz \
|
||||
| gzip -cd | nix-store --import | tail -1)
|
||||
# Adds a result symlink as a GC root
|
||||
nix-store --realise "$toolPath" --add-root result
|
||||
- name: Running nixpkgs-check-by-name
|
||||
if: env.mergedSha
|
||||
env:
|
||||
# Force terminal colors to be enabled. The library that
|
||||
# nixpkgs-check-by-name uses respects: https://bixense.com/clicolors/
|
||||
CLICOLOR_FORCE: 1
|
||||
run: |
|
||||
if result/bin/nixpkgs-check-by-name --base "$base" .; then
|
||||
exit 0
|
||||
else
|
||||
exitCode=$?
|
||||
echo "To run locally: ./maintainers/scripts/check-by-name.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
|
||||
exit "$exitCode"
|
||||
fi
|
|
@ -10,6 +10,7 @@ permissions: {}
|
|||
|
||||
jobs:
|
||||
check:
|
||||
name: cherry-pick-check
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
|
|
@ -9,6 +9,7 @@ permissions:
|
|||
|
||||
jobs:
|
||||
nixos:
|
||||
name: maintainer-list-check
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
|
|
@ -7,13 +7,14 @@ name: Check that Nix files are formatted
|
|||
|
||||
on:
|
||||
pull_request_target:
|
||||
# See the comment at the same location in ./check-by-name.yml
|
||||
# See the comment at the same location in ./nixpkgs-vet.yml
|
||||
types: [opened, synchronize, reopened, edited]
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
nixos:
|
||||
name: nixfmt-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
@ -82,7 +83,8 @@ jobs:
|
|||
|
||||
if (( "${#unformattedFiles[@]}" > 0 )); then
|
||||
echo "Some new/changed Nix files are not properly formatted"
|
||||
echo "Please run the following in \`nix-shell\`:"
|
||||
echo "Please go to the Nixpkgs root directory, run \`nix-shell\`, then:"
|
||||
echo "nixfmt ${unformattedFiles[*]@Q}"
|
||||
echo "If you're having trouble, please ping @NixOS/nix-formatting"
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
@ -8,6 +8,7 @@ permissions:
|
|||
|
||||
jobs:
|
||||
nixos:
|
||||
name: exp-nixf-tidy-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "!contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
|
|
@ -7,6 +7,7 @@ permissions: {}
|
|||
|
||||
jobs:
|
||||
x86_64-linux:
|
||||
name: shell-check-x86_64-linux
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
@ -18,6 +19,7 @@ jobs:
|
|||
run: nix-build shell.nix
|
||||
|
||||
aarch64-darwin:
|
||||
name: shell-check-aarch64-darwin
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
|
|
|
@ -10,6 +10,7 @@ on:
|
|||
|
||||
jobs:
|
||||
tests:
|
||||
name: editorconfig-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
|
|
@ -15,6 +15,7 @@ permissions:
|
|||
|
||||
jobs:
|
||||
labels:
|
||||
name: label-pr
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
|
|
@ -11,6 +11,7 @@ on:
|
|||
|
||||
jobs:
|
||||
nixos:
|
||||
name: nixos-manual-build
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
|
|
@ -13,6 +13,7 @@ on:
|
|||
|
||||
jobs:
|
||||
nixpkgs:
|
||||
name: nixpkgs-manual-build
|
||||
runs-on: ubuntu-latest
|
||||
if: github.repository_owner == 'NixOS'
|
||||
steps:
|
||||
|
|
|
@ -10,6 +10,7 @@ on:
|
|||
|
||||
jobs:
|
||||
tests:
|
||||
name: nix-files-parseable-check
|
||||
runs-on: ubuntu-latest
|
||||
if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
|
||||
steps:
|
||||
|
|
116
third_party/nixpkgs/.github/workflows/nixpkgs-vet.yml
vendored
Normal file
116
third_party/nixpkgs/.github/workflows/nixpkgs-vet.yml
vendored
Normal file
|
@ -0,0 +1,116 @@
|
|||
# `nixpkgs-vet` is a tool to vet Nixpkgs: its architecture, package structure, and more.
|
||||
# Among other checks, it makes sure that `pkgs/by-name` (see `../../pkgs/by-name/README.md`) follows the validity rules outlined in [RFC 140](https://github.com/NixOS/rfcs/pull/140).
|
||||
# When you make changes to this workflow, please also update `ci/nixpkgs-vet.sh` to reflect the impact of your work to the CI.
|
||||
# See https://github.com/NixOS/nixpkgs-vet for details on the tool and its checks.
|
||||
name: Vet nixpkgs
|
||||
|
||||
on:
|
||||
# Using pull_request_target instead of pull_request avoids having to approve first time contributors.
|
||||
pull_request_target:
|
||||
# This workflow depends on the base branch of the PR, but changing the base branch is not included in the default trigger events, which would be `opened`, `synchronize` or `reopened`.
|
||||
# Instead it causes an `edited` event, so we need to add it explicitly here.
|
||||
# While `edited` is also triggered when the PR title/body is changed, this PR action is fairly quick, and PRs don't get edited **that** often, so it shouldn't be a problem.
|
||||
# There is a feature request for adding a `base_changed` event: https://github.com/orgs/community/discussions/35058
|
||||
types: [opened, synchronize, reopened, edited]
|
||||
|
||||
permissions: {}
|
||||
|
||||
# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit trigger), and contributors would get notified on any canceled run.
|
||||
# There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015
|
||||
|
||||
jobs:
|
||||
check:
|
||||
name: nixpkgs-vet
|
||||
# This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases.
|
||||
runs-on: ubuntu-latest
|
||||
# This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long.
|
||||
timeout-minutes: 10
|
||||
steps:
|
||||
# This step has to be in this file, because it's needed to determine which revision of the repository to fetch, and we can only use other files from the repository once it's fetched.
|
||||
- name: Resolving the merge commit
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
run: |
|
||||
# This checks for mergeability of a pull request as recommended in
|
||||
# https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
|
||||
|
||||
# Retry the API query this many times
|
||||
retryCount=5
|
||||
# Start with 5 seconds, but double every retry
|
||||
retryInterval=5
|
||||
while true; do
|
||||
echo "Checking whether the pull request can be merged"
|
||||
prInfo=$(gh api \
|
||||
-H "Accept: application/vnd.github+json" \
|
||||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||||
/repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }})
|
||||
mergeable=$(jq -r .mergeable <<< "$prInfo")
|
||||
mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo")
|
||||
|
||||
if [[ "$mergeable" == "null" ]]; then
|
||||
if (( retryCount == 0 )); then
|
||||
echo "Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com/"
|
||||
exit 1
|
||||
else
|
||||
(( retryCount -= 1 )) || true
|
||||
|
||||
# null indicates that GitHub is still computing whether it's mergeable
|
||||
# Wait a couple seconds before trying again
|
||||
echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)"
|
||||
sleep "$retryInterval"
|
||||
|
||||
(( retryInterval *= 2 )) || true
|
||||
fi
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ "$mergeable" == "true" ]]; then
|
||||
echo "The PR can be merged, checking the merge commit $mergedSha"
|
||||
echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
|
||||
else
|
||||
echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
|
||||
fi
|
||||
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
||||
if: env.mergedSha
|
||||
with:
|
||||
# pull_request_target checks out the base branch by default
|
||||
ref: ${{ env.mergedSha }}
|
||||
# Fetches the merge commit and its parents
|
||||
fetch-depth: 2
|
||||
- name: Checking out base branch
|
||||
if: env.mergedSha
|
||||
run: |
|
||||
base=$(mktemp -d)
|
||||
git worktree add "$base" "$(git rev-parse HEAD^1)"
|
||||
echo "base=$base" >> "$GITHUB_ENV"
|
||||
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
|
||||
if: env.mergedSha
|
||||
- name: Fetching the pinned tool
|
||||
if: env.mergedSha
|
||||
# Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh
|
||||
run: |
|
||||
# The pinned version of the tooling to use.
|
||||
toolVersion=$(<ci/nixpkgs-vet/pinned-version.txt)
|
||||
|
||||
# Fetch the x86_64-linux-specific release artifact containing the gzipped NAR of the pre-built tool.
|
||||
toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-vet/releases/download/"$toolVersion"/x86_64-linux.nar.gz \
|
||||
| gzip -cd | nix-store --import | tail -1)
|
||||
|
||||
# Adds a result symlink as a GC root.
|
||||
nix-store --realise "$toolPath" --add-root result
|
||||
- name: Running nixpkgs-vet
|
||||
if: env.mergedSha
|
||||
env:
|
||||
# Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
|
||||
CLICOLOR_FORCE: 1
|
||||
run: |
|
||||
if result/bin/nixpkgs-vet --base "$base" .; then
|
||||
exit 0
|
||||
else
|
||||
exitCode=$?
|
||||
echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
|
||||
echo "If you're having trouble, ping @NixOS/nixpkgs-vet"
|
||||
exit "$exitCode"
|
||||
fi
|
|
@ -16,6 +16,7 @@ permissions:
|
|||
|
||||
jobs:
|
||||
action:
|
||||
name: set-ofborg-pending
|
||||
if: github.repository_owner == 'NixOS'
|
||||
permissions:
|
||||
statuses: write
|
||||
|
|
|
@ -46,7 +46,7 @@ jobs:
|
|||
run: |
|
||||
git clean -f
|
||||
- name: create PR
|
||||
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
|
||||
uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # v7.0.3
|
||||
with:
|
||||
body: |
|
||||
Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action.
|
||||
|
|
4
third_party/nixpkgs/.mailmap
vendored
4
third_party/nixpkgs/.mailmap
vendored
|
@ -1,9 +1,13 @@
|
|||
ajs124 <git@ajs124.de> <ajs124@users.noreply.github.com>
|
||||
Anderson Torres <torres.anderson.85@protonmail.com>
|
||||
Atemu <git@atemu.net> <atemu.main@gmail.com>
|
||||
Daniel Løvbrøtte Olsen <me@dandellion.xyz> <daniel.olsen99@gmail.com>
|
||||
Fabian Affolter <mail@fabian-affolter.ch> <fabian@affolter-engineering.ch>
|
||||
goatastronaut0212 <goatastronaut0212@outlook.com> <goatastronaut0212@proton.me>
|
||||
Janne Heß <janne@hess.ooo> <dasJ@users.noreply.github.com>
|
||||
Jörg Thalheim <joerg@thalheim.io> <Mic92@users.noreply.github.com>
|
||||
Lin Jian <me@linj.tech> <linj.dev@outlook.com>
|
||||
Lin Jian <me@linj.tech> <75130626+jian-lin@users.noreply.github.com>
|
||||
Martin Weinelt <hexa@darmstadt.ccc.de> <mweinelt@users.noreply.github.com>
|
||||
R. RyanTM <ryantm-bot@ryantm.com>
|
||||
Robert Hensing <robert@roberthensing.nl> <roberth@users.noreply.github.com>
|
||||
|
|
18
third_party/nixpkgs/CONTRIBUTING.md
vendored
18
third_party/nixpkgs/CONTRIBUTING.md
vendored
|
@ -315,6 +315,22 @@ When reviewing a pull request, please always be nice and polite. Controversial c
|
|||
|
||||
GitHub provides reactions as a simple and quick way to provide feedback to pull requests or any comments. The thumb-down reaction should be used with care and if possible accompanied with some explanation so the submitter has directions to improve their contribution.
|
||||
|
||||
When doing a review:
|
||||
- Aim to drive the proposal to a timely conclusion.
|
||||
- Focus on the proposed changes to keep the scope of the discussion narrow.
|
||||
- Help the contributor prioritise their efforts towards getting their change merged.
|
||||
|
||||
If you find anything related that could be improved but is not immediately required for acceptance, consider
|
||||
- Implementing the changes yourself in a follow-up pull request (and request review from the person who inspired you)
|
||||
- Tracking your idea in an issue
|
||||
- Offering the original contributor to review a follow-up pull request
|
||||
- Making concrete [suggestions](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) in the same pull request.
|
||||
|
||||
For example, follow-up changes could involve refactoring code in the affected files.
|
||||
|
||||
But please remember not to make such additional considerations a blocker, and communicate that to the contributor, for example by following the [conventional comments](https://conventionalcomments.org/) pattern.
|
||||
If the related change is essential for the contribution at hand, make clear why you think it is important to address that first.
|
||||
|
||||
Pull request reviews should include a list of what has been reviewed in a comment, so other reviewers and mergers can know the state of the review.
|
||||
|
||||
All the review template samples provided in this section are generic and meant as examples. Their usage is optional and the reviewer is free to adapt them to their liking.
|
||||
|
@ -354,7 +370,7 @@ The following paragraphs about how to deal with unactive contributors is just a
|
|||
Please note that contributors with commit rights unactive for more than three months will have their commit rights revoked.
|
||||
-->
|
||||
|
||||
Please see the discussion in [GitHub nixpkgs issue #50105](https://github.com/NixOS/nixpkgs/issues/50105) for information on how to proceed to be granted this level of access.
|
||||
Please see the discussion in [GitHub nixpkgs issue #321665](https://github.com/NixOS/nixpkgs/issues/321665) for information on how to proceed to be granted this level of access.
|
||||
|
||||
In a case a contributor definitively leaves the Nix community, they should create an issue or post on [Discourse](https://discourse.nixos.org) with references of packages and modules they maintain so the maintainership can be taken over by other contributors.
|
||||
|
||||
|
|
33
third_party/nixpkgs/ci/README.md
vendored
33
third_party/nixpkgs/ci/README.md
vendored
|
@ -1,7 +1,7 @@
|
|||
# CI support files
|
||||
|
||||
This directory contains files to support CI, such as [GitHub Actions](https://github.com/NixOS/nixpkgs/tree/master/.github/workflows) and [Ofborg](https://github.com/nixos/ofborg).
|
||||
This is in contrast with [`maintainers/scripts`](`../maintainers/scripts`) which is for human use instead.
|
||||
This is in contrast with [`maintainers/scripts`](../maintainers/scripts) which is for human use instead.
|
||||
|
||||
## Pinned Nixpkgs
|
||||
|
||||
|
@ -10,3 +10,34 @@ In order to ensure that the needed packages are generally available without buil
|
|||
[`pinned-nixpkgs.json`](./pinned-nixpkgs.json) contains a pinned Nixpkgs version tested by Hydra.
|
||||
|
||||
Run [`update-pinned-nixpkgs.sh`](./update-pinned-nixpkgs.sh) to update it.
|
||||
|
||||
## `ci/nixpkgs-vet.sh BASE_BRANCH [REPOSITORY]`
|
||||
|
||||
Runs the [`nixpkgs-vet` tool](https://github.com/NixOS/nixpkgs-vet) on the HEAD commit, closely matching what CI does. This can't do exactly the same as CI, because CI needs to rely on GitHub's server-side Git history to compute the mergeability of PRs before the check can be started.
|
||||
In turn, when contributors are running this tool locally, we don't want to have to push commits to test them, and we can also rely on the local Git history to do the mergeability check.
|
||||
|
||||
Arguments:
|
||||
|
||||
- `BASE_BRANCH`: The base branch to use, e.g. master or release-24.05
|
||||
- `REPOSITORY`: The repository from which to fetch the base branch. Defaults to <https://github.com/NixOS/nixpkgs.git>.
|
||||
|
||||
## `ci/nixpkgs-vet`
|
||||
|
||||
This directory contains scripts and files used and related to [`nixpkgs-vet`](https://github.com/NixOS/nixpkgs-vet/), which the CI uses to implement `pkgs/by-name` checks, along with many other Nixpkgs architecture rules.
|
||||
See also the [CI GitHub Action](../.github/workflows/nixpkgs-vet.yml).
|
||||
|
||||
## `ci/nixpkgs-vet/update-pinned-tool.sh`
|
||||
|
||||
Updates the pinned [`nixpkgs-vet` tool](https://github.com/NixOS/nixpkgs-vet) in [`ci/nixpkgs-vet/pinned-version.txt`](./nixpkgs-vet/pinned-version.txt) to the latest [release](https://github.com/NixOS/nixpkgs-vet/releases).
|
||||
|
||||
Each release contains a pre-built `x86_64-linux` version of the tool which is used by CI.
|
||||
|
||||
This script currently needs to be called manually when the CI tooling needs to be updated.
|
||||
|
||||
Why not just build the tooling right from the PRs Nixpkgs version?
|
||||
|
||||
- Because it allows CI to check all PRs, even if they would break the CI tooling.
|
||||
- Because it makes the CI check very fast, since no Nix builds need to be done, even for mass rebuilds.
|
||||
- Because it improves security, since we don't have to build potentially untrusted code from PRs.
|
||||
The tool only needs a very minimal Nix evaluation at runtime, which can work with [readonly-mode](https://nixos.org/manual/nix/stable/command-ref/opt-common.html#opt-readonly-mode) and [restrict-eval](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-restrict-eval).
|
||||
|
||||
|
|
71
third_party/nixpkgs/ci/nixpkgs-vet.sh
vendored
Executable file
71
third_party/nixpkgs/ci/nixpkgs-vet.sh
vendored
Executable file
|
@ -0,0 +1,71 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p jq
|
||||
|
||||
set -o pipefail -o errexit -o nounset
|
||||
|
||||
trace() { echo >&2 "$@"; }
|
||||
|
||||
tmp=$(mktemp -d)
|
||||
cleanup() {
|
||||
# Don't exit early if anything fails to cleanup
|
||||
set +o errexit
|
||||
|
||||
trace -n "Cleaning up.. "
|
||||
|
||||
[[ -e "$tmp/base" ]] && git worktree remove --force "$tmp/base"
|
||||
[[ -e "$tmp/merged" ]] && git worktree remove --force "$tmp/merged"
|
||||
|
||||
rm -rf "$tmp"
|
||||
|
||||
trace "Done"
|
||||
}
|
||||
trap cleanup exit
|
||||
|
||||
|
||||
repo=https://github.com/NixOS/nixpkgs.git
|
||||
|
||||
if (( $# != 0 )); then
|
||||
baseBranch=$1
|
||||
shift
|
||||
else
|
||||
trace "Usage: $0 BASE_BRANCH [REPOSITORY]"
|
||||
trace "BASE_BRANCH: The base branch to use, e.g. master or release-23.11"
|
||||
trace "REPOSITORY: The repository to fetch the base branch from, defaults to $repo"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if (( $# != 0 )); then
|
||||
repo=$1
|
||||
shift
|
||||
fi
|
||||
|
||||
if [[ -n "$(git status --porcelain)" ]]; then
|
||||
trace -e "\e[33mWarning: Dirty tree, uncommitted changes won't be taken into account\e[0m"
|
||||
fi
|
||||
headSha=$(git rev-parse HEAD)
|
||||
trace -e "Using HEAD commit \e[34m$headSha\e[0m"
|
||||
|
||||
trace -n "Creating Git worktree for the HEAD commit in $tmp/merged.. "
|
||||
git worktree add --detach -q "$tmp/merged" HEAD
|
||||
trace "Done"
|
||||
|
||||
trace -n "Fetching base branch $baseBranch to compare against.. "
|
||||
git fetch -q "$repo" refs/heads/"$baseBranch"
|
||||
baseSha=$(git rev-parse FETCH_HEAD)
|
||||
trace -e "\e[34m$baseSha\e[0m"
|
||||
|
||||
trace -n "Creating Git worktree for the base branch in $tmp/base.. "
|
||||
git worktree add -q "$tmp/base" "$baseSha"
|
||||
trace "Done"
|
||||
|
||||
trace -n "Merging base branch into the HEAD commit in $tmp/merged.. "
|
||||
git -C "$tmp/merged" merge -q --no-edit "$baseSha"
|
||||
trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m"
|
||||
trace -n "Reading pinned nixpkgs-vet version from pinned-version.txt.. "
|
||||
toolVersion=$(<"$tmp/merged/ci/nixpkgs-vet/pinned-version.txt")
|
||||
trace -e "\e[34m$toolVersion\e[0m"
|
||||
|
||||
trace -n "Building tool.. "
|
||||
nix-build https://github.com/NixOS/nixpkgs-vet/tarball/"$toolVersion" -o "$tmp/tool" -A build
|
||||
trace "Running nixpkgs-vet.."
|
||||
"$tmp/tool/bin/nixpkgs-vet" --base "$tmp/base" "$tmp/merged"
|
1
third_party/nixpkgs/ci/nixpkgs-vet/pinned-version.txt
vendored
Normal file
1
third_party/nixpkgs/ci/nixpkgs-vet/pinned-version.txt
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
0.1.4
|
|
@ -7,7 +7,7 @@ trace() { echo >&2 "$@"; }
|
|||
|
||||
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||
|
||||
repository=NixOS/nixpkgs-check-by-name
|
||||
repository=NixOS/nixpkgs-vet
|
||||
pin_file=$SCRIPT_DIR/pinned-version.txt
|
||||
|
||||
trace -n "Fetching latest release of $repository.. "
|
4
third_party/nixpkgs/ci/pinned-nixpkgs.json
vendored
4
third_party/nixpkgs/ci/pinned-nixpkgs.json
vendored
|
@ -1,4 +1,4 @@
|
|||
{
|
||||
"rev": "521d48afa9ae596930a95325529df27fa7135ff5",
|
||||
"sha256": "0a1pa5azw990narsfipdli1wng4nc3vhvrp00hb8v1qfchcq7dc9"
|
||||
"rev": "4de4818c1ffa76d57787af936e8a23648bda6be4",
|
||||
"sha256": "0l3b9jr5ydzqgvd10j12imc9jqb6jv5v2bdi1gyy5cwkwplfay67"
|
||||
}
|
||||
|
|
33
third_party/nixpkgs/doc/README.md
vendored
33
third_party/nixpkgs/doc/README.md
vendored
|
@ -251,25 +251,42 @@ You, as the writer of documentation, are still in charge of its content.
|
|||
For example:
|
||||
|
||||
```markdown
|
||||
# pkgs.coolFunction
|
||||
# pkgs.coolFunction {#pkgs.coolFunction}
|
||||
|
||||
Description of what `coolFunction` does.
|
||||
`pkgs.coolFunction` *`name`* *`config`*
|
||||
|
||||
## Inputs
|
||||
Description of what `callPackage` does.
|
||||
|
||||
`coolFunction` expects a single argument which should be an attribute set, with the following possible attributes:
|
||||
|
||||
`name` (String)
|
||||
## Inputs {#pkgs-coolFunction-inputs}
|
||||
|
||||
If something's special about `coolFunction`'s general argument handling, you can say so here.
|
||||
Otherwise, just describe the single argument or start the arguments' definition list without introduction.
|
||||
|
||||
*`name`* (String)
|
||||
|
||||
: The name of the resulting image.
|
||||
|
||||
`tag` (String; _optional_)
|
||||
*`config`* (Attribute set)
|
||||
|
||||
: Tag of the generated image.
|
||||
: Introduce the parameter. Maybe you have a test to make sure `{ }` is a sensible default; then you can say: these attributes are optional; `{ }` is a valid argument.
|
||||
|
||||
_Default:_ the output path's hash.
|
||||
`outputHash` (String; _optional_)
|
||||
|
||||
: A brief explanation including when and when not to pass this attribute.
|
||||
|
||||
: _Default:_ the output path's hash.
|
||||
```
|
||||
|
||||
Checklist:
|
||||
- Start with a synopsis, to show the order of positional arguments.
|
||||
- Metavariables are in emphasized code spans: ``` *`arg1`* ```. Metavariables are placeholders where users may write arbitrary expressions. This includes positional arguments.
|
||||
- Attribute names are regular code spans: ``` `attr1` ```. These identifiers can _not_ be picked freely by users, so they are _not_ metavariables.
|
||||
- _optional_ attributes have a _`Default:`_ if it's easily described as a value.
|
||||
- _optional_ attributes have a _`Default behavior:`_ if it's not easily described using a value.
|
||||
- Nix types aren't in code spans, because they are not code
|
||||
- Nix types are capitalized, to distinguish them from the camelCase Module System types, which _are_ code and behave like functions.
|
||||
|
||||
#### Examples
|
||||
|
||||
To define a referenceable figure use the following fencing:
|
||||
|
|
|
@ -157,6 +157,12 @@ Here are security considerations for this scenario:
|
|||
|
||||
In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content.
|
||||
|
||||
## Proxy usage {#sec-pkgs-fetchers-proxy}
|
||||
|
||||
Nixpkgs fetchers can make use of a http(s) proxy. Each fetcher will automatically inherit proxy-related environment variables (`http_proxy`, `https_proxy`, etc) via [impureEnvVars](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-impureEnvVars).
|
||||
|
||||
The environment variable `NIX_SSL_CERT_FILE` is also inherited in fetchers, and can be used to provide a custom certificate bundle to fetchers. This is usually required for a https proxy to work without certificate validation errors.
|
||||
|
||||
[]{#fetchurl}
|
||||
## `fetchurl` {#sec-pkgs-fetchers-fetchurl}
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ let
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
|
||||
sha256 = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
|
||||
hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
|
||||
};
|
||||
in appimageTools.wrapType2 {
|
||||
inherit pname version src;
|
||||
|
@ -100,7 +100,7 @@ let
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
|
||||
sha256 = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
|
||||
hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extract {
|
||||
|
@ -141,7 +141,7 @@ let
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
|
||||
sha256 = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
|
||||
hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
|
||||
};
|
||||
|
||||
appimageContents = appimageTools.extract {
|
||||
|
|
|
@ -50,6 +50,10 @@ Similarly, if you encounter errors similar to `Error_Protocol ("certificate has
|
|||
If specified, the layer created by `buildImage` will be appended to the layers defined in the base image, resulting in an image with at least two layers (one or more layers from the base image, and the layer created by `buildImage`).
|
||||
Otherwise, the resulting image with contain the single layer created by `buildImage`.
|
||||
|
||||
:::{.note}
|
||||
Only **Env** configuration is inherited from the base image.
|
||||
:::
|
||||
|
||||
_Default value:_ `null`.
|
||||
|
||||
`fromImageName` (String or Null; _optional_)
|
||||
|
|
|
@ -339,6 +339,41 @@ once to get a derivation hash, and again to produce the final fixed output deriv
|
|||
|
||||
:::
|
||||
|
||||
## `runCommand` {#tester-runCommand}
|
||||
|
||||
`runCommand :: { name, script, stdenv ? stdenvNoCC, hash ? "...", ... } -> Derivation`
|
||||
|
||||
This is a wrapper around `pkgs.runCommandWith`, which
|
||||
- produces a fixed-output derivation, enabling the command(s) to access the network ;
|
||||
- salts the derivation's name based on its inputs, ensuring the command is re-run whenever the inputs changes.
|
||||
|
||||
It accepts the following attributes:
|
||||
- the derivation's `name` ;
|
||||
- the `script` to be executed ;
|
||||
- `stdenv`, the environment to use, defaulting to `stdenvNoCC` ;
|
||||
- the derivation's output `hash`, defaulting to the empty file's.
|
||||
The derivation's `outputHashMode` is set by default to recursive, so the `script` can output a directory as well.
|
||||
|
||||
All other attributes are passed through to [`mkDerivation`](#sec-using-stdenv),
|
||||
including `nativeBuildInputs` to specify dependencies available to the `script`.
|
||||
|
||||
:::{.example #ex-tester-runCommand-nix}
|
||||
|
||||
# Run a command with network access
|
||||
|
||||
```nix
|
||||
testers.runCommand {
|
||||
name = "access-the-internet";
|
||||
command = ''
|
||||
curl -o /dev/null https://example.com
|
||||
touch $out
|
||||
'';
|
||||
nativeBuildInputs = with pkgs; [ cacert curl ];
|
||||
}
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
## `runNixOSTest` {#tester-runNixOSTest}
|
||||
|
||||
A helper function that behaves exactly like the NixOS `runTest`, except it also assigns this Nixpkgs package set as the `pkgs` of the test and makes the `nixpkgs.*` options read-only.
|
||||
|
|
|
@ -3,32 +3,122 @@
|
|||
Nixpkgs provides a variety of wrapper functions that help build commonly useful derivations.
|
||||
Like [`stdenv.mkDerivation`](#sec-using-stdenv), each of these build helpers creates a derivation, but the arguments passed are different (usually simpler) from those required by `stdenv.mkDerivation`.
|
||||
|
||||
## `runCommand` {#trivial-builder-runCommand}
|
||||
|
||||
`runCommand :: String -> AttrSet -> String -> Derivation`
|
||||
## `runCommandWith` {#trivial-builder-runCommandWith}
|
||||
|
||||
The result of `runCommand name drvAttrs buildCommand` is a derivation that is built by running the specified shell commands.
|
||||
The function `runCommandWith` returns a derivation built using the specified command(s), in a specified environment.
|
||||
|
||||
By default `runCommand` runs in a stdenv with no compiler environment, whereas [`runCommandCC`](#trivial-builder-runCommandCC) uses the default stdenv, `pkgs.stdenv`.
|
||||
It is the underlying base function of all [`runCommand*` variants].
|
||||
The general behavior is controlled via a single attribute set passed
|
||||
as the first argument, and allows specifying `stdenv` freely.
|
||||
|
||||
`name :: String`
|
||||
: The name that Nix will append to the store path in the same way that `stdenv.mkDerivation` uses its `name` attribute.
|
||||
The following [`runCommand*` variants] exist: `runCommand`, `runCommandCC`, and `runCommandLocal`.
|
||||
|
||||
`drvAttr :: AttrSet`
|
||||
: Attributes to pass to the underlying call to [`stdenv.mkDerivation`](#chap-stdenv).
|
||||
[`runCommand*` variants]: #trivial-builder-runCommand
|
||||
|
||||
`buildCommand :: String`
|
||||
### Type {#trivial-builder-runCommandWith-Type}
|
||||
|
||||
```
|
||||
runCommandWith :: {
|
||||
name :: name;
|
||||
stdenv? :: Derivation;
|
||||
runLocal? :: Bool;
|
||||
derivationArgs? :: { ... };
|
||||
} -> String -> Derivation
|
||||
```
|
||||
|
||||
### Inputs {#trivial-builder-runCommandWith-Inputs}
|
||||
|
||||
`name` (String)
|
||||
: The derivation's name, which Nix will append to the store path; see [`mkDerivation`](#sec-using-stdenv).
|
||||
|
||||
`runLocal` (Boolean)
|
||||
: If set to `true` this forces the derivation to be built locally, not using [substitutes] nor remote builds.
|
||||
This is intended for very cheap commands (<1s execution time) which can be sped up by avoiding the network round-trip(s).
|
||||
Its effect is to set [`preferLocalBuild = true`][preferLocalBuild] and [`allowSubstitutes = false`][allowSubstitutes].
|
||||
|
||||
::: {.note}
|
||||
This prevents the use of [substituters][substituter], so only set `runLocal` (or use `runCommandLocal`) when certain the user will
|
||||
always have a builder for the `system` of the derivation. This should be true for most trivial use cases
|
||||
(e.g., just copying some files to a different location or adding symlinks) because there the `system`
|
||||
is usually the same as `builtins.currentSystem`.
|
||||
:::
|
||||
|
||||
`stdenv` (Derivation)
|
||||
: The [standard environment](#chap-stdenv) to use, defaulting to `pkgs.stdenv`
|
||||
|
||||
`derivationArgs` (Attribute set)
|
||||
: Additional arguments for [`mkDerivation`](#sec-using-stdenv).
|
||||
|
||||
`buildCommand` (String)
|
||||
: Shell commands to run in the derivation builder.
|
||||
|
||||
::: {.note}
|
||||
You have to create a file or directory `$out` for Nix to be able to run the builder successfully.
|
||||
:::
|
||||
|
||||
[allowSubstitutes]: https://nixos.org/nix/manual/#adv-attr-allowSubstitutes
|
||||
[preferLocalBuild]: https://nixos.org/nix/manual/#adv-attr-preferLocalBuild
|
||||
[substituter]: https://nix.dev/manual/nix/latest/glossary#gloss-substituter
|
||||
[substitutes]: https://nix.dev/manual/nix/2.23/glossary#gloss-substitute
|
||||
|
||||
::: {.example #ex-runcommandwith}
|
||||
# Invocation of `runCommandWith`
|
||||
|
||||
```nix
|
||||
runCommandWith {
|
||||
name = "example";
|
||||
derivationArgs.nativeBuildInputs = [ cowsay ];
|
||||
} ''
|
||||
cowsay > $out <<EOMOO
|
||||
'runCommandWith' is a bit cumbersome,
|
||||
so we have more ergonomic wrappers.
|
||||
EOMOO
|
||||
''
|
||||
```
|
||||
|
||||
:::
|
||||
|
||||
|
||||
## `runCommand` and `runCommandCC` {#trivial-builder-runCommand}
|
||||
|
||||
The function `runCommand` returns a derivation built using the specified command(s), in the `stdenvNoCC` environment.
|
||||
|
||||
`runCommandCC` is similar but uses the default compiler environment. To minimize dependencies, `runCommandCC`
|
||||
should only be used when the build command needs a C compiler.
|
||||
|
||||
`runCommandLocal` is also similar to `runCommand`, but forces the derivation to be built locally.
|
||||
See the note on [`runCommandWith`] about `runLocal`.
|
||||
|
||||
[`runCommandWith`]: #trivial-builder-runCommandWith
|
||||
|
||||
### Type {#trivial-builder-runCommand-Type}
|
||||
|
||||
```
|
||||
runCommand :: String -> AttrSet -> String -> Derivation
|
||||
runCommandCC :: String -> AttrSet -> String -> Derivation
|
||||
runCommandLocal :: String -> AttrSet -> String -> Derivation
|
||||
```
|
||||
|
||||
### Input {#trivial-builder-runCommand-Input}
|
||||
|
||||
While the type signature(s) differ from [`runCommandWith`], individual arguments with the same name will have the same type and meaning:
|
||||
|
||||
`name` (String)
|
||||
: The derivation's name
|
||||
|
||||
`derivationArgs` (Attribute set)
|
||||
: Additional parameters passed to [`mkDerivation`]
|
||||
|
||||
`buildCommand` (String)
|
||||
: The command(s) run to build the derivation.
|
||||
|
||||
|
||||
::: {.example #ex-runcommand-simple}
|
||||
# Invocation of `runCommand`
|
||||
|
||||
```nix
|
||||
(import <nixpkgs> {}).runCommand "my-example" {} ''
|
||||
runCommand "my-example" {} ''
|
||||
echo My example command is running
|
||||
|
||||
mkdir $out
|
||||
|
@ -49,18 +139,24 @@ By default `runCommand` runs in a stdenv with no compiler environment, whereas [
|
|||
```
|
||||
:::
|
||||
|
||||
## `runCommandCC` {#trivial-builder-runCommandCC}
|
||||
|
||||
This works just like `runCommand`. The only difference is that it also provides a C compiler in `buildCommand`'s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command.
|
||||
|
||||
## `runCommandLocal` {#trivial-builder-runCommandLocal}
|
||||
|
||||
Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network round-trip and can speed up a build.
|
||||
|
||||
::: {.note}
|
||||
This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g., just copying some files to a different location or adding symlinks) because there the `system` is usually the same as `builtins.currentSystem`.
|
||||
`runCommand name derivationArgs buildCommand` is equivalent to
|
||||
```nix
|
||||
runCommandWith {
|
||||
inherit name derivationArgs;
|
||||
stdenv = stdenvNoCC;
|
||||
} buildCommand
|
||||
```
|
||||
|
||||
Likewise, `runCommandCC name derivationArgs buildCommand` is equivalent to
|
||||
```nix
|
||||
runCommandWith {
|
||||
inherit name derivationArgs;
|
||||
} buildCommand
|
||||
```
|
||||
:::
|
||||
|
||||
|
||||
## Writing text files {#trivial-builder-text-writing}
|
||||
|
||||
Nixpkgs provides the following functions for producing derivations which write text files or executable scripts into the Nix store.
|
||||
|
@ -437,7 +533,6 @@ writeScript "my-file"
|
|||
Contents of File
|
||||
''
|
||||
```
|
||||
:::
|
||||
|
||||
This is equivalent to:
|
||||
|
||||
|
@ -450,6 +545,7 @@ writeTextFile {
|
|||
executable = true;
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
### `writeScriptBin` {#trivial-builder-writeScriptBin}
|
||||
|
||||
|
|
|
@ -106,6 +106,7 @@ stdenvNoCC.mkDerivation {
|
|||
--arg nixpkgsPath "./." \
|
||||
--argstr revision ${nixpkgs.rev or "master"} \
|
||||
--argstr libsetsJSON ${lib.escapeShellArg (builtins.toJSON libsets)} \
|
||||
--store $(mktemp -d) \
|
||||
> locations.json
|
||||
|
||||
function docgen {
|
||||
|
|
3
third_party/nixpkgs/doc/hooks/cernlib.section.md
vendored
Normal file
3
third_party/nixpkgs/doc/hooks/cernlib.section.md
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
# CERNLIB {#cernlib-hook}
|
||||
|
||||
This hook sets the `CERN`, `CERN_LEVEL`, and `CERN_ROOT` environment variables. They are part of [CERNLIB's build system](https://cernlib.web.cern.ch/install/install.html), and are are needed for some programs to compile correctly.
|
29
third_party/nixpkgs/doc/hooks/haredo.section.md
vendored
Normal file
29
third_party/nixpkgs/doc/hooks/haredo.section.md
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
# `haredo` {#haredo-hook}
|
||||
|
||||
This hook uses [the `haredo` command runner](https://sr.ht/~autumnull/haredo/) to build, check, and install the package. It overrides `buildPhase`, `checkPhase`, and `installPhase` by default.
|
||||
|
||||
The hook builds its targets in parallel if [`config.enableParallelBuilding`](#var-stdenv-enableParallelBuilding) is set to `true`.
|
||||
|
||||
## `buildPhase` {#haredo-hook-buildPhase}
|
||||
|
||||
This phase attempts to build the default target.
|
||||
|
||||
[]{#haredo-hook-haredoBuildTargets} Targets can be explicitly set by adding a string to the `haredoBuildTargets` list.
|
||||
|
||||
[]{#haredo-hook-dontUseHaredoBuild} This behavior can be disabled by setting `dontUseHaredoBuild` to `true`.
|
||||
|
||||
## `checkPhase` {#haredo-hook-checkPhase}
|
||||
|
||||
This phase searches for the `check.do` or `test.do` targets, running them if they exist.
|
||||
|
||||
[]{#haredo-hook-haredoCheckTargets} Targets can be explicitly set by adding a string to the `haredoCheckTargets` list.
|
||||
|
||||
[]{#haredo-hook-dontUseHaredoCheck} This behavior can be disabled by setting `dontUseHaredoCheck` to `true`.
|
||||
|
||||
## `installPhase` {#haredo-hook-installPhase}
|
||||
|
||||
This phase attempts to build the `install.do` target, if it exists.
|
||||
|
||||
[]{#haredo-hook-haredoInstallTargets} Targets can be explicitly set by adding a string to the `haredoInstallTargets` list.
|
||||
|
||||
[]{#haredo-hook-dontUseHaredoInstall} This behavior can be disabled by setting `dontUseHaredoInstall` to `true`.
|
4
third_party/nixpkgs/doc/hooks/index.md
vendored
4
third_party/nixpkgs/doc/hooks/index.md
vendored
|
@ -10,11 +10,14 @@ automake.section.md
|
|||
autopatchelf.section.md
|
||||
bmake.section.md
|
||||
breakpoint.section.md
|
||||
cernlib.section.md
|
||||
cmake.section.md
|
||||
gdk-pixbuf.section.md
|
||||
ghc.section.md
|
||||
gnome.section.md
|
||||
haredo.section.md
|
||||
installShellFiles.section.md
|
||||
just.section.md
|
||||
libiconv.section.md
|
||||
libxml2.section.md
|
||||
meson.section.md
|
||||
|
@ -24,6 +27,7 @@ patch-rc-path-hooks.section.md
|
|||
perl.section.md
|
||||
pkg-config.section.md
|
||||
postgresql-test-hook.section.md
|
||||
premake.section.md
|
||||
python.section.md
|
||||
scons.section.md
|
||||
tetex-tex-live.section.md
|
||||
|
|
|
@ -1,16 +1,79 @@
|
|||
# `installShellFiles` {#installshellfiles}
|
||||
|
||||
This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook.
|
||||
This hook adds helpers that install artifacts like executable files, manpages
|
||||
and shell completions.
|
||||
|
||||
The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct `share/man/man<section>/` directory, in [`outputMan`](#outputman).
|
||||
It exposes the following functions that can be used from your `postInstall`
|
||||
hook:
|
||||
|
||||
The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh).
|
||||
## `installBin` {#installshellfiles-installbin}
|
||||
|
||||
The `installBin` function takes one or more paths to files to install as
|
||||
executable files.
|
||||
|
||||
This function will place them into [`outputBin`](#outputbin).
|
||||
|
||||
### Example Usage {#installshellfiles-installbin-exampleusage}
|
||||
|
||||
```nix
|
||||
{
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
# Sometimes the file has an undersirable name. It should be renamed before
|
||||
# being installed via installBin
|
||||
postInstall = ''
|
||||
mv a.out delmar
|
||||
installBin foobar delmar
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
## `installManPage` {#installshellfiles-installmanpage}
|
||||
|
||||
The `installManPage` function takes one or more paths to manpages to install.
|
||||
|
||||
The manpages must have a section suffix, and may optionally be compressed (with
|
||||
`.gz` suffix). This function will place them into the correct
|
||||
`share/man/man<section>/` directory in [`outputMan`](#outputman).
|
||||
|
||||
### Example Usage {#installshellfiles-installmanpage-exampleusage}
|
||||
|
||||
```nix
|
||||
{
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
# Sometimes the manpage file has an undersirable name; e.g. it conflicts with
|
||||
# another software with an equal name. It should be renamed before being
|
||||
# installed via installManPage
|
||||
postInstall = ''
|
||||
mv fromsea.3 delmar.3
|
||||
installManPage foobar.1 delmar.3
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
## `installShellCompletion` {#installshellfiles-installshellcompletion}
|
||||
|
||||
The `installShellCompletion` function takes one or more paths to shell
|
||||
completion files.
|
||||
|
||||
By default it will autodetect the shell type from the completion file extension,
|
||||
but you may also specify it by passing one of `--bash`, `--fish`, or
|
||||
`--zsh`. These flags apply to all paths listed after them (up until another
|
||||
shell flag is given). Each path may also have a custom installation name
|
||||
provided by providing a flag `--name NAME` before the path. If this flag is not
|
||||
provided, zsh completions will be renamed automatically such that `foobar.zsh`
|
||||
becomes `_foobar`. A root name may be provided for all paths using the flag
|
||||
`--cmd NAME`; this synthesizes the appropriate name depending on the shell
|
||||
(e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for
|
||||
zsh).
|
||||
|
||||
### Example Usage {#installshellfiles-installshellcompletion-exampleusage}
|
||||
|
||||
```nix
|
||||
{
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
postInstall = ''
|
||||
installManPage doc/foobar.1 doc/barfoo.3
|
||||
# explicit behavior
|
||||
installShellCompletion --bash --name foobar.bash share/completions.bash
|
||||
installShellCompletion --fish --name foobar.fish share/completions.fish
|
||||
|
@ -21,9 +84,17 @@ The `installShellCompletion` function takes one or more paths to shell completio
|
|||
}
|
||||
```
|
||||
|
||||
The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided (see below).
|
||||
The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which
|
||||
case the shell and name must be provided (see below).
|
||||
|
||||
If the destination shell completion file is not actually present or consists of zero bytes after calling `installShellCompletion` this is treated as a build failure. In particular, if completion files are not vendored but are generated by running an executable, this is likely to fail in cross compilation scenarios. The result will be a zero byte completion file and hence a build failure. To prevent this, guard the completion commands against this, e.g.
|
||||
If the destination shell completion file is not actually present or consists of
|
||||
zero bytes after calling `installShellCompletion` this is treated as a build
|
||||
failure. In particular, if completion files are not vendored but are generated
|
||||
by running an executable, this is likely to fail in cross compilation
|
||||
scenarios. The result will be a zero byte completion file and hence a build
|
||||
failure. To prevent this, guard the completion generation commands.
|
||||
|
||||
### Example Usage {#installshellfiles-installshellcompletion-exampleusage-guarded}
|
||||
|
||||
```nix
|
||||
{
|
||||
|
|
23
third_party/nixpkgs/doc/hooks/just.section.md
vendored
Normal file
23
third_party/nixpkgs/doc/hooks/just.section.md
vendored
Normal file
|
@ -0,0 +1,23 @@
|
|||
# `just` {#just-hook}
|
||||
|
||||
This setup hook attempts to use [the `just` command runner](https://just.systems/man/en/) to build, check, and install the package. The hook overrides `buildPhase`, `checkPhase`, and `installPhase` by default.
|
||||
|
||||
[]{#just-hook-justFlags} The `justFlags` variable can be set to a list of strings to add additional flags passed to all invocations of `just`.
|
||||
|
||||
## `buildPhase` {#just-hook-buildPhase}
|
||||
|
||||
This phase attempts to invoke `just` with [the default recipe](https://just.systems/man/en/chapter_23.html).
|
||||
|
||||
[]{#just-hook-dontUseJustBuild} This behavior can be disabled by setting `dontUseJustBuild` to `true`.
|
||||
|
||||
## `checkPhase` {#just-hook-checkPhase}
|
||||
|
||||
This phase attempts to invoke the `just test` recipe, if it is available. This can be overrided by setting `checkTarget` to a string.
|
||||
|
||||
[]{#just-hook-dontUseJustCheck} This behavior can be disabled by setting `dontUseJustCheck` to `true`.
|
||||
|
||||
## `installPhase` {#just-hook-installPhase}
|
||||
|
||||
This phase attempts to invoke the `just install` recipe.
|
||||
|
||||
[]{#just-hook-dontUseJustInstall} This behavior can be disabled by setting `dontUseJustInstall` to `true`.
|
7
third_party/nixpkgs/doc/hooks/premake.section.md
vendored
Normal file
7
third_party/nixpkgs/doc/hooks/premake.section.md
vendored
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Premake {#premake-hook}
|
||||
|
||||
This setup hook attempts to configure the package using [the Premake build configuration system](https://premake.github.io/). It overrides the `configurePhase` by default, if none exists.
|
||||
|
||||
[]{#premake-hook-premakefile} The Premakefile to use can be specified by setting `premakefile` in the derivation.
|
||||
|
||||
[]{#premake-hook-premakeFlagsArray} The flags passed to Premake can be configured by adding strings to the `premakeFlags` list.
|
|
@ -23,7 +23,7 @@ The recommended way of defining a derivation for a Coq library, is to use the `c
|
|||
* if it is a string of the form `owner:branch` then it tries to download the `branch` of owner `owner` for a project of the same name using the same vcs, and the `version` attribute of the resulting derivation is set to `"dev"`, additionally if the owner is not provided (i.e. if the `owner:` prefix is missing), it defaults to the original owner of the package (see below),
|
||||
* if it is a string of the form `"#N"`, and the domain is github, then it tries to download the current head of the pull request `#N` from github,
|
||||
* `defaultVersion` (optional). Coq libraries may be compatible with some specific versions of Coq only. The `defaultVersion` attribute is used when no `version` is provided (or if `version = null`) to select the version of the library to use by default, depending on the context. This selection will mainly depend on a `coq` version number but also possibly on other packages versions (e.g. `mathcomp`). If its value ends up to be `null`, the package is marked for removal in end-user `coqPackages` attribute set.
|
||||
* `release` (optional, defaults to `{}`), lists all the known releases of the library and for each of them provides an attribute set with at least a `sha256` attribute (you may put the empty string `""` in order to automatically insert a fake sha256, this will trigger an error which will allow you to find the correct sha256), each attribute set of the list of releases also takes optional overloading arguments for the fetcher as below (i.e.`domain`, `owner`, `repo`, `rev` assuming the default fetcher is used) and optional overrides for the result of the fetcher (i.e. `version` and `src`).
|
||||
* `release` (optional, defaults to `{}`), lists all the known releases of the library and for each of them provides an attribute set with at least a `hash` attribute (you may put the empty string `""` in order to automatically insert a fake hash, this will trigger an error which will allow you to find the correct hash), each attribute set of the list of releases also takes optional overloading arguments for the fetcher as below (i.e.`domain`, `owner`, `repo`, `rev` assuming the default fetcher is used) and optional overrides for the result of the fetcher (i.e. `version` and `src`).
|
||||
* `fetcher` (optional, defaults to a generic fetching mechanism supporting github or gitlab based infrastructures), is a function that takes at least an `owner`, a `repo`, a `rev`, and a `hash` and returns an attribute set with a `version` and `src`.
|
||||
* `repo` (optional, defaults to the value of `pname`),
|
||||
* `owner` (optional, defaults to `"coq-community"`).
|
||||
|
@ -69,15 +69,15 @@ mkCoqDerivation {
|
|||
{ cases = [ (isEq "8.6") (range "1.6" "1.7") ]; out = "1.1"; }
|
||||
] null;
|
||||
release = {
|
||||
"1.5.2".sha256 = "15aspf3jfykp1xgsxf8knqkxv8aav2p39c2fyirw7pwsfbsv2c4s";
|
||||
"1.5.1".sha256 = "13nlfm2wqripaq671gakz5mn4r0xwm0646araxv0nh455p9ndjs3";
|
||||
"1.5.0".sha256 = "064rvc0x5g7y1a0nip6ic91vzmq52alf6in2bc2dmss6dmzv90hw";
|
||||
"1.5.2".hash = "sha256-mjCx9XKa38Nz9E6wNK7YSqHdJ7YTua5fD3d6J4e7WpU=";
|
||||
"1.5.1".hash = "sha256-Q8tm0y2FQAt2V1kZYkDlHWRia/lTvXAMVjdmzEV11I4=";
|
||||
"1.5.0".hash = "sha256-HIK0f21G69oEW8JG46gSBde/Q2LR3GiBCv680gHbmRg=";
|
||||
"1.5.0".rev = "1.5";
|
||||
"1.4".sha256 = "0vnkirs8iqsv8s59yx1fvg1nkwnzydl42z3scya1xp1b48qkgn0p";
|
||||
"1.3".sha256 = "0l3vi5n094nx3qmy66hsv867fnqm196r8v605kpk24gl0aa57wh4";
|
||||
"1.2".sha256 = "1mh1w339dslgv4f810xr1b8v2w7rpx6fgk9pz96q0fyq49fw2xcq";
|
||||
"1.1".sha256 = "1q8alsm89wkc0lhcvxlyn0pd8rbl2nnxg81zyrabpz610qqjqc3s";
|
||||
"1.0".sha256 = "1qmbxp1h81cy3imh627pznmng0kvv37k4hrwi2faa101s6bcx55m";
|
||||
"1.4".hash = "sha256-F9g3MSIr3B6UZ3p8QWjz3/Jpw9sudJ+KRlvjiHSO024=";
|
||||
"1.3".hash = "sha256-BPJTlAL0ETHvLMBslE0KFVt3DNoaGuMrHt2SBGyJe1A=";
|
||||
"1.2".hash = "sha256-mHXBXSLYO4BN+jfN50y/+XCx0Qq5g4Ac2Y/qlsbgAdY=";
|
||||
"1.1".hash = "sha256-ejAsMQbB/LtU9j+g160VdGXULrCe9s0gBWzyhKqmCuE=";
|
||||
"1.0".hash = "sha256-tZTOltEBBKWciDxDMs/Ye4Jnq/33CANrHJ4FBMPtq+I=";
|
||||
};
|
||||
|
||||
propagatedBuildInputs =
|
||||
|
@ -126,7 +126,7 @@ For example, here is how you could locally add a new release of the `multinomial
|
|||
coqPackages.lib.overrideCoqDerivation
|
||||
{
|
||||
defaultVersion = "2.0";
|
||||
release."2.0".sha256 = "1lq8x86vd3vqqh2yq6hvyagpnhfq5wmk5pg2z0xq7b7dbbbhyfkk";
|
||||
release."2.0".hash = "sha256-czoP11rtrIM7+OLdMisv2EF7n/IbGuwFxHiPtg3qCNM=";
|
||||
}
|
||||
coqPackages.multinomials
|
||||
```
|
||||
|
|
|
@ -93,18 +93,18 @@ The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given
|
|||
To package Dotnet applications, you can use `buildDotnetModule`. This has similar arguments to `stdenv.mkDerivation`, with the following additions:
|
||||
|
||||
* `projectFile` is used for specifying the dotnet project file, relative to the source root. These have `.sln` (entire solution) or `.csproj` (single project) file extensions. This can be a list of multiple projects as well. When omitted, will attempt to find and build the solution (`.sln`). If running into problems, make sure to set it to a file (or a list of files) with the `.csproj` extension - building applications as entire solutions is not fully supported by the .NET CLI.
|
||||
* `nugetDeps` takes either a path to a `deps.nix` file, or a derivation. The `deps.nix` file can be generated using the script attached to `passthru.fetch-deps`. If the argument is a derivation, it will be used directly and assume it has the same output as `mkNugetDeps`.
|
||||
* `nugetDeps` takes either a path to a `deps.nix` file, or a derivation. The `deps.nix` file can be generated using the script attached to `passthru.fetch-deps`. For compatibility, if the argument is a list of derivations, they will be added to `buildInputs`.
|
||||
::: {.note}
|
||||
For more detail about managing the `deps.nix` file, see [Generating and updating NuGet dependencies](#generating-and-updating-nuget-dependencies)
|
||||
:::
|
||||
|
||||
* `packNupkg` is used to pack project as a `nupkg`, and installs it to `$out/share`. If set to `true`, the derivation can be used as a dependency for another dotnet project by adding it to `projectReferences`.
|
||||
* `projectReferences` can be used to resolve `ProjectReference` project items. Referenced projects can be packed with `buildDotnetModule` by setting the `packNupkg = true` attribute and passing a list of derivations to `projectReferences`. Since we are sharing referenced projects as NuGets they must be added to csproj/fsproj files as `PackageReference` as well.
|
||||
* `packNupkg` is used to pack project as a `nupkg`, and installs it to `$out/share`. If set to `true`, the derivation can be used as a dependency for another dotnet project by adding it to `buildInputs`.
|
||||
* `buildInputs` can be used to resolve `ProjectReference` project items. Referenced projects can be packed with `buildDotnetModule` by setting the `packNupkg = true` attribute and passing a list of derivations to `buildInputs`. Since we are sharing referenced projects as NuGets they must be added to csproj/fsproj files as `PackageReference` as well.
|
||||
For example, your project has a local dependency:
|
||||
```xml
|
||||
<ProjectReference Include="../foo/bar.fsproj" />
|
||||
```
|
||||
To enable discovery through `projectReferences` you would need to add:
|
||||
To enable discovery through `buildInputs` you would need to add:
|
||||
```xml
|
||||
<ProjectReference Include="../foo/bar.fsproj" />
|
||||
<PackageReference Include="bar" Version="*" Condition=" '$(ContinuousIntegrationBuild)'=='true' "/>
|
||||
|
@ -118,6 +118,7 @@ For more detail about managing the `deps.nix` file, see [Generating and updating
|
|||
* `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used. You can also set this to the result of `dotnetSdkPackages.combinePackages`, if the project uses multiple SDKs to build.
|
||||
* `dotnet-runtime` is useful in cases where you need to change what dotnet runtime is being used. This can be either a regular dotnet runtime, or an aspnetcore.
|
||||
* `testProjectFile` is useful in cases where the regular project file does not contain the unit tests. It gets restored and build, but not installed. You may need to regenerate your nuget lockfile after setting this. Note that if set, only tests from this project are executed.
|
||||
* `testFilters` is used to disable running unit tests based on various [filters](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-test#filter-option-details). This gets passed as: `dotnet test --filter "{}"`, with each filter being concatenated using `"&"`.
|
||||
* `disabledTests` is used to disable running specific unit tests. This gets passed as: `dotnet test --filter "FullyQualifiedName!={}"`, to ensure compatibility with all unit test frameworks.
|
||||
* `dotnetRestoreFlags` can be used to pass flags to `dotnet restore`.
|
||||
* `dotnetBuildFlags` can be used to pass flags to `dotnet build`.
|
||||
|
@ -143,7 +144,7 @@ in buildDotnetModule rec {
|
|||
projectFile = "src/project.sln";
|
||||
nugetDeps = ./deps.nix; # see "Generating and updating NuGet dependencies" section for details
|
||||
|
||||
projectReferences = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
|
||||
buildInputs = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
|
||||
|
||||
dotnet-sdk = dotnetCorePackages.sdk_6_0;
|
||||
dotnet-runtime = dotnetCorePackages.runtime_6_0;
|
||||
|
@ -218,7 +219,7 @@ buildDotnetGlobalTool {
|
|||
## Generating and updating NuGet dependencies {#generating-and-updating-nuget-dependencies}
|
||||
|
||||
When writing a new expression, you can use the generated `fetch-deps` script to initialise the lockfile.
|
||||
After creating a blank `deps.nix` and pointing `nugetDeps` to it,
|
||||
After setting `nugetDeps` to the desired location of the lockfile (e.g. `./deps.nix`),
|
||||
build the script with `nix-build -A package.fetch-deps` and then run the result.
|
||||
(When the root attr is your package, it's simply `nix-build -A fetch-deps`.)
|
||||
|
||||
|
|
|
@ -62,6 +62,65 @@ The following is an example expression using `buildGoModule`:
|
|||
}
|
||||
```
|
||||
|
||||
### Obtaining and overriding `vendorHash` for `buildGoModule` {#buildGoModule-vendorHash}
|
||||
|
||||
We can use `nix-prefetch` to obtain the actual hash. The following command gets the value of `vendorHash` for package `pet`:
|
||||
|
||||
```sh
|
||||
cd path/to/nixpkgs
|
||||
nix-prefetch -E "{ sha256 }: ((import ./. { }).my-package.overrideAttrs { vendorHash = sha256; }).goModules"
|
||||
```
|
||||
|
||||
To obtain the hash without external tools, set `vendorHash = lib.fakeHash;` and run the build. ([more details here](#sec-source-hashes)).
|
||||
|
||||
`vendorHash` can be overridden with `overrideAttrs`. Override the above example like this:
|
||||
|
||||
```nix
|
||||
{
|
||||
pet_0_4_0 = pet.overrideAttrs (
|
||||
finalAttrs: previousAttrs: {
|
||||
version = "0.4.0";
|
||||
src = fetchFromGitHub {
|
||||
inherit (previousAttrs.src) owner repo;
|
||||
rev = "v${finalAttrs.version}";
|
||||
hash = "sha256-gVTpzmXekQxGMucDKskGi+e+34nJwwsXwvQTjRO6Gdg=";
|
||||
};
|
||||
vendorHash = "sha256-dUvp7FEW09V0xMuhewPGw3TuAic/sD7xyXEYviZ2Ivs=";
|
||||
}
|
||||
);
|
||||
}
|
||||
```
|
||||
|
||||
### Overriding `goModules` {#buildGoModule-goModules-override}
|
||||
|
||||
Overriding `<pkg>.goModules` by calling `goModules.overrideAttrs` is unsupported. Still, it is possible to override the `vendorHash` (`goModules`'s `outputHash`) and the `pre`/`post` hooks for both the build and patch phases of the primary and `goModules` derivation. Alternatively, the primary derivation provides an overridable `passthru.overrideModAttrs` function to store the attribute overlay implicitly taken by `goModules.overrideAttrs`. Here's an example usage of `overrideModAttrs`:
|
||||
|
||||
```nix
|
||||
{
|
||||
pet-overridden = pet.overrideAttrs (
|
||||
finalAttrs: previousAttrs: {
|
||||
passthru = previousAttrs.passthru // {
|
||||
# If the original package has an `overrideModAttrs` attribute set, you'd
|
||||
# want to extend it, and not replace it. Hence we use
|
||||
# `lib.composeExtensions`. If you are sure the `overrideModAttrs` of the
|
||||
# original package trivially does nothing, you can safely replace it
|
||||
# with your own by not using `lib.composeExtensions`.
|
||||
overrideModAttrs = lib.composeExtensions previousAttrs.passthru.overrideModAttrs (
|
||||
finalModAttrs: previousModAttrs: {
|
||||
# goModules-specific overriding goes here
|
||||
postBuild = ''
|
||||
# Here you have access to the `vendor` directory.
|
||||
substituteInPlace vendor/github.com/example/repo/file.go \
|
||||
--replace-fail "panic(err)" ""
|
||||
'';
|
||||
}
|
||||
);
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
```
|
||||
|
||||
## `buildGoPackage` (legacy) {#ssec-go-legacy}
|
||||
|
||||
The function `buildGoPackage` builds legacy Go programs, not supporting Go modules.
|
||||
|
|
|
@ -67,6 +67,7 @@ dotnet.section.md
|
|||
emscripten.section.md
|
||||
gnome.section.md
|
||||
go.section.md
|
||||
gradle.section.md
|
||||
hare.section.md
|
||||
haskell.section.md
|
||||
hy.section.md
|
||||
|
|
|
@ -258,26 +258,39 @@ It returns a derivation with all `package-lock.json` dependencies downloaded int
|
|||
|
||||
#### importNpmLock {#javascript-buildNpmPackage-importNpmLock}
|
||||
|
||||
`importNpmLock` is a Nix function that requires the following optional arguments:
|
||||
This function replaces the npm dependency references in `package.json` and `package-lock.json` with paths to the Nix store.
|
||||
How each dependency is fetched can be customized with the `fetcherOpts` argument.
|
||||
|
||||
- `npmRoot`: Path to package directory containing the source tree
|
||||
This is a simpler and more convenient alternative to [`fetchNpmDeps`](#javascript-buildNpmPackage-fetchNpmDeps) for managing npm dependencies in Nixpkgs.
|
||||
There is no need to specify a `hash`, since it relies entirely on the integrity hashes already present in the `package-lock.json` file.
|
||||
|
||||
##### Inputs {#javascript-buildNpmPackage-inputs}
|
||||
|
||||
- `npmRoot`: Path to package directory containing the source tree.
|
||||
If this is omitted, the `package` and `packageLock` arguments must be specified instead.
|
||||
- `package`: Parsed contents of `package.json`
|
||||
- `packageLock`: Parsed contents of `package-lock.json`
|
||||
- `pname`: Package name
|
||||
- `version`: Package version
|
||||
- `fetcherOpts`: An attribute set of arguments forwarded to the underlying fetcher.
|
||||
|
||||
It returns a derivation with a patched `package.json` & `package-lock.json` with all dependencies resolved to Nix store paths.
|
||||
|
||||
This function is analogous to using `fetchNpmDeps`, but instead of specifying `hash` it uses metadata from `package.json` & `package-lock.json`.
|
||||
:::{.note}
|
||||
`npmHooks.npmConfigHook` cannot be used with `importNpmLock`.
|
||||
Use `importNpmLock.npmConfigHook` instead.
|
||||
:::
|
||||
|
||||
Note that `npmHooks.npmConfigHook` cannot be used with `importNpmLock`. You will instead need to use `importNpmLock.npmConfigHook`:
|
||||
:::{.example}
|
||||
|
||||
##### `pkgs.importNpmLock` usage example {#javascript-buildNpmPackage-example}
|
||||
```nix
|
||||
{ buildNpmPackage, importNpmLock }:
|
||||
|
||||
buildNpmPackage {
|
||||
pname = "hello";
|
||||
version = "0.1.0";
|
||||
src = ./.;
|
||||
|
||||
npmDeps = importNpmLock {
|
||||
npmRoot = ./.;
|
||||
|
@ -286,6 +299,75 @@ buildNpmPackage {
|
|||
npmConfigHook = importNpmLock.npmConfigHook;
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
:::{.example}
|
||||
##### `pkgs.importNpmLock` usage example with `fetcherOpts` {#javascript-buildNpmPackage-example-fetcherOpts}
|
||||
|
||||
`importNpmLock` uses the following fetchers:
|
||||
|
||||
- `pkgs.fetchurl` for `http(s)` dependencies
|
||||
- `builtins.fetchGit` for `git` dependencies
|
||||
|
||||
It is possible to provide additional arguments to individual fetchers as needed:
|
||||
|
||||
```nix
|
||||
{ buildNpmPackage, importNpmLock }:
|
||||
|
||||
buildNpmPackage {
|
||||
pname = "hello";
|
||||
version = "0.1.0";
|
||||
src = ./.;
|
||||
|
||||
npmDeps = importNpmLock {
|
||||
npmRoot = ./.;
|
||||
fetcherOpts = {
|
||||
# Pass 'curlOptsList' to 'pkgs.fetchurl' while fetching 'axios'
|
||||
{ "node_modules/axios" = { curlOptsList = [ "--verbose" ]; }; }
|
||||
};
|
||||
};
|
||||
|
||||
npmConfigHook = importNpmLock.npmConfigHook;
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
#### importNpmLock.buildNodeModules {#javascript-buildNpmPackage-importNpmLock.buildNodeModules}
|
||||
|
||||
`importNpmLock.buildNodeModules` returns a derivation with a pre-built `node_modules` directory, as imported by `importNpmLock`.
|
||||
|
||||
This is to be used together with `importNpmLock.hooks.linkNodeModulesHook` to facilitate `nix-shell`/`nix develop` based development workflows.
|
||||
|
||||
It accepts an argument with the following attributes:
|
||||
|
||||
`npmRoot` (Path; optional)
|
||||
: Path to package directory containing the source tree. If not specified, the `package` and `packageLock` arguments must both be specified.
|
||||
|
||||
`package` (Attrset; optional)
|
||||
: Parsed contents of `package.json`, as returned by `lib.importJSON ./my-package.json`. If not specified, the `package.json` in `npmRoot` is used.
|
||||
|
||||
`packageLock` (Attrset; optional)
|
||||
: Parsed contents of `package-lock.json`, as returned `lib.importJSON ./my-package-lock.json`. If not specified, the `package-lock.json` in `npmRoot` is used.
|
||||
|
||||
`derivationArgs` (`mkDerivation` attrset; optional)
|
||||
: Arguments passed to `stdenv.mkDerivation`
|
||||
|
||||
For example:
|
||||
|
||||
```nix
|
||||
pkgs.mkShell {
|
||||
packages = [
|
||||
importNpmLock.hooks.linkNodeModulesHook
|
||||
nodejs
|
||||
];
|
||||
|
||||
npmDeps = importNpmLock.buildNodeModules {
|
||||
npmRoot = ./.;
|
||||
inherit nodejs;
|
||||
};
|
||||
}
|
||||
```
|
||||
will create a development shell where a `node_modules` directory is created & packages symlinked to the Nix store when activated.
|
||||
|
||||
### corepack {#javascript-corepack}
|
||||
|
||||
|
@ -346,11 +428,11 @@ NOTE: It is highly recommended to use a pinned version of pnpm (i.e. `pnpm_8` or
|
|||
|
||||
In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e. `inherit (finalAttrs) patches`.
|
||||
|
||||
`pnpm.configHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array.
|
||||
|
||||
#### Dealing with `sourceRoot` {#javascript-pnpm-sourceRoot}
|
||||
|
||||
NOTE: Nixpkgs pnpm tooling doesn't support building projects with a `pnpm-workspace.yaml`, or building monorepos. It maybe possible to use `pnpm.fetchDeps` for these projects, but it may be hard or impossible to produce a binary from such projects ([an example attempt](https://github.com/NixOS/nixpkgs/pull/290715#issuecomment-2144543728)).
|
||||
|
||||
If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`. Note, that projects using `pnpm-workspace.yaml` are currently not supported, and will probably not work using this approach.
|
||||
If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`.
|
||||
If `sourceRoot` is different between the parent derivation and `fetchDeps`, you will have to set `pnpmRoot` to effectively be the same location as it is in `fetchDeps`.
|
||||
|
||||
Assuming the following directory structure, we can define `sourceRoot` and `pnpmRoot` as follows:
|
||||
|
@ -375,12 +457,62 @@ Assuming the following directory structure, we can define `sourceRoot` and `pnpm
|
|||
pnpmRoot = "frontend";
|
||||
```
|
||||
|
||||
#### PNPM Workspaces {#javascript-pnpm-workspaces}
|
||||
|
||||
If you need to use a PNPM workspace for your project, then set `pnpmWorkspace = "<workspace project name>"` in your `pnpm.fetchDeps` call,
|
||||
which will make PNPM only install dependencies for that workspace package.
|
||||
|
||||
For example:
|
||||
|
||||
```nix
|
||||
...
|
||||
pnpmWorkspace = "@astrojs/language-server";
|
||||
pnpmDeps = pnpm.fetchDeps {
|
||||
inherit (finalAttrs) pnpmWorkspace;
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
The above would make `pnpm.fetchDeps` call only install dependencies for the `@astrojs/language-server` workspace package.
|
||||
Note that you do not need to set `sourceRoot` to make this work.
|
||||
|
||||
Usually in such cases, you'd want to use `pnpm --filter=$pnpmWorkspace build` to build your project, as `npmHooks.npmBuildHook` probably won't work. A `buildPhase` based on the following example will probably fit most workspace projects:
|
||||
|
||||
```nix
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
pnpm --filter=@astrojs/language-server build
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
```
|
||||
|
||||
#### Additional PNPM Commands and settings {#javascript-pnpm-extraCommands}
|
||||
|
||||
If you require setting an additional PNPM configuration setting (such as `dedupe-peer-dependents` or similar),
|
||||
set `prePnpmInstall` to the right commands to run. For example:
|
||||
|
||||
```nix
|
||||
prePnpmInstall = ''
|
||||
pnpm config set dedupe-peer-dependants false
|
||||
'';
|
||||
pnpmDeps = pnpm.fetchDeps {
|
||||
inherit (finalAttrs) prePnpmInstall;
|
||||
...
|
||||
};
|
||||
```
|
||||
|
||||
In this example, `prePnpmInstall` will be run by both `pnpm.configHook` and by the `pnpm.fetchDeps` builder.
|
||||
|
||||
|
||||
### Yarn {#javascript-yarn}
|
||||
|
||||
Yarn based projects use a `yarn.lock` file instead of a `package-lock.json` to pin dependencies. Nixpkgs provides the Nix function `fetchYarnDeps` which fetches an offline cache suitable for running `yarn install` before building the project. In addition, Nixpkgs provides the hooks:
|
||||
|
||||
- `yarnConfigHook`: Fetches the dependencies from the offline cache and installs them into `node_modules`.
|
||||
- `yarnBuildHook`: Runs `yarn build` or a specified `yarn` command that builds the project.
|
||||
- `yarnInstallHook`: Runs `yarn install --production` to prune dependencies and installs the project into `$out`.
|
||||
|
||||
An example usage of the above attributes is:
|
||||
|
||||
|
@ -415,9 +547,9 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
nativeBuildInputs = [
|
||||
yarnConfigHook
|
||||
yarnBuildHook
|
||||
yarnInstallHook
|
||||
# Needed for executing package.json scripts
|
||||
nodejs
|
||||
npmHooks.npmInstallHook
|
||||
];
|
||||
|
||||
meta = {
|
||||
|
@ -426,8 +558,6 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
})
|
||||
```
|
||||
|
||||
Note that there is no setup hook for installing yarn based packages - `npmHooks.npmInstallHook` should fit most cases, but sometimes you may need to override the `installPhase` completely.
|
||||
|
||||
#### `yarnConfigHook` arguments {#javascript-yarnconfighook}
|
||||
|
||||
By default, `yarnConfigHook` relies upon the attribute `${yarnOfflineCache}` (or `${offlineCache}` if the former is not set) to find the location of the offline cache produced by `fetchYarnDeps`. To disable this phase, you can set `dontYarnInstallDeps = true` or override the `configurePhase`.
|
||||
|
@ -439,9 +569,15 @@ This script by default runs `yarn --offline build`, and it relies upon the proje
|
|||
- `yarnBuildScript`: Sets a different `yarn --offline` subcommand (defaults to `build`).
|
||||
- `yarnBuildFlags`: Single string list of additional flags to pass the above command, or a Nix list of such additional flags.
|
||||
|
||||
#### `yarnInstallHook` arguments {#javascript-yarninstallhook}
|
||||
|
||||
To install the package `yarnInstallHook` uses both `npm` and `yarn` to cleanup project files and dependencies. To disable this phase, you can set `dontYarnInstall = true` or override the `installPhase`. Below is a list of additional `mkDerivation` arguments read by this hook:
|
||||
|
||||
- `yarnKeepDevDeps`: Disables the removal of devDependencies from `node_modules` before installation.
|
||||
|
||||
### yarn2nix {#javascript-yarn2nix}
|
||||
|
||||
WARNING: The `yarn2nix` functions have been deprecated in favor of the new `yarnConfigHook` and `yarnBuildHook`. Documentation for them still appears here for the sake of the packages that still use them. See also a tracking issue [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
|
||||
WARNING: The `yarn2nix` functions have been deprecated in favor of the new `yarnConfigHook`, `yarnBuildHook` and `yarnInstallHook`. Documentation for them still appears here for the sake of the packages that still use them. See also a tracking issue [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
|
||||
|
||||
#### Preparation {#javascript-yarn2nix-preparation}
|
||||
|
||||
|
|
|
@ -219,10 +219,10 @@ stdenv.mkDerivation {
|
|||
|
||||
# don't do any fixup
|
||||
dontFixup = true;
|
||||
outputHashAlgo = "sha256";
|
||||
outputHashAlgo = null;
|
||||
outputHashMode = "recursive";
|
||||
# replace this with the correct SHA256
|
||||
outputHash = lib.fakeSha256;
|
||||
outputHash = lib.fakeHash;
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -55,13 +55,19 @@ sets are
|
|||
* `pkgs.python311Packages`
|
||||
* `pkgs.python312Packages`
|
||||
* `pkgs.python313Packages`
|
||||
* `pkgs.pypyPackages`
|
||||
* `pkgs.pypy27Packages`
|
||||
* `pkgs.pypy39Packages`
|
||||
* `pkgs.pypy310Packages`
|
||||
|
||||
and the aliases
|
||||
|
||||
* `pkgs.python2Packages` pointing to `pkgs.python27Packages`
|
||||
* `pkgs.python3Packages` pointing to `pkgs.python311Packages`
|
||||
* `pkgs.python3Packages` pointing to `pkgs.python312Packages`
|
||||
* `pkgs.pythonPackages` pointing to `pkgs.python2Packages`
|
||||
* `pkgs.pypy2Packages` pointing to `pkgs.pypy27Packages`
|
||||
* `pkgs.pypy3Packages` pointing to `pkgs.pypy39Packages`
|
||||
* `pkgs.pypyPackages` pointing to `pkgs.pypy2Packages`
|
||||
|
||||
|
||||
#### `buildPythonPackage` function {#buildpythonpackage-function}
|
||||
|
||||
|
@ -208,9 +214,6 @@ because their behaviour is different:
|
|||
paths included in this list. Items listed in `install_requires` go here.
|
||||
* `optional-dependencies ? { }`: Optional feature flagged dependencies. Items listed in `extras_requires` go here.
|
||||
|
||||
Aside from propagating dependencies,
|
||||
`buildPythonPackage` also injects code into and wraps executables with the
|
||||
paths included in this list. Items listed in `extras_requires` go here.
|
||||
|
||||
##### Overriding Python packages {#overriding-python-packages}
|
||||
|
||||
|
@ -310,13 +313,7 @@ python3Packages.buildPythonApplication rec {
|
|||
}
|
||||
```
|
||||
|
||||
This is then added to `all-packages.nix` just as any other application would be.
|
||||
|
||||
```nix
|
||||
{
|
||||
luigi = callPackage ../applications/networking/cluster/luigi { };
|
||||
}
|
||||
```
|
||||
This is then added to `pkgs/by-name` just as any other application would be.
|
||||
|
||||
Since the package is an application, a consumer doesn't need to care about
|
||||
Python versions or modules, which is why they don't go in `python3Packages`.
|
||||
|
@ -325,25 +322,27 @@ Python versions or modules, which is why they don't go in `python3Packages`.
|
|||
|
||||
A distinction is made between applications and libraries, however, sometimes a
|
||||
package is used as both. In this case the package is added as a library to
|
||||
`python-packages.nix` and as an application to `all-packages.nix`. To reduce
|
||||
`python-packages.nix` and as an application to `pkgs/by-name`. To reduce
|
||||
duplication the `toPythonApplication` can be used to convert a library to an
|
||||
application.
|
||||
|
||||
The Nix expression shall use [`buildPythonPackage`](#buildpythonpackage-function) and be called from
|
||||
`python-packages.nix`. A reference shall be created from `all-packages.nix` to
|
||||
`python-packages.nix`. A reference shall be created from `pkgs/by-name` to
|
||||
the attribute in `python-packages.nix`, and the `toPythonApplication` shall be
|
||||
applied to the reference:
|
||||
|
||||
```nix
|
||||
{
|
||||
youtube-dl = with python3Packages; toPythonApplication youtube-dl;
|
||||
}
|
||||
python3Packages,
|
||||
}:
|
||||
|
||||
python3Packages.toPythonApplication python3Packages.youtube-dl
|
||||
```
|
||||
|
||||
#### `toPythonModule` function {#topythonmodule-function}
|
||||
|
||||
In some cases, such as bindings, a package is created using
|
||||
[`stdenv.mkDerivation`](#sec-using-stdenv) and added as attribute in `all-packages.nix`. The Python
|
||||
[`stdenv.mkDerivation`](#sec-using-stdenv) and added as attribute in `pkgs/by-name` or in `all-packages.nix`. The Python
|
||||
bindings should be made available from `python-packages.nix`. The
|
||||
`toPythonModule` function takes a derivation and makes certain Python-specific
|
||||
modifications.
|
||||
|
@ -359,6 +358,66 @@ modifications.
|
|||
|
||||
Do pay attention to passing in the right Python version!
|
||||
|
||||
#### `mkPythonMetaPackage` function {#mkpythonmetapackage-function}
|
||||
|
||||
This will create a meta package containing [metadata files](https://packaging.python.org/en/latest/specifications/recording-installed-packages/) to satisfy a dependency on a package, without it actually having been installed into the environment.
|
||||
In nixpkgs this is used to package Python packages with split binary/source distributions such as [psycopg2](https://pypi.org/project/psycopg2/)/[psycopg2-binary](https://pypi.org/project/psycopg2-binary/).
|
||||
|
||||
```nix
|
||||
mkPythonMetaPackage {
|
||||
pname = "psycopg2-binary";
|
||||
inherit (psycopg2) optional-dependencies version;
|
||||
dependencies = [ psycopg2 ];
|
||||
meta = {
|
||||
inherit (psycopg2.meta) description homepage;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
#### `mkPythonEditablePackage` function {#mkpythoneditablepackage-function}
|
||||
|
||||
When developing Python packages it's common to install packages in [editable mode](https://setuptools.pypa.io/en/latest/userguide/development_mode.html).
|
||||
Like `mkPythonMetaPackage` this function exists to create an otherwise empty package, but also containing a pointer to an impure location outside the Nix store that can be changed without rebuilding.
|
||||
|
||||
The editable root is passed as a string. Normally `.pth` files contains absolute paths to the mutable location. This isn't always ergonomic with Nix, so environment variables are expanded at runtime.
|
||||
This means that a shell hook setting up something like a `$REPO_ROOT` variable can be used as the relative package root.
|
||||
|
||||
As an implementation detail, the [PEP-518](https://peps.python.org/pep-0518/) `build-system` specified won't be used, but instead the editable package will be built using [hatchling](https://pypi.org/project/hatchling/).
|
||||
The `build-system`'s provided will instead become runtime dependencies of the editable package.
|
||||
|
||||
Note that overriding packages deeper in the dependency graph _can_ work, but it's not the primary use case and overriding existing packages can make others break in unexpected ways.
|
||||
|
||||
``` nix
|
||||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
let
|
||||
pyproject = pkgs.lib.importTOML ./pyproject.toml;
|
||||
|
||||
myPython = pkgs.python.override {
|
||||
self = myPython;
|
||||
packageOverrides = pyfinal: pyprev: {
|
||||
# An editable package with a script that loads our mutable location
|
||||
my-editable = pyfinal.mkPythonEditablePackage {
|
||||
# Inherit project metadata from pyproject.toml
|
||||
pname = pyproject.project.name;
|
||||
inherit (pyproject.project) version;
|
||||
|
||||
# The editable root passed as a string
|
||||
root = "$REPO_ROOT/src"; # Use environment variable expansion at runtime
|
||||
|
||||
# Inject a script (other PEP-621 entrypoints are also accepted)
|
||||
inherit (pyproject.project) scripts;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
pythonEnv = testPython.withPackages (ps: [ ps.my-editable ]);
|
||||
|
||||
in pkgs.mkShell {
|
||||
packages = [ pythonEnv ];
|
||||
}
|
||||
```
|
||||
|
||||
#### `python.buildEnv` function {#python.buildenv-function}
|
||||
|
||||
Python environments can be created using the low-level `pkgs.buildEnv` function.
|
||||
|
@ -475,7 +534,6 @@ are used in [`buildPythonPackage`](#buildpythonpackage-function).
|
|||
See [example usage](#using-pythonrelaxdepshook).
|
||||
- `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder.
|
||||
- `setuptoolsBuildHook` to build a wheel using `setuptools`.
|
||||
- `setuptoolsCheckHook` to run tests with `python setup.py test`.
|
||||
- `sphinxHook` to build documentation and manpages using Sphinx.
|
||||
- `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A
|
||||
`venv` is created if it does not yet exist. `postVenvCreation` can be used to
|
||||
|
@ -1365,6 +1423,10 @@ those specified in `build-system`. If a package requires incompatible build
|
|||
time dependencies, they should be removed in `postPatch` through
|
||||
`substituteInPlace` or similar.
|
||||
|
||||
For ease of use, both `buildPythonPackage` and `buildPythonApplication` will
|
||||
automatically add `pythonRelaxDepsHook` if either `pythonRelaxDeps` or
|
||||
`pythonRemoveDeps` is specified.
|
||||
|
||||
#### Using unittestCheckHook {#using-unittestcheckhook}
|
||||
|
||||
`unittestCheckHook` is a hook which will set up (or configure) a [`checkPhase`](#ssec-check-phase) to run `python -m unittest discover`:
|
||||
|
@ -2028,8 +2090,8 @@ no maintainer, so maintenance falls back to the package set maintainers.
|
|||
|
||||
### Updating packages in bulk {#python-package-bulk-updates}
|
||||
|
||||
There is a tool to update alot of python libraries in bulk, it exists at
|
||||
`maintainers/scripts/update-python-libraries` with this repository.
|
||||
A tool to bulk-update numerous Python libraries is available in the
|
||||
repository at `maintainers/scripts/update-python-libraries`.
|
||||
|
||||
It can quickly update minor or major versions for all packages selected
|
||||
and create update commits, and supports the `fetchPypi`, `fetchurl` and
|
||||
|
|
|
@ -104,24 +104,27 @@ directory and executed as follows:
|
|||
```bash
|
||||
nix-shell generate-shell.nix
|
||||
|
||||
Rscript generate-r-packages.R cran > cran-packages.nix.new
|
||||
mv cran-packages.nix.new cran-packages.nix
|
||||
Rscript generate-r-packages.R cran > cran-packages.json.new
|
||||
mv cran-packages.json.new cran-packages.json
|
||||
|
||||
Rscript generate-r-packages.R bioc > bioc-packages.nix.new
|
||||
mv bioc-packages.nix.new bioc-packages.nix
|
||||
Rscript generate-r-packages.R bioc > bioc-packages.json.new
|
||||
mv bioc-packages.json.new bioc-packages.json
|
||||
|
||||
Rscript generate-r-packages.R bioc-annotation > bioc-annotation-packages.nix.new
|
||||
mv bioc-annotation-packages.nix.new bioc-annotation-packages.nix
|
||||
Rscript generate-r-packages.R bioc-annotation > bioc-annotation-packages.json.new
|
||||
mv bioc-annotation-packages.json.new bioc-annotation-packages.json
|
||||
|
||||
Rscript generate-r-packages.R bioc-experiment > bioc-experiment-packages.nix.new
|
||||
mv bioc-experiment-packages.nix.new bioc-experiment-packages.nix
|
||||
Rscript generate-r-packages.R bioc-experiment > bioc-experiment-packages.json.new
|
||||
mv bioc-experiment-packages.json.new bioc-experiment-packages.json
|
||||
```
|
||||
|
||||
`generate-r-packages.R <repo>` reads `<repo>-packages.nix`, therefore
|
||||
`generate-r-packages.R <repo>` reads `<repo>-packages.json`, therefore
|
||||
the renaming.
|
||||
|
||||
The contents of a generated `*-packages.json` file will be used to
|
||||
create a package derivation for each R package listed in the file.
|
||||
|
||||
Some packages require overrides to specify external dependencies or other
|
||||
patches and special requirements. These overrides are specified in the
|
||||
`pkgs/development/r-modules/default.nix` file. As the `*-packages.nix`
|
||||
`pkgs/development/r-modules/default.nix` file. As the `*-packages.json`
|
||||
contents are automatically generated it should not be edited and broken
|
||||
builds should be addressed using overrides.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
## Using Ruby {#using-ruby}
|
||||
|
||||
Several versions of Ruby interpreters are available on Nix, as well as over 250 gems and many applications written in Ruby. The attribute `ruby` refers to the default Ruby interpreter, which is currently MRI 3.1. It's also possible to refer to specific versions, e.g. `ruby_3_y`, `jruby`, or `mruby`.
|
||||
Several versions of Ruby interpreters are available on Nix, as well as over 250 gems and many applications written in Ruby. The attribute `ruby` refers to the default Ruby interpreter, which is currently MRI 3.3. It's also possible to refer to specific versions, e.g. `ruby_3_y`, `jruby`, or `mruby`.
|
||||
|
||||
In the Nixpkgs tree, Ruby packages can be found throughout, depending on what they do, and are called from the main package set. Ruby gems, however are separate sets, and there's one default set for each interpreter (currently MRI only).
|
||||
|
||||
|
@ -154,7 +154,7 @@ let
|
|||
defaultGemConfig = pkgs.defaultGemConfig // {
|
||||
pg = attrs: {
|
||||
buildFlags =
|
||||
[ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
|
||||
[ "--with-pg-config=${lib.getDev pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -172,7 +172,7 @@ let
|
|||
gemConfig = pkgs.defaultGemConfig // {
|
||||
pg = attrs: {
|
||||
buildFlags =
|
||||
[ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
|
||||
[ "--with-pg-config=${lib.getDev pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -190,9 +190,7 @@ let
|
|||
defaultGemConfig = super.defaultGemConfig // {
|
||||
pg = attrs: {
|
||||
buildFlags = [
|
||||
"--with-pg-config=${
|
||||
pkgs."postgresql_${pg_version}"
|
||||
}/bin/pg_config"
|
||||
"--with-pg-config=${lib.getDev pkgs."postgresql_${pg_version}"}/bin/pg_config"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -567,8 +567,7 @@ buildPythonPackage rec {
|
|||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src sourceRoot;
|
||||
name = "${pname}-${version}";
|
||||
inherit pname version src sourceRoot;
|
||||
hash = "sha256-miW//pnOmww2i6SOGbkrAIdc/JMDT4FJLqdMFojZeoY=";
|
||||
};
|
||||
|
||||
|
@ -611,9 +610,8 @@ buildPythonPackage rec {
|
|||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
inherit pname version src;
|
||||
sourceRoot = "${pname}-${version}/${cargoRoot}";
|
||||
name = "${pname}-${version}";
|
||||
hash = "sha256-PS562W4L1NimqDV2H0jl5vYhL08H9est/pbIxSdYVfo=";
|
||||
};
|
||||
|
||||
|
@ -652,8 +650,7 @@ buildPythonPackage rec {
|
|||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "${pname}-${version}";
|
||||
inherit pname version src;
|
||||
hash = "sha256-heOBK8qi2nuc/Ib+I/vLzZ1fUUD/G/KTw9d7M4Hz5O0=";
|
||||
};
|
||||
|
||||
|
@ -697,8 +694,7 @@ stdenv.mkDerivation rec {
|
|||
};
|
||||
|
||||
cargoDeps = rustPlatform.fetchCargoTarball {
|
||||
inherit src;
|
||||
name = "${pname}-${version}";
|
||||
inherit pname version src;
|
||||
hash = "sha256-8fa3fa+sFi5H+49B5sr2vYPkp9C9s6CcE0zv4xB8gww=";
|
||||
};
|
||||
|
||||
|
|
|
@ -232,6 +232,14 @@ To add a new plugin, run `nix-shell -p vimPluginsUpdater --run 'vim-plugins-upda
|
|||
|
||||
Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `vimPluginsUpdater` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim.
|
||||
|
||||
### Plugin optional configuration {#vim-plugin-required-snippet}
|
||||
|
||||
Some plugins require specific configuration to work. We choose not to
|
||||
patch those plugins but expose the necessary configuration under
|
||||
`PLUGIN.passthru.initLua` for neovim plugins. For instance, the `unicode-vim` plugin
|
||||
needs the path towards a unicode database so we expose the following snippet `vim.g.Unicode_data_directory="${self.unicode-vim}/autoload/unicode"` under `vimPlugins.unicode-vim.passthru.initLua`.
|
||||
|
||||
|
||||
## Updating plugins in nixpkgs {#updating-plugins-in-nixpkgs}
|
||||
|
||||
Run the update script with a GitHub API token that has at least `public_repo` access. Running the script without the token is likely to result in rate-limiting (429 errors). For steps on creating an API token, please refer to [GitHub's token documentation](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).
|
||||
|
|
102
third_party/nixpkgs/doc/packages/build-support.md
vendored
Normal file
102
third_party/nixpkgs/doc/packages/build-support.md
vendored
Normal file
|
@ -0,0 +1,102 @@
|
|||
# Build Support {#sec-build-support}
|
||||
|
||||
## `pkgs.substitute` {#pkgs-substitute}
|
||||
|
||||
`pkgs.substitute` is a wrapper around [the `substitute` Bash function](#fun-substitute) in the standard environment.
|
||||
It replaces strings in `src` as specified by the `substitutions` argument.
|
||||
|
||||
|
||||
:::{.example #ex-pkgs-substitute}
|
||||
# Usage of `pkgs.substitute`
|
||||
|
||||
In a build script, the line:
|
||||
|
||||
```bash
|
||||
substitute $infile $outfile --replace-fail @foo@ ${foopkg}/bin/foo
|
||||
```
|
||||
|
||||
is equivalent to:
|
||||
|
||||
```nix
|
||||
{ substitute, foopkg }:
|
||||
substitute {
|
||||
src = ./sourcefile.txt;
|
||||
substitutions = [
|
||||
"--replace"
|
||||
"@foo@"
|
||||
"${foopkg}/bin/foo"
|
||||
];
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
## `pkgs.substituteAll` {#pkgs-substituteall}
|
||||
|
||||
`pkgs.substituteAll` substitutes all instances of `@varName@` (`@`s included) in file `src` with the value of the corresponding environment variable.
|
||||
As this uses the [`substituteAll`] (#fun-substitute) function, its limitations regarding variable names that will or will not be replaced also apply here.
|
||||
|
||||
:::{.example #ex-pkgs-substituteAll}
|
||||
# Usage of `pkgs.substituteAll`
|
||||
|
||||
If `say-goodbye.sh` contains the following:
|
||||
|
||||
```bash
|
||||
#! @bash@/bin/bash
|
||||
|
||||
echo @unchanged@
|
||||
@hello@/bin/hello --greeting @greeting@
|
||||
```
|
||||
|
||||
the following derivation will make substitutions to `@bash@`, `@hello@`, and `@greeting@`:
|
||||
|
||||
```nix
|
||||
{
|
||||
substituteAll,
|
||||
bash,
|
||||
hello,
|
||||
}:
|
||||
substituteAll {
|
||||
src = ./say-goodbye.sh;
|
||||
env = {
|
||||
inherit bash hello;
|
||||
greeting = "goodbye";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
such that `$out` will result in something like the following:
|
||||
|
||||
```
|
||||
#! /nix/store/s30jrpgav677fpc9yvkqsib70xfmx7xi-bash-5.2p26/bin/bash
|
||||
|
||||
echo @unchanged@
|
||||
/nix/store/566f5isbvw014h7knmzmxa5l6hshx43k-hello-2.12.1/bin/hello --greeting goodbye
|
||||
```
|
||||
:::
|
||||
|
||||
## `pkgs.substituteAllFiles` {#pkgs-substituteallfiles}
|
||||
|
||||
`pkgs.substituteAllFiles` replaces `@varName@` with the value of the environment variable `varName`.
|
||||
It expects `src` to be a directory and requires a `files` argument that specifies which files will be subject to replacements; only these files will be placed in `$out`.
|
||||
|
||||
As it also uses the `substituteAll` function, it is subject to the same limitations on environment variables as discussed in [pkgs.substituteAll](#pkgs-substituteall).
|
||||
|
||||
:::{.example #ex-pkgs-substitute-all-files}
|
||||
# Usage of `pkgs.substituteAllFiles`
|
||||
|
||||
If the current directory contains `{foo,bar,baz}.txt` and the following `default.nix`
|
||||
|
||||
```nix
|
||||
{ substituteAllFiles }:
|
||||
substituteAllFiles {
|
||||
src = ./.;
|
||||
files = [
|
||||
"foo.txt"
|
||||
"bar.txt"
|
||||
];
|
||||
hello = "there";
|
||||
}
|
||||
```
|
||||
|
||||
in the resulting derivation, every instance of `@hello@` will be replaced with `there` in `$out/foo.txt` and` `$out/bar.txt`; `baz.txt` will not be processed nor will it appear in `$out`.
|
||||
:::
|
15
third_party/nixpkgs/doc/packages/geant4.section.md
vendored
Normal file
15
third_party/nixpkgs/doc/packages/geant4.section.md
vendored
Normal file
|
@ -0,0 +1,15 @@
|
|||
# Geant4 {#geant4}
|
||||
|
||||
[Geant4](https://www.geant4.org/) is a toolkit for simulating how particles pass through matter. It is available through the `geant4` package.
|
||||
|
||||
## Setup hook {#geant4-hook}
|
||||
|
||||
The setup hook included in the package applies the environment variables set by the [`geant4.sh` script](https://github.com/Geant4/geant4/blob/master/cmake/Modules/G4ConfigureGNUMakeHelpers.cmake#L4-L55), which is typically necessary for compiling `make`-based programs that depend on Geant4.
|
||||
|
||||
## Datasets {#geant4-datasets}
|
||||
|
||||
All of [the Geant4 datasets provided by CERN](https://geant4.web.cern.ch/support/download) are available through the `geant4.data` attrset.
|
||||
|
||||
### Setup hook {#geant4-datasets-hook}
|
||||
|
||||
The hook provided by the packages in `geant4.data` will set an appropriate environment variable in the form of `G4[...]DATA`. For example, for the `G4RadioactiveDecay` dataset, the `G4RADIOACTIVEDATA` environment variable is set to the value expected by Geant4.
|
3
third_party/nixpkgs/doc/packages/index.md
vendored
3
third_party/nixpkgs/doc/packages/index.md
vendored
|
@ -12,10 +12,12 @@ emacs.section.md
|
|||
firefox.section.md
|
||||
fish.section.md
|
||||
fuse.section.md
|
||||
geant4.section.md
|
||||
ibus.section.md
|
||||
kakoune.section.md
|
||||
krita.section.md
|
||||
linux.section.md
|
||||
lhapdf.section.md
|
||||
locales.section.md
|
||||
etc-files.section.md
|
||||
nginx.section.md
|
||||
|
@ -27,4 +29,5 @@ urxvt.section.md
|
|||
vcpkg.section.md
|
||||
weechat.section.md
|
||||
xorg.section.md
|
||||
build-support.md
|
||||
```
|
||||
|
|
11
third_party/nixpkgs/doc/packages/lhapdf.section.md
vendored
Normal file
11
third_party/nixpkgs/doc/packages/lhapdf.section.md
vendored
Normal file
|
@ -0,0 +1,11 @@
|
|||
# LHAPDF {#lhapdf}
|
||||
|
||||
[LHAPDF](https://lhapdf.hepforge.org/) is a tool for evaluating parton distribution functions (PDFs) in high-energy physics. LHAPDF is available in the `lhapdf` package.
|
||||
|
||||
## PDF sets {#lhapdf-sets}
|
||||
|
||||
All of [the PDF sets made available by the LHAPDF project](https://lhapdf.hepforge.org/pdfsets.html) are available through the `lhapdf.pdf_sets` attrset.
|
||||
|
||||
### Setup hook {#lhapdf-sets-hook}
|
||||
|
||||
Each package provided in the `lhapdf.pdf_sets` attrset contains a setup hook which adds itself to [the `LHAPDF_DATA_PATH` environment variable](https://lhapdf.hepforge.org/#sets).
|
|
@ -52,7 +52,7 @@ pkgs.linuxPackages_custom {
|
|||
version = "6.1.55";
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${version}.tar.xz";
|
||||
hash = "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8";
|
||||
hash = "sha256-qH4kHsFdU0UsTv4hlxOjdp2IzENrW5jPbvsmLEr/FcA=";
|
||||
};
|
||||
configfile = ./path_to_config_file;
|
||||
}
|
||||
|
@ -67,7 +67,7 @@ pkgs.linuxPackages_custom {
|
|||
modDirVersion = "6.1.55";
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${modDirVersion}.tar.xz";
|
||||
hash = "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8";
|
||||
hash = "sha256-qH4kHsFdU0UsTv4hlxOjdp2IzENrW5jPbvsmLEr/FcA=";
|
||||
};
|
||||
configfile = ./path_to_config_file;
|
||||
}
|
||||
|
|
26
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
26
third_party/nixpkgs/doc/stdenv/stdenv.chapter.md
vendored
|
@ -580,7 +580,7 @@ After unpacking all of `src` and `srcs`, if neither of `sourceRoot` and `setSour
|
|||
If `unpackPhase` produces multiple source directories, you should set `sourceRoot` to the name of the intended directory.
|
||||
You can also set `sourceRoot = ".";` if you want to control it yourself in a later phase.
|
||||
|
||||
For example, if your want your build to start in a sub-directory inside your sources, and you are using `fetchzip`-derived `src` (like `fetchFromGitHub` or similar), you need to set `sourceRoot = "${src.name}/my-sub-directory"`.
|
||||
For example, if you want your build to start in a sub-directory inside your sources, and you are using `fetchzip`-derived `src` (like `fetchFromGitHub` or similar), you need to set `sourceRoot = "${src.name}/my-sub-directory"`.
|
||||
|
||||
##### `setSourceRoot` {#var-stdenv-setSourceRoot}
|
||||
|
||||
|
@ -1136,6 +1136,12 @@ Example removing all references to the compiler in the output:
|
|||
}
|
||||
```
|
||||
|
||||
### `runHook` \<hook\> {#fun-runHook}
|
||||
|
||||
Execute \<hook\> and the values in the array associated with it. The array's name is determined by removing `Hook` from the end of \<hook\> and appending `Hooks`.
|
||||
|
||||
For example, `runHook postHook` would run the hook `postHook` and all of the values contained in the `postHooks` array, if it exists.
|
||||
|
||||
### `substitute` \<infile\> \<outfile\> \<subs\> {#fun-substitute}
|
||||
|
||||
Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:
|
||||
|
@ -1538,6 +1544,16 @@ Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Execut
|
|||
Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
|
||||
If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
|
||||
|
||||
#### `shadowstack` {#shadowstack}
|
||||
|
||||
Adds the `-fcf-protection=return` compiler option. This enables the Shadow Stack feature supported by some newer processors, which maintains a user-inaccessible copy of the program's stack containing only return-addresses. When returning from a function, the processor compares the return-address value on the two stacks and throws an error if they do not match, considering it a sign of corruption and possible tampering. This should significantly increase the difficulty of ROP attacks.
|
||||
|
||||
For the Shadow Stack to be enabled at runtime, all code linked into a process must be built with Shadow Stack enabled, so this is probably only useful to enable on a wide scale, so that all of a packages dependencies also have the feature enabled.
|
||||
|
||||
This is currently only supported on some newer Intel and AMD processors as part of the Intel CET set of features. However, the generated code should continue to work on older processors which will simply omit any of this checking.
|
||||
|
||||
This breaks some code that does advanced stack management or exception handling. If enabling this hardening flag it is important to test the result on a system that has known working and enabled CET support, so that any such breakage can be discovered.
|
||||
|
||||
#### `trivialautovarinit` {#trivialautovarinit}
|
||||
|
||||
Adds the `-ftrivial-auto-var-init=pattern` compiler option. This causes "trivially-initializable" uninitialized stack variables to be forcibly initialized with a nonzero value that is likely to cause a crash (and therefore be noticed). Uninitialized variables generally take on their values based on fragments of previous program state, and attackers can carefully manipulate that state to craft malicious initial values for these variables.
|
||||
|
@ -1554,6 +1570,14 @@ sorry, unimplemented: __builtin_clear_padding not supported for variable length
|
|||
|
||||
This flag adds the `-fstack-clash-protection` compiler option, which causes growth of a program's stack to access each successive page in order. This should force the guard page to be accessed and cause an attempt to "jump over" this guard page to crash.
|
||||
|
||||
#### `pacret` {#pacret}
|
||||
|
||||
This flag adds the `-mbranch-protection=pac-ret` compiler option on aarch64-linux targets. This uses ARM v8.3's Pointer Authentication feature to sign function return pointers before adding them to the stack. The pointer's authenticity is then validated before returning to its destination. This dramatically increases the difficulty of ROP exploitation techniques.
|
||||
|
||||
This may cause problems with code that does advanced stack manipulation, and debugging/stack-unwinding tools need to be pac-ret aware to work correctly when these features are in operation.
|
||||
|
||||
Pre-ARM v8.3 processors will ignore Pointer Authentication instructions, so code built with this flag will continue to work on older processors, though without any of the intended protections. If enabling this flag, it is recommended to ensure the resultant packages are tested against an ARM v8.3+ linux system with known-working Pointer Authentication support so that any breakage caused by this feature is actually detected.
|
||||
|
||||
[^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
|
||||
[^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
|
||||
[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.
|
||||
|
|
|
@ -40,6 +40,13 @@ import pkgs.path { overlays = [ (self: super: {
|
|||
|
||||
In the first example, `pkgs.foo` is the result of a function call with some default arguments, usually a derivation. Using `pkgs.foo.override` will call the same function with the given new arguments.
|
||||
|
||||
Many packages, like the `foo` example above, provide package options with default values in their arguments, to facilitate overriding.
|
||||
Because it's not usually feasible to test that packages build with all combinations of options, you might find that a package doesn't build if you override options to non-default values.
|
||||
|
||||
Package maintainers are not expected to fix arbitrary combinations of options.
|
||||
If you find that something doesn't work, please submit a fix, ideally with a regression test.
|
||||
If you want to ensure that things keep working, consider [becoming a maintainer](https://github.com/NixOS/nixpkgs/tree/master/maintainers) for the package.
|
||||
|
||||
## <pkg>.overrideAttrs {#sec-pkg-overrideAttrs}
|
||||
|
||||
The function `overrideAttrs` allows overriding the attribute set passed to a `stdenv.mkDerivation` call, producing a new derivation based on the original one. This function is available on all derivations produced by the `stdenv.mkDerivation` function, which is most packages in the nixpkgs expression `pkgs`.
|
||||
|
|
4
third_party/nixpkgs/flake.nix
vendored
4
third_party/nixpkgs/flake.nix
vendored
|
@ -77,6 +77,10 @@
|
|||
}).nixos.manual;
|
||||
};
|
||||
|
||||
devShells = forAllSystems (system: {
|
||||
default = import ./shell.nix { inherit system; };
|
||||
});
|
||||
|
||||
# The "legacy" in `legacyPackages` doesn't imply that the packages exposed
|
||||
# through this attribute are "legacy" packages. Instead, `legacyPackages`
|
||||
# is used here as a substitute attribute name for `packages`. The problem
|
||||
|
|
2
third_party/nixpkgs/lib/customisation.nix
vendored
2
third_party/nixpkgs/lib/customisation.nix
vendored
|
@ -455,7 +455,7 @@ rec {
|
|||
|
||||
1. Takes a function `p`, or a path to a Nix file that contains a function `p`, which takes an attribute set and returns value of arbitrary type `a`,
|
||||
2. Takes an attribute set `args` with explicit attributes to pass to `p`,
|
||||
3. Calls `f` with attributes from the original attribute set `attrs` passed to `newScope` updated with `args, i.e. `attrs // args`, if they match the attributes in the argument of `p`.
|
||||
3. Calls `f` with attributes from the original attribute set `attrs` passed to `newScope` updated with `args`, i.e. `attrs // args`, if they match the attributes in the argument of `p`.
|
||||
|
||||
All such functions `p` will be called with the same value for `attrs`.
|
||||
|
||||
|
|
6
third_party/nixpkgs/lib/default.nix
vendored
6
third_party/nixpkgs/lib/default.nix
vendored
|
@ -79,7 +79,8 @@ let
|
|||
fromHexString toHexString toBaseDigits inPureEvalMode isBool isInt pathExists
|
||||
genericClosure readFile;
|
||||
inherit (self.fixedPoints) fix fix' converge extends composeExtensions
|
||||
composeManyExtensions makeExtensible makeExtensibleWithCustomName;
|
||||
composeManyExtensions makeExtensible makeExtensibleWithCustomName
|
||||
toExtension;
|
||||
inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
|
||||
getAttrFromPath attrVals attrNames attrValues getAttrs catAttrs filterAttrs
|
||||
filterAttrsRecursive foldlAttrs foldAttrs collect nameValuePair mapAttrs
|
||||
|
@ -123,7 +124,8 @@ let
|
|||
inherit (self.derivations) lazyDerivation optionalDrvAttr;
|
||||
inherit (self.meta) addMetaAttrs dontDistribute setName updateName
|
||||
appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
|
||||
hiPrioSet getLicenseFromSpdxId getLicenseFromSpdxIdOr getExe getExe';
|
||||
hiPrioSet licensesSpdx getLicenseFromSpdxId getLicenseFromSpdxIdOr
|
||||
getExe getExe';
|
||||
inherit (self.filesystem) pathType pathIsDirectory pathIsRegularFile
|
||||
packagesFromDirectoryRecursive;
|
||||
inherit (self.sources) cleanSourceFilter
|
||||
|
|
177
third_party/nixpkgs/lib/fetchers.nix
vendored
177
third_party/nixpkgs/lib/fetchers.nix
vendored
|
@ -1,6 +1,17 @@
|
|||
# snippets that can be shared by multiple fetchers (pkgs/build-support)
|
||||
{ lib }:
|
||||
{
|
||||
let
|
||||
commonH = hashTypes: rec {
|
||||
hashNames = [ "hash" ] ++ hashTypes;
|
||||
hashSet = lib.genAttrs hashNames (lib.const {});
|
||||
};
|
||||
|
||||
fakeH = {
|
||||
hash = lib.fakeHash;
|
||||
sha256 = lib.fakeSha256;
|
||||
sha512 = lib.fakeSha512;
|
||||
};
|
||||
in rec {
|
||||
|
||||
proxyImpureEnvVars = [
|
||||
# We borrow these environment variables from the caller to allow
|
||||
|
@ -9,6 +20,170 @@
|
|||
# by definition pure.
|
||||
"http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
|
||||
"HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
|
||||
|
||||
# https proxies typically need to inject custom root CAs too
|
||||
"NIX_SSL_CERT_FILE"
|
||||
];
|
||||
|
||||
/**
|
||||
Converts an attrset containing one of `hash`, `sha256` or `sha512`,
|
||||
into one containing `outputHash{,Algo}` as accepted by `mkDerivation`.
|
||||
|
||||
An appropriate “fake hash” is substituted when the hash value is `""`,
|
||||
as is the [convention for fetchers](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method).
|
||||
|
||||
All other attributes in the set remain as-is.
|
||||
|
||||
# Example
|
||||
|
||||
```nix
|
||||
normalizeHash { } { hash = ""; foo = "bar"; }
|
||||
=>
|
||||
{
|
||||
outputHash = lib.fakeHash;
|
||||
outputHashAlgo = null;
|
||||
foo = "bar";
|
||||
}
|
||||
```
|
||||
|
||||
```nix
|
||||
normalizeHash { } { sha256 = lib.fakeSha256; }
|
||||
=>
|
||||
{
|
||||
outputHash = lib.fakeSha256;
|
||||
outputHashAlgo = "sha256";
|
||||
}
|
||||
```
|
||||
|
||||
```nix
|
||||
normalizeHash { } { sha512 = lib.fakeSha512; }
|
||||
=>
|
||||
{
|
||||
outputHash = lib.fakeSha512;
|
||||
outputHashAlgo = "sha512";
|
||||
}
|
||||
```
|
||||
|
||||
# Type
|
||||
```
|
||||
normalizeHash :: { hashTypes :: List String, required :: Bool } -> AttrSet -> AttrSet
|
||||
```
|
||||
|
||||
# Arguments
|
||||
|
||||
hashTypes
|
||||
: the set of attribute names accepted as hash inputs, in addition to `hash`
|
||||
|
||||
required
|
||||
: whether to throw if no hash was present in the input; otherwise returns the original input, unmodified
|
||||
*/
|
||||
normalizeHash = {
|
||||
hashTypes ? [ "sha256" ],
|
||||
required ? true,
|
||||
}:
|
||||
let
|
||||
inherit (lib) concatMapStringsSep head tail throwIf;
|
||||
inherit (lib.attrsets) attrsToList intersectAttrs removeAttrs optionalAttrs;
|
||||
|
||||
inherit (commonH hashTypes) hashNames hashSet;
|
||||
in
|
||||
args:
|
||||
if args ? "outputHash" then
|
||||
args
|
||||
else
|
||||
let
|
||||
# The argument hash, as a {name, value} pair
|
||||
h =
|
||||
# All hashes passed in arguments (possibly 0 or >1) as a list of {name, value} pairs
|
||||
let hashesAsNVPairs = attrsToList (intersectAttrs hashSet args); in
|
||||
if hashesAsNVPairs == [] then
|
||||
throwIf required "fetcher called without `hash`" null
|
||||
else if tail hashesAsNVPairs != [] then
|
||||
throw "fetcher called with mutually-incompatible arguments: ${concatMapStringsSep ", " (a: a.name) hashesAsNVPairs}"
|
||||
else
|
||||
head hashesAsNVPairs
|
||||
;
|
||||
in
|
||||
removeAttrs args hashNames // (optionalAttrs (h != null) {
|
||||
outputHashAlgo = if h.name == "hash" then null else h.name;
|
||||
outputHash =
|
||||
if h.value == "" then
|
||||
fakeH.${h.name} or (throw "no “fake hash” defined for ${h.name}")
|
||||
else
|
||||
h.value;
|
||||
})
|
||||
;
|
||||
|
||||
/**
|
||||
Wraps a function which accepts `outputHash{,Algo}` into one which accepts `hash` or `sha{256,512}`
|
||||
|
||||
# Example
|
||||
```nix
|
||||
withNormalizedHash { hashTypes = [ "sha256" "sha512" ]; } (
|
||||
{ outputHash, outputHashAlgo, ... }:
|
||||
...
|
||||
)
|
||||
```
|
||||
is a function which accepts one of `hash`, `sha256`, or `sha512` (or the original's `outputHash` and `outputHashAlgo`).
|
||||
|
||||
Its `functionArgs` metadata only lists `hash` as a parameter, optional iff. `outputHash` was an optional parameter of
|
||||
the original function. `sha256`, `sha512`, `outputHash`, or `outputHashAlgo` are not mentioned in the `functionArgs`
|
||||
metadata.
|
||||
|
||||
# Type
|
||||
```
|
||||
withNormalizedHash :: { hashTypes :: List String } -> (AttrSet -> T) -> (AttrSet -> T)
|
||||
```
|
||||
|
||||
# Arguments
|
||||
|
||||
hashTypes
|
||||
: the set of attribute names accepted as hash inputs, in addition to `hash`
|
||||
: they must correspond to a valid value for `outputHashAlgo`, currently one of: `md5`, `sha1`, `sha256`, or `sha512`.
|
||||
|
||||
f
|
||||
: the function to be wrapped
|
||||
|
||||
::: {.note}
|
||||
In nixpkgs, `mkDerivation` rejects MD5 `outputHash`es, and SHA-1 is being deprecated.
|
||||
|
||||
As such, there is no reason to add `md5` to `hashTypes`, and
|
||||
`sha1` should only ever be included for backwards compatibility.
|
||||
:::
|
||||
|
||||
# Output
|
||||
|
||||
`withNormalizedHash { inherit hashTypes; } f` is functionally equivalent to
|
||||
```nix
|
||||
args: f (normalizeHash {
|
||||
inherit hashTypes;
|
||||
required = !(lib.functionArgs f).outputHash;
|
||||
} args)
|
||||
```
|
||||
|
||||
However, `withNormalizedHash` preserves `functionArgs` metadata insofar as possible,
|
||||
and is implemented somewhat more efficiently.
|
||||
*/
|
||||
withNormalizedHash = {
|
||||
hashTypes ? [ "sha256" ]
|
||||
}: fetcher:
|
||||
let
|
||||
inherit (lib.attrsets) genAttrs intersectAttrs removeAttrs;
|
||||
inherit (lib.trivial) const functionArgs setFunctionArgs;
|
||||
|
||||
inherit (commonH hashTypes) hashSet;
|
||||
fArgs = functionArgs fetcher;
|
||||
|
||||
normalize = normalizeHash {
|
||||
inherit hashTypes;
|
||||
required = !fArgs.outputHash;
|
||||
};
|
||||
in
|
||||
# The o.g. fetcher must *only* accept outputHash and outputHashAlgo
|
||||
assert fArgs ? outputHash && fArgs ? outputHashAlgo;
|
||||
assert intersectAttrs fArgs hashSet == {};
|
||||
|
||||
setFunctionArgs
|
||||
(args: fetcher (normalize args))
|
||||
(removeAttrs fArgs [ "outputHash" "outputHashAlgo" ] // { hash = fArgs.outputHash; });
|
||||
}
|
||||
|
|
218
third_party/nixpkgs/lib/fixed-points.nix
vendored
218
third_party/nixpkgs/lib/fixed-points.nix
vendored
|
@ -63,7 +63,6 @@ rec {
|
|||
See [`extends`](#function-library-lib.fixedPoints.extends) for an example use case.
|
||||
There `self` is also often called `final`.
|
||||
|
||||
|
||||
# Inputs
|
||||
|
||||
`f`
|
||||
|
@ -90,7 +89,12 @@ rec {
|
|||
|
||||
:::
|
||||
*/
|
||||
fix = f: let x = f x; in x;
|
||||
fix =
|
||||
f:
|
||||
let
|
||||
x = f x;
|
||||
in
|
||||
x;
|
||||
|
||||
/**
|
||||
A variant of `fix` that records the original recursive attribute set in the
|
||||
|
@ -99,14 +103,20 @@ rec {
|
|||
This is useful in combination with the `extends` function to
|
||||
implement deep overriding.
|
||||
|
||||
|
||||
# Inputs
|
||||
|
||||
`f`
|
||||
|
||||
: 1\. Function argument
|
||||
*/
|
||||
fix' = f: let x = f x // { __unfix__ = f; }; in x;
|
||||
fix' =
|
||||
f:
|
||||
let
|
||||
x = f x // {
|
||||
__unfix__ = f;
|
||||
};
|
||||
in
|
||||
x;
|
||||
|
||||
/**
|
||||
Return the fixpoint that `f` converges to when called iteratively, starting
|
||||
|
@ -117,7 +127,6 @@ rec {
|
|||
0
|
||||
```
|
||||
|
||||
|
||||
# Inputs
|
||||
|
||||
`f`
|
||||
|
@ -134,13 +143,12 @@ rec {
|
|||
(a -> a) -> a -> a
|
||||
```
|
||||
*/
|
||||
converge = f: x:
|
||||
converge =
|
||||
f: x:
|
||||
let
|
||||
x' = f x;
|
||||
in
|
||||
if x' == x
|
||||
then x
|
||||
else converge f x';
|
||||
if x' == x then x else converge f x';
|
||||
|
||||
/**
|
||||
Extend a function using an overlay.
|
||||
|
@ -149,7 +157,6 @@ rec {
|
|||
A fixed-point function is a function which is intended to be evaluated by passing the result of itself as the argument.
|
||||
This is possible due to Nix's lazy evaluation.
|
||||
|
||||
|
||||
A fixed-point function returning an attribute set has the form
|
||||
|
||||
```nix
|
||||
|
@ -257,7 +264,6 @@ rec {
|
|||
```
|
||||
:::
|
||||
|
||||
|
||||
# Inputs
|
||||
|
||||
`overlay`
|
||||
|
@ -299,8 +305,7 @@ rec {
|
|||
:::
|
||||
*/
|
||||
extends =
|
||||
overlay:
|
||||
f:
|
||||
overlay: f:
|
||||
# The result should be thought of as a function, the argument of that function is not an argument to `extends` itself
|
||||
(
|
||||
final:
|
||||
|
@ -311,63 +316,98 @@ rec {
|
|||
);
|
||||
|
||||
/**
|
||||
Compose two extending functions of the type expected by 'extends'
|
||||
into one where changes made in the first are available in the
|
||||
'super' of the second
|
||||
|
||||
|
||||
# Inputs
|
||||
|
||||
`f`
|
||||
|
||||
: 1\. Function argument
|
||||
|
||||
`g`
|
||||
|
||||
: 2\. Function argument
|
||||
|
||||
`final`
|
||||
|
||||
: 3\. Function argument
|
||||
|
||||
`prev`
|
||||
|
||||
: 4\. Function argument
|
||||
Compose two overlay functions and return a single overlay function that combines them.
|
||||
For more details see: [composeManyExtensions](#function-library-lib.fixedPoints.composeManyExtensions).
|
||||
*/
|
||||
composeExtensions =
|
||||
f: g: final: prev:
|
||||
let fApplied = f final prev;
|
||||
let
|
||||
fApplied = f final prev;
|
||||
prev' = prev // fApplied;
|
||||
in fApplied // g final prev';
|
||||
in
|
||||
fApplied // g final prev';
|
||||
|
||||
/**
|
||||
Compose several extending functions of the type expected by 'extends' into
|
||||
one where changes made in preceding functions are made available to
|
||||
subsequent ones.
|
||||
Composes a list of [`overlays`](#chap-overlays) and returns a single overlay function that combines them.
|
||||
|
||||
:::{.note}
|
||||
The result is produced by using the update operator `//`.
|
||||
This means nested values of previous overlays are not merged recursively.
|
||||
In other words, previously defined attributes are replaced, ignoring the previous value, unless referenced by the overlay; for example `final: prev: { foo = final.foo + 1; }`.
|
||||
:::
|
||||
|
||||
# Inputs
|
||||
|
||||
`extensions`
|
||||
|
||||
: A list of overlay functions
|
||||
:::{.note}
|
||||
The order of the overlays in the list is important.
|
||||
:::
|
||||
|
||||
: Each overlay function takes two arguments, by convention `final` and `prev`, and returns an attribute set.
|
||||
- `final` is the result of the fixed-point function, with all overlays applied.
|
||||
- `prev` is the result of the previous overlay function(s).
|
||||
|
||||
# Type
|
||||
|
||||
```
|
||||
composeManyExtensions : [packageSet -> packageSet -> packageSet] -> packageSet -> packageSet -> packageSet
|
||||
^final ^prev ^overrides ^final ^prev ^overrides
|
||||
# Pseudo code
|
||||
let
|
||||
# final prev
|
||||
# ↓ ↓
|
||||
OverlayFn = { ... } -> { ... } -> { ... };
|
||||
in
|
||||
composeManyExtensions :: ListOf OverlayFn -> OverlayFn
|
||||
```
|
||||
|
||||
# Examples
|
||||
:::{.example}
|
||||
## `lib.fixedPoints.composeManyExtensions` usage example
|
||||
|
||||
```nix
|
||||
let
|
||||
# The "original function" that is extended by the overlays.
|
||||
# Note that it doesn't have prev: as argument since no overlay function precedes it.
|
||||
original = final: { a = 1; };
|
||||
|
||||
# Each overlay function has 'final' and 'prev' as arguments.
|
||||
overlayA = final: prev: { b = final.c; c = 3; };
|
||||
overlayB = final: prev: { c = 10; x = prev.c or 5; };
|
||||
|
||||
extensions = composeManyExtensions [ overlayA overlayB ];
|
||||
|
||||
# Caluculate the fixed point of all composed overlays.
|
||||
fixedpoint = lib.fix (lib.extends extensions original );
|
||||
|
||||
in fixedpoint
|
||||
=>
|
||||
{
|
||||
a = 1;
|
||||
b = 10;
|
||||
c = 10;
|
||||
x = 3;
|
||||
}
|
||||
```
|
||||
:::
|
||||
*/
|
||||
composeManyExtensions =
|
||||
lib.foldr (x: y: composeExtensions x y) (final: prev: {});
|
||||
composeManyExtensions = lib.foldr (x: y: composeExtensions x y) (final: prev: { });
|
||||
|
||||
/**
|
||||
Create an overridable, recursive attribute set. For example:
|
||||
|
||||
```
|
||||
nix-repl> obj = makeExtensible (self: { })
|
||||
nix-repl> obj = makeExtensible (final: { })
|
||||
|
||||
nix-repl> obj
|
||||
{ __unfix__ = «lambda»; extend = «lambda»; }
|
||||
|
||||
nix-repl> obj = obj.extend (self: super: { foo = "foo"; })
|
||||
nix-repl> obj = obj.extend (final: prev: { foo = "foo"; })
|
||||
|
||||
nix-repl> obj
|
||||
{ __unfix__ = «lambda»; extend = «lambda»; foo = "foo"; }
|
||||
|
||||
nix-repl> obj = obj.extend (self: super: { foo = super.foo + " + "; bar = "bar"; foobar = self.foo + self.bar; })
|
||||
nix-repl> obj = obj.extend (final: prev: { foo = prev.foo + " + "; bar = "bar"; foobar = final.foo + final.bar; })
|
||||
|
||||
nix-repl> obj
|
||||
{ __unfix__ = «lambda»; bar = "bar"; extend = «lambda»; foo = "foo + "; foobar = "foo + bar"; }
|
||||
|
@ -379,7 +419,6 @@ rec {
|
|||
Same as `makeExtensible` but the name of the extending attribute is
|
||||
customized.
|
||||
|
||||
|
||||
# Inputs
|
||||
|
||||
`extenderName`
|
||||
|
@ -390,8 +429,85 @@ rec {
|
|||
|
||||
: 2\. Function argument
|
||||
*/
|
||||
makeExtensibleWithCustomName = extenderName: rattrs:
|
||||
fix' (self: (rattrs self) // {
|
||||
makeExtensibleWithCustomName =
|
||||
extenderName: rattrs:
|
||||
fix' (
|
||||
self:
|
||||
(rattrs self)
|
||||
// {
|
||||
${extenderName} = f: makeExtensibleWithCustomName extenderName (extends f rattrs);
|
||||
});
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
Convert to an extending function (overlay).
|
||||
|
||||
`toExtension` is the `toFunction` for extending functions (a.k.a. extensions or overlays).
|
||||
It converts a non-function or a single-argument function to an extending function,
|
||||
while returning a two-argument function as-is.
|
||||
|
||||
That is, it takes a value of the shape `x`, `prev: x`, or `final: prev: x`,
|
||||
and returns `final: prev: x`, assuming `x` is not a function.
|
||||
|
||||
This function takes care of the input to `stdenv.mkDerivation`'s
|
||||
`overrideAttrs` function.
|
||||
It bridges the gap between `<pkg>.overrideAttrs`
|
||||
before and after the overlay-style support.
|
||||
|
||||
# Inputs
|
||||
|
||||
`f`
|
||||
: The function or value to convert to an extending function.
|
||||
|
||||
# Type
|
||||
|
||||
```
|
||||
toExtension ::
|
||||
b' -> Any -> Any -> b'
|
||||
or
|
||||
toExtension ::
|
||||
(a -> b') -> Any -> a -> b'
|
||||
or
|
||||
toExtension ::
|
||||
(a -> a -> b) -> a -> a -> b
|
||||
where b' = ! Callable
|
||||
|
||||
Set a = b = b' = AttrSet & ! Callable to make toExtension return an extending function.
|
||||
```
|
||||
|
||||
# Examples
|
||||
:::{.example}
|
||||
## `lib.fixedPoints.toExtension` usage example
|
||||
|
||||
```nix
|
||||
fix (final: { a = 0; c = final.a; })
|
||||
=> { a = 0; c = 0; };
|
||||
|
||||
fix (extends (toExtension { a = 1; b = 2; }) (final: { a = 0; c = final.a; }))
|
||||
=> { a = 1; b = 2; c = 1; };
|
||||
|
||||
fix (extends (toExtension (prev: { a = 1; b = prev.a; })) (final: { a = 0; c = final.a; }))
|
||||
=> { a = 1; b = 0; c = 1; };
|
||||
|
||||
fix (extends (toExtension (final: prev: { a = 1; b = prev.a; c = final.a + 1 })) (final: { a = 0; c = final.a; }))
|
||||
=> { a = 1; b = 0; c = 2; };
|
||||
```
|
||||
:::
|
||||
*/
|
||||
toExtension =
|
||||
f:
|
||||
if lib.isFunction f then
|
||||
final: prev:
|
||||
let
|
||||
fPrev = f prev;
|
||||
in
|
||||
if lib.isFunction fPrev then
|
||||
# f is (final: prev: { ... })
|
||||
f final prev
|
||||
else
|
||||
# f is (prev: { ... })
|
||||
fPrev
|
||||
else
|
||||
# f is not a function; probably { ... }
|
||||
final: prev: f;
|
||||
}
|
||||
|
|
48
third_party/nixpkgs/lib/licenses.nix
vendored
48
third_party/nixpkgs/lib/licenses.nix
vendored
|
@ -229,6 +229,7 @@ lib.mapAttrs mkLicense ({
|
|||
};
|
||||
|
||||
bsl11 = {
|
||||
spdxId = "BUSL-1.1";
|
||||
fullName = "Business Source License 1.1";
|
||||
url = "https://mariadb.com/bsl11";
|
||||
free = false;
|
||||
|
@ -403,6 +404,12 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "CeCILL-C Free Software License Agreement";
|
||||
};
|
||||
|
||||
cockroachdb-community-license = {
|
||||
fullName = "CockroachDB Community License Agreement";
|
||||
url = "https://www.cockroachlabs.com/cockroachdb-community-license/";
|
||||
free = false;
|
||||
};
|
||||
|
||||
cpal10 = {
|
||||
spdxId = "CPAL-1.0";
|
||||
fullName = "Common Public Attribution License 1.0";
|
||||
|
@ -547,6 +554,13 @@ lib.mapAttrs mkLicense ({
|
|||
redistributable = true;
|
||||
};
|
||||
|
||||
fsl11Asl20 = {
|
||||
fullName = "Functional Source License, Version 1.1, Apache 2.0 Future License";
|
||||
url = "https://fsl.software/FSL-1.1-Apache-2.0.template.md";
|
||||
free = false;
|
||||
redistributable = true;
|
||||
};
|
||||
|
||||
ftl = {
|
||||
spdxId = "FTL";
|
||||
fullName = "Freetype Project License";
|
||||
|
@ -714,10 +728,9 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "ISC License";
|
||||
};
|
||||
|
||||
# Proprietary binaries; free to redistribute without modification.
|
||||
databricks = {
|
||||
fullName = "Databricks Proprietary License";
|
||||
url = "https://pypi.org/project/databricks-connect";
|
||||
fullName = "Databricks License";
|
||||
url = "https://www.databricks.com/legal/db-license";
|
||||
free = false;
|
||||
};
|
||||
|
||||
|
@ -728,6 +741,12 @@ lib.mapAttrs mkLicense ({
|
|||
redistributable = false;
|
||||
};
|
||||
|
||||
databricks-license = {
|
||||
fullName = "Databricks License";
|
||||
url = "https://www.databricks.com/legal/db-license";
|
||||
free = false;
|
||||
};
|
||||
|
||||
fair = {
|
||||
fullName = "Fair License";
|
||||
spdxId = "Fair";
|
||||
|
@ -820,11 +839,6 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "PNG Reference Library version 2";
|
||||
};
|
||||
|
||||
libssh2 = {
|
||||
fullName = "libssh2 License";
|
||||
url = "https://www.libssh2.org/license.html";
|
||||
};
|
||||
|
||||
libtiff = {
|
||||
spdxId = "libtiff";
|
||||
fullName = "libtiff License";
|
||||
|
@ -866,8 +880,6 @@ lib.mapAttrs mkLicense ({
|
|||
url = "https://opensource.org/licenses/MirOS";
|
||||
};
|
||||
|
||||
# spdx.org does not (yet) differentiate between the X11 and Expat versions
|
||||
# for details see https://en.wikipedia.org/wiki/MIT_License#Various_versions
|
||||
mit = {
|
||||
spdxId = "MIT";
|
||||
fullName = "MIT License";
|
||||
|
@ -878,6 +890,12 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "feh License";
|
||||
};
|
||||
|
||||
mit-modern = {
|
||||
# Also known as Zsh license
|
||||
spdxId = "MIT-Modern-Variant";
|
||||
fullName = "MIT License Modern Variant";
|
||||
};
|
||||
|
||||
mitAdvertising = {
|
||||
spdxId = "MIT-advertising";
|
||||
fullName = "Enlightenment License (e16)";
|
||||
|
@ -1099,6 +1117,11 @@ lib.mapAttrs mkLicense ({
|
|||
url = "https://qwt.sourceforge.io/qwtlicense.html";
|
||||
};
|
||||
|
||||
radiance = {
|
||||
fullName = "The Radiance Software License, Version 2.0";
|
||||
url = "https://github.com/LBNL-ETA/Radiance/blob/master/License.txt";
|
||||
};
|
||||
|
||||
ruby = {
|
||||
spdxId = "Ruby";
|
||||
fullName = "Ruby License";
|
||||
|
@ -1305,11 +1328,6 @@ lib.mapAttrs mkLicense ({
|
|||
fullName = "zlib License";
|
||||
};
|
||||
|
||||
zsh = {
|
||||
url = "https://github.com/zsh-users/zsh/blob/master/LICENCE";
|
||||
fullName = "Zsh License";
|
||||
};
|
||||
|
||||
zpl20 = {
|
||||
spdxId = "ZPL-2.0";
|
||||
fullName = "Zope Public License 2.0";
|
||||
|
|
57
third_party/nixpkgs/lib/meta.nix
vendored
57
third_party/nixpkgs/lib/meta.nix
vendored
|
@ -7,6 +7,7 @@
|
|||
|
||||
let
|
||||
inherit (lib) matchAttrs any all isDerivation getBin assertMsg;
|
||||
inherit (lib.attrsets) mapAttrs' filterAttrs;
|
||||
inherit (builtins) isString match typeOf;
|
||||
|
||||
in
|
||||
|
@ -132,12 +133,17 @@ rec {
|
|||
mapDerivationAttrset = f: set: lib.mapAttrs (name: pkg: if lib.isDerivation pkg then (f pkg) else pkg) set;
|
||||
|
||||
/**
|
||||
Set the nix-env priority of the package.
|
||||
The default priority of packages in Nix. See `defaultPriority` in [`src/nix/profile.cc`](https://github.com/NixOS/nix/blob/master/src/nix/profile.cc#L47).
|
||||
*/
|
||||
defaultPriority = 5;
|
||||
|
||||
/**
|
||||
Set the nix-env priority of the package. Note that higher values are lower priority, and vice versa.
|
||||
|
||||
# Inputs
|
||||
|
||||
`priority`
|
||||
: 1\. Function argument
|
||||
: 1\. The priority to set.
|
||||
|
||||
`drv`
|
||||
: 2\. Function argument
|
||||
|
@ -158,8 +164,7 @@ rec {
|
|||
lowPrio = setPrio 10;
|
||||
|
||||
/**
|
||||
Apply lowPrio to an attrset with derivations
|
||||
|
||||
Apply lowPrio to an attrset with derivations.
|
||||
|
||||
# Inputs
|
||||
|
||||
|
@ -183,8 +188,7 @@ rec {
|
|||
hiPrio = setPrio (-10);
|
||||
|
||||
/**
|
||||
Apply hiPrio to an attrset with derivations
|
||||
|
||||
Apply hiPrio to an attrset with derivations.
|
||||
|
||||
# Inputs
|
||||
|
||||
|
@ -286,11 +290,39 @@ rec {
|
|||
((!pkg?meta.platforms) || any (platformMatch platform) pkg.meta.platforms) &&
|
||||
all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []);
|
||||
|
||||
/**
|
||||
Mapping of SPDX ID to the attributes in lib.licenses.
|
||||
|
||||
For SPDX IDs, see https://spdx.org/licenses.
|
||||
Note that some SPDX licenses might be missing.
|
||||
|
||||
# Examples
|
||||
:::{.example}
|
||||
## `lib.meta.licensesSpdx` usage example
|
||||
|
||||
```nix
|
||||
lib.licensesSpdx.MIT == lib.licenses.mit
|
||||
=> true
|
||||
lib.licensesSpdx."MY LICENSE"
|
||||
=> error: attribute 'MY LICENSE' missing
|
||||
```
|
||||
|
||||
:::
|
||||
*/
|
||||
licensesSpdx =
|
||||
mapAttrs'
|
||||
(_key: license: {
|
||||
name = license.spdxId;
|
||||
value = license;
|
||||
})
|
||||
(filterAttrs (_key: license: license ? spdxId) lib.licenses);
|
||||
|
||||
/**
|
||||
Get the corresponding attribute in lib.licenses from the SPDX ID
|
||||
or warn and fallback to `{ shortName = <license string>; }`.
|
||||
|
||||
For SPDX IDs, see https://spdx.org/licenses
|
||||
For SPDX IDs, see https://spdx.org/licenses.
|
||||
Note that some SPDX licenses might be missing.
|
||||
|
||||
# Type
|
||||
|
||||
|
@ -325,7 +357,8 @@ rec {
|
|||
Get the corresponding attribute in lib.licenses from the SPDX ID
|
||||
or fallback to the given default value.
|
||||
|
||||
For SPDX IDs, see https://spdx.org/licenses
|
||||
For SPDX IDs, see https://spdx.org/licenses.
|
||||
Note that some SPDX licenses might be missing.
|
||||
|
||||
# Inputs
|
||||
|
||||
|
@ -361,10 +394,12 @@ rec {
|
|||
*/
|
||||
getLicenseFromSpdxIdOr =
|
||||
let
|
||||
spdxLicenses = lib.mapAttrs (id: ls: assert lib.length ls == 1; builtins.head ls)
|
||||
(lib.groupBy (l: lib.toLower l.spdxId) (lib.filter (l: l ? spdxId) (lib.attrValues lib.licenses)));
|
||||
lowercaseLicenses = lib.mapAttrs' (name: value: {
|
||||
name = lib.toLower name;
|
||||
inherit value;
|
||||
}) licensesSpdx;
|
||||
in licstr: default:
|
||||
spdxLicenses.${ lib.toLower licstr } or default;
|
||||
lowercaseLicenses.${ lib.toLower licstr } or default;
|
||||
|
||||
/**
|
||||
Get the path to the main program of a package based on meta.mainProgram
|
||||
|
|
55
third_party/nixpkgs/lib/modules.nix
vendored
55
third_party/nixpkgs/lib/modules.nix
vendored
|
@ -861,7 +861,7 @@ let
|
|||
else
|
||||
# (nixos-option detects this specific error message and gives it special
|
||||
# handling. If changed here, please change it there too.)
|
||||
throw "The option `${showOption loc}' is used but not defined.";
|
||||
throw "The option `${showOption loc}' was accessed but has no value defined. Try setting the option.";
|
||||
|
||||
isDefined = defsFinal != [];
|
||||
|
||||
|
@ -1366,6 +1366,58 @@ let
|
|||
]);
|
||||
};
|
||||
|
||||
/**
|
||||
`importApply file arg :: Path -> a -> Module`, where `import file :: a -> Module`
|
||||
|
||||
`importApply` imports a Nix expression file much like the module system would,
|
||||
after passing an extra positional argument to the function in the file.
|
||||
|
||||
This function should be used when declaring a module in a file that refers to
|
||||
values from a different scope, such as that in a flake.
|
||||
|
||||
It solves the problems of alternative solutions:
|
||||
|
||||
- While `importApply file arg` is _mostly_ equivalent to
|
||||
`import file arg`, the latter returns a module without a location,
|
||||
as `import` only returns the contained expression. This leads to worse
|
||||
error messages.
|
||||
|
||||
- Using `specialArgs` to provide arguments to all modules. This effectively
|
||||
creates an incomplete module, and requires the user of the module to
|
||||
manually pass the `specialArgs` to the configuration, which is error-prone,
|
||||
verbose, and unnecessary.
|
||||
|
||||
The nix file must contain a function that returns a module.
|
||||
A module may itself be a function, so the file is often a function with two
|
||||
positional arguments instead of one. See the example below.
|
||||
|
||||
This function does not add support for deduplication and `disabledModules`,
|
||||
although that could be achieved by wrapping the returned module and setting
|
||||
the `_key` module attribute.
|
||||
The reason for this omission is that the file path is not guaranteed to be
|
||||
a unique identifier for the module, as two instances of the module may
|
||||
reference different `arg`s in their closures.
|
||||
|
||||
Example
|
||||
|
||||
# lib.nix
|
||||
imports = [
|
||||
(lib.modules.importApply ./module.nix { bar = bar; })
|
||||
];
|
||||
|
||||
# module.nix
|
||||
{ bar }:
|
||||
{ lib, config, ... }:
|
||||
{
|
||||
options = ...;
|
||||
config = ... bar ...;
|
||||
}
|
||||
|
||||
*/
|
||||
importApply =
|
||||
modulePath: staticArg:
|
||||
lib.setDefaultModuleLocation modulePath (import modulePath staticArg);
|
||||
|
||||
/* Use this function to import a JSON file as NixOS configuration.
|
||||
|
||||
modules.importJSON :: path -> attrs
|
||||
|
@ -1415,6 +1467,7 @@ private //
|
|||
filterOverrides'
|
||||
fixMergeModules
|
||||
fixupOptionType # should be private?
|
||||
importApply
|
||||
importJSON
|
||||
importTOML
|
||||
mergeDefinitions
|
||||
|
|
21
third_party/nixpkgs/lib/strings.nix
vendored
21
third_party/nixpkgs/lib/strings.nix
vendored
|
@ -408,7 +408,6 @@ rec {
|
|||
start ? false,
|
||||
end ? false,
|
||||
}:
|
||||
s:
|
||||
let
|
||||
# Define our own whitespace character class instead of using
|
||||
# `[:space:]`, which is not well-defined.
|
||||
|
@ -425,7 +424,9 @@ rec {
|
|||
"(.*[^${chars}])[${chars}]*"
|
||||
else
|
||||
"(.*)";
|
||||
|
||||
in
|
||||
s:
|
||||
let
|
||||
# If the string was empty or entirely whitespace,
|
||||
# then the regex may not match and `res` will be `null`.
|
||||
res = match regex s;
|
||||
|
@ -1026,7 +1027,8 @@ rec {
|
|||
replaceStrings (builtins.attrNames toEscape) (lib.mapAttrsToList (_: c: "%${fixedWidthString 2 "0" (lib.toHexString c)}") toEscape);
|
||||
|
||||
/**
|
||||
Quote `string` to be used safely within the Bourne shell.
|
||||
Quote `string` to be used safely within the Bourne shell if it has any
|
||||
special characters.
|
||||
|
||||
|
||||
# Inputs
|
||||
|
@ -1051,10 +1053,17 @@ rec {
|
|||
|
||||
:::
|
||||
*/
|
||||
escapeShellArg = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
|
||||
escapeShellArg = arg:
|
||||
let
|
||||
string = toString arg;
|
||||
in
|
||||
if match "[[:alnum:],._+:@%/-]+" string == null
|
||||
then "'${replaceStrings ["'"] ["'\\''"] string}'"
|
||||
else string;
|
||||
|
||||
/**
|
||||
Quote all arguments to be safely passed to the Bourne shell.
|
||||
Quote all arguments that have special characters to be safely passed to the
|
||||
Bourne shell.
|
||||
|
||||
# Inputs
|
||||
|
||||
|
@ -1073,7 +1082,7 @@ rec {
|
|||
|
||||
```nix
|
||||
escapeShellArgs ["one" "two three" "four'five"]
|
||||
=> "'one' 'two three' 'four'\\''five'"
|
||||
=> "one 'two three' 'four'\\''five'"
|
||||
```
|
||||
|
||||
:::
|
||||
|
|
24
third_party/nixpkgs/lib/systems/default.nix
vendored
24
third_party/nixpkgs/lib/systems/default.nix
vendored
|
@ -179,7 +179,7 @@ let
|
|||
hasSharedLibraries = with final;
|
||||
(isAndroid || isGnu || isMusl # Linux (allows multiple libcs)
|
||||
|| isDarwin || isSunOS || isOpenBSD || isFreeBSD || isNetBSD # BSDs
|
||||
|| isCygwin || isMinGW # Windows
|
||||
|| isCygwin || isMinGW || isWindows # Windows
|
||||
|| isWasm # WASM
|
||||
) && !isStatic;
|
||||
|
||||
|
@ -257,6 +257,22 @@ let
|
|||
if final.isMacOS then "MACOSX_DEPLOYMENT_TARGET"
|
||||
else if final.isiOS then "IPHONEOS_DEPLOYMENT_TARGET"
|
||||
else null;
|
||||
|
||||
# Remove before 25.05
|
||||
androidSdkVersion =
|
||||
if (args ? sdkVer && !args ? androidSdkVersion) then
|
||||
throw "For android `sdkVer` has been renamed to `androidSdkVersion`"
|
||||
else if (args ? androidSdkVersion) then
|
||||
args.androidSdkVersion
|
||||
else
|
||||
null;
|
||||
androidNdkVersion =
|
||||
if (args ? ndkVer && !args ? androidNdkVersion) then
|
||||
throw "For android `ndkVer` has been renamed to `androidNdkVersion`"
|
||||
else if (args ? androidSdkVersion) then
|
||||
args.androidNdkVersion
|
||||
else
|
||||
null;
|
||||
} // (
|
||||
let
|
||||
selectEmulator = pkgs:
|
||||
|
@ -282,8 +298,11 @@ let
|
|||
};
|
||||
wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal;
|
||||
in
|
||||
# Note: we guarantee that the return value is either `null` or a path
|
||||
# to an emulator program. That is, if an emulator requires additional
|
||||
# arguments, a wrapper should be used.
|
||||
if pkgs.stdenv.hostPlatform.canExecute final
|
||||
then "${pkgs.runtimeShell} -c '\"$@\"' --"
|
||||
then "${pkgs.execline}/bin/exec"
|
||||
else if final.isWindows
|
||||
then "${wine}/bin/wine${optionalString (final.parsed.cpu.bits == 64) "64"}"
|
||||
else if final.isLinux && pkgs.stdenv.hostPlatform.isLinux && final.qemuArch != null
|
||||
|
@ -360,6 +379,7 @@ let
|
|||
"armv7l" = "armv7";
|
||||
"armv6l" = "arm";
|
||||
"armv5tel" = "armv5te";
|
||||
"riscv32" = "riscv32gc";
|
||||
"riscv64" = "riscv64gc";
|
||||
}.${cpu.name} or cpu.name;
|
||||
vendor_ = final.rust.platform.vendor;
|
||||
|
|
3
third_party/nixpkgs/lib/systems/doubles.nix
vendored
3
third_party/nixpkgs/lib/systems/doubles.nix
vendored
|
@ -69,6 +69,7 @@ in {
|
|||
|
||||
arm = filterDoubles predicates.isAarch32;
|
||||
armv7 = filterDoubles predicates.isArmv7;
|
||||
aarch = filterDoubles predicates.isAarch;
|
||||
aarch64 = filterDoubles predicates.isAarch64;
|
||||
x86 = filterDoubles predicates.isx86;
|
||||
i686 = filterDoubles predicates.isi686;
|
||||
|
@ -114,6 +115,4 @@ in {
|
|||
genode = filterDoubles predicates.isGenode;
|
||||
|
||||
embedded = filterDoubles predicates.isNone;
|
||||
|
||||
mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "armv7a-linux" "aarch64-linux" "powerpc64-linux" "powerpc64le-linux" "aarch64-darwin" "riscv64-linux"];
|
||||
}
|
||||
|
|
12
third_party/nixpkgs/lib/systems/examples.nix
vendored
12
third_party/nixpkgs/lib/systems/examples.nix
vendored
|
@ -60,23 +60,23 @@ rec {
|
|||
armv7a-android-prebuilt = {
|
||||
config = "armv7a-unknown-linux-androideabi";
|
||||
rust.rustcTarget = "armv7-linux-androideabi";
|
||||
sdkVer = "33";
|
||||
ndkVer = "26";
|
||||
androidSdkVersion = "33";
|
||||
androidNdkVersion = "26";
|
||||
useAndroidPrebuilt = true;
|
||||
} // platforms.armv7a-android;
|
||||
|
||||
aarch64-android-prebuilt = {
|
||||
config = "aarch64-unknown-linux-android";
|
||||
rust.rustcTarget = "aarch64-linux-android";
|
||||
sdkVer = "33";
|
||||
ndkVer = "26";
|
||||
androidSdkVersion = "33";
|
||||
androidNdkVersion = "26";
|
||||
useAndroidPrebuilt = true;
|
||||
};
|
||||
|
||||
aarch64-android = {
|
||||
config = "aarch64-unknown-linux-android";
|
||||
sdkVer = "33";
|
||||
ndkVer = "26";
|
||||
androidSdkVersion = "33";
|
||||
androidNdkVersion = "26";
|
||||
libc = "bionic";
|
||||
useAndroidPrebuilt = false;
|
||||
useLLVM = true;
|
||||
|
|
|
@ -201,8 +201,9 @@ rec {
|
|||
target = "zImage";
|
||||
};
|
||||
gcc = {
|
||||
arch = "armv6";
|
||||
fpu = "vfp";
|
||||
# https://en.wikipedia.org/wiki/Raspberry_Pi#Specifications
|
||||
arch = "armv6kz";
|
||||
fpu = "vfpv2";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
165
third_party/nixpkgs/lib/tests/fetchers.nix
vendored
Normal file
165
third_party/nixpkgs/lib/tests/fetchers.nix
vendored
Normal file
|
@ -0,0 +1,165 @@
|
|||
let
|
||||
lib = import ./..;
|
||||
|
||||
inherit (lib)
|
||||
fakeHash
|
||||
fakeSha256
|
||||
fakeSha512
|
||||
flip
|
||||
functionArgs
|
||||
runTests
|
||||
;
|
||||
inherit (lib.fetchers) normalizeHash withNormalizedHash;
|
||||
|
||||
testingThrow = expr: {
|
||||
expr = with builtins; tryEval (seq expr "didn't throw");
|
||||
expected = {
|
||||
success = false;
|
||||
value = false;
|
||||
};
|
||||
};
|
||||
|
||||
# hashes of empty
|
||||
sri256 = "sha256-d6xi4mKdjkX2JFicDIv5niSzpyI0m/Hnm8GGAIU04kY=";
|
||||
sri512 = "sha512-AXFyVo7jiZ5we10fxZ5E9qfPjSfqkizY2apCzORKFVYZaNhCIVbooY+J4cYST00ztLf0EjivIBPPdtIYFUMfzQ==";
|
||||
|
||||
unionOfDisjoints = lib.foldl lib.attrsets.unionOfDisjoint { };
|
||||
|
||||
genTests = n: f: {
|
||||
"test${n}AlreadyNormalized" = {
|
||||
expr = f { } {
|
||||
outputHash = "";
|
||||
outputHashAlgo = "md42";
|
||||
};
|
||||
expected = {
|
||||
outputHash = "";
|
||||
outputHashAlgo = "md42";
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}EmptySha256" = {
|
||||
expr = f { } { sha256 = ""; };
|
||||
expected = {
|
||||
outputHash = fakeSha256;
|
||||
outputHashAlgo = "sha256";
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}EmptySha512" = {
|
||||
expr = f { hashTypes = [ "sha512" ]; } { sha512 = ""; };
|
||||
expected = {
|
||||
outputHash = fakeSha512;
|
||||
outputHashAlgo = "sha512";
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}EmptyHash" = {
|
||||
expr = f { } { hash = ""; };
|
||||
expected = {
|
||||
outputHash = fakeHash;
|
||||
outputHashAlgo = null;
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}Sri256" = {
|
||||
expr = f { } { hash = sri256; };
|
||||
expected = {
|
||||
outputHash = sri256;
|
||||
outputHashAlgo = null;
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}Sri512" = {
|
||||
expr = f { } { hash = sri512; };
|
||||
expected = {
|
||||
outputHash = sri512;
|
||||
outputHashAlgo = null;
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}PreservesAttrs" = {
|
||||
expr = f { } {
|
||||
hash = "aaaa";
|
||||
destination = "Earth";
|
||||
};
|
||||
expected = {
|
||||
outputHash = "aaaa";
|
||||
outputHashAlgo = null;
|
||||
destination = "Earth";
|
||||
};
|
||||
};
|
||||
|
||||
"test${n}RejectsSha1ByDefault" = testingThrow (f { } { sha1 = ""; });
|
||||
"test${n}RejectsSha512ByDefault" = testingThrow (f { } { sha512 = ""; });
|
||||
|
||||
"test${n}ThrowsOnMissing" = testingThrow (f { } { gibi = false; });
|
||||
};
|
||||
in
|
||||
runTests (unionOfDisjoints [
|
||||
(genTests "NormalizeHash" normalizeHash)
|
||||
(genTests "WithNormalized" (
|
||||
flip withNormalizedHash ({ outputHash, outputHashAlgo, ... }@args: args)
|
||||
))
|
||||
{
|
||||
testNormalizeNotRequiredEquivalent = {
|
||||
expr = normalizeHash { required = false; } {
|
||||
hash = "";
|
||||
prof = "shadoko";
|
||||
};
|
||||
expected = normalizeHash { } {
|
||||
hash = "";
|
||||
prof = "shadoko";
|
||||
};
|
||||
};
|
||||
|
||||
testNormalizeNotRequiredPassthru = {
|
||||
expr = normalizeHash { required = false; } { "ga bu" = "zo meu"; };
|
||||
expected."ga bu" = "zo meu";
|
||||
};
|
||||
|
||||
testOptionalArg = {
|
||||
expr = withNormalizedHash { } (
|
||||
{
|
||||
outputHash ? "",
|
||||
outputHashAlgo ? null,
|
||||
...
|
||||
}@args:
|
||||
args
|
||||
) { author = "Jacques Rouxel"; };
|
||||
expected.author = "Jacques Rouxel";
|
||||
};
|
||||
|
||||
testOptionalArgMetadata = {
|
||||
expr = functionArgs (
|
||||
withNormalizedHash { } (
|
||||
{
|
||||
outputHash ? "",
|
||||
outputHashAlgo ? null,
|
||||
}:
|
||||
{ }
|
||||
)
|
||||
);
|
||||
expected.hash = true;
|
||||
};
|
||||
|
||||
testPreservesArgsMetadata = {
|
||||
expr = functionArgs (
|
||||
withNormalizedHash { } (
|
||||
{
|
||||
outputHash,
|
||||
outputHashAlgo,
|
||||
pumping ? true,
|
||||
}:
|
||||
{ }
|
||||
)
|
||||
);
|
||||
expected = {
|
||||
hash = false;
|
||||
pumping = true;
|
||||
};
|
||||
};
|
||||
|
||||
testRejectsMissingHashArg = testingThrow (withNormalizedHash { } ({ outputHashAlgo }: { }));
|
||||
testRejectsMissingAlgoArg = testingThrow (withNormalizedHash { } ({ outputHash }: { }));
|
||||
}
|
||||
])
|
57
third_party/nixpkgs/lib/tests/misc.nix
vendored
57
third_party/nixpkgs/lib/tests/misc.nix
vendored
|
@ -45,6 +45,7 @@ let
|
|||
const
|
||||
escapeXML
|
||||
evalModules
|
||||
extends
|
||||
filter
|
||||
fix
|
||||
fold
|
||||
|
@ -102,6 +103,7 @@ let
|
|||
take
|
||||
testAllTrue
|
||||
toBaseDigits
|
||||
toExtension
|
||||
toHexString
|
||||
fromHexString
|
||||
toInt
|
||||
|
@ -233,11 +235,6 @@ runTests {
|
|||
];
|
||||
};
|
||||
|
||||
testFix = {
|
||||
expr = fix (x: {a = if x ? a then "a" else "b";});
|
||||
expected = {a = "a";};
|
||||
};
|
||||
|
||||
testComposeExtensions = {
|
||||
expr = let obj = makeExtensible (self: { foo = self.bar; });
|
||||
f = self: super: { bar = false; baz = true; };
|
||||
|
@ -470,6 +467,26 @@ runTests {
|
|||
expected = [ "A" "B" ];
|
||||
};
|
||||
|
||||
testEscapeShellArg = {
|
||||
expr = strings.escapeShellArg "esc'ape\nme";
|
||||
expected = "'esc'\\''ape\nme'";
|
||||
};
|
||||
|
||||
testEscapeShellArgEmpty = {
|
||||
expr = strings.escapeShellArg "";
|
||||
expected = "''";
|
||||
};
|
||||
|
||||
testEscapeShellArgs = {
|
||||
expr = strings.escapeShellArgs ["one" "two three" "four'five"];
|
||||
expected = "one 'two three' 'four'\\''five'";
|
||||
};
|
||||
|
||||
testEscapeShellArgsUnicode = {
|
||||
expr = strings.escapeShellArg "á";
|
||||
expected = "'á'";
|
||||
};
|
||||
|
||||
testSplitStringsDerivation = {
|
||||
expr = take 3 (strings.splitString "/" (derivation {
|
||||
name = "name";
|
||||
|
@ -569,12 +586,12 @@ runTests {
|
|||
'';
|
||||
expected = ''
|
||||
STRing01='just a '\'''string'\''''
|
||||
declare -a _array_=('with' 'more strings')
|
||||
declare -a _array_=(with 'more strings')
|
||||
declare -A assoc=(['with some']='strings
|
||||
possibly newlines
|
||||
')
|
||||
drv='/drv'
|
||||
path='/path'
|
||||
drv=/drv
|
||||
path=/path
|
||||
stringable='hello toString'
|
||||
'';
|
||||
};
|
||||
|
@ -1217,6 +1234,28 @@ runTests {
|
|||
attrsToList { someFunc= a: a + 1;}
|
||||
);
|
||||
|
||||
# FIXED-POINTS
|
||||
|
||||
testFix = {
|
||||
expr = fix (x: {a = if x ? a then "a" else "b";});
|
||||
expected = {a = "a";};
|
||||
};
|
||||
|
||||
testToExtension = {
|
||||
expr = [
|
||||
(fix (final: { a = 0; c = final.a; }))
|
||||
(fix (extends (toExtension { a = 1; b = 2; }) (final: { a = 0; c = final.a; })))
|
||||
(fix (extends (toExtension (prev: { a = 1; b = prev.a; })) (final: { a = 0; c = final.a; })))
|
||||
(fix (extends (toExtension (final: prev: { a = 1; b = prev.a; c = final.a + 1; })) (final: { a = 0; c = final.a; })))
|
||||
];
|
||||
expected = [
|
||||
{ a = 0; c = 0; }
|
||||
{ a = 1; b = 2; c = 1; }
|
||||
{ a = 1; b = 0; c = 1; }
|
||||
{ a = 1; b = 0; c = 2; }
|
||||
];
|
||||
};
|
||||
|
||||
# GENERATORS
|
||||
# these tests assume attributes are converted to lists
|
||||
# in alphabetical order
|
||||
|
@ -1754,7 +1793,7 @@ runTests {
|
|||
verbose = true;
|
||||
};
|
||||
|
||||
expected = "'-X' 'PUT' '--data' '{\"id\":0}' '--retry' '3' '--url' 'https://example.com/foo' '--url' 'https://example.com/bar' '--verbose'";
|
||||
expected = "-X PUT --data '{\"id\":0}' --retry 3 --url https://example.com/foo --url https://example.com/bar --verbose";
|
||||
};
|
||||
|
||||
testSanitizeDerivationNameLeadingDots = testSanitizeDerivationName {
|
||||
|
|
95
third_party/nixpkgs/lib/tests/modules.sh
vendored
95
third_party/nixpkgs/lib/tests/modules.sh
vendored
|
@ -13,13 +13,44 @@ set -o errexit -o noclobber -o nounset -o pipefail
|
|||
shopt -s failglob inherit_errexit
|
||||
|
||||
# https://stackoverflow.com/a/246128/6605742
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
|
||||
|
||||
cd "$DIR"/modules
|
||||
|
||||
pass=0
|
||||
fail=0
|
||||
|
||||
# loc
|
||||
# prints the location of the call of to the function that calls it
|
||||
# loc n
|
||||
# prints the location n levels up the call stack
|
||||
loc() {
|
||||
local caller depth
|
||||
depth=1
|
||||
if [[ $# -gt 0 ]]; then
|
||||
depth=$1
|
||||
fi
|
||||
# ( lineno fnname file ) of the caller
|
||||
caller=( $(caller $depth) )
|
||||
echo "${caller[2]}:${caller[0]}"
|
||||
}
|
||||
|
||||
line() {
|
||||
echo "----------------------------------------"
|
||||
}
|
||||
logStartFailure() {
|
||||
line
|
||||
}
|
||||
logEndFailure() {
|
||||
line
|
||||
echo
|
||||
}
|
||||
|
||||
logFailure() {
|
||||
# bold red
|
||||
printf '\033[1;31mTEST FAILED\033[0m at %s\n' "$(loc 2)"
|
||||
}
|
||||
|
||||
evalConfig() {
|
||||
local attr=$1
|
||||
shift
|
||||
|
@ -31,7 +62,7 @@ reportFailure() {
|
|||
local attr=$1
|
||||
shift
|
||||
local script="import ./default.nix { modules = [ $* ];}"
|
||||
echo 2>&1 "$ nix-instantiate -E '$script' -A '$attr' --eval-only --json"
|
||||
echo "$ nix-instantiate -E '$script' -A '$attr' --eval-only --json"
|
||||
evalConfig "$attr" "$@" || true
|
||||
((++fail))
|
||||
}
|
||||
|
@ -42,8 +73,12 @@ checkConfigOutput() {
|
|||
if evalConfig "$@" 2>/dev/null | grep -E --silent "$outputContains" ; then
|
||||
((++pass))
|
||||
else
|
||||
echo 2>&1 "error: Expected result matching '$outputContains', while evaluating"
|
||||
logStartFailure
|
||||
echo "ACTUAL:"
|
||||
reportFailure "$@"
|
||||
echo "EXPECTED: result matching '$outputContains'"
|
||||
logFailure
|
||||
logEndFailure
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -52,14 +87,22 @@ checkConfigError() {
|
|||
local err=""
|
||||
shift
|
||||
if err="$(evalConfig "$@" 2>&1 >/dev/null)"; then
|
||||
echo 2>&1 "error: Expected error code, got exit code 0, while evaluating"
|
||||
logStartFailure
|
||||
echo "ACTUAL: exit code 0, output:"
|
||||
reportFailure "$@"
|
||||
echo "EXPECTED: non-zero exit code"
|
||||
logFailure
|
||||
logEndFailure
|
||||
else
|
||||
if echo "$err" | grep -zP --silent "$errorContains" ; then
|
||||
((++pass))
|
||||
else
|
||||
echo 2>&1 "error: Expected error matching '$errorContains', while evaluating"
|
||||
logStartFailure
|
||||
echo "ACTUAL:"
|
||||
reportFailure "$@"
|
||||
echo "EXPECTED: error matching '$errorContains'"
|
||||
logFailure
|
||||
logEndFailure
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -204,6 +247,14 @@ checkConfigOutput '^true$' "$@" ./define-enable.nix ./define-attrsOfSub-if-foo-e
|
|||
checkConfigOutput '^true$' "$@" ./define-enable.nix ./define-attrsOfSub-foo-if-enable.nix
|
||||
checkConfigOutput '^true$' "$@" ./define-enable.nix ./define-attrsOfSub-foo-enable-if.nix
|
||||
|
||||
# Check importApply
|
||||
checkConfigOutput '"abc"' config.value ./importApply.nix
|
||||
# importApply does not set a key.
|
||||
# Disabling the function file is not sufficient, because importApply can't reasonably assume that the key is unique.
|
||||
# e.g. user may call it multiple times with different arguments and expect each of the module to apply.
|
||||
# While this is excusable for the disabledModules aspect, it is not for the deduplication of modules.
|
||||
checkConfigOutput '"abc"' config.value ./importApply-disabling.nix
|
||||
|
||||
# Check disabledModules with config definitions and option declarations.
|
||||
set -- config.enable ./define-enable.nix ./declare-enable.nix
|
||||
checkConfigOutput '^true$' "$@"
|
||||
|
@ -243,6 +294,9 @@ checkConfigOutput '^"42"$' config.value ./declare-coerced-value.nix
|
|||
checkConfigOutput '^"24"$' config.value ./declare-coerced-value.nix ./define-value-string.nix
|
||||
checkConfigError 'A definition for option .* is not.*string or signed integer convertible to it.*. Definition values:\n\s*- In .*: \[ \]' config.value ./declare-coerced-value.nix ./define-value-list.nix
|
||||
|
||||
# Check coerced option merging.
|
||||
checkConfigError 'The option .value. in .*/declare-coerced-value.nix. is already declared in .*/declare-coerced-value-no-default.nix.' config.value ./declare-coerced-value.nix ./declare-coerced-value-no-default.nix
|
||||
|
||||
# Check coerced value with unsound coercion
|
||||
checkConfigOutput '^12$' config.value ./declare-coerced-value-unsound.nix
|
||||
checkConfigError 'A definition for option .* is not of type .*. Definition values:\n\s*- In .*: "1000"' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix
|
||||
|
@ -261,7 +315,7 @@ checkConfigOutput '^".*Hello.*"$' options.namedPackage.description ./declare-mkP
|
|||
checkConfigOutput '^"hello"$' config.pathPackage.pname ./declare-mkPackageOption.nix
|
||||
checkConfigOutput '^"pkgs\.hello\.override \{ stdenv = pkgs\.clangStdenv; \}"$' options.packageWithExample.example.text ./declare-mkPackageOption.nix
|
||||
checkConfigOutput '^".*Example extra description\..*"$' options.packageWithExtraDescription.description ./declare-mkPackageOption.nix
|
||||
checkConfigError 'The option .undefinedPackage. is used but not defined' config.undefinedPackage ./declare-mkPackageOption.nix
|
||||
checkConfigError 'The option .undefinedPackage. was accessed but has no value defined. Try setting the option.' config.undefinedPackage ./declare-mkPackageOption.nix
|
||||
checkConfigOutput '^null$' config.nullablePackage ./declare-mkPackageOption.nix
|
||||
checkConfigOutput '^"null or package"$' options.nullablePackageWithDefault.type.description ./declare-mkPackageOption.nix
|
||||
checkConfigOutput '^"myPkgs\.hello"$' options.packageWithPkgsText.defaultText.text ./declare-mkPackageOption.nix
|
||||
|
@ -359,7 +413,7 @@ checkConfigOutput '^null$' config.foo ./freeform-attrsOf.nix ./freeform-str-dep-
|
|||
checkConfigOutput '^"24"$' config.foo ./freeform-attrsOf.nix ./freeform-str-dep-unstr.nix ./define-value-string.nix
|
||||
# Check whether an freeform-typed value can depend on a declared option, this can only work with lazyAttrsOf
|
||||
checkConfigError 'infinite recursion encountered' config.foo ./freeform-attrsOf.nix ./freeform-unstr-dep-str.nix
|
||||
checkConfigError 'The option .* is used but not defined' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix
|
||||
checkConfigError 'The option .* was accessed but has no value defined. Try setting the option.' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix
|
||||
checkConfigOutput '^"24"$' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix ./define-value-string.nix
|
||||
# submodules in freeformTypes should have their locations annotated
|
||||
checkConfigOutput '/freeform-submodules.nix"$' config.fooDeclarations.0 ./freeform-submodules.nix
|
||||
|
@ -375,8 +429,8 @@ checkConfigOutput '^null$' config.value.l1.l2.foo ./types-anything/nested-attrs.
|
|||
checkConfigOutput '^null$' config.value.l1.l2.l3.foo ./types-anything/nested-attrs.nix
|
||||
# Attribute sets that are coercible to strings shouldn't be recursed into
|
||||
checkConfigOutput '^"foo"$' config.value.outPath ./types-anything/attrs-coercible.nix
|
||||
# Multiple lists aren't concatenated together
|
||||
checkConfigError 'The option .* has conflicting definitions' config.value ./types-anything/lists.nix
|
||||
# Multiple lists aren't concatenated together if their definitions are not equal
|
||||
checkConfigError 'The option .* has conflicting definition values' config.value ./types-anything/lists.nix
|
||||
# Check that all equalizable atoms can be used as long as all definitions are equal
|
||||
checkConfigOutput '^0$' config.value.int ./types-anything/equal-atoms.nix
|
||||
checkConfigOutput '^false$' config.value.bool ./types-anything/equal-atoms.nix
|
||||
|
@ -384,6 +438,7 @@ checkConfigOutput '^""$' config.value.string ./types-anything/equal-atoms.nix
|
|||
checkConfigOutput '^"/[^"]+"$' config.value.path ./types-anything/equal-atoms.nix
|
||||
checkConfigOutput '^null$' config.value.null ./types-anything/equal-atoms.nix
|
||||
checkConfigOutput '^0.1$' config.value.float ./types-anything/equal-atoms.nix
|
||||
checkConfigOutput '^\[1,"a",{"x":null}\]$' config.value.list ./types-anything/equal-atoms.nix
|
||||
# Functions can't be merged together
|
||||
checkConfigError "The option .value.multiple-lambdas.<function body>. has conflicting option types" config.applied.multiple-lambdas ./types-anything/functions.nix
|
||||
checkConfigOutput '^true$' config.valueIsFunction.single-lambda ./types-anything/functions.nix
|
||||
|
@ -418,8 +473,8 @@ checkConfigOutput "{}" config.attrs.a ./emptyValues.nix
|
|||
checkConfigOutput "null" config.null.a ./emptyValues.nix
|
||||
checkConfigOutput "{}" config.submodule.a ./emptyValues.nix
|
||||
# These types don't have empty values
|
||||
checkConfigError 'The option .int.a. is used but not defined' config.int.a ./emptyValues.nix
|
||||
checkConfigError 'The option .nonEmptyList.a. is used but not defined' config.nonEmptyList.a ./emptyValues.nix
|
||||
checkConfigError 'The option .int.a. was accessed but has no value defined. Try setting the option.' config.int.a ./emptyValues.nix
|
||||
checkConfigError 'The option .nonEmptyList.a. was accessed but has no value defined. Try setting the option.' config.nonEmptyList.a ./emptyValues.nix
|
||||
|
||||
# types.unique
|
||||
# requires a single definition
|
||||
|
@ -499,21 +554,21 @@ checkConfigOutput '^"pear\\npear"$' config.twice.raw ./merge-module-with-key.nix
|
|||
|
||||
# Declaration positions
|
||||
# Line should be present for direct options
|
||||
checkConfigOutput '^10$' options.imported.line10.declarationPositions.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '/declaration-positions.nix"$' options.imported.line10.declarationPositions.0.file ./declaration-positions.nix
|
||||
checkConfigOutput '^14$' options.imported.line14.declarationPositions.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '/declaration-positions.nix"$' options.imported.line14.declarationPositions.0.file ./declaration-positions.nix
|
||||
# Generated options may not have line numbers but they will at least get the
|
||||
# right file
|
||||
checkConfigOutput '/declaration-positions.nix"$' options.generated.line18.declarationPositions.0.file ./declaration-positions.nix
|
||||
checkConfigOutput '^null$' options.generated.line18.declarationPositions.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '/declaration-positions.nix"$' options.generated.line22.declarationPositions.0.file ./declaration-positions.nix
|
||||
checkConfigOutput '^null$' options.generated.line22.declarationPositions.0.line ./declaration-positions.nix
|
||||
# Submodules don't break it
|
||||
checkConfigOutput '^39$' config.submoduleLine34.submodDeclLine39.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '/declaration-positions.nix"$' config.submoduleLine34.submodDeclLine39.0.file ./declaration-positions.nix
|
||||
checkConfigOutput '^45$' config.submoduleLine38.submodDeclLine45.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '/declaration-positions.nix"$' config.submoduleLine38.submodDeclLine45.0.file ./declaration-positions.nix
|
||||
# New options under freeform submodules get collected into the parent submodule
|
||||
# (consistent with .declarations behaviour, but weird; notably appears in system.build)
|
||||
checkConfigOutput '^34|23$' options.submoduleLine34.declarationPositions.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '^34|23$' options.submoduleLine34.declarationPositions.1.line ./declaration-positions.nix
|
||||
checkConfigOutput '^38|27$' options.submoduleLine38.declarationPositions.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '^38|27$' options.submoduleLine38.declarationPositions.1.line ./declaration-positions.nix
|
||||
# nested options work
|
||||
checkConfigOutput '^30$' options.nested.nestedLine30.declarationPositions.0.line ./declaration-positions.nix
|
||||
checkConfigOutput '^34$' options.nested.nestedLine34.declarationPositions.0.line ./declaration-positions.nix
|
||||
|
||||
cat <<EOF
|
||||
====== module tests ======
|
||||
|
|
|
@ -1,13 +1,17 @@
|
|||
{ lib, options, ... }:
|
||||
let discardPositions = lib.mapAttrs (k: v: v);
|
||||
let
|
||||
discardPositions = lib.mapAttrs (k: v: v);
|
||||
in
|
||||
# unsafeGetAttrPos is unspecified best-effort behavior, so we only want to consider this test on an evaluator that satisfies some basic assumptions about this function.
|
||||
assert builtins.unsafeGetAttrPos "a" { a = true; } != null;
|
||||
assert builtins.unsafeGetAttrPos "a" (discardPositions { a = true; }) == null;
|
||||
assert
|
||||
builtins.unsafeGetAttrPos "a" (discardPositions {
|
||||
a = true;
|
||||
}) == null;
|
||||
{
|
||||
imports = [
|
||||
{
|
||||
options.imported.line10 = lib.mkOption {
|
||||
options.imported.line14 = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
|
@ -15,35 +19,39 @@ assert builtins.unsafeGetAttrPos "a" (discardPositions { a = true; }) == null;
|
|||
# programs.firefox.nativeMessagingHosts.ff2mpv. We don't expect to get
|
||||
# line numbers for these, but we can fall back on knowing the file.
|
||||
options.generated = discardPositions {
|
||||
line18 = lib.mkOption {
|
||||
line22 = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
};
|
||||
};
|
||||
|
||||
options.submoduleLine34.extraOptLine23 = lib.mkOption {
|
||||
options.submoduleLine38.extraOptLine27 = lib.mkOption {
|
||||
default = 1;
|
||||
type = lib.types.int;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
options.nested.nestedLine30 = lib.mkOption {
|
||||
options.nested.nestedLine34 = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
};
|
||||
|
||||
options.submoduleLine34 = lib.mkOption {
|
||||
options.submoduleLine38 = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.submoduleWith {
|
||||
modules = [
|
||||
({ options, ... }: {
|
||||
options.submodDeclLine39 = lib.mkOption { };
|
||||
})
|
||||
(
|
||||
{ options, ... }:
|
||||
{
|
||||
options.submodDeclLine45 = lib.mkOption { };
|
||||
}
|
||||
)
|
||||
{ freeformType = with lib.types; lazyAttrsOf (uniq unspecified); }
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
submoduleLine34.submodDeclLine39 = (options.submoduleLine34.type.getSubOptions [ ]).submodDeclLine39.declarationPositions;
|
||||
submoduleLine38.submodDeclLine45 =
|
||||
(options.submoduleLine38.type.getSubOptions [ ]).submodDeclLine45.declarationPositions;
|
||||
};
|
||||
}
|
||||
|
|
9
third_party/nixpkgs/lib/tests/modules/declare-coerced-value-no-default.nix
vendored
Normal file
9
third_party/nixpkgs/lib/tests/modules/declare-coerced-value-no-default.nix
vendored
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
options = {
|
||||
value = lib.mkOption {
|
||||
type = lib.types.coercedTo lib.types.int builtins.toString lib.types.str;
|
||||
};
|
||||
};
|
||||
}
|
4
third_party/nixpkgs/lib/tests/modules/importApply-disabling.nix
vendored
Normal file
4
third_party/nixpkgs/lib/tests/modules/importApply-disabling.nix
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
imports = [ ./importApply.nix ];
|
||||
disabledModules = [ ./importApply-function.nix ];
|
||||
}
|
5
third_party/nixpkgs/lib/tests/modules/importApply-function.nix
vendored
Normal file
5
third_party/nixpkgs/lib/tests/modules/importApply-function.nix
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ foo }:
|
||||
{ lib, config, ... }:
|
||||
{
|
||||
value = foo;
|
||||
}
|
5
third_party/nixpkgs/lib/tests/modules/importApply.nix
vendored
Normal file
5
third_party/nixpkgs/lib/tests/modules/importApply.nix
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
options.value = lib.mkOption { default = 1; };
|
||||
imports = [ (lib.modules.importApply ./importApply-function.nix { foo = "abc"; }) ];
|
||||
}
|
|
@ -12,6 +12,7 @@
|
|||
value.path = ./.;
|
||||
value.null = null;
|
||||
value.float = 0.1;
|
||||
value.list = [1 "a" {x=null;}];
|
||||
}
|
||||
{
|
||||
value.int = 0;
|
||||
|
@ -20,6 +21,7 @@
|
|||
value.path = ./.;
|
||||
value.null = null;
|
||||
value.float = 0.1;
|
||||
value.list = [1 "a" {x=null;}];
|
||||
}
|
||||
];
|
||||
|
||||
|
|
|
@ -6,10 +6,10 @@
|
|||
|
||||
config = lib.mkMerge [
|
||||
{
|
||||
value = [ null ];
|
||||
value = [ "a value" ];
|
||||
}
|
||||
{
|
||||
value = [ null ];
|
||||
value = [ "another value" ];
|
||||
}
|
||||
];
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
pkgs.runCommand "nixpkgs-lib-tests-nix-${nix.version}" {
|
||||
buildInputs = [
|
||||
(import ./check-eval.nix)
|
||||
(import ./fetchers.nix)
|
||||
(import ./maintainers.nix {
|
||||
inherit pkgs;
|
||||
lib = import ../.;
|
||||
|
|
10
third_party/nixpkgs/lib/types.nix
vendored
10
third_party/nixpkgs/lib/types.nix
vendored
|
@ -219,7 +219,7 @@ rec {
|
|||
else "(${t.description})";
|
||||
|
||||
# When adding new types don't forget to document them in
|
||||
# nixos/doc/manual/development/option-types.xml!
|
||||
# nixos/doc/manual/development/option-types.section.md!
|
||||
types = rec {
|
||||
|
||||
raw = mkOptionType {
|
||||
|
@ -253,12 +253,6 @@ rec {
|
|||
mergeFunction = {
|
||||
# Recursively merge attribute sets
|
||||
set = (attrsOf anything).merge;
|
||||
# Safe and deterministic behavior for lists is to only accept one definition
|
||||
# listOf only used to apply mkIf and co.
|
||||
list =
|
||||
if length defs > 1
|
||||
then throw "The option `${showOption loc}' has conflicting definitions, in ${showFiles (getFiles defs)}."
|
||||
else (listOf anything).merge;
|
||||
# This is the type of packages, only accept a single definition
|
||||
stringCoercibleSet = mergeOneOption;
|
||||
lambda = loc: defs: arg: anything.merge
|
||||
|
@ -1035,7 +1029,7 @@ rec {
|
|||
getSubOptions = finalType.getSubOptions;
|
||||
getSubModules = finalType.getSubModules;
|
||||
substSubModules = m: coercedTo coercedType coerceFunc (finalType.substSubModules m);
|
||||
typeMerge = t1: t2: null;
|
||||
typeMerge = t: null;
|
||||
functor = (defaultFunctor name) // { wrapped = finalType; };
|
||||
nestedTypes.coercedType = coercedType;
|
||||
nestedTypes.finalType = finalType;
|
||||
|
|
854
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
854
third_party/nixpkgs/maintainers/maintainer-list.nix
vendored
File diff suppressed because it is too large
Load diff
|
@ -9,10 +9,6 @@ What follows is a (very incomplete) overview of available scripts.
|
|||
|
||||
## Metadata
|
||||
|
||||
### `check-by-name.sh`
|
||||
|
||||
An alias for `pkgs/test/check-by-name/run-local.sh`, see [documentation](../../pkgs/test/check-by-name/README.md).
|
||||
|
||||
### `get-maintainer.sh`
|
||||
|
||||
`get-maintainer.sh [selector] value` returns a JSON object describing
|
||||
|
@ -60,3 +56,16 @@ The maintainer is designated by a `selector` which must be one of:
|
|||
see [`maintainer-list.nix`] for the fields' definition.
|
||||
|
||||
[`maintainer-list.nix`]: ../maintainer-list.nix
|
||||
|
||||
|
||||
## Conventions
|
||||
|
||||
### `sha-to-sri.py`
|
||||
|
||||
`sha-to-sri.py path ...` (atomically) rewrites hash attributes (named `hash` or `sha(1|256|512)`)
|
||||
into the SRI format: `hash = "{hash name}-{base64 encoded value}"`.
|
||||
|
||||
`path` must point to either a nix file, or a directory which will be automatically traversed.
|
||||
|
||||
`sha-to-sri.py` automatically skips files whose first non-empty line contains `generated by` or `do not edit`.
|
||||
Moreover, when walking a directory tree, the script will skip files whose name is `yarn.nix` or contains `generated`.
|
||||
|
|
|
@ -95,6 +95,7 @@ CROSS_TARGETS=(
|
|||
powerpc64-unknown-linux-gnuabielfv2
|
||||
powerpc64le-unknown-linux-gnu
|
||||
riscv64-unknown-linux-gnu
|
||||
s390x-unknown-linux-gnu
|
||||
x86_64-unknown-freebsd
|
||||
)
|
||||
|
||||
|
|
|
@ -12,7 +12,27 @@
|
|||
# nix-build build.nix --argstr maintainer <yourname> --argstr system aarch64-linux
|
||||
|
||||
let
|
||||
pkgs = import ./../../default.nix (removeAttrs args [ "maintainer" ]);
|
||||
# This avoids a common situation for maintainers, where due to Git's behavior of not tracking
|
||||
# directories, they have an empty directory somewhere in `pkgs/by-name`. Because that directory
|
||||
# exists, `pkgs/top-level/by-name-overlay.nix` picks it up and attempts to read `package.nix` out
|
||||
# of it... which doesn't exist, since it's empty.
|
||||
#
|
||||
# We don't want to run the code below on every instantiation of `nixpkgs`, as the `pkgs/by-name`
|
||||
# eval machinery is quite performance sensitive. So we use the internals of the `by-name` overlay
|
||||
# to implement our own way to avoid an evaluation failure for this script.
|
||||
#
|
||||
# See <https://github.com/NixOS/nixpkgs/issues/338227> for more motivation for this code block.
|
||||
overlay = self: super: {
|
||||
_internalCallByNamePackageFile =
|
||||
file: if builtins.pathExists file then super._internalCallByNamePackageFile file else null;
|
||||
};
|
||||
|
||||
nixpkgsArgs = removeAttrs args [ "maintainer" "overlays" ] // {
|
||||
overlays = args.overlays or [] ++ [ overlay ];
|
||||
};
|
||||
|
||||
pkgs = import ./../../default.nix nixpkgsArgs;
|
||||
|
||||
maintainer_ = pkgs.lib.maintainers.${maintainer};
|
||||
packagesWith = cond: return: set:
|
||||
(pkgs.lib.flatten
|
||||
|
|
|
@ -61,13 +61,11 @@ trace "Done"
|
|||
trace -n "Merging base branch into the HEAD commit in $tmp/merged.. "
|
||||
git -C "$tmp/merged" merge -q --no-edit "$baseSha"
|
||||
trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m"
|
||||
|
||||
trace -n "Reading pinned nixpkgs-check-by-name version from pinned-version.txt.. "
|
||||
toolVersion=$(<"$tmp/merged/pkgs/test/check-by-name/pinned-version.txt")
|
||||
trace -n "Reading pinned nixpkgs-vet version from pinned-version.txt.. "
|
||||
toolVersion=$(<"$tmp/merged/ci/nixpkgs-vet/pinned-version.txt")
|
||||
trace -e "\e[34m$toolVersion\e[0m"
|
||||
|
||||
trace -n "Building tool.. "
|
||||
nix-build https://github.com/NixOS/nixpkgs-check-by-name/tarball/"$toolVersion" -o "$tmp/tool" -A build
|
||||
|
||||
trace "Running nixpkgs-check-by-name.."
|
||||
"$tmp/tool/bin/nixpkgs-check-by-name" --base "$tmp/base" "$tmp/merged"
|
||||
nix-build https://github.com/NixOS/nixpkgs-vet/tarball/"$toolVersion" -o "$tmp/tool" -A build
|
||||
trace "Running nixpkgs-vet.."
|
||||
"$tmp/tool/bin/nixpkgs-vet" --base "$tmp/base" "$tmp/merged"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#! /usr/bin/env nix-shell
|
||||
#! nix-shell -p "haskellPackages.ghcWithPackages (p: [p.aeson p.req])"
|
||||
#! nix-shell -p hydra-unstable
|
||||
#! nix-shell -p hydra
|
||||
#! nix-shell -i runhaskell
|
||||
|
||||
{-
|
||||
|
|
|
@ -63,6 +63,7 @@ sed -r \
|
|||
-e '/ language-nix /d' \
|
||||
-e '/ hackage-db /d' \
|
||||
-e '/ cabal-install /d' \
|
||||
-e '/ cabal-install-solver /d' \
|
||||
-e '/ lsp /d' \
|
||||
-e '/ lsp-types /d' \
|
||||
-e '/ lsp-test /d' \
|
||||
|
|
|
@ -73,6 +73,9 @@ OK_MISSING_BY_PACKAGE = {
|
|||
"kwin": {
|
||||
"display-info", # newer versions identify as libdisplay-info
|
||||
},
|
||||
"libksysguard": {
|
||||
"Libcap", # used to call setcap at build time and nothing else
|
||||
},
|
||||
"mlt": {
|
||||
"Qt5", # intentionally disabled
|
||||
"SWIG",
|
||||
|
@ -88,6 +91,9 @@ OK_MISSING_BY_PACKAGE = {
|
|||
"powerdevil": {
|
||||
"DDCUtil", # cursed, intentionally disabled
|
||||
},
|
||||
"print-manager": {
|
||||
"PackageKitQt6", # used for auto-installing drivers which does not work for obvious reasons
|
||||
},
|
||||
"pulseaudio-qt": {
|
||||
"Qt6Qml", # tests only
|
||||
"Qt6Quick",
|
||||
|
|
|
@ -75,7 +75,7 @@ def main(set: str, version: str, nixpkgs: pathlib.Path, sources_url: Optional[st
|
|||
"gear": "releases",
|
||||
"plasma": "plasma",
|
||||
}[set]
|
||||
sources_url = f"https://kde.org/info/sources/source-{set_url}-{version}.html"
|
||||
sources_url = f"https://kde.org/info/sources/source-{set_url}-{version}/"
|
||||
|
||||
sources = httpx.get(sources_url)
|
||||
sources.raise_for_status()
|
||||
|
|
|
@ -45,6 +45,7 @@ lpeglabel,,,,1.6.0,,
|
|||
lrexlib-gnu,,,,,,
|
||||
lrexlib-pcre,,,,,,vyp
|
||||
lrexlib-posix,,,,,,
|
||||
lsp-progress.nvim,,,,,,gepbird
|
||||
lua-cjson,,,,,,
|
||||
lua-cmsgpack,,,,,,
|
||||
lua-curl,,,,,,
|
||||
|
@ -84,6 +85,7 @@ luarepl,,,,,,
|
|||
luarocks,,,,,,mrcjkb teto
|
||||
luarocks-build-rust-mlua,,,,,,mrcjkb
|
||||
luarocks-build-treesitter-parser,,,,,,mrcjkb
|
||||
luarocks-build-treesitter-parser-cpp,,,,,,mrcjkb
|
||||
luasec,,,,,,flosse
|
||||
luasnip,,,,,,
|
||||
luasocket,,,,,,
|
||||
|
@ -103,6 +105,8 @@ luv,,,,1.48.0-2,,
|
|||
lush.nvim,,,https://luarocks.org/dev,,,teto
|
||||
lyaml,,,,,,lblasc
|
||||
lz.n,,,,,,mrcjkb
|
||||
lze,,,,,,birdee
|
||||
lzn-auto-require,,,,,,mrcjkb
|
||||
magick,,,,,5.1,donovanglover
|
||||
markdown,,,,,,
|
||||
mediator_lua,,,,,,
|
||||
|
|
|
|
@ -791,6 +791,11 @@ def update_plugins(editor: Editor, args):
|
|||
All input arguments are grouped in the `Editor`."""
|
||||
|
||||
log.info("Start updating plugins")
|
||||
if args.proc > 1 and args.github_token == None:
|
||||
log.warning("You have enabled parallel updates but haven't set a github token.\n"
|
||||
"You may be hit with `HTTP Error 429: too many requests` as a consequence."
|
||||
"Either set --proc=1 or --github-token=YOUR_TOKEN. ")
|
||||
|
||||
fetch_config = FetchConfig(args.proc, args.github_token)
|
||||
update = editor.get_update(args.input_file, args.outfile, fetch_config)
|
||||
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i "python3 -I" -p "python3.withPackages(p: with p; [ rich structlog ])"
|
||||
|
||||
from abc import ABC, abstractclassmethod, abstractmethod
|
||||
from abc import ABC, abstractmethod
|
||||
from contextlib import contextmanager
|
||||
from pathlib import Path
|
||||
from structlog.contextvars import bound_contextvars as log_context
|
||||
from typing import ClassVar, List, Tuple
|
||||
|
||||
import hashlib, re, structlog
|
||||
import hashlib, logging, re, structlog
|
||||
|
||||
|
||||
logger = structlog.getLogger("sha-to-SRI")
|
||||
|
@ -26,11 +26,12 @@ class Encoding(ABC):
|
|||
assert len(digest) == self.n
|
||||
|
||||
from base64 import b64encode
|
||||
|
||||
return f"{self.hashName}-{b64encode(digest).decode()}"
|
||||
|
||||
@classmethod
|
||||
def all(cls, h) -> 'List[Encoding]':
|
||||
return [ c(h) for c in cls.__subclasses__() ]
|
||||
def all(cls, h) -> "List[Encoding]":
|
||||
return [c(h) for c in cls.__subclasses__()]
|
||||
|
||||
def __init__(self, h):
|
||||
self.n = h.digest_size
|
||||
|
@ -38,54 +39,56 @@ class Encoding(ABC):
|
|||
|
||||
@property
|
||||
@abstractmethod
|
||||
def length(self) -> int:
|
||||
...
|
||||
def length(self) -> int: ...
|
||||
|
||||
@property
|
||||
def regex(self) -> str:
|
||||
return f"[{self.alphabet}]{{{self.length}}}"
|
||||
|
||||
@abstractmethod
|
||||
def decode(self, s: str) -> bytes:
|
||||
...
|
||||
def decode(self, s: str) -> bytes: ...
|
||||
|
||||
|
||||
class Nix32(Encoding):
|
||||
alphabet = "0123456789abcdfghijklmnpqrsvwxyz"
|
||||
inverted = { c: i for i, c in enumerate(alphabet) }
|
||||
inverted = {c: i for i, c in enumerate(alphabet)}
|
||||
|
||||
@property
|
||||
def length(self):
|
||||
return 1 + (8 * self.n) // 5
|
||||
|
||||
def decode(self, s: str):
|
||||
assert len(s) == self.length
|
||||
out = [ 0 for _ in range(self.n) ]
|
||||
# TODO: Do better than a list of byte-sized ints
|
||||
out = bytearray(self.n)
|
||||
|
||||
for n, c in enumerate(reversed(s)):
|
||||
digit = self.inverted[c]
|
||||
i, j = divmod(5 * n, 8)
|
||||
out[i] = out[i] | (digit << j) & 0xff
|
||||
out[i] = out[i] | (digit << j) & 0xFF
|
||||
rem = digit >> (8 - j)
|
||||
if rem == 0:
|
||||
continue
|
||||
elif i < self.n:
|
||||
out[i+1] = rem
|
||||
out[i + 1] = rem
|
||||
else:
|
||||
raise ValueError(f"Invalid nix32 hash: '{s}'")
|
||||
|
||||
return bytes(out)
|
||||
|
||||
|
||||
class Hex(Encoding):
|
||||
alphabet = "0-9A-Fa-f"
|
||||
|
||||
@property
|
||||
def length(self):
|
||||
return 2 * self.n
|
||||
|
||||
def decode(self, s: str):
|
||||
from binascii import unhexlify
|
||||
|
||||
return unhexlify(s)
|
||||
|
||||
|
||||
class Base64(Encoding):
|
||||
alphabet = "A-Za-z0-9+/"
|
||||
|
||||
|
@ -94,36 +97,39 @@ class Base64(Encoding):
|
|||
"""Number of characters in data and padding."""
|
||||
i, k = divmod(self.n, 3)
|
||||
return 4 * i + (0 if k == 0 else k + 1), (3 - k) % 3
|
||||
|
||||
@property
|
||||
def length(self):
|
||||
return sum(self.format)
|
||||
|
||||
@property
|
||||
def regex(self):
|
||||
data, padding = self.format
|
||||
return f"[{self.alphabet}]{{{data}}}={{{padding}}}"
|
||||
|
||||
def decode(self, s):
|
||||
from base64 import b64decode
|
||||
|
||||
return b64decode(s, validate = True)
|
||||
|
||||
|
||||
_HASHES = (hashlib.new(n) for n in ('SHA-256', 'SHA-512'))
|
||||
ENCODINGS = {
|
||||
h.name: Encoding.all(h)
|
||||
for h in _HASHES
|
||||
}
|
||||
_HASHES = (hashlib.new(n) for n in ("SHA-256", "SHA-512"))
|
||||
ENCODINGS = {h.name: Encoding.all(h) for h in _HASHES}
|
||||
|
||||
RE = {
|
||||
h: "|".join(
|
||||
(f"({h}-)?" if e.name == 'base64' else '') +
|
||||
f"(?P<{h}_{e.name}>{e.regex})"
|
||||
(f"({h}-)?" if e.name == "base64" else "") + f"(?P<{h}_{e.name}>{e.regex})"
|
||||
for e in encodings
|
||||
) for h, encodings in ENCODINGS.items()
|
||||
)
|
||||
for h, encodings in ENCODINGS.items()
|
||||
}
|
||||
|
||||
_DEF_RE = re.compile("|".join(
|
||||
_DEF_RE = re.compile(
|
||||
"|".join(
|
||||
f"(?P<{h}>{h} = (?P<{h}_quote>['\"])({re})(?P={h}_quote);)"
|
||||
for h, re in RE.items()
|
||||
))
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def defToSRI(s: str) -> str:
|
||||
|
@ -153,7 +159,7 @@ def defToSRI(s: str) -> str:
|
|||
|
||||
@contextmanager
|
||||
def atomicFileUpdate(target: Path):
|
||||
'''Atomically replace the contents of a file.
|
||||
"""Atomically replace the contents of a file.
|
||||
|
||||
Guarantees that no temporary files are left behind, and `target` is either
|
||||
left untouched, or overwritten with new content if no exception was raised.
|
||||
|
@ -164,18 +170,20 @@ def atomicFileUpdate(target: Path):
|
|||
|
||||
Upon exiting the context, the files are closed; if no exception was
|
||||
raised, `new` (atomically) replaces the `target`, otherwise it is deleted.
|
||||
'''
|
||||
"""
|
||||
# That's mostly copied from noto-emoji.py, should DRY it out
|
||||
from tempfile import mkstemp
|
||||
fd, _p = mkstemp(
|
||||
dir = target.parent,
|
||||
prefix = target.name,
|
||||
)
|
||||
tmpPath = Path(_p)
|
||||
from tempfile import NamedTemporaryFile
|
||||
|
||||
try:
|
||||
with target.open() as original:
|
||||
with tmpPath.open('w') as new:
|
||||
with NamedTemporaryFile(
|
||||
dir = target.parent,
|
||||
prefix = target.stem,
|
||||
suffix = target.suffix,
|
||||
delete = False,
|
||||
mode="w", # otherwise the file would be opened in binary mode by default
|
||||
) as new:
|
||||
tmpPath = Path(new.name)
|
||||
yield (original, new)
|
||||
|
||||
tmpPath.replace(target)
|
||||
|
@ -188,37 +196,35 @@ def atomicFileUpdate(target: Path):
|
|||
def fileToSRI(p: Path):
|
||||
with atomicFileUpdate(p) as (og, new):
|
||||
for i, line in enumerate(og):
|
||||
with log_context(line=i):
|
||||
with log_context(line = i):
|
||||
new.write(defToSRI(line))
|
||||
|
||||
|
||||
_SKIP_RE = re.compile(
|
||||
"(generated by)|(do not edit)",
|
||||
re.IGNORECASE
|
||||
)
|
||||
_SKIP_RE = re.compile("(generated by)|(do not edit)", re.IGNORECASE)
|
||||
_IGNORE = frozenset({
|
||||
"gemset.nix",
|
||||
"yarn.nix",
|
||||
})
|
||||
|
||||
if __name__ == "__main__":
|
||||
from sys import argv, stderr
|
||||
from sys import argv
|
||||
|
||||
logger.info("Starting!")
|
||||
|
||||
for arg in argv[1:]:
|
||||
p = Path(arg)
|
||||
with log_context(path=str(p)):
|
||||
def handleFile(p: Path, skipLevel = logging.INFO):
|
||||
with log_context(file = str(p)):
|
||||
try:
|
||||
if p.name == "yarn.nix" or p.name.find("generated") != -1:
|
||||
logger.warning("File looks autogenerated, skipping!")
|
||||
continue
|
||||
|
||||
with p.open() as f:
|
||||
for line in f:
|
||||
if line.strip():
|
||||
break
|
||||
|
||||
if _SKIP_RE.search(line):
|
||||
logger.warning("File looks autogenerated, skipping!")
|
||||
continue
|
||||
logger.log(skipLevel, "File looks autogenerated, skipping!")
|
||||
return
|
||||
|
||||
fileToSRI(p)
|
||||
|
||||
except Exception as exn:
|
||||
logger.error(
|
||||
"Unhandled exception, skipping file!",
|
||||
|
@ -226,3 +232,19 @@ if __name__ == "__main__":
|
|||
)
|
||||
else:
|
||||
logger.info("Finished processing file")
|
||||
|
||||
for arg in argv[1:]:
|
||||
p = Path(arg)
|
||||
with log_context(arg = arg):
|
||||
if p.is_file():
|
||||
handleFile(p, skipLevel = logging.WARNING)
|
||||
|
||||
elif p.is_dir():
|
||||
logger.info("Recursing into directory")
|
||||
for q in p.glob("**/*.nix"):
|
||||
if q.is_file():
|
||||
if q.name in _IGNORE or q.name.find("generated") != -1:
|
||||
logger.info("File looks autogenerated, skipping!")
|
||||
continue
|
||||
|
||||
handleFile(q)
|
||||
|
|
|
@ -9,15 +9,15 @@
|
|||
infrastructure. Regular updates should be done through the individual packages
|
||||
update scripts.
|
||||
*/
|
||||
{ startWith ? null }:
|
||||
let
|
||||
pkgs = import ../.. {};
|
||||
pkgs = import ../.. { config.allowAliases = false; };
|
||||
|
||||
inherit (pkgs) lib;
|
||||
|
||||
packagesWith = cond: pkgs:
|
||||
let
|
||||
packagesWithInner = attrs:
|
||||
lib.unique (
|
||||
lib.concatLists (
|
||||
lib.mapAttrsToList (name: elem:
|
||||
let
|
||||
|
@ -33,12 +33,16 @@ let
|
|||
if lib.isAttrs value && (value.recurseForDerivations or false || value.recurseForRelease or false) then
|
||||
packagesWithInner value
|
||||
else []
|
||||
else []) attrs));
|
||||
else []) attrs);
|
||||
in
|
||||
packagesWithInner pkgs;
|
||||
|
||||
packages =
|
||||
packagesWith (pkgs: pkgs ? fetch-deps) pkgs;
|
||||
packages = lib.unique
|
||||
(lib.filter (p:
|
||||
(builtins.tryEval p.outPath).success ||
|
||||
builtins.trace "warning: skipping ${p.name} because it failed to evaluate" false)
|
||||
((pkgs: (lib.drop (lib.lists.findFirstIndex (p: p.name == startWith) 0 pkgs) pkgs))
|
||||
(packagesWith (p: p ? fetch-deps) pkgs)));
|
||||
|
||||
helpText = ''
|
||||
Please run:
|
||||
|
|
0
third_party/nixpkgs/maintainers/scripts/update.nix
vendored
Executable file → Normal file
0
third_party/nixpkgs/maintainers/scripts/update.nix
vendored
Executable file → Normal file
22
third_party/nixpkgs/maintainers/team-list.nix
vendored
22
third_party/nixpkgs/maintainers/team-list.nix
vendored
|
@ -183,6 +183,16 @@ with lib.maintainers;
|
|||
githubTeams = [ "cuda-maintainers" ];
|
||||
};
|
||||
|
||||
cyberus = {
|
||||
# Verify additions by approval of an already existing member of the team.
|
||||
members = [
|
||||
xanderio
|
||||
blitz
|
||||
];
|
||||
scope = "Team for Cyberus Technology employees who collectively maintain packages.";
|
||||
shortName = "Cyberus Technology employees";
|
||||
};
|
||||
|
||||
darwin = {
|
||||
members = [ toonn ];
|
||||
githubTeams = [ "darwin-maintainers" ];
|
||||
|
@ -315,6 +325,7 @@ with lib.maintainers;
|
|||
leona
|
||||
osnyx
|
||||
ma27
|
||||
laalsaas
|
||||
];
|
||||
scope = "Team for Flying Circus employees who collectively maintain packages.";
|
||||
shortName = "Flying Circus employees";
|
||||
|
@ -504,10 +515,10 @@ with lib.maintainers;
|
|||
githubTeams = [ "k3s" ];
|
||||
members = [
|
||||
euank
|
||||
frederictobiasc
|
||||
marcusramberg
|
||||
mic92
|
||||
rorosen
|
||||
superherointj
|
||||
wrmilling
|
||||
yajo
|
||||
];
|
||||
|
@ -752,6 +763,7 @@ with lib.maintainers;
|
|||
members = [
|
||||
SuperSandro2000
|
||||
anthonyroussel
|
||||
vinetos
|
||||
];
|
||||
scope = "Maintain the ecosystem around OpenStack";
|
||||
shortName = "OpenStack";
|
||||
|
@ -780,7 +792,11 @@ with lib.maintainers;
|
|||
};
|
||||
|
||||
perl = {
|
||||
members = [ sgo ];
|
||||
members = [
|
||||
sgo
|
||||
marcusramberg
|
||||
zakame
|
||||
];
|
||||
scope = "Maintain the Perl interpreter and Perl packages.";
|
||||
shortName = "Perl";
|
||||
enableFeatureFreezePing = true;
|
||||
|
@ -936,7 +952,6 @@ with lib.maintainers;
|
|||
steam = {
|
||||
members = [
|
||||
atemu
|
||||
eclairevoyant
|
||||
k900
|
||||
mkg20001
|
||||
];
|
||||
|
@ -947,7 +962,6 @@ with lib.maintainers;
|
|||
stridtech = {
|
||||
# Verify additions by approval of an already existing member of the team
|
||||
members = [
|
||||
superherointj
|
||||
ulrikstrid
|
||||
];
|
||||
scope = "Group registration for Strid Tech AB team members who collectively maintain packages";
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
# Perlless {#sec-perlless}
|
||||
|
||||
::: {.warning}
|
||||
If you enable this profile, you will NOT be able to switch to a new
|
||||
configuration and thus you will not be able to rebuild your system with
|
||||
nixos-rebuild!
|
||||
:::
|
||||
|
||||
Render your system completely perlless (i.e. without the perl interpreter). This
|
||||
includes a mechanism so that your build fails if it contains a Nix store path
|
||||
that references the string "perl".
|
||||
|
|
|
@ -12,12 +12,12 @@ By default, root logins using a password are disallowed. They can be
|
|||
disabled entirely by setting
|
||||
[](#opt-services.openssh.settings.PermitRootLogin) to `"no"`.
|
||||
|
||||
You can declaratively specify authorised RSA/DSA public keys for a user
|
||||
You can declaratively specify authorised public keys for a user
|
||||
as follows:
|
||||
|
||||
```nix
|
||||
{
|
||||
users.users.alice.openssh.authorizedKeys.keys =
|
||||
[ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
|
||||
[ "ssh-ed25519 AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
|
||||
}
|
||||
```
|
||||
|
|
|
@ -100,6 +100,9 @@ modified using `usermod`. Unix groups can be managed using `groupadd`,
|
|||
|
||||
::: {.note}
|
||||
This is experimental.
|
||||
|
||||
Please consider using [Userborn](#sec-userborn) over systemd-sysusers as it's
|
||||
more feature complete.
|
||||
:::
|
||||
|
||||
Instead of using a custom perl script to create users and groups, you can use
|
||||
|
@ -112,3 +115,43 @@ systemd-sysusers:
|
|||
```
|
||||
|
||||
The primary benefit of this is to remove a dependency on perl.
|
||||
|
||||
## Manage users and groups with `userborn` {#sec-userborn}
|
||||
|
||||
::: {.note}
|
||||
This is experimental.
|
||||
:::
|
||||
|
||||
Like systemd-sysusers, Userborn adoesn't depend on Perl but offers some more
|
||||
advantages over systemd-sysusers:
|
||||
|
||||
1. It can create "normal" users (with a GID >= 1000).
|
||||
2. It can update some information about users. Most notably it can update their
|
||||
passwords.
|
||||
3. It will warn when users use an insecure or unsupported password hashing
|
||||
scheme.
|
||||
|
||||
Userborn is the recommended way to manage users if you don't want to rely on
|
||||
the Perl script. It aims to eventually replace the Perl script by default.
|
||||
|
||||
You can enable Userborn via:
|
||||
|
||||
```nix
|
||||
services.userborn.enable = true;
|
||||
```
|
||||
|
||||
You can configure Userborn to store the password files
|
||||
(`/etc/{group,passwd,shadow}`) outside of `/etc` and symlink them from this
|
||||
location to `/etc`:
|
||||
|
||||
```nix
|
||||
services.userborn.passwordFilesLocation = "/persistent/etc";
|
||||
```
|
||||
|
||||
This is useful when you store `/etc` on a `tmpfs` or if `/etc` is immutable
|
||||
(e.g. when using `system.etc.overlay.mutable = false;`). In the latter case the
|
||||
original files are by default stored in `/var/lib/nixos`.
|
||||
|
||||
Userborn implements immutable users by re-mounting the password files
|
||||
read-only. This means that unlike when using the Perl script, trying to add a
|
||||
new user (e.g. via `useradd`) will fail right away.
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue