nixVersions.nix_2_3: add knownVulnerabilities

This commit is contained in:
Alyssa Ross 2025-06-29 14:41:47 +02:00
parent 1063473001
commit a61841a597
6 changed files with 46 additions and 7 deletions

View File

@ -18,7 +18,9 @@ let
pkgs = import nixpkgs' {
inherit system;
config = { };
config = {
permittedInsecurePackages = [ "nix-2.3.18" ];
};
overlays = [ ];
};

View File

@ -2,9 +2,16 @@
# The pkgs used for dependencies for the testing itself
# Don't test properties of pkgs.lib, but rather the lib in the parent directory
system ? builtins.currentSystem,
pkgs ? import ../.. { inherit system; } // {
lib = throw "pkgs.lib accessed, but the lib tests should use nixpkgs' lib path directly!";
},
pkgs ?
import ../.. {
inherit system;
config = {
permittedInsecurePackages = [ "nix-2.3.18" ];
};
}
// {
lib = throw "pkgs.lib accessed, but the lib tests should use nixpkgs' lib path directly!";
},
# For testing someone may edit impure.nix to return cross pkgs, use `pkgsBuildBuild` directly so everything here works.
pkgsBB ? pkgs.pkgsBuildBuild,
nix ? pkgs-nixVersions.stable,

View File

@ -11,6 +11,7 @@
inherit hash;
},
patches ? [ ],
knownVulnerabilities ? [ ],
maintainers ? [
lib.maintainers.lovesegfault
lib.maintainers.artturin
@ -335,7 +336,7 @@ let
'';
homepage = "https://nixos.org/";
license = licenses.lgpl21Plus;
inherit maintainers teams;
inherit knownVulnerabilities maintainers teams;
platforms = platforms.unix;
outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
mainProgram = "nix";

View File

@ -159,6 +159,15 @@ lib.makeExtensible (
patch-monitorfdhup
];
self_attribute_name = "nix_2_3";
knownVulnerabilities = [
"CVE-2024-38531"
"CVE-2024-47174"
"CVE-2025-46415"
"CVE-2025-46416"
"CVE-2025-52991"
"CVE-2025-52992"
"CVE-2025-52993"
];
maintainers = with lib.maintainers; [ flokli ];
teams = [ ];
}).overrideAttrs

View File

@ -3,7 +3,13 @@
officialRelease,
pkgs ? import nixpkgs.outPath { },
nix ? pkgs.nix,
lib-tests ? import ../../lib/tests/release.nix { inherit pkgs; },
lib-tests ? import ../../lib/tests/release.nix {
pkgs = import nixpkgs.outPath {
config = {
permittedInsecurePackages = [ "nix-2.3.18" ];
};
};
},
}:
pkgs.releaseTools.sourceTarball {

View File

@ -86,6 +86,7 @@ let
id
isDerivation
optionals
recursiveUpdate
;
inherit (release-lib.lib.attrsets) unionOfDisjoint;
@ -111,7 +112,20 @@ let
manual = pkgs.nixpkgs-manual.override { inherit nixpkgs; };
metrics = import ./metrics.nix { inherit pkgs nixpkgs; };
lib-tests = import ../../lib/tests/release.nix { inherit pkgs; };
lib-tests = import ../../lib/tests/release.nix {
pkgs = import nixpkgs (
recursiveUpdate
(recursiveUpdate {
inherit system;
config.allowUnsupportedSystem = true;
} nixpkgsArgs)
{
config.permittedInsecurePackages = nixpkgsArgs.config.permittedInsecurePackages or [ ] ++ [
"nix-2.3.18"
];
}
);
};
pkgs-lib-tests = import ../pkgs-lib/tests { inherit pkgs; };
darwin-tested =