talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
nixpkgs/pkgs/development/misc/resholve/default.nix
Jason Yundt d2392c7a2b resholve: fix using Nix API with overlays 
Before this change, if you used an overlay to override the version of
resholve that Nixpkgs uses, then Nixpkgs would sometimes use the new
version of resholve and sometimes use the previous version of resholve.
Specifically, pkgs.resholve would use the new version of resholve and
pkgs.resholve.writeScriptBin would use the previous version of resholve.

This change makes it so that if an overlay replaces pkgs.resholve, then
pkgs.resholve and pkgs.resholve.writeScriptBin will still use the same
version of resholve.

Fixes #418458.
2025-07-13 06:53:51 -04:00

64 lines
1.7 KiB
Nix
Raw Blame History

{
lib,
pkgsBuildHost,
resholve,
...
}:
let
removeKnownVulnerabilities =
pkg:
pkg.overrideAttrs (old: {
meta = (old.meta or { }) // {
knownVulnerabilities = [ ];
};
});
# We are removing `meta.knownVulnerabilities` from `python27`,
# and setting it in `resholve` itself.
python27' = (removeKnownVulnerabilities pkgsBuildHost.python27).override {
self = python27';
pkgsBuildHost = pkgsBuildHost // {
python27 = python27';
};
# strip down that python version as much as possible
openssl = null;
bzip2 = null;
readline = null;
ncurses = null;
gdbm = null;
sqlite = null;
rebuildBytecode = false;
stripBytecode = true;
strip2to3 = true;
stripConfig = true;
stripIdlelib = true;
stripTests = true;
enableOptimizations = false;
};
callPackage = lib.callPackageWith (pkgsBuildHost // { python27 = python27'; });
source = callPackage ./source.nix { };
deps = callPackage ./deps.nix { };
# not exposed in all-packages
resholveBuildTimeOnly = removeKnownVulnerabilities resholve;
in
rec {
# resholve itself
resholve = (
callPackage ./resholve.nix {
inherit (source) rSrc version;
inherit (deps.oil) oildev;
inherit (deps) configargparse;
inherit resholve-utils;
# used only in tests
resholve = resholveBuildTimeOnly;
}
);
# funcs to validate and phrase invocations of resholve
# and use those invocations to build packages
resholve-utils = callPackage ./resholve-utils.nix {
# we can still use resholve-utils without triggering a security warn
# this is safe since we will only use `resholve` at build time
resholve = resholveBuildTimeOnly;
};
}
Reference in New Issue View Git Blame Copy Permalink