diff options
| author | Daiderd Jordan <daiderd@gmail.com> | 2020-11-28 18:57:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-28 18:57:47 +0100 |
| commit | 788f61cf3ec5fd797e5b2bee57aeb16ae925ee6b (patch) | |
| tree | a58e4a095ca9bf3200a282a35384a1d2d12e3c82 /pkgs/stdenv | |
| parent | e9526907cc3622b4223a13addc8fa47b25bf2a9a (diff) | |
| parent | 950ac2bc8fa13a7557d931123c24c93418662a2d (diff) | |
Merge pull request #85545 from LnL7/meta-available-flags
meta: expose availability flags in derivation metadata
Diffstat (limited to 'pkgs/stdenv')
| -rw-r--r-- | pkgs/stdenv/generic/check-meta.nix | 39 | ||||
| -rw-r--r-- | pkgs/stdenv/generic/make-derivation.nix | 3 |
2 files changed, 31 insertions, 11 deletions
diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 0ceb60535f556..160ca5d4e0684 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -49,6 +49,18 @@ let isUnfree = licenses: lib.lists.any (l: !l.free or true) licenses; + hasUnfreeLicense = attrs: + hasLicense attrs && + isUnfree (lib.lists.toList attrs.meta.license); + + isMarkedBroken = attrs: attrs.meta.broken or false; + + hasUnsupportedPlatform = attrs: + (!lib.lists.elem hostPlatform.system (attrs.meta.platforms or lib.platforms.all) || + lib.lists.elem hostPlatform.system (attrs.meta.badPlatforms or [])); + + isMarkedInsecure = attrs: (attrs.meta.knownVulnerabilities or []) != []; + # Alow granular checks to allow only some unfree packages # Example: # {pkgs, ...}: @@ -62,16 +74,15 @@ let # package has an unfree license and is not explicitely allowed by the # `allowUnfreePredicate` function. hasDeniedUnfreeLicense = attrs: + hasUnfreeLicense attrs && !allowUnfree && - hasLicense attrs && - isUnfree (lib.lists.toList attrs.meta.license) && !allowUnfreePredicate attrs; allowInsecureDefaultPredicate = x: builtins.elem (getName x) (config.permittedInsecurePackages or []); allowInsecurePredicate = x: (config.allowInsecurePredicate or allowInsecureDefaultPredicate) x; hasAllowedInsecure = attrs: - (attrs.meta.knownVulnerabilities or []) == [] || + !(isMarkedInsecure attrs) || allowInsecurePredicate attrs || builtins.getEnv "NIXPKGS_ALLOW_INSECURE" == "1"; @@ -203,6 +214,9 @@ let platforms = listOf str; hydraPlatforms = listOf str; broken = bool; + unfree = bool; + unsupported = bool; + insecure = bool; # TODO: refactor once something like Profpatsch's types-simple will land # This is currently dead code due to https://github.com/NixOS/nix/issues/2532 tests = attrsOf (mkOptionType { @@ -254,17 +268,22 @@ let # # Return { valid: Bool } and additionally # { reason: String; errormsg: String } if it is not valid, where - # reason is one of "unfree", "blacklisted" or "broken". + # reason is one of "unfree", "blacklisted", "broken", "insecure", ... + # Along with a boolean flag for each reason checkValidity = attrs: - if hasDeniedUnfreeLicense attrs && !(hasWhitelistedLicense attrs) then + { + unfree = hasUnfreeLicense attrs; + broken = isMarkedBroken attrs; + unsupported = hasUnsupportedPlatform attrs; + insecure = isMarkedInsecure attrs; + } + // (if hasDeniedUnfreeLicense attrs && !(hasWhitelistedLicense attrs) then { valid = false; reason = "unfree"; errormsg = "has an unfree license (‘${showLicense attrs.meta.license}’)"; } else if hasBlacklistedLicense attrs then { valid = false; reason = "blacklisted"; errormsg = "has a blacklisted license (‘${showLicense attrs.meta.license}’)"; } else if !allowBroken && attrs.meta.broken or false then { valid = false; reason = "broken"; errormsg = "is marked as broken"; } - else if !allowUnsupportedSystem && - (!lib.lists.elem hostPlatform.system (attrs.meta.platforms or lib.platforms.all) || - lib.lists.elem hostPlatform.system (attrs.meta.badPlatforms or [])) then + else if !allowUnsupportedSystem && hasUnsupportedPlatform attrs then { valid = false; reason = "unsupported"; errormsg = "is not supported on ‘${hostPlatform.system}’"; } else if !(hasAllowedInsecure attrs) then { valid = false; reason = "insecure"; errormsg = "is marked as insecure"; } @@ -272,14 +291,14 @@ let { valid = false; reason = "broken-outputs"; errormsg = "has invalid meta.outputsToInstall"; } else let res = checkMeta (attrs.meta or {}); in if res != [] then { valid = false; reason = "unknown-meta"; errormsg = "has an invalid meta attrset:${lib.concatMapStrings (x: "\n\t - " + x) res}"; } - else { valid = true; }; + else { valid = true; }); assertValidity = { meta, attrs }: let validity = checkValidity attrs; in validity // { # Throw an error if trying to evaluate an non-valid derivation handled = if !validity.valid - then handleEvalIssue { inherit meta attrs; } (removeAttrs validity ["valid"]) + then handleEvalIssue { inherit meta attrs; } { inherit (validity) reason errormsg; } else true; }; diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index 491951e6121fe..0eb799e45258c 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -328,8 +328,9 @@ in rec { # Fill `meta.position` to identify the source location of the package. // lib.optionalAttrs (pos != null) { position = pos.file + ":" + toString pos.line; - # Expose the result of the checks for everyone to see. } // { + # Expose the result of the checks for everyone to see. + inherit (validity) unfree broken unsupported insecure; available = validity.valid && (if config.checkMetaRecursively or false then lib.all (d: d.meta.available or true) references |