nixpkgs/pkgs/development/misc/resholve/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

55 lines
1.6 KiB
Nix
Raw Normal View History

2022-12-01 23:10:14 +00:00
{ lib
, pkgs
2022-12-01 23:10:14 +00:00
, pkgsBuildHost
, ...
}:
let
removeKnownVulnerabilities = pkg: pkg.overrideAttrs (old: {
meta = (old.meta or { }) // { knownVulnerabilities = [ ]; };
});
# We are removing `meta.knownVulnerabilities` from `python27`,
# and setting it in `resholve` itself.
python27' = (removeKnownVulnerabilities pkgsBuildHost.python27).override {
self = python27';
pkgsBuildHost = pkgsBuildHost // { python27 = python27'; };
# strip down that python version as much as possible
2023-01-10 18:06:09 +00:00
openssl = null;
bzip2 = null;
readline = null;
ncurses = null;
gdbm = null;
sqlite = null;
rebuildBytecode = false;
stripBytecode = true;
strip2to3 = true;
stripConfig = true;
stripIdlelib = true;
stripTests = true;
enableOptimizations = false;
2022-12-01 23:10:14 +00:00
};
callPackage = lib.callPackageWith (pkgs // { python27 = python27'; });
source = callPackage ./source.nix { };
deps = callPackage ./deps.nix { };
in
rec {
2023-01-10 21:50:29 +00:00
# not exposed in all-packages
resholveBuildTimeOnly = removeKnownVulnerabilities resholve;
# resholve itself
resholve = callPackage ./resholve.nix {
2021-09-23 22:52:17 +00:00
inherit (source) rSrc version;
inherit (deps.oil) oildev;
inherit (deps) configargparse;
inherit resholve-utils;
2023-01-10 21:50:29 +00:00
# used only in tests
resholve = resholveBuildTimeOnly;
};
# funcs to validate and phrase invocations of resholve
# and use those invocations to build packages
resholve-utils = callPackage ./resholve-utils.nix {
# we can still use resholve-utils without triggering a security warn
# this is safe since we will only use `resholve` at build time
2023-01-10 21:50:29 +00:00
resholve = resholveBuildTimeOnly;
};
}