nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-27 17:33:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #205815 from thiagokokada/strip-down-python2-resholve

Browse Source 
resholve: use stripped-down python27
This commit is contained in:
figsoda 2022-12-13 11:02:30 -05:00 committed by GitHub
commit 126bb19304
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 41 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkgs/development/interpreters/python/cpython/2.7/default.nix
View File

@ -31,6 +31,10 @@
, rebuildBytecode ? true , rebuildBytecode ? true
, reproducibleBuild ? false , reproducibleBuild ? false
, enableOptimizations ? false , enableOptimizations ? false
, strip2to3 ? false
, stripConfig ? false
, stripIdlelib ? false
, stripTests ? false
, pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}" , pythonAttr ? "python${sourceVersion.major}${sourceVersion.minor}"
}: }:
@ -318,6 +322,16 @@ in with passthru; stdenv.mkDerivation ({
postFixup = '' postFixup = ''
# Include a sitecustomize.py file. Note it causes an error when it's in postInstall with 2.7. # Include a sitecustomize.py file. Note it causes an error when it's in postInstall with 2.7.
cp ${../../sitecustomize.py} $out/${sitePackages}/sitecustomize.py cp ${../../sitecustomize.py} $out/${sitePackages}/sitecustomize.py
'' + optionalString strip2to3 ''
rm -R $out/bin/2to3 $out/lib/python*/lib2to3
'' + optionalString stripConfig ''
rm -R $out/bin/python*-config $out/lib/python*/config-*
'' + optionalString stripIdlelib ''
# Strip IDLE
rm -R $out/bin/idle* $out/lib/python*/idlelib
'' + optionalString stripTests ''
# Strip tests
rm -R $out/lib/python*/test $out/lib/python*/**/test{,s}
''; '';
enableParallelBuilding = true; enableParallelBuilding = true;

36
pkgs/development/misc/resholve/default.nix
View File

@ -1,19 +1,37 @@
{ lib { lib
, stdenv , pkgs
, pkgsBuildHost , pkgsBuildHost
, ... , ...
}: }:
let let
pkgs = import ../../../.. { python27' = (pkgsBuildHost.python27.overrideAttrs (old:
inherit (stdenv.hostPlatform) system; {
# Allow python27 with known security issues only for resholve, # Overriding `meta.knownVulnerabilities` here, see #201859 for why it exists
# see issue #201859 for the reasoning # In resholve case this should not be a security issue,
# In resholve case this should not be a security issue, # since it will only be used during build, not runtime
# since it will only be used during build, not runtime meta = (old.meta or { }) // { knownVulnerabilities = [ ]; };
config.permittedInsecurePackages = [ pkgsBuildHost.python27.name ]; }
)).override {
self = python27';
pkgsBuildHost = pkgsBuildHost // { python27 = python27'; };
# strip down that python version as much as possible
openssl = null;
bzip2 = null;
readline = null;
ncurses = null;
gdbm = null;
sqlite = null;
libffi = null;
rebuildBytecode = false;
stripBytecode = true;
strip2to3 = true;
stripConfig = true;
stripIdlelib = true;
stripTests = true;
enableOptimizations = false;
}; };
callPackage = lib.callPackageWith pkgs; callPackage = lib.callPackageWith (pkgs // { python27 = python27'; });
source = callPackage ./source.nix { }; source = callPackage ./source.nix { };
deps = callPackage ./deps.nix { }; deps = callPackage ./deps.nix { };
in in