nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-26 23:03:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

nix: simplify version checks (#363831)

Browse Source
This commit is contained in:
Jörg Thalheim 2024-12-11 10:42:44 +01:00 committed by GitHub
commit 79a7ad1c21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 24 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
pkgs/tools/package-management/nix/common.nix
View File

@ -10,26 +10,8 @@
}@args:
assert (hash == null) -> (src != null);
let
atLeast24 = lib.versionAtLeast version "2.4pre";
atLeast25 = lib.versionAtLeast version "2.5pre";
atLeast27 = lib.versionAtLeast version "2.7pre";
atLeast210 = lib.versionAtLeast version "2.10pre";
atLeast213 = lib.versionAtLeast version "2.13pre";
atLeast214 = lib.versionAtLeast version "2.14pre";
atLeast218 = lib.versionAtLeast version "2.18pre";
atLeast219 = lib.versionAtLeast version "2.19pre";
atLeast220 = lib.versionAtLeast version "2.20pre";
atLeast221 = lib.versionAtLeast version "2.21pre";
atLeast224 = lib.versionAtLeast version "2.24pre";
atLeast225 = lib.versionAtLeast version "2.25pre";
# Major.minor versions unaffected by CVE-2024-27297
unaffectedByFodSandboxEscape = [
"2.3"
"2.16"
"2.18"
"2.19"
"2.20"
];
in
{ stdenv
, autoconf-archive
@ -112,7 +94,7 @@ self = stdenv.mkDerivation {
"shadowstack"
] ++ lib.optional stdenv.hostPlatform.isMusl "fortify";
nativeInstallCheckInputs = lib.optional atLeast221 git ++ lib.optional atLeast219 man;
nativeInstallCheckInputs = lib.optional atLeast224 [ git man ];
nativeBuildInputs = [
pkg-config
@ -121,17 +103,18 @@ self = stdenv.mkDerivation {
bison
flex
jq
] ++ lib.optionals (enableDocumentation && !atLeast24) [
libxslt
libxml2
docbook_xsl_ns
docbook5
] ++ lib.optionals (enableDocumentation && atLeast24) [
(lib.getBin lowdown-unsandboxed)
mdbook
] ++ lib.optionals (atLeast213 && enableDocumentation) [
mdbook-linkcheck
] ++ lib.optionals stdenv.hostPlatform.isLinux [
] ++ lib.optionals enableDocumentation
(if atLeast224 then [
(lib.getBin lowdown-unsandboxed)
mdbook
mdbook-linkcheck
] else [
libxslt
libxml2
docbook_xsl_ns
docbook5
])
++ lib.optionals stdenv.hostPlatform.isLinux [
util-linuxMinimal
];
@ -148,23 +131,21 @@ self = stdenv.mkDerivation {
gtest
libarchive
lowdown
] ++ lib.optionals atLeast220 [
] ++ lib.optionals atLeast224 [
libgit2
] ++ lib.optionals (atLeast224 || lib.versionAtLeast version "pre20240626") [
toml11
rapidcheck
] ++ lib.optionals (atLeast225 && enableDocumentation) [
python3
] ++ lib.optionals stdenv.hostPlatform.isDarwin [
Security
] ++ lib.optionals (stdenv.hostPlatform.isx86_64) [
libcpuid
] ++ lib.optionals atLeast214 [
rapidcheck
] ++ lib.optionals withLibseccomp [
libseccomp
] ++ lib.optionals withAWS [
aws-sdk-cpp
] ++ lib.optional (atLeast218 && stdenv.hostPlatform.isDarwin) [
] ++ lib.optional (atLeast224 && stdenv.hostPlatform.isDarwin) [
darwin.apple_sdk.libs.sandbox
] ++ lib.optional (atLeast224 && stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64) [
# Fix the following error with the default x86_64-darwin SDK:
@ -179,7 +160,7 @@ self = stdenv.mkDerivation {
propagatedBuildInputs = [
boehmgc
] ++ lib.optionals atLeast27 [
] ++ lib.optionals atLeast224 [
nlohmann_json
];
@ -203,7 +184,7 @@ self = stdenv.mkDerivation {
# removes config.nix entirely and is not present in 2.3.x, we need to
# patch around an issue where the Nix configure step pulls in the build
# system's bash and other utilities when cross-compiling.
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && !atLeast24) ''
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && !atLeast224) ''
mkdir tmp/
substitute corepkgs/config.nix.in tmp/config.nix.in \
--subst-var-by bash ${bash}/bin/bash \
@ -225,14 +206,14 @@ self = stdenv.mkDerivation {
"--disable-doc-gen"
] ++ lib.optionals stdenv.hostPlatform.isLinux [
"--with-sandbox-shell=${busybox-sandbox-shell}/bin/busybox"
] ++ lib.optionals (atLeast210 && stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic) [
] ++ lib.optionals (atLeast224 && stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic) [
"--enable-embedded-sandbox-shell"
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system) [
"--with-system=${stdenv.hostPlatform.nix.system}"
] ++ lib.optionals (!withLibseccomp) [
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
"--disable-seccomp-sandboxing"
] ++ lib.optionals (atLeast210 && stdenv.cc.isGNU && !enableStatic) [
] ++ lib.optionals (atLeast224 && stdenv.cc.isGNU && !enableStatic) [
"--enable-lto"
];
@ -248,7 +229,7 @@ self = stdenv.mkDerivation {
installFlags = [ "sysconfdir=$(out)/etc" ];
doInstallCheck = true;
installCheckTarget = if atLeast210 then "installcheck" else null;
installCheckTarget = if atLeast224 then "installcheck" else null;
# socket path becomes too long otherwise
preInstallCheck = lib.optionalString stdenv.hostPlatform.isDarwin ''
@ -260,17 +241,17 @@ self = stdenv.mkDerivation {
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
''
# See https://github.com/NixOS/nix/issues/5687
+ lib.optionalString (atLeast25 && stdenv.hostPlatform.isDarwin) ''
+ lib.optionalString (atLeast224 && stdenv.hostPlatform.isDarwin) ''
echo "exit 99" > tests/gc-non-blocking.sh
'' # TODO: investigate why this broken
+ lib.optionalString (atLeast25 && stdenv.hostPlatform.system == "aarch64-linux") ''
+ lib.optionalString (atLeast224 && stdenv.hostPlatform.system == "aarch64-linux") ''
echo "exit 0" > tests/functional/flakes/show.sh
'' + ''
# nixStatic otherwise does not find its man pages in tests.
export MANPATH=$man/share/man:$MANPATH
'';
separateDebugInfo = stdenv.hostPlatform.isLinux && (atLeast24 -> !enableStatic);
separateDebugInfo = stdenv.hostPlatform.isLinux && (atLeast224 -> !enableStatic);
enableParallelBuilding = true;
@ -331,7 +312,6 @@ self = stdenv.mkDerivation {
platforms = platforms.unix;
outputsToInstall = [ "out" ] ++ optional enableDocumentation "man";
mainProgram = "nix";
knownVulnerabilities = lib.optional (!builtins.elem (lib.versions.majorMinor version) unaffectedByFodSandboxEscape && !atLeast221) "CVE-2024-27297";
};
};
in self