Commit Graph

19 Commits

Author SHA1 Message Date
Sigmanificient
63d05d989e pkgs/development: remove unused arguments 2024-08-03 17:18:20 +02:00
Travis A. Everett
56d5b181c9 resholve: 0.9.1 -> 0.10.2, ongoing cross fixes 2024-03-28 19:45:35 -05:00
Travis A. Everett
7bf3f335a3 resholve: 0.9.0 -> 0.9.1 2023-12-01 05:49:28 +00:00
Thiago Kenji Okada
1d77a86904 resholve: fix CLI tests 2023-01-15 12:29:42 +00:00
Thiago Kenji Okada
66093a4120 python27: remove stripLibs argument
Since we are now guarantee that the `resholve` is not exposing `python27`,
let's remove the `stripLibs` hack that tried to reduce its size.
2023-01-15 12:29:42 +00:00
Thiago Kenji Okada
c44e0571fc resholve: mark it as knownVulnerabilities, allow resholve-utils usage
We are marking `resholve` itself with `meta.knownVulnerabilities`, and
overriding `resholve-utils` functions's `resholve` with
`meta.knownVulnerabilities = [ ]`.

This way, we can still use `resholve` at build-time without triggering
security warnings, however we can't instantiate `resholve` itself. See:

```
$ nix-build -A resholve
error: Package ‘resholve-0.8.4’ in /.../nixpkgs/pkgs/development/misc/resholve/resholve.nix:48 is marked as insecure, refusing to evaluate.

$ nix-build -A ix
/nix/store/k8cvj1bfxkjj8zdg6kgm7r8942bbj7w7-ix-20190815
```

For debugging purposes, you can still bypass the security checks and
instantiate `resholve` by:

```
$ NIXPKGS_ALLOW_INSECURE=1 nix-build -A resholve
/nix/store/77s87hhqymc6x9wpclb04zg5jwm6fsij-resholve-0.8.4
```
2023-01-15 12:29:42 +00:00
Thiago Kenji Okada
e13660c50c resholve: remove openssl from python27 2023-01-10 18:06:09 +00:00
figsoda
da56c13198 resholve: fix build on aarch64-darwin 2022-12-18 12:32:53 -05:00
Thiago Kenji Okada
283ecac082 resholve: strip unused libraries from python27
Strip unused libraries from resholve's own python27 derivation, further
reducing its size and reducing its attack surface.
2022-12-15 00:07:02 +00:00
Thiago Kenji Okada
2e943fc060 resholve: use stripped-down python27
This PR strips down the modified `python27` derivation used by `resholve`. The
idea is to reduce the possible security issues, and also to make it easier to
bootstrap.
2022-12-13 14:37:00 +00:00
Travis A. Everett
4fabafb699 resholve: fold in python package deps
Protects resholve and dependents from breakages as py27 support is
removed (or rots).
2022-12-09 17:11:59 -06:00
Thiago Kenji Okada
c6059ff8b6 resholve: use system from stdenv.hostPlatform instead of alias 2022-12-05 14:12:38 +00:00
Travis A. Everett
02b7967806 resholve: selectively enable python27 2022-12-03 13:51:48 -06:00
Travis A. Everett
09d441d21c resholve: 0.6.9 -> 0.8.0
Also track upstream .nix changes over same window.
2022-04-08 21:13:20 -04:00
Travis A. Everett
b5833091d4 resholve: 0.6.0 -> 0.6.1, add resholveScript* fns 2021-09-27 16:01:09 +09:00
Travis A. Everett
67ec4fa479 resholve: fix review nits from #138080 2021-09-27 16:01:09 +09:00
Travis A. Everett
a649cbca09 resholvePackage: extract util functions
Extract argument-handling utility functions to prepare for adding
resholveScript* functions.

This tracks upstream work, but I broke it up a little more semantically here
in case it aids review. See:
6aab748205
2021-09-27 16:01:09 +09:00
Travis A. Everett
08b791a01b resholve: 0.5.1 -> 0.6.0, refactor, +binlore
A bit going on here.
- Updating resholve from 0.5.1 -> 0.6.0
  - adding a depdendency, `binlore`, to supply ~intel on executables
    that supports new functionality in resholve
  - adding a package, `yallback`, which provides rule-based callbacks
    for YARA rule matches (depdency of `binlore`).
  - automatically generating "lore" for each `input` to a solution in
    `resholvePackage`.
  - update README
- restructuring some nix components to better support
  my local dev and CI workflows.
  - moved package tests into passthru/tests.nix (cuts `bats` out of
    resholve's immediate dependencies, makes it possible to add my
    existing Nix API test).
  - move my oil-dev patches out of resholve into a separate repo (no
    oil rebuild every time resholve's source changes). Also moving
    oil-dev into its own Nix file here, to ~track the default.nix in
    its own repo.
2021-09-22 09:54:04 -05:00
Travis A. Everett
6fd9283bba
resholve: init at 0.4.0 (#85827)
resholve: init at 0.4.0

resholve attempts to resolve executables in shell scripts.
Includes Nix builder for resolving dependencies in Nix-built
shell projects.
2021-01-05 11:56:59 -05:00