This continues where d8f7f6a5ce left off. Similarly
to that commit, this commit this also points `sourceRoot`s to `src.name` and similar
instead of keeping hardcoded names, and edits other derivation attrs do do the same,
where appropriate.
Also, similarly to d8f7f6a5ce some of expressions this
edits use `srcs` attribute with customly-named sources, so they have to be moved
into `let` blocks to keep evaluation efficient (the other, worse, way to do this
would to recurcively refer to `elemAt n finalAttrs.srcs` or, similarly, with `rec`).
librdimon.a is only available on ARM architectures, therefore building
newlib-nano for other architectures (e.g. RISC-V) fails presently.
This commit fixes this issue by only copying the library files that
actually exist in the for loop body. Alternatively, it would be
theoretically feasible to change the libraries iterated over based
on the targeted architecture.
One of resholve's passthru tests depended on getting `script` from
util-linux, but it's no longer there on macos after #232713.
This change just tracks upstream change to use unixtools.script, which
is what I should have used in the first place. Upstream commit for
reference:
3407150949
apply patch from gentoo because there's no libstdc++.a libsupc++.a or
their nano versions
this matches upstream arm more
https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
-lc_nano is used in nano.specs but 'libc_nano.a' is not installed without these changes
with structuredAttrs lists will be bash arrays which cannot be exported
which will be a issue with some patches and some wrappers like cc-wrapper
this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists
in env cause a eval failure
This release gets resholve caught up to the latest release of oil/osh.
Since the update was already somewhat involved, I used the opportunity
to also figure out how to patch out some C extensions and external
dependencies that shouldn't be necessary just to use the parser.
- update README.md
- github.com/abathur/resholve/blob/master/CHANGELOG.md#v090-jan-29-2023
- github.com/abathur/nix-py-dev-oil/compare/v0.8.12.3...v0.14.0.0
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
Bump to the latest relase. The current version is outdated and doesn't
seem to be able to boot my CM4 to mass storage device mode. This version
does, and according to
https://github.com/raspberrypi/usbboot/releases/tag/20221215-105525, it
"works on all current Raspberry Pi models and uses the default
bootloader that is signed with the secure-boot ROM key".
We are marking `resholve` itself with `meta.knownVulnerabilities`, and
overriding `resholve-utils` functions's `resholve` with
`meta.knownVulnerabilities = [ ]`.
This way, we can still use `resholve` at build-time without triggering
security warnings, however we can't instantiate `resholve` itself. See:
```
$ nix-build -A resholve
error: Package ‘resholve-0.8.4’ in /.../nixpkgs/pkgs/development/misc/resholve/resholve.nix:48 is marked as insecure, refusing to evaluate.
$ nix-build -A ix
/nix/store/k8cvj1bfxkjj8zdg6kgm7r8942bbj7w7-ix-20190815
```
For debugging purposes, you can still bypass the security checks and
instantiate `resholve` by:
```
$ NIXPKGS_ALLOW_INSECURE=1 nix-build -A resholve
/nix/store/77s87hhqymc6x9wpclb04zg5jwm6fsij-resholve-0.8.4
```
Forgot to port this resholve Nix API fix in the course of #184292.
Same change as:
github.com/abathur/resholve/commit/b743d2eb12d82e35c567733a7a884174e3606641
This PR strips down the modified `python27` derivation used by `resholve`. The
idea is to reduce the possible security issues, and also to make it easier to
bootstrap.
