Revert "nixpkgs: allow packages to be marked insecure"

This commit is contained in:
Graham Christensen 2017-02-23 09:41:42 -05:00 committed by GitHub
parent 274994785d
commit 59d61ef34a
2 changed files with 12 additions and 67 deletions

View File

@ -28,12 +28,5 @@ in stdenv.mkDerivation rec {
homepage = http://github.com/JonathanBeck/libplist;
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.urkud ];
knownVulnerabilities = [
"CVE-2017-5209: base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5545: attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5834: A heap-buffer overflow in parse_dict_node"
"CVE-2017-5835: A memory allocation error leading to DoS"
"CVE-2017-5836: A type inconsistency in bplist.c"
];
};
}

View File

@ -75,14 +75,6 @@ let
isUnfree (lib.lists.toList attrs.meta.license) &&
!allowUnfreePredicate attrs;
allowInsecureDefaultPredicate = x: builtins.elem x.name (config.permittedInsecurePackages or []);
allowInsecurePredicate = x: (config.allowUnfreePredicate or allowInsecureDefaultPredicate) x;
hasAllowedInsecure = attrs:
(attrs.meta.knownVulnerabilities or []) == [] ||
allowInsecurePredicate attrs ||
builtins.getEnv "NIXPKGS_ALLOW_INSECURE" == "1";
showLicense = license: license.shortName or "unknown";
defaultNativeBuildInputs = extraBuildInputs ++
@ -145,62 +137,24 @@ let
builtins.unsafeGetAttrPos "name" attrs;
pos'' = if pos' != null then "" + pos'.file + ":" + toString pos'.line + "" else "«unknown-file»";
throwEvalHelp = { reason, errormsg }:
# uppercase the first character of string s
let up = s: with lib;
(toUpper (substring 0 1 s)) + (substring 1 (stringLength s) s);
in
assert builtins.elem reason ["unfree" "broken" "blacklisted"];
throw ("Package ${attrs.name or "«name-missing»"} in ${pos''} ${errormsg}, refusing to evaluate."
+ (lib.strings.optionalString (reason != "blacklisted") ''
remediation = {
unfree = remediate_whitelist "Unfree";
broken = remediate_whitelist "Broken";
blacklisted = x: "";
insecure = remediate_insecure;
};
remediate_whitelist = allow_attr: attrs:
''
a) For `nixos-rebuild` you can set
{ nixpkgs.config.allow${allow_attr} = true; }
{ nixpkgs.config.allow${up reason} = true; }
in configuration.nix to override this.
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
{ allow${allow_attr} = true; }
{ allow${up reason} = true; }
to ~/.config/nixpkgs/config.nix.
'';
remediate_insecure = attrs:
''
Known issues:
'' + (lib.fold (issue: default: "${default} - ${issue}\n") "" attrs.meta.knownVulnerabilities) + ''
You can install it anyway by whitelisting this package, using the
following methods:
a) for `nixos-rebuild` you can add ${attrs.name or "«name-missing»"} to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"${attrs.name or "«name-missing»"}"
];
}
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
${attrs.name or "«name-missing»"} to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"${attrs.name or "«name-missing»"}"
];
}
'';
throwEvalHelp = { reason , errormsg ? "" }:
throw (''
Package ${attrs.name or "«name-missing»"} in ${pos''} ${errormsg}, refusing to evaluate.
'' + ((builtins.getAttr reason remediation) attrs));
''));
# Check if a derivation is valid, that is whether it passes checks for
# e.g brokenness or license.
@ -217,8 +171,6 @@ let
{ valid = false; reason = "broken"; errormsg = "is marked as broken"; }
else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem result.system attrs.meta.platforms then
{ valid = false; reason = "broken"; errormsg = "is not supported on ${result.system}"; }
else if !(hasAllowedInsecure attrs) then
{ valid = false; reason = "insecure"; errormsg = "is marked as insecure"; }
else { valid = true; };
outputs' =