colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stdenv/check-meta: getEnv if the attribute is unset (#72376)

Browse Source 
There were two issues:

* builtins.getEnv was called deep into the nixpkgs tree making it hard
  to discover. This is solved by moving the call into
  pkgs/top-level/impure.nix
* when the config was explicitly set by the user to false, it would
  still try and load the environment variable. This meant that it was
  not possible to guarantee the same outcome on two different systems.
This commit is contained in:
zimbatm 2019-11-03 17:40:43 +00:00 committed by GitHub
parent 59edabf8ca
commit 71184f8e15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkgs/stdenv/generic/check-meta.nix
View File

@ -13,8 +13,7 @@ let
# for why this defaults to false, but I (@copumpkin) want to default it to true soon.
shouldCheckMeta = config.checkMeta or false;
allowUnfree = config.allowUnfree or false
|| builtins.getEnv "NIXPKGS_ALLOW_UNFREE" == "1";
allowUnfree = config.allowUnfree or false;
whitelist = config.whitelistedLicenses or [];
blacklist = config.blacklistedLicenses or [];
@ -41,11 +40,9 @@ let
hasBlacklistedLicense = assert areLicenseListsValid; attrs:
hasLicense attrs && lib.lists.any (l: builtins.elem l blacklist) (lib.lists.toList attrs.meta.license);
allowBroken = config.allowBroken or false
|| builtins.getEnv "NIXPKGS_ALLOW_BROKEN" == "1";
allowBroken = config.allowBroken or false;
allowUnsupportedSystem = config.allowUnsupportedSystem or false
|| builtins.getEnv "NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM" == "1";
allowUnsupportedSystem = config.allowUnsupportedSystem or false;
isUnfree = licenses: lib.lists.any (l: !l.free or true) licenses;
@ -73,7 +70,7 @@ let
hasAllowedInsecure = attrs:
(attrs.meta.knownVulnerabilities or []) == [] ||
allowInsecurePredicate attrs ||
builtins.getEnv "NIXPKGS_ALLOW_INSECURE" == "1";
config.allowInsecure or false;
showLicense = license: toString (map (l: l.shortName or "unknown") (lib.lists.toList license));

13
pkgs/top-level/impure.nix
View File

@ -10,6 +10,14 @@ let
# Return x if it evaluates, or def if it throws an exception.
try = x: def: let res = tryEval x; in if res.success then res.value else def;
defaultConfig = {
# These attributes are used in pkgs/stdenv/generic/check-meta.nix
allowBroken = builtins.getEnv "NIXPKGS_ALLOW_BROKEN" == "1";
allowInsecure = builtins.getEnv "NIXPKGS_ALLOW_INSECURE" == "1";
allowUnfree = builtins.getEnv "NIXPKGS_ALLOW_UNFREE" == "1";
allowUnsupportedSystem = builtins.getEnv "NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM" == "1";
};
in
{ # We combine legacy `system` and `platform` into `localSystem`, if
@ -82,7 +90,10 @@ in
assert args ? localSystem -> !(args ? system || args ? platform);
import ./. (builtins.removeAttrs args [ "system" "platform" ] // {
inherit config overlays crossSystem crossOverlays;
inherit overlays crossSystem crossOverlays;
config = defaultConfig // config;
# Fallback: Assume we are building packages on the current (build, in GNU
# Autotools parlance) system.
localSystem = if builtins.isString localSystem then localSystem