From f24c3a7f8e8ef8df225280d21fe74249ed082989 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Sun, 28 Jul 2024 21:28:28 -0400 Subject: [PATCH 01/11] pkgs/top-level/config.nix: nixfmt-rfc-style --- pkgs/top-level/config.nix | 68 ++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index 67a9a60dbaeaa..f800ee5be865e 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -17,32 +17,39 @@ let types ; - mkMassRebuild = args: mkOption (builtins.removeAttrs args [ "feature" ] // { - type = args.type or (types.uniq types.bool); - default = args.default or false; - description = ((args.description or '' - Whether to ${args.feature} while building nixpkgs packages. - '') + '' - Changing the default may cause a mass rebuild. - ''); - }); + mkMassRebuild = + args: + mkOption ( + builtins.removeAttrs args [ "feature" ] + // { + type = args.type or (types.uniq types.bool); + default = args.default or false; + description = ( + (args.description or '' + Whether to ${args.feature} while building nixpkgs packages. + '' + ) + + '' + Changing the default may cause a mass rebuild. + '' + ); + } + ); options = { - /* Internal stuff */ + # Internal stuff # Hide built-in module system options from docs. - _module.args = mkOption { - internal = true; - }; + _module.args = mkOption { internal = true; }; warnings = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; internal = true; }; - /* Config options */ + # Config options warnUndeclaredOptions = mkOption { description = "Whether to warn when `config` contains an unrecognized attribute."; @@ -50,13 +57,9 @@ let default = false; }; - doCheckByDefault = mkMassRebuild { - feature = "run `checkPhase` by default"; - }; + doCheckByDefault = mkMassRebuild { feature = "run `checkPhase` by default"; }; - strictDepsByDefault = mkMassRebuild { - feature = "set `strictDeps` to true by default"; - }; + strictDepsByDefault = mkMassRebuild { feature = "set `strictDeps` to true by default"; }; structuredAttrsByDefault = mkMassRebuild { feature = "set `__structuredAttrs` to true by default"; @@ -142,7 +145,7 @@ let showDerivationWarnings = mkOption { type = types.listOf (types.enum [ "maintainerless" ]); - default = []; + default = [ ]; description = '' Which warnings to display for potentially dangerous or deprecated values passed into `stdenv.mkDerivation`. @@ -164,21 +167,28 @@ let }; }; -in { +in +{ freeformType = - let t = types.lazyAttrsOf types.raw; - in t // { - merge = loc: defs: - let r = t.merge loc defs; - in r // { _undeclared = r; }; + let + t = types.lazyAttrsOf types.raw; + in + t + // { + merge = + loc: defs: + let + r = t.merge loc defs; + in + r // { _undeclared = r; }; }; inherit options; config = { warnings = optionals config.warnUndeclaredOptions ( - mapAttrsToList (k: v: "undeclared Nixpkgs option set: config.${k}") config._undeclared or {} + mapAttrsToList (k: v: "undeclared Nixpkgs option set: config.${k}") config._undeclared or { } ); }; From 1899a02870cceb1e4ba9bcb6a9371258f840e49c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Sun, 28 Jul 2024 21:37:30 -0400 Subject: [PATCH 02/11] pkgs/top-level/config.nix: add options.allowNonSource --- pkgs/stdenv/generic/check-meta.nix | 2 +- pkgs/top-level/config.nix | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 502343f01fb32..3f680254a7291 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -55,7 +55,7 @@ let envVar = builtins.getEnv "NIXPKGS_ALLOW_NONSOURCE"; in if envVar != "" then envVar != "0" - else config.allowNonSource or true; + else config.allowNonSource; allowlist = config.allowlistedLicenses or config.whitelistedLicenses or []; blocklist = config.blocklistedLicenses or config.blacklistedLicenses or []; diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index f800ee5be865e..9168753ecface 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -12,6 +12,7 @@ let inherit (lib) literalExpression mapAttrsToList + mkEnableOption mkOption optionals types @@ -107,6 +108,15 @@ let ''; }; + allowNonSource = mkEnableOption "" // { + default = true; + defaultText = literalExpression ''true && builtins.getEnv "NIXPKGS_ALLOW_NONSOURCE" != "0"''; + description = '' + Whether to allow non-source packages. + Can be combined with `config.allowNonSourcePredicate`. + ''; + }; + allowBroken = mkOption { type = types.bool; default = false; From 598f2257d73e6e18f0a59327bf4cafaf8b7cce3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Sun, 28 Jul 2024 21:37:30 -0400 Subject: [PATCH 03/11] pkgs/top-level/config.nix: add options.allowUnfreePredicate --- pkgs/stdenv/generic/check-meta.nix | 2 +- pkgs/top-level/config.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 3f680254a7291..25cd1fee3395b 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -113,7 +113,7 @@ let # allowUnfree = false; # allowUnfreePredicate = (x: pkgs.lib.hasPrefix "vscode" x.name); # } - allowUnfreePredicate = config.allowUnfreePredicate or (x: false); + inherit (config) allowUnfreePredicate; # Check whether unfree packages are allowed and if not, whether the # package has an unfree license and is not explicitly allowed by the diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index 9168753ecface..819141a58d3d0 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -108,6 +108,19 @@ let ''; }; + allowUnfreePredicate = mkOption { + type = types.functionTo types.bool; + default = _: false; + defaultText = literalExpression ''pkg: false''; + example = literalExpression ''pkg: lib.hasPrefix "vscode" pkg.name''; + description = '' + A function that specifies whether a given unfree package may be permitted. + Only takes effect if [`config.allowUnfree`](#opt-allowUnfree) is set to false. + + See [Installing unfree packages](https://nixos.org/manual/nixpkgs/stable/#sec-allow-unfree) in the NixOS manual. + ''; + }; + allowNonSource = mkEnableOption "" // { default = true; defaultText = literalExpression ''true && builtins.getEnv "NIXPKGS_ALLOW_NONSOURCE" != "0"''; From 333370df4f9ac611f82ee0451d0fe6ef7312b429 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Sun, 28 Jul 2024 21:41:08 -0400 Subject: [PATCH 04/11] pkgs/top-level/config.nix: add options.allowNonSourcePredicate --- pkgs/stdenv/generic/check-meta.nix | 2 +- pkgs/top-level/config.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 25cd1fee3395b..c1e83827f7acd 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -145,7 +145,7 @@ let # allowNonSource = false; # allowNonSourcePredicate = with pkgs.lib.lists; pkg: !(any (p: !p.isSource && p != lib.sourceTypes.binaryFirmware) pkg.meta.sourceProvenance); # } - allowNonSourcePredicate = config.allowNonSourcePredicate or (x: false); + inherit (config) allowNonSourcePredicate; # Check whether non-source packages are allowed and if not, whether the # package has non-source provenance and is not explicitly allowed by the diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index 819141a58d3d0..f47e36f7ed980 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -130,6 +130,22 @@ let ''; }; + allowNonSourcePredicate = mkOption { + type = types.functionTo types.bool; + default = _: false; + defaultText = literalExpression ''pkg: false''; + example = literalExpression '' + pkg: + (lib.all ( + prov: prov.isSource || prov == lib.sourceTypes.binaryFirmware + ) pkg.meta.sourceProvenance); + ''; + description = '' + A function that specifies whether a given non-source package may be permitted. + Only takes effect if [`config.allowNonSource`](#opt-allowNonSource) is set to false. + ''; + }; + allowBroken = mkOption { type = types.bool; default = false; From 0e7bb498f270c7238db8b98b896df60aba314232 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Sun, 28 Jul 2024 23:09:16 -0400 Subject: [PATCH 05/11] pkgs/top-level/config.nix: add options.packageOverrides --- pkgs/top-level/config.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index f47e36f7ed980..64ba911c0026f 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -182,6 +182,23 @@ let feature = "build packages with ROCm support by default"; }; + packageOverrides = mkOption { + type = types.functionTo types.raw; + default = lib.id; + defaultText = literalExpression ''lib.id''; + example = literalExpression '' + pkgs: rec { + foo = pkgs.foo.override { /* ... */ }; + }; + ''; + description = '' + A function that takes the current nixpkgs instance (`pkgs`) as an argument + and returns a modified set of packages. + + See [Modify packages via `packageOverrides`](#sec-modify-via-packageOverrides). + ''; + }; + showDerivationWarnings = mkOption { type = types.listOf (types.enum [ "maintainerless" ]); default = [ ]; From 139f90426bee573334d45822afad00bda37848d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:13:13 -0400 Subject: [PATCH 06/11] pkgs/top-level/config.nix: add options.{permittedInsecurePackages,allowInsecurePredicate} --- pkgs/stdenv/generic/check-meta.nix | 2 +- pkgs/top-level/config.nix | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index c1e83827f7acd..be2713e6885c2 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -123,7 +123,7 @@ let !allowUnfree && !allowUnfreePredicate attrs; - allowInsecureDefaultPredicate = x: builtins.elem (getNameWithVersion x) (config.permittedInsecurePackages or []); + allowInsecureDefaultPredicate = x: elem (getNameWithVersion x) config.permittedInsecurePackages; allowInsecurePredicate = x: (config.allowInsecurePredicate or allowInsecureDefaultPredicate) x; hasAllowedInsecure = attrs: diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index 64ba911c0026f..b848f82f2ae20 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -170,6 +170,33 @@ let ''; }; + permittedInsecurePackages = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + List of insecure package names that are permitted. + Only takes effect if [`config.allowInsecurePredicate`](#opt-allowInsecurePredicate) is left as default + or is written to use the values in this option. + + See [Installing insecure packages](#sec-allow-insecure). + ''; + }; + + allowInsecurePredicate = mkOption { + type = types.functionTo types.bool; + defaultText = literalExpression '' + pkg: + builtins.elem (pkg.name + or "''${pkg.pname or "«name-missing»"}-''${pkg.version or "«version-missing»"}" + ) config.permittedInsecurePackages + ''; + description = '' + A function that specifies whether a given insecure package may be permitted. + + See [Installing insecure packages](#sec-allow-insecure). + ''; + }; + cudaSupport = mkMassRebuild { type = types.bool; default = false; From 36c042321146677398d5dc5db1d7e10e6f2a5891 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:34:04 -0400 Subject: [PATCH 07/11] pkgs/top-level/config.nix: add options.checkMetaRecursively --- pkgs/top-level/config.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index b848f82f2ae20..fedc62ecc78c0 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -248,6 +248,8 @@ let Whether to check that the `meta` attribute of derivations are correct during evaluation time. ''; }; + + checkMetaRecursively = mkEnableOption "checking that the `meta` attribute of derivations and their references are correct during evalution"; }; in From d442a38364ab826efedb795dfd8959877ec89414 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:37:18 -0400 Subject: [PATCH 08/11] pkgs/top-level/config.nix: add options.handleEvalIssue --- pkgs/top-level/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index fedc62ecc78c0..7069ea1e4688d 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -250,6 +250,14 @@ let }; checkMetaRecursively = mkEnableOption "checking that the `meta` attribute of derivations and their references are correct during evalution"; + + handleEvalIssue = mkOption { + type = types.functionTo (types.functionTo types.bool); + internal = true; + description = '' + Function to handle evaluation errors and possibly output a more informative message. + ''; + }; }; in From 1d4739627420004b8daca07a53866d961371e299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:40:41 -0400 Subject: [PATCH 09/11] pkgs/top-level/config.nix: add options.inHydra --- pkgs/stdenv/generic/check-meta.nix | 3 ++- pkgs/top-level/config.nix | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index be2713e6885c2..cd304d87d2beb 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -41,7 +41,8 @@ let # If we're in hydra, we can dispense with the more verbose error # messages and make problems easier to spot. - inHydra = config.inHydra or false; + inherit (config) inHydra; + # Allow the user to opt-into additional warnings, e.g. # import { config = { showDerivationWarnings = [ "maintainerless" ]; }; } showWarnings = config.showDerivationWarnings; diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index 7069ea1e4688d..51cede487cacd 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -258,6 +258,14 @@ let Function to handle evaluation errors and possibly output a more informative message. ''; }; + + inHydra = mkEnableOption "" // { + internal = true; + description = '' + Whether the current nixpkgs instance is being evauluated by Hydra. + If set to true, evaluation checks will produce less verbose error messages. + ''; + }; }; in From 87e58be23bbaa84194509d57607cd6bb10393742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:57:54 -0400 Subject: [PATCH 10/11] pkgs/top-level/config.nix: add options.{allow,block}listedLicenses --- pkgs/top-level/config.nix | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/pkgs/top-level/config.nix b/pkgs/top-level/config.nix index 51cede487cacd..861a34d326c1d 100644 --- a/pkgs/top-level/config.nix +++ b/pkgs/top-level/config.nix @@ -121,6 +121,42 @@ let ''; }; + allowlistedLicenses = mkOption { + type = types.listOf (types.lazyAttrsOf types.raw); # list of license attrsets + default = [ ]; + example = literalExpression '' + [ + lib.licenses.cc-by-nc-sa-20 + ({ + spdxId = "Abstyles"; + fullName = "Abstyles License"; + }) + ] + ''; + description = '' + Permits evaluation of a package, if the package: + * only has free licenses or licenses in this allowlist, and + * does not fail evaluation for some other reason. + ''; + }; + + blocklistedLicenses = mkOption { + type = types.listOf (types.lazyAttrsOf types.raw); # list of license attrsets + default = [ ]; + example = literalExpression '' + [ + lib.licenses.cc-by-nc-sa-20 + ({ + spdxId = "Abstyles"; + fullName = "Abstyles License"; + }) + ] + ''; + description = '' + Disallows evaluation of a package, if the package has a license in this blocklist. + ''; + }; + allowNonSource = mkEnableOption "" // { default = true; defaultText = literalExpression ''true && builtins.getEnv "NIXPKGS_ALLOW_NONSOURCE" != "0"''; From d65c92e966c59368f03db211125ad47f8976d017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=A9clairevoyant?= <848000+eclairevoyant@users.noreply.github.com> Date: Sun, 4 Aug 2024 15:00:05 -0400 Subject: [PATCH 11/11] pkgs/top-level/config.nix: pass nixf-tidy --- pkgs/stdenv/generic/check-meta.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index cd304d87d2beb..9bb24931d9ac3 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -47,7 +47,7 @@ let # import { config = { showDerivationWarnings = [ "maintainerless" ]; }; } showWarnings = config.showDerivationWarnings; - getNameWithVersion = attrs: attrs.name or ("${attrs.pname or "«name-missing»"}-${attrs.version or "«version-missing»"}"); + getNameWithVersion = attrs: attrs.name or "${attrs.pname or "«name-missing»"}-${attrs.version or "«version-missing»"}"; allowUnfree = config.allowUnfree || builtins.getEnv "NIXPKGS_ALLOW_UNFREE" == "1";