check-meta.nix: implement config.permittedUnfreePackages#44518
Closed
oxij wants to merge 2 commits intoNixOS:masterfrom
Closed
check-meta.nix: implement config.permittedUnfreePackages#44518oxij wants to merge 2 commits intoNixOS:masterfrom
config.permittedUnfreePackages#44518oxij wants to merge 2 commits intoNixOS:masterfrom
Conversation
GrahamcOfBorg
added
6.topic: stdenv
Member
|
You can do this via allowUnfreePredicate right now: I dunno if it's worth doing here. I guess for consistency with insecure packages it does make sense. I also still have open #43672 to try to standardize these config options a bit. I still haven't figured out how to fix the eval error yet though. |
Member
Author
|
@matthewbauer Yes, in fact it does exactly that behind the scenes. But, IMHO, exposing a predicate to normal users is meh. "Set |
Member
|
IMHO Also, |
... similarly to `config.permittedInsecurePackages`.
Member
Author
|
IMHO `check-meta.nix` is already over-engineered enough, so let's not make it even more complicated.
The actual change of this PR is just
```diff
- allowUnfreePredicate = config.allowUnfreePredicate or (x: false);
+ allowUnfreeDefaultPredicate = x: builtins.elem x.name (config.permittedUnfreePackages or []);
+ allowUnfreePredicate = x: (config.allowUnfreePredicate or allowUnfreeDefaultPredicate) x;
```
which simply duplicates the "Unfree" case up to the renaming of the variables (which, arguably, actually makes things simpler, as in "more consistent"), the rest is to make check-meta errors less copy-pastey and prettier.
I split the patch into two to make this clearer.
Also, `permitted` -> `allowed` for consistency.
The similar option for `Unfree` is named `config.permittedUnfreePackages` and `config.permittedInsecurePackages` for `Insecure`. I'm ok with using either scheme, but renaming those options would be quite a pain, so the current name is consistent enough, I think.
|
oxij
force-pushed
the
stdenv/permitted-unfree-packages
branch
from
72ce706 to
5b4134a
Compare
Member
Author
|
ping?
|
Member
Author
|
I have some more ideas about this, will redo later. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I don't want to have
allowUnfree = trueset and risk accidentally adding something I didn't intend just because I need a single unfree package. On master you can whitelist a single vulnerable package, but you can only whitelist unfree ones together in a single swoop, this fixes it and generalizes docstring generation somewhat.I think broken and unsupported packages should be done the same way, but that's not my itch ATM.