diff options
author | WORLDofPEACE <worldofpeace@protonmail.ch> | 2021-02-23 10:25:18 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-23 10:25:18 -0500 |
commit | 4b10920ed1d3f386e969260fafe6c01766c5d195 (patch) | |
tree | 15aa2eb80b3e994b571d040985009548c211452b | |
parent | be63b7221044be01665d505e55785552fdf2609b (diff) | |
download | nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.tar nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.tar.gz nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.tar.bz2 nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.tar.lz nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.tar.xz nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.tar.zst nixpkgs-4b10920ed1d3f386e969260fafe6c01766c5d195.zip |
stdenv/check-meta: change to allowlist and blocklist (#114127)
* stdenv/check-meta: change to allowlist and blocklist * Update pkgs/stdenv/generic/check-meta.nix Co-authored-by: Graham Christensen <graham@grahamc.com>
-rw-r--r-- | doc/using/configuration.xml | 12 | ||||
-rw-r--r-- | pkgs/stdenv/generic/check-meta.nix | 40 |
2 files changed, 26 insertions, 26 deletions
diff --git a/doc/using/configuration.xml b/doc/using/configuration.xml index 2cd2615f54a..8e63e0072c8 100644 --- a/doc/using/configuration.xml +++ b/doc/using/configuration.xml @@ -151,26 +151,26 @@ </listitem> <listitem> <para> - It is also possible to whitelist and blacklist licenses that are specifically acceptable or not acceptable, using <literal>whitelistedLicenses</literal> and <literal>blacklistedLicenses</literal>, respectively. + It is also possible to allow and block licenses that are specifically acceptable or not acceptable, using <literal>allowlistedLicenses</literal> and <literal>blocklistedLicenses</literal>, respectively. </para> <para> - The following example configuration whitelists the licenses <literal>amd</literal> and <literal>wtfpl</literal>: + The following example configuration allowlists the licenses <literal>amd</literal> and <literal>wtfpl</literal>: <programlisting> { - whitelistedLicenses = with lib.licenses; [ amd wtfpl ]; + allowlistedLicenses = with lib.licenses; [ amd wtfpl ]; } </programlisting> </para> <para> - The following example configuration blacklists the <literal>gpl3Only</literal> and <literal>agpl3Only</literal> licenses: + The following example configuration blocklists the <literal>gpl3Only</literal> and <literal>agpl3Only</literal> licenses: <programlisting> { - blacklistedLicenses = with lib.licenses; [ agpl3Only gpl3Only ]; + blocklistedLicenses = with lib.licenses; [ agpl3Only gpl3Only ]; } </programlisting> </para> <para> - Note that <literal>whitelistedLicenses</literal> only applies to unfree licenses unless <literal>allowUnfree</literal> is enabled. It is not a generic whitelist for all types of licenses. <literal>blacklistedLicenses</literal> applies to all licenses. + Note that <literal>allowlistedLicenses</literal> only applies to unfree licenses unless <literal>allowUnfree</literal> is enabled. It is not a generic allowlist for all types of licenses. <literal>blocklistedLicenses</literal> applies to all licenses. </para> </listitem> </itemizedlist> diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index e170aae7370..7fa7f2305e8 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -16,8 +16,8 @@ let allowUnfree = config.allowUnfree or false || builtins.getEnv "NIXPKGS_ALLOW_UNFREE" == "1"; - whitelist = config.whitelistedLicenses or []; - blacklist = config.blacklistedLicenses or []; + allowlist = config.allowlistedLicenses or config.whitelistedLicenses or []; + blocklist = config.blocklistedLicenses or config.blacklistedLicenses or []; onlyLicenses = list: lib.lists.all (license: @@ -27,19 +27,19 @@ let ) list; areLicenseListsValid = - if lib.mutuallyExclusive whitelist blacklist then - assert onlyLicenses whitelist; assert onlyLicenses blacklist; true + if lib.mutuallyExclusive allowlist blocklist then + assert onlyLicenses allowlist; assert onlyLicenses blocklist; true else - throw "whitelistedLicenses and blacklistedLicenses are not mutually exclusive."; + throw "allowlistedLicenses and blocklistedLicenses are not mutually exclusive."; hasLicense = attrs: attrs ? meta.license; - hasWhitelistedLicense = assert areLicenseListsValid; attrs: - hasLicense attrs && lib.lists.any (l: builtins.elem l whitelist) (lib.lists.toList attrs.meta.license); + hasAllowlistedLicense = assert areLicenseListsValid; attrs: + hasLicense attrs && lib.lists.any (l: builtins.elem l allowlist) (lib.lists.toList attrs.meta.license); - hasBlacklistedLicense = assert areLicenseListsValid; attrs: - hasLicense attrs && lib.lists.any (l: builtins.elem l blacklist) (lib.lists.toList attrs.meta.license); + hasBlocklistedLicense = assert areLicenseListsValid; attrs: + hasLicense attrs && lib.lists.any (l: builtins.elem l blocklist) (lib.lists.toList attrs.meta.license); allowBroken = config.allowBroken or false || builtins.getEnv "NIXPKGS_ALLOW_BROKEN" == "1"; @@ -91,10 +91,10 @@ let pos_str = meta: meta.position or "«unknown-file»"; remediation = { - unfree = remediate_whitelist "Unfree" remediate_unfree_predicate; - broken = remediate_whitelist "Broken" (x: ""); - unsupported = remediate_whitelist "UnsupportedSystem" (x: ""); - blacklisted = x: ""; + unfree = remediate_allowlist "Unfree" remediate_unfree_predicate; + broken = remediate_allowlist "Broken" (x: ""); + unsupported = remediate_allowlist "UnsupportedSystem" (x: ""); + blocklisted = x: ""; insecure = remediate_insecure; broken-outputs = remediateOutputsToInstall; unknown-meta = x: ""; @@ -112,14 +112,14 @@ let remediate_unfree_predicate = attrs: '' - Alternatively you can configure a predicate to whitelist specific packages: + Alternatively you can configure a predicate to allow specific packages: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "${lib.getName attrs}" ]; } ''; - remediate_whitelist = allow_attr: rebuild_amendment: attrs: + remediate_allowlist = allow_attr: rebuild_amendment: attrs: '' a) To temporarily allow ${remediation_phrase allow_attr}, you can use an environment variable for a single invocation of the nix tools. @@ -141,7 +141,7 @@ let Known issues: '' + (lib.concatStrings (map (issue: " - ${issue}\n") attrs.meta.knownVulnerabilities)) + '' - You can install it anyway by whitelisting this package, using the + You can install it anyway by allowing this package, using the following methods: a) To temporarily allow all insecure packages, you can use an environment @@ -268,7 +268,7 @@ let # # Return { valid: Bool } and additionally # { reason: String; errormsg: String } if it is not valid, where - # reason is one of "unfree", "blacklisted", "broken", "insecure", ... + # reason is one of "unfree", "blocklisted", "broken", "insecure", ... # Along with a boolean flag for each reason checkValidity = attrs: { @@ -277,10 +277,10 @@ let unsupported = hasUnsupportedPlatform attrs; insecure = isMarkedInsecure attrs; } - // (if hasDeniedUnfreeLicense attrs && !(hasWhitelistedLicense attrs) then + // (if hasDeniedUnfreeLicense attrs && !(hasAllowlistedLicense attrs) then { valid = false; reason = "unfree"; errormsg = "has an unfree license (‘${showLicense attrs.meta.license}’)"; } - else if hasBlacklistedLicense attrs then - { valid = false; reason = "blacklisted"; errormsg = "has a blacklisted license (‘${showLicense attrs.meta.license}’)"; } + else if hasBlocklistedLicense attrs then + { valid = false; reason = "blocklisted"; errormsg = "has a blocklisted license (‘${showLicense attrs.meta.license}’)"; } else if !allowBroken && attrs.meta.broken or false then { valid = false; reason = "broken"; errormsg = "is marked as broken"; } else if !allowUnsupportedSystem && hasUnsupportedPlatform attrs then |