diff options
Diffstat (limited to 'pkgs/tools/package-management')
-rw-r--r-- | pkgs/tools/package-management/nix/common.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/package-management/nix/default.nix | 23 | ||||
-rw-r--r-- | pkgs/tools/package-management/nixpkgs-review/default.nix | 24 |
3 files changed, 27 insertions, 22 deletions
diff --git a/pkgs/tools/package-management/nix/common.nix b/pkgs/tools/package-management/nix/common.nix index 1cf2beb2bbb..25684ef3a7a 100644 --- a/pkgs/tools/package-management/nix/common.nix +++ b/pkgs/tools/package-management/nix/common.nix @@ -1,6 +1,7 @@ { lib, fetchFromGitHub , version , suffix ? "" +, curl , sha256 ? null , src ? fetchFromGitHub { owner = "NixOS"; repo = "nix"; rev = version; inherit sha256; } , patches ? [ ] @@ -23,7 +24,6 @@ in , bzip2 , callPackage , coreutils -, curl , editline , flex , gnutar diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index b91ee5c9ee6..47c442cc8da 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -1,6 +1,7 @@ { lib , aws-sdk-cpp , boehmgc +, curl , callPackage , fetchFromGitHub , fetchurl @@ -31,7 +32,7 @@ let common = args: callPackage - (import ./common.nix ({ inherit lib fetchFromGitHub; } // args)) + (import ./common.nix ({ inherit lib fetchFromGitHub curl; } // args)) { inherit Security storeDir stateDir confDir; boehmgc = boehmgc-nix; @@ -86,29 +87,21 @@ in lib.makeExtensible (self: { }; nix_2_9 = common { - version = "2.9.0"; - sha256 = "sha256-W6aTsTpCTb+vXQEXDjnKqetOuJmEfSuK2CXvAMqwo74="; - patches = [ - # can be removed when updated to 2.9.1 - (fetchpatch { - name = "fix-segfault-in-git-fetcher"; - url = "https://github.com/NixOS/nix/commit/bc4759345538c89e1f045aaabcc0cafe4ecca12a.patch"; - sha256 = "sha256-UrfH4M7a02yfE9X3tA1Pwhw4RacBW+rShYkl7ybG64I="; - }) - ]; + version = "2.9.1"; + sha256 = "sha256-qNL3lQPBsnStkru3j1ajN/H+knXI+X3dku8/dBfSw3g="; }; stable = self.nix_2_9; # remember to backport updates to the stable branch! unstable = lib.lowPrio (common rec { - version = "2.8"; - suffix = "pre20220530_${lib.substring 0 7 src.rev}"; + version = "2.9"; + suffix = "pre20220610_${lib.substring 0 7 src.rev}"; src = fetchFromGitHub { owner = "NixOS"; repo = "nix"; - rev = "af23d38019a47e5bb4cd6585a1678b37c957130c"; - sha256 = "sha256-RH77Y4IhbTofNYlLQSGKLL0fJAG9iHSwRNvMEZ4M0VQ="; + rev = "45ebaab66594692035f028796200a6db2b1fedaf"; + sha256 = "sha256-82M5jKdGUxQBfYj+8nK2SvfVv4Uo0YrPxiuWV/fnvtI="; }; }); }) diff --git a/pkgs/tools/package-management/nixpkgs-review/default.nix b/pkgs/tools/package-management/nixpkgs-review/default.nix index d21c9b3c568..e65d28a6af9 100644 --- a/pkgs/tools/package-management/nixpkgs-review/default.nix +++ b/pkgs/tools/package-management/nixpkgs-review/default.nix @@ -1,24 +1,36 @@ { lib , python3 , fetchFromGitHub -, nix + +, bubblewrap +, cacert , git +, nix + +, withSandboxSupport ? false }: python3.pkgs.buildPythonApplication rec { pname = "nixpkgs-review"; - version = "2.6.4"; + version = "2.7.0"; src = fetchFromGitHub { owner = "Mic92"; repo = "nixpkgs-review"; rev = version; - sha256 = "sha256-6vKMaCTilPXd8K3AuLqtYInVyyFhdun0o9cX1WRMmWo="; + sha256 = "sha256-hGOcLrVPb+bSNA72ZfKE9Mjm2dr/qnuaCkjveHXPcws="; }; - makeWrapperArgs = [ - "--prefix" "PATH" ":" "${lib.makeBinPath [ nix git ]}" - ]; + makeWrapperArgs = + let + binPath = [ nix git ] ++ lib.optional withSandboxSupport bubblewrap; + in + [ + "--prefix PATH : ${lib.makeBinPath binPath}" + "--set NIX_SSL_CERT_FILE ${cacert}/etc/ssl/certs/ca-bundle.crt" + # we don't have any runtime deps but nix-review shells might inject unwanted dependencies + "--unset PYTHONPATH" + ]; doCheck = false; |