Merge pull request #204840 from ncfavier/check-meta-deep

This commit is contained in:
Naïm Favier 2023-01-01 14:30:12 +01:00 committed by GitHub
commit 161f6dbf59
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 50 additions and 37 deletions

View file

@ -63,7 +63,7 @@ You should prefer `overrideAttrs` in almost all cases, see its documentation for
:::
::: {.warning}
Do not use this function in Nixpkgs as it evaluates a Derivation before modifying it, which breaks package abstraction and removes error-checking of function arguments. In addition, this evaluation-per-function application incurs a performance penalty, which can become a problem if many overrides are used. It is only intended for ad-hoc customisation, such as in `~/.config/nixpkgs/config.nix`.
Do not use this function in Nixpkgs as it evaluates a derivation before modifying it, which breaks package abstraction. In addition, this evaluation-per-function application incurs a performance penalty, which can become a problem if many overrides are used. It is only intended for ad-hoc customisation, such as in `~/.config/nixpkgs/config.nix`.
:::
The function `overrideDerivation` creates a new derivation based on an existing one by overriding the original's attributes with the attribute set produced by the specified function. This function is available on all derivations defined using the `makeOverridable` function. Most standard derivation-producing functions, such as `stdenv.mkDerivation`, are defined using this function, which means most packages in the nixpkgs expression, `pkgs`, have this function.

View file

@ -27,11 +27,19 @@ rec {
For another application, see build-support/vm, where this
function is used to build arbitrary derivations inside a QEMU
virtual machine.
Note that in order to preserve evaluation errors, the new derivation's
outPath depends on the old one's, which means that this function cannot
be used in circular situations when the old derivation also depends on the
new one.
You should in general prefer `drv.overrideAttrs` over this function;
see the nixpkgs manual for more information on overriding.
*/
overrideDerivation = drv: f:
let
newDrv = derivation (drv.drvAttrs // (f drv));
in lib.flip (extendDerivation true) newDrv (
in lib.flip (extendDerivation (builtins.seq drv.drvPath true)) newDrv (
{ meta = drv.meta or {};
passthru = if drv ? passthru then drv.passthru else {};
}

View file

@ -289,7 +289,9 @@ rec {
(This means fn is type Val -> String.) */
allowPrettyValues ? false,
/* If this option is true, the output is indented with newlines for attribute sets and lists */
multiline ? true
multiline ? true,
/* Initial indentation level */
indent ? ""
}:
let
go = indent: v: with builtins;
@ -348,7 +350,7 @@ rec {
};") v)
+ outroSpace + "}"
else abort "generators.toPretty: should never happen (v = ${v})";
in go "";
in go indent;
# PLIST handling
toPlist = {}: v: let

View file

@ -17,7 +17,7 @@ let
homepage = "https://keepass.info/plugins.html#otpkeyprov";
platforms = with lib.platforms; linux;
license = lib.licenses.gpl2;
maintainers = [ lib.maintainers.ente ];
maintainers = [ lib.maintainers.Enteee ];
};
pluginFilename = "OtpKeyProv.plgx";

View file

@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
license = licenses.gpl2;
platforms = platforms.linux;
maintainers = with maintainers; [ pmiddend ];
badPlatforms = [ platforms.aarch64 ];
badPlatforms = platforms.aarch64;
# never built on aarch64-linux since first introduction in nixpkgs
broken = stdenv.isLinux && stdenv.isAarch64;
};

View file

@ -41,10 +41,10 @@ lib.overrideDerivation (buildLinux (args // {
'';
extraMeta = if (rpiVersion < 3) then {
platforms = with lib.platforms; [ arm ];
platforms = with lib.platforms; arm;
hydraPlatforms = [];
} else {
platforms = with lib.platforms; [ arm aarch64 ];
platforms = with lib.platforms; arm ++ aarch64;
hydraPlatforms = [ "aarch64-linux" ];
};
} // (args.argsOverride or {}))) (oldAttrs: {

View file

@ -11,7 +11,6 @@
let
inherit (stdenv) isDarwin;
inherit (lib) overrideDerivation;
malloc0ReturnsNullCrossFlag = lib.optional
(stdenv.hostPlatform != stdenv.buildPlatform)
@ -761,7 +760,7 @@ self: super:
];
# XQuartz requires two compilations: the first to get X / XQuartz,
# and the second to get Xvfb, Xnest, etc.
darwinOtherX = overrideDerivation xorgserver (oldAttrs: {
darwinOtherX = xorgserver.overrideAttrs (oldAttrs: {
configureFlags = oldAttrs.configureFlags ++ [
"--disable-xquartz"
"--enable-xorg"

View file

@ -247,16 +247,16 @@ let
isEnabled = lib.findFirst (x: x == reason) null showWarnings;
in if isEnabled != null then builtins.trace msg true else true;
# Deep type-checking. Note that calling `type.check` is not enough: see `lib.mkOptionType`'s documentation.
# We don't include this in lib for now because this function is flawed: it accepts things like `mkIf true 42`.
typeCheck = type: value: let
merged = lib.mergeDefinitions [ ] type [
{ file = lib.unknownModule; inherit value; }
];
eval = builtins.tryEval (builtins.deepSeq merged.mergedValue null);
in eval.success;
# A shallow type check. We are using NixOS'
# option types here, which however have the major drawback
# of not providing full type checking (part of the type check is
# done by the module evaluation itself). Therefore, the checks
# will not recurse into attributes.
# We still provide the full type for documentation
# purposes and in the hope that they will be used eventually.
# See https://github.com/NixOS/nixpkgs/pull/191171 for an attempt
# to fix this, or mkOptionType in lib/types.nix for more information.
# TODO make this into a proper module and use the generic option documentation generation?
metaTypes = with lib.types; rec {
# These keys are documented
description = str;
@ -266,9 +266,11 @@ let
homepage = either (listOf str) str;
downloadPage = str;
changelog = either (listOf str) str;
license = either (listOf lib.types.attrs) (either lib.types.attrs str);
sourceProvenance = either (listOf lib.types.attrs) lib.types.attrs;
maintainers = listOf (attrsOf str);
license = let
licenseType = either (attrsOf anything) str; # TODO disallow `str` licenses, use a module
in either licenseType (listOf licenseType);
sourceProvenance = either (listOf (attrsOf anything)) (attrsOf anything);
maintainers = listOf (attrsOf anything); # TODO use the maintainer type from lib/tests/maintainer-module.nix
priority = int;
platforms = listOf str;
hydraPlatforms = listOf str;
@ -310,16 +312,16 @@ let
badPlatforms = platforms;
};
# WARNING: this does not check inner values of the attribute, like list elements or nested attributes.
# See metaTypes above and mkOptionType in lib/types.nix for more information
checkMetaAttr = k: v:
if metaTypes?${k} then
if metaTypes.${k}.check v then
if typeCheck metaTypes.${k} v then
null
else
"key 'meta.${k}' has a value of invalid type ${builtins.typeOf v}; expected ${metaTypes.${k}.description}"
"key 'meta.${k}' has invalid value; expected ${metaTypes.${k}.description}, got\n ${
lib.generators.toPretty { indent = " "; } v
}"
else
"key 'meta.${k}' is unrecognized; expected one of: \n\t [${lib.concatMapStringsSep ", " (x: "'${x}'") (lib.attrNames metaTypes)}]";
"key 'meta.${k}' is unrecognized; expected one of: \n [${lib.concatMapStringsSep ", " (x: "'${x}'") (lib.attrNames metaTypes)}]";
checkMeta = meta: if config.checkMeta then lib.remove null (lib.mapAttrsToList checkMetaAttr meta) else [];
checkOutputsToInstall = attrs: let
@ -333,25 +335,27 @@ let
# Check if a derivation is valid, that is whether it passes checks for
# e.g brokenness or license.
#
# Return { valid: Bool } and additionally
# Return { valid: "yes", "warn" or "no" } and additionally
# { reason: String; errormsg: String } if it is not valid, where
# reason is one of "unfree", "blocklisted", "broken", "insecure", ...
# !!! reason strings are hardcoded into OfBorg, make sure to keep them in sync
# Along with a boolean flag for each reason
checkValidity = attrs:
{
# Check meta attribute types first, to make sure it is always called even when there are other issues
# Note that this is not a full type check and functions below still need to by careful about their inputs!
let res = checkMeta (attrs.meta or {}); in if res != [] then
{ valid = "no"; reason = "unknown-meta"; errormsg = "has an invalid meta attrset:${lib.concatMapStrings (x: "\n - " + x) res}\n";
unfree = false; nonSource = false; broken = false; unsupported = false; insecure = false;
}
else {
unfree = hasUnfreeLicense attrs;
nonSource = hasNonSourceProvenance attrs;
broken = isMarkedBroken attrs;
unsupported = hasUnsupportedPlatform attrs;
insecure = isMarkedInsecure attrs;
}
// (
# Check meta attribute types first, to make sure it is always called even when there are other issues
# Note that this is not a full type check and functions below still need to by careful about their inputs!
let res = checkMeta (attrs.meta or {}); in if res != [] then
{ valid = "no"; reason = "unknown-meta"; errormsg = "has an invalid meta attrset:${lib.concatMapStrings (x: "\n\t - " + x) res}"; }
} // (
# --- Put checks that cannot be ignored here ---
else if checkOutputsToInstall attrs then
if checkOutputsToInstall attrs then
{ valid = "no"; reason = "broken-outputs"; errormsg = "has invalid meta.outputsToInstall"; }
# --- Put checks that can be ignored here ---

View file

@ -38,7 +38,7 @@ let
meta = oa.meta // {
description = "Using OnlyKey as hardware SSH and GPG agent";
homepage = "https://github.com/trustcrypto/onlykey-agent/tree/ledger";
maintainers = with maintainers; [ kalbasit ];
maintainers = with lib.maintainers; [ kalbasit ];
};
});
in