gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge staging-next into staging

Browse Source
This commit is contained in:
nixpkgs-ci[bot]
2025-05-01 06:06:34 +00:00
committed by GitHub
parent 050488ac16 24e0fd90ea
commit c283e7a623
109 changed files with 2742 additions and 969 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
doc/stdenv/meta.chapter.md
View File

@@ -185,6 +185,22 @@ This means that `broken` can be used to express constraints, for example:
This makes `broken` strictly more powerful than `meta.badPlatforms`.
However `meta.availableOn` currently examines only `meta.platforms` and `meta.badPlatforms`, so `meta.broken` does not influence the default values for optional dependencies.
## `knownVulnerabilities` {#var-meta-knownVulnerabilities}
A list of known vulnerabilities affecting the package, usually identified by CVE identifiers.
This metadata allows users and tools to be aware of unresolved security issues before using the package, for example:
```nix
{
meta.knownVulnerabilities = [
"CVE-2024-3094: Malicious backdoor allowing unauthorized remote code execution"
];
}
```
If this list is not empty, the package is marked as "insecure", meaning that it cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_INSECURE`](#sec-allow-insecure) is set.
## Licenses {#sec-meta-license}
The `meta.license` attribute should preferably contain a value from `lib.licenses` defined in [`nixpkgs/lib/licenses.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix), or in-place license description of the same format if the license is unlikely to be useful in another expression.