gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "stdenv: pURL implementation (#421125)"

Browse Source 
This reverts commit 5427115670, reversing
changes made to 88ee2ac331.
This commit is contained in:
d068328
2025-10-18 20:41:01 +00:00
parent e1920deb20
commit e47455f51d
10 changed files with 7 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
doc/redirects.json
View File

@@ -237,9 +237,6 @@
"sec-meta-identifiers-cpe": [
"index.html#sec-meta-identifiers-cpe"
],
"sec-meta-identifiers-purl": [
"index.html#sec-meta-identifiers-purl"
],
"sec-modify-via-packageOverrides": [
"index.html#sec-modify-via-packageOverrides"
],
@@ -664,15 +661,6 @@
"var-meta-identifiers-possibleCPEs": [
"index.html#var-meta-identifiers-possibleCPEs"
],
"var-meta-identifiers-purl": [
"index.html#var-meta-identifiers-purl"
],
"var-meta-identifiers-purlParts": [
"index.html#var-meta-identifiers-purlParts"
],
"var-meta-identifiers-purls": [
"index.html#var-meta-identifiers-purls"
],
"var-meta-teams": [
"index.html#var-meta-teams"
],

2
doc/release-notes/rl-2511.section.md
View File

@@ -238,8 +238,6 @@
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and mkDerivation has been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers of derivations using the adopted fetchers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. Maintainers using fetchurl for `drv.src` are urged to adopt their `drv.meta.identifiers.purlParts` for proper identification.
- Added `rewriteURL` attribute to the nixpkgs `config`, to allow for rewriting the URLs downloaded by `fetchurl`.
- Added `hashedMirrors` attribute to the nixpkgs `config`, to allow for customization of the hashed mirrors used by `fetchurl`.

19
doc/stdenv/meta.chapter.md
View File

@@ -319,22 +319,3 @@ A readonly attribute that concatenates all CPE parts in one string.
#### `meta.identifiers.possibleCPEs` {#var-meta-identifiers-possibleCPEs}
A readonly attribute containing the list of guesses for what CPE for this package can look like. It includes all variants of version handling mentioned above. Each item is an attrset with attributes `cpeParts` and `cpe` for each guess.
### Package URL {#sec-meta-identifiers-purl}
[Package-URL](https://github.com/package-url/purl-spec) (PURL) is a specification to reliably identify and locate software packages. Through identification of software packages, additional (non-major) use cases are e.g. software license cross-verification via third party databases or initial vulnerability response management. Package URL's default to the mkDerivation.src, as the original consumed software package is the single point of truth.
#### `meta.identifiers.purlParts` {#var-meta-identifiers-purlParts}
This attribute contains an attribute set of all parts of the PURL for this package.
* `type` mandatory [type](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/docs/standard/summary.md) which needs to be provided
* `spec` specify the PURL in accordance with the [purl-spec](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/purl-specification.md)
#### `meta.identifiers.purl` {#var-meta-identifiers-purl}
An extendable attribute which is built based on purlParts. It is the main identifier, consumers should consider using the PURL's list interface to be prepared for edge cases.
#### `meta.identifiers.purls` {#var-meta-identifiers-purls}
An extendable attribute list which defaults to a single element equal to the main PURL. It provides an interface for additional identifiers of mkDerivation.src and / or vendored dependencies inside mkDerivation.src, which maintainers can conciously decide to use on top. Identifiers different to the default src identifier are not recommended by default as they might cause maintenance overhead or may diverge (e.g. differences between source distribution pkg:github and binary distribution like pkg:pypi).

13
pkgs/build-support/fetchgit/default.nix
View File

@@ -190,18 +190,7 @@ lib.makeOverridable (
"FETCHGIT_HTTP_PROXIES"
];
inherit preferLocalBuild allowedRequisites;
meta = meta // {
identifiers = {
purlParts = {
type = "generic";
# https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md
spec = "${name}?vcs_url=${url}@${(lib.revOrTag rev tag)}";
};
}
// meta.identifiers or { };
};
inherit preferLocalBuild meta allowedRequisites;
passthru = {
gitRepoUrl = url;

19
pkgs/build-support/fetchgithub/default.nix
View File

@@ -47,28 +47,11 @@ lib.makeOverridable (
meta
// {
homepage = meta.homepage or baseUrl;
identifiers = {
purlParts =
if githubBase == "github.com" then
{
type = "github";
# https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/github-definition.md
spec = "${owner}/${repo}@${(lib.revOrTag rev tag)}";
}
else
{
type = "generic";
# https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md
spec = "${repo}?vcs_url=https://${githubBase}/${owner}/${repo}@${(lib.revOrTag rev tag)}";
};
}
// meta.identifiers or { };
}
// lib.optionalAttrs (position != null) {
# to indicate where derivation originates, similar to make-derivation.nix's mkDerivation
position = "${position.file}:${toString position.line}";
};
passthruAttrs = removeAttrs args [
"owner"
"repo"
@@ -172,12 +155,12 @@ lib.makeOverridable (
// passthruAttrs
// {
inherit name;
meta = newMeta;
};
in
fetcher fetcherArgs
// {
meta = newMeta;
inherit owner repo tag;
rev = revWithTag;
}

16
pkgs/build-support/fetchpypi/default.nix
View File

@@ -51,8 +51,6 @@ makeOverridable (
format ? "setuptools",
sha256 ? "",
hash ? "",
pname,
version,
...
}@attrs:
let
@@ -62,20 +60,8 @@ makeOverridable (
"hash"
]
);
meta = {
identifiers.purlParts = {
type = "pypi";
# https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/pypi-definition.md
spec = "${pname}@${version}";
};
};
in
fetchurl {
inherit
url
sha256
hash
meta
;
inherit url sha256 hash;
}
)

4
pkgs/by-name/jq/jq/package.nix
View File

@@ -134,9 +134,5 @@ stdenv.mkDerivation (finalAttrs: {
];
platforms = lib.platforms.unix;
mainProgram = "jq";
identifiers.purlParts = {
type = "github";
spec = "jqlang/jq@jq-${finalAttrs.version}";
};
};
})

4
pkgs/by-name/po/popt/package.nix
View File

@@ -49,9 +49,5 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ qyliss ];
license = licenses.mit;
platforms = platforms.unix;
identifiers.purlParts = {
type = "github";
spec = "rpm-software-management/popt@popt-${version}-release";
};
};
}

7
pkgs/development/ruby-modules/gem/default.nix
View File

@@ -77,13 +77,6 @@ lib.makeOverridable (
attrs.source.remotes or [ "https://rubygems.org" ]
);
inherit (attrs.source) sha256;
meta = {
identifiers.purlParts = {
type = "gem";
# https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/gem-definition.md
spec = "${gemName}@${version}?platform=${platform}";
};
};
}
else if type == "git" then
fetchgit {

50
pkgs/stdenv/generic/check-meta.nix
View File

@@ -34,8 +34,6 @@ let
toList
isList
elem
flatten
filter
;
inherit (lib.meta)
@@ -301,7 +299,7 @@ let
let
expectedOutputs = attrs.meta.outputsToInstall or [ ];
actualOutputs = attrs.outputs or [ "out" ];
missingOutputs = filter (output: !builtins.elem output actualOutputs) expectedOutputs;
missingOutputs = builtins.filter (output: !builtins.elem output actualOutputs) expectedOutputs;
in
''
The package ${getNameWithVersion attrs} has set meta.outputsToInstall to: ${builtins.concatStringsSep ", " expectedOutputs}
@@ -477,7 +475,7 @@ let
let
expectedOutputs = attrs.meta.outputsToInstall or [ ];
actualOutputs = attrs.outputs or [ "out" ];
missingOutputs = filter (output: !builtins.elem output actualOutputs) expectedOutputs;
missingOutputs = builtins.filter (output: !builtins.elem output actualOutputs) expectedOutputs;
in
if config.checkMeta then builtins.length missingOutputs > 0 else false;
@@ -712,54 +710,14 @@ let
cpe = makeCPE guessedParts;
}
) possibleCPEPartsFuns;
purlParts = attrs.meta.identifiers.purlParts or { };
purlPartsFormatted =
if purlParts ? type && purlParts ? spec then "pkg:${purlParts.type}/${purlParts.spec}" else null;
# search for a PURL in the following order:
purl =
# 1) locally set through API
if purlPartsFormatted != null then
purlPartsFormatted
else
# 2) locally overwritten through meta.identifiers.purl
(attrs.src.meta.identifiers.purl or null);
# search for a PURL in the following order:
purls =
# 1) locally overwritten through meta.identifiers.purls (e.g. extension of list)
attrs.meta.identifiers.purls or (
# 2) locally set through API
if purlPartsFormatted != null then
[ purlPartsFormatted ]
else
# 3) src.meta.PURL
(attrs.src.meta.identifiers.purls or (
# 4) srcs.meta.PURL
if !attrs ? srcs then
[ ]
else if isList attrs.srcs then
concatMap (drv: drv.meta.identifiers.purls or [ ]) attrs.srcs
else
attrs.srcs.meta.identifiers.purls or [ ]
)
)
);
v1 = {
inherit
cpeParts
possibleCPEs
purls
;
inherit cpeParts possibleCPEs;
${if cpe != null then "cpe" else null} = cpe;
${if purl != null then "purl" else null} = purl;
};
in
v1
// {
inherit v1 purlParts;
inherit v1;
};
# Expose the result of the checks for everyone to see.