- Feb 2021
-
toraritte.github.io toraritte.github.io
-
Specifying a name and a src is the absolute minimum Nix requires.
Didn't they mean what
mkDerivation
requires?I have been jumping around in this manual, so not sure about what arguments does
derivation
require. -
For convenience, you can also use pname and version attributes and mkDerivation will automatically set name to "${pname}-${version}" by default.
The error messages are not helpful when one messes up the input attribute set of
mkDerivation
(i.e., eithername
, orpname
andversion
attributes have to be present); see Nixpkgs issue #113520. -
6.1. Using stdenv
-
fetchpatch works very similarly to fetchurl with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.
-
19.3. Submitting security fixes Security fixes are submitted in the same way as other changes and thus the same guidelines apply. If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. CVE-2019-13636.patch in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.: (fetchpatch { name = "CVE-2019-11068.patch"; url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; }) If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch. Critical security fixes may by-pass the staging branches and be delivered directly to release branches such as master and release-*.
-
18.6. Patches Patches available online should be retrieved using fetchpatch. patches = [ (fetchpatch { name = "fix-check-for-using-shared-freetype-lib.patch"; url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; }) ];
... and from Chapter 11:
fetchpatch
works very similarly tofetchurl
with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.... and also adding highlight of 19.3. Submitting security fixes
because these are the only places I've seen
fetchpatch
mentioned.From the wild in
freeswitch/default.nix
in Nixpkgs:stdenv.mkDerivation rec { pname = "freeswitch"; version = "1.10.5"; src = fetchFromGitHub { owner = "signalwire"; repo = pname; rev = "v${version}"; sha256 = "18dhyb19k28dcm1i8mhqvvgm2phsrmrwyjmfn79glk8pdlalvcha"; }; patches = [ # https://github.com/signalwire/freeswitch/pull/812 fix mod_spandsp, mod_gsmopen build, drop when updating from 1.10.5 (fetchpatch { url = "https://github.com/signalwire/freeswitch/commit/51fba83ed3ed2d9753d8e6b13e13001aca50b493.patch"; sha256 = "0h2bmifsyyasxjka3pczbmqym1chvz91fmb589njrdbwpkjyvqh3"; }) ]; postPatch = '' patchShebangs libs/libvpx/build/make/rtcd.pl substituteInPlace libs/libvpx/build/make/configure.sh \ --replace AS=\''${AS} AS=yasm # Disable advertisement banners for f in src/include/cc.h libs/esl/src/include/cc.h; do { echo 'const char *cc = "";' echo 'const char *cc_s = "";' } > $f done '';
-
6.5. Phases
Not sure why this isn't called build phases... See also.
-