7 Matching Annotations
  1. Feb 2021
    1. Specifying a name and a src is the absolute minimum Nix requires.

      Didn't they mean what mkDerivation requires?

      I have been jumping around in this manual, so not sure about what arguments does derivation require.

    2. For convenience, you can also use pname and version attributes and mkDerivation will automatically set name to "${pname}-${version}" by default.

      The error messages are not helpful when one messes up the input attribute set ofmkDerivation (i.e., either name, or pname and version attributes have to be present); see Nixpkgs issue #113520.

    3. 6.1. Using stdenv
    4. fetchpatch works very similarly to fetchurl with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.
    5. 19.3. Submitting security fixes Security fixes are submitted in the same way as other changes and thus the same guidelines apply. If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. CVE-2019-13636.patch in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.: (fetchpatch { name = "CVE-2019-11068.patch"; url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; }) If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch. Critical security fixes may by-pass the staging branches and be delivered directly to release branches such as master and release-*.
    6. 18.6. Patches Patches available online should be retrieved using fetchpatch. patches = [ (fetchpatch { name = "fix-check-for-using-shared-freetype-lib.patch"; url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; }) ];

      ... and from Chapter 11:

      fetchpatch works very similarly to fetchurl with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.

      ... and also adding highlight of 19.3. Submitting security fixes

      because these are the only places I've seen fetchpatch mentioned.

      From the wild in freeswitch/default.nix in Nixpkgs:

      stdenv.mkDerivation rec {
        pname = "freeswitch";
        version = "1.10.5";
        src = fetchFromGitHub {
          owner = "signalwire";
          repo = pname;
          rev = "v${version}";
          sha256 = "18dhyb19k28dcm1i8mhqvvgm2phsrmrwyjmfn79glk8pdlalvcha";
        };
      
        patches = [
          # https://github.com/signalwire/freeswitch/pull/812 fix mod_spandsp, mod_gsmopen build, drop when updating from 1.10.5
          (fetchpatch {
            url = "https://github.com/signalwire/freeswitch/commit/51fba83ed3ed2d9753d8e6b13e13001aca50b493.patch";
            sha256 = "0h2bmifsyyasxjka3pczbmqym1chvz91fmb589njrdbwpkjyvqh3";
          })
        ];
        postPatch = ''
          patchShebangs     libs/libvpx/build/make/rtcd.pl
          substituteInPlace libs/libvpx/build/make/configure.sh \
            --replace AS=\''${AS} AS=yasm
      
          # Disable advertisement banners
          for f in src/include/cc.h libs/esl/src/include/cc.h; do
            {
              echo 'const char *cc = "";'
              echo 'const char *cc_s = "";'
            } > $f
          done
        '';
      
    7. 6.5. Phases

      Not sure why this isn't called build phases... See also.