From 68c4730365a2874ee26d3cc92fbeb073de460a4b Mon Sep 17 00:00:00 2001 From: Profpatsch Date: Sun, 3 Jan 2021 17:07:33 +0100 Subject: [PATCH] feat(third_party): separate nixpkgs whitelist to allow more owners The exposed package list has to be changed/amended quite frequently, every time somebody wants to use a package not yet in that list and thus has to whitelist it here. This effectively requires a superowner review every single time, which is an unreasonable blocker for many CLs. I thus propose moving the list into a separate file (I called it `nixpkgs-whitelist.nix` which is more descriptive than `exposed.nix` and letting anybody add themselves to the OWNERS on that file. Change-Id: Ied8bac066e4b9a91ddd642db805fe33dc37872c9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2323 Tested-by: BuildkiteCI Reviewed-by: lukegb --- third_party/OWNERS | 9 ++ third_party/default.nix | 179 +------------------------------- third_party/nixpkgs-exposed.nix | 179 ++++++++++++++++++++++++++++++++ 3 files changed, 189 insertions(+), 178 deletions(-) create mode 100644 third_party/OWNERS create mode 100644 third_party/nixpkgs-exposed.nix diff --git a/third_party/OWNERS b/third_party/OWNERS new file mode 100644 index 000000000..ac22fcb4b --- /dev/null +++ b/third_party/OWNERS @@ -0,0 +1,9 @@ +inherited: true + +matchers: + # The nixpkgs whitelist needs to be changed every time we reference + # a new attribute, so every commiter should be able to change it, + # otherwise we create undue blockers on superowners. + - exact: nixpkgs-exposed.nix + owners: + - Profpatsch diff --git a/third_party/default.nix b/third_party/default.nix index ba307aeae..086e25ab8 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -29,184 +29,7 @@ let }; stableNixpkgs = import stableNixpkgsSrc {}; - exposed = { - # Inherit the packages from nixos-unstable that should be available inside - # of the repo. They become available under `pkgs.third_party.` - inherit (nixpkgs) - age - autoconf - autoreconfHook - avrdude - avrlibc - bashInteractive - bat - buildBazelPackage - buildFHSUserEnv - buildGoModule - buildGoPackage - buildPackages - buildkite-agent - busybox - bzip2 - c-ares - cacert - cachix - cairo - cargo - cgit - clang_11 - cmake - coreutils - cudatoolkit - darwin - dfu-programmer - dfu-util - diffutils - docker-compose - dockerTools - emacs26 - emacs26-nox - emacsPackages - emacsPackagesGen - execline - fd - fetchFromGitHub - fetchgit - fetchurl - fetchzip - fira - fira-code - fira-mono - flamegraph - fontconfig - freetype - gettext - glibc - gmock - gnutar - google-cloud-sdk - graphviz - gzip - haskell - iana-etc - imagemagickBig - installShellFiles - jdk - jdk11 - jdk11_headless - jetbrains-mono - jq - kontemplate - lib - libredirect - linuxPackages - luajit - lutris - makeFontsConf - makeWrapper - mdbook - meson - mime-types - mkShell - moreutils - nano - nginx - ninja - nix - openssh - openssl - overrideCC - pandoc - parallel - pkgconfig - pkgsCross - postgresql - pounce - pulseaudio - python3 - python3Packages - quassel - remarshal - rink - ripgrep - rsync - runCommand - runCommandLocal - runCommandNoCC - rustPlatform - rustc - buildRustCrate - s6-portable-utils - sbcl - shellcheck - sqlite - stdenvNoCC - stern - symlinkJoin - systemd - tdlib - teensy-loader-cli - terraform_0_12 - texlive - thttpd - tree - tree-sitter - unzip - which - writeShellScript - writeShellScriptBin - writeText - writers - xorg - xz - zlib - zstd; - - # Inherit packages from the stable channel for things that are - # broken on unstable - inherit (stableNixpkgs) - awscli # TODO(grfn): Move back to unstable once it is fixed - ; - - # Required by //third_party/nix - inherit (nixpkgs) - aws-sdk-cpp - bison - boehmgc - boost # urgh - brotli - busybox-sandbox-shell - curl - docbook5 - docbook_xsl_ns - editline - flex - libseccomp - libsodium - libxml2 - libxslt - mercurial - perl - perlPackages - utillinuxMinimal; - - haskellPackages = (nixpkgs.haskellPackages.override { - overrides = (import ./haskell_overlay { pkgs = nixpkgs; }); - }); - - gradle_6 = (nixpkgs.gradleGen.override { - java = nixpkgs.jdk11; - jdk = nixpkgs.jdk11; - }).gradleGen rec { - name = "gradle-6.5.1"; - nativeVersion = "0.22-milestone-3"; - - src = builtins.fetchurl { - url = "https://services.gradle.org/distributions/${name}-bin.zip"; - sha256 = "0jmmipjh4fbsn92zpifa5cqg5ws2a4ha0s4jzqhrg4zs542x79sh"; - }; - }; - }; + exposed = import ./nixpkgs-exposed.nix { inherit nixpkgs stableNixpkgs; }; in exposed.lib.fix(self: exposed // { callPackage = nixpkgs.lib.callPackageWith self; diff --git a/third_party/nixpkgs-exposed.nix b/third_party/nixpkgs-exposed.nix new file mode 100644 index 000000000..d4eb212e5 --- /dev/null +++ b/third_party/nixpkgs-exposed.nix @@ -0,0 +1,179 @@ +{ nixpkgs, stableNixpkgs }: +{ + # Inherit the packages from nixos-unstable that should be available inside + # of the repo. They become available under `pkgs.third_party.` + inherit (nixpkgs) + age + autoconf + autoreconfHook + avrdude + avrlibc + bashInteractive + bat + buildBazelPackage + buildFHSUserEnv + buildGoModule + buildGoPackage + buildPackages + buildRustCrate + buildkite-agent + busybox + bzip2 + c-ares + cacert + cachix + cairo + cargo + cgit + clang_11 + cmake + coreutils + cudatoolkit + darwin + dfu-programmer + dfu-util + diffutils + docker-compose + dockerTools + emacs26 + emacs26-nox + emacsPackages + emacsPackagesGen + execline + fd + fetchFromGitHub + fetchgit + fetchurl + fetchzip + fira + fira-code + fira-mono + flamegraph + fontconfig + freetype + gettext + glibc + gmock + gnutar + google-cloud-sdk + graphviz + gzip + haskell + iana-etc + imagemagickBig + installShellFiles + jdk + jdk11 + jdk11_headless + jetbrains-mono + jq + kontemplate + lib + libredirect + linuxPackages + luajit + lutris + makeFontsConf + makeWrapper + mdbook + meson + mime-types + mkShell + moreutils + nano + nginx + ninja + nix + openssh + openssl + overrideCC + pandoc + parallel + pkgconfig + pkgsCross + postgresql + pounce + pulseaudio + python3 + python3Packages + quassel + remarshal + rink + ripgrep + rsync + runCommand + runCommandLocal + runCommandNoCC + rustPlatform + rustc + s6-portable-utils + sbcl + shellcheck + sqlite + stdenvNoCC + stern + symlinkJoin + systemd + tdlib + teensy-loader-cli + terraform_0_12 + texlive + thttpd + tree + tree-sitter + unzip + which + writers + writeShellScript + writeShellScriptBin + writeText + xorg + xz + zlib + zstd; + + # Inherit packages from the stable channel for things that are + # broken on unstable + inherit (stableNixpkgs) + awscli # TODO(grfn): Move back to unstable once it is fixed + ; + + # Required by //third_party/nix + inherit (nixpkgs) + aws-sdk-cpp + bison + boehmgc + boost # urgh + brotli + busybox-sandbox-shell + curl + docbook5 + docbook_xsl_ns + editline + flex + libseccomp + libsodium + libxml2 + libxslt + mercurial + perl + perlPackages + utillinuxMinimal; + + haskellPackages = (nixpkgs.haskellPackages.override { + overrides = (import ./haskell_overlay { pkgs = nixpkgs; }); + }); + + gradle_6 = (nixpkgs.gradleGen.override { + java = nixpkgs.jdk11; + jdk = nixpkgs.jdk11; + }).gradleGen rec { + name = "gradle-6.5.1"; + nativeVersion = "0.22-milestone-3"; + + src = builtins.fetchurl { + url = "https://services.gradle.org/distributions/${name}-bin.zip"; + sha256 = "0jmmipjh4fbsn92zpifa5cqg5ws2a4ha0s4jzqhrg4zs542x79sh"; + }; + }; +}