From 4e2614fc0709ff77e40a8f39e2744239ee371826 Mon Sep 17 00:00:00 2001 From: h0nIg Date: Sun, 29 Jun 2025 21:44:02 +0200 Subject: [PATCH 01/17] stdenv: pURL implementation --- doc/redirects.json | 9 ++++ doc/release-notes/rl-2511.section.md | 2 + doc/stdenv/meta.chapter.md | 15 +++++++ pkgs/build-support/fetchgit/default.nix | 10 ++++- pkgs/build-support/fetchgithub/default.nix | 43 +++++++++++++++---- pkgs/build-support/fetchpypi/default.nix | 16 ++++++- .../python/mk-python-derivation.nix | 1 + pkgs/development/ruby-modules/gem/default.nix | 10 +++++ pkgs/stdenv/generic/check-meta.nix | 17 +++++++- 9 files changed, 111 insertions(+), 12 deletions(-) diff --git a/doc/redirects.json b/doc/redirects.json index 1230b6460b548..0ab407db19f37 100644 --- a/doc/redirects.json +++ b/doc/redirects.json @@ -231,6 +231,9 @@ "sec-meta-identifiers-cpe": [ "index.html#sec-meta-identifiers-cpe" ], + "sec-meta-identifiers-purl": [ + "index.html#sec-meta-identifiers-purl" + ], "sec-modify-via-packageOverrides": [ "index.html#sec-modify-via-packageOverrides" ], @@ -643,6 +646,12 @@ "var-meta-identifiers-possibleCPEs": [ "index.html#var-meta-identifiers-possibleCPEs" ], + "var-meta-identifiers-purl": [ + "index.html#var-meta-identifiers-purl" + ], + "var-meta-identifiers-purlParts": [ + "index.html#var-meta-identifiers-purlParts" + ], "var-meta-teams": [ "index.html#var-meta-teams" ], diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 018554743449d..6d5cf577fb72a 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -176,6 +176,8 @@ +- Metadata identifier pURL (https://github.com/package-url/purl-spec) has been added, which enables a SBOM generation. Maintainers are urged to check their `drv.meta.identifiers.v1.purl` for completeness. + - Added `rewriteURL` attribute to the nixpkgs `config`, to allow for rewriting the URLs downloaded by `fetchurl`. - The `dockerTools.streamLayeredImage` builder now uses a better algorithm for generating layered docker images, such that much more sharing is possible when the number of store paths exceeds the layer limit. It gives each of the largest store paths its own layer and adds dependencies to those layers when they aren't used elsewhere. diff --git a/doc/stdenv/meta.chapter.md b/doc/stdenv/meta.chapter.md index 947009869ff15..606d607e04d13 100644 --- a/doc/stdenv/meta.chapter.md +++ b/doc/stdenv/meta.chapter.md @@ -319,3 +319,18 @@ A readonly attribute that concatenates all CPE parts in one string. #### `meta.identifiers.possibleCPEs` {#var-meta-identifiers-possibleCPEs} A readonly attribute containing the list of guesses for what CPE for this package can look like. It includes all variants of version handling mentioned above. Each item is an attrset with attributes `cpeParts` and `cpe` for each guess. + +### Package URL {#sec-meta-identifiers-purl} + +[Package URL](https://github.com/package-url/purl-spec) (pURL) is a specification to reliably identify and locate software packages. + +#### `meta.identifiers.purlParts` {#var-meta-identifiers-purlParts} + +This attribute contains an attribute set of all parts of the pURL for this package. + +* `type` mandatory [type](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/docs/standard/summary.md) which needs to be provided +* `spec` specify the pURL in accordance with the [purl-spec](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/purl-specification.md) + +#### `meta.identifiers.purl` {#var-meta-identifiers-purl} + +A readonly attribute which is built based on purlParts. diff --git a/pkgs/build-support/fetchgit/default.nix b/pkgs/build-support/fetchgit/default.nix index b2f5f15a309da..ed9daa7ff525c 100644 --- a/pkgs/build-support/fetchgit/default.nix +++ b/pkgs/build-support/fetchgit/default.nix @@ -185,7 +185,15 @@ lib.makeOverridable ( "FETCHGIT_HTTP_PROXIES" ]; - inherit preferLocalBuild meta allowedRequisites; + inherit preferLocalBuild allowedRequisites; + + meta = meta // { + identifiers.purlParts = { + type = "generic"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md + spec = "${name}?vcs_url=${url}@${(lib.revOrTag rev tag)}"; + }; + }; passthru = { gitRepoUrl = url; diff --git a/pkgs/build-support/fetchgithub/default.nix b/pkgs/build-support/fetchgithub/default.nix index 2b3ab060418af..fbbf1dd153b19 100644 --- a/pkgs/build-support/fetchgithub/default.nix +++ b/pkgs/build-support/fetchgithub/default.nix @@ -43,14 +43,36 @@ lib.makeOverridable ( ); baseUrl = "https://${githubBase}/${owner}/${repo}"; newMeta = - meta - // { - homepage = meta.homepage or baseUrl; - } - // lib.optionalAttrs (position != null) { - # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation - position = "${position.file}:${toString position.line}"; - }; + lib.recursiveUpdate + ( + meta + // { + homepage = meta.homepage or baseUrl; + } + // lib.optionalAttrs (position != null) { + # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation + position = "${position.file}:${toString position.line}"; + } + ) + + ( + { + identifiers.purlParts = + if githubBase == "github.com" then + { + type = "github"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/github-definition.md + spec = "${owner}/${repo}@${(lib.revOrTag rev tag)}"; + } + else + { + type = "generic"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md + spec = "${repo}?vcs_url=https://${githubBase}/${owner}/${repo}@${(lib.revOrTag rev tag)}"; + }; + } + ); + passthruAttrs = removeAttrs args [ "owner" "repo" @@ -153,12 +175,15 @@ lib.makeOverridable ( // passthruAttrs // { inherit name; + } + # fetchurl / fetchzip is not a function, but fetchurlBoot is - ensure that the parameter is accepted and passed through + // lib.optionalAttrs (!builtins.isFunction fetcher || (builtins.functionArgs fetcher) ? meta) { + meta = newMeta; }; in fetcher fetcherArgs // { - meta = newMeta; inherit owner repo tag; rev = revWithTag; } diff --git a/pkgs/build-support/fetchpypi/default.nix b/pkgs/build-support/fetchpypi/default.nix index cb7e443ab7eff..7510582ccf58b 100644 --- a/pkgs/build-support/fetchpypi/default.nix +++ b/pkgs/build-support/fetchpypi/default.nix @@ -51,6 +51,8 @@ makeOverridable ( format ? "setuptools", sha256 ? "", hash ? "", + pname, + version, ... }@attrs: let @@ -60,8 +62,20 @@ makeOverridable ( "hash" ] ); + meta = { + identifiers.purlParts = { + type = "pypi"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/pypi-definition.md + spec = "${pname}@${version}"; + }; + }; in fetchurl { - inherit url sha256 hash; + inherit + url + sha256 + hash + meta + ; } ) diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix index eb8e76101c492..c7ff2f0dce700 100644 --- a/pkgs/development/interpreters/python/mk-python-derivation.nix +++ b/pkgs/development/interpreters/python/mk-python-derivation.nix @@ -416,6 +416,7 @@ let # default to python's platforms platforms = python.meta.platforms; isBuildPythonPackage = python.meta.platforms; + identifiers.purlParts = attrs.src.meta.identifiers.purlParts or { }; } // meta; } diff --git a/pkgs/development/ruby-modules/gem/default.nix b/pkgs/development/ruby-modules/gem/default.nix index 0e3c1c4187f2a..d8b91063ef51d 100644 --- a/pkgs/development/ruby-modules/gem/default.nix +++ b/pkgs/development/ruby-modules/gem/default.nix @@ -300,6 +300,16 @@ lib.makeOverridable ( platforms = ruby.meta.platforms; mainProgram = gemName; } + // (lib.optionalAttrs (type == "gem") { + identifiers.purlParts = { + type = "gem"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/gem-definition.md + spec = "${gemName}@${version}?platform=${platform}"; + }; + }) + // (lib.optionalAttrs (type == "git") { + identifiers.purlParts = src.meta.identifiers.purlParts or { }; + }) // meta; } ) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index d8f519b0f1851..4dbc7dd0520a5 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -605,6 +605,12 @@ let }) tryCPEPatchVersionInUpdateWithVendor ]; + hasAllPURLParts = + purlParts: + let + values = attrValues purlParts; + in + (length values == 2) && !any isNull values; # The meta attribute is passed in the resulting attribute set, # but it's not part of the actual derivation, i.e., it's not @@ -710,9 +716,18 @@ let cpe = makeCPE guessedParts; } ) possibleCPEPartsFuns; + + purlParts = attrs.meta.identifiers.purlParts or { }; + purl = if hasAllPURLParts purlParts then "pkg:${purlParts.type}/${purlParts.spec}" else null; + v1 = { - inherit cpeParts possibleCPEs; + inherit + cpeParts + possibleCPEs + purlParts + ; ${if cpe != null then "cpe" else null} = cpe; + ${if purl != null then "purl" else null} = purl; }; in v1 From 0a69474ed34ef6a4e82804b4b2d844deb126a1ab Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Sat, 20 Sep 2025 18:22:53 +0200 Subject: [PATCH 02/17] stdenv: pURL github speed optimization --- pkgs/build-support/fetchgithub/default.nix | 50 +++++++++------------- 1 file changed, 21 insertions(+), 29 deletions(-) diff --git a/pkgs/build-support/fetchgithub/default.nix b/pkgs/build-support/fetchgithub/default.nix index fbbf1dd153b19..caf82cf7de533 100644 --- a/pkgs/build-support/fetchgithub/default.nix +++ b/pkgs/build-support/fetchgithub/default.nix @@ -43,35 +43,27 @@ lib.makeOverridable ( ); baseUrl = "https://${githubBase}/${owner}/${repo}"; newMeta = - lib.recursiveUpdate - ( - meta - // { - homepage = meta.homepage or baseUrl; - } - // lib.optionalAttrs (position != null) { - # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation - position = "${position.file}:${toString position.line}"; - } - ) - - ( - { - identifiers.purlParts = - if githubBase == "github.com" then - { - type = "github"; - # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/github-definition.md - spec = "${owner}/${repo}@${(lib.revOrTag rev tag)}"; - } - else - { - type = "generic"; - # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md - spec = "${repo}?vcs_url=https://${githubBase}/${owner}/${repo}@${(lib.revOrTag rev tag)}"; - }; - } - ); + meta + // { + homepage = meta.homepage or baseUrl; + identifiers.purlParts = + if githubBase == "github.com" then + { + type = "github"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/github-definition.md + spec = "${owner}/${repo}@${(lib.revOrTag rev tag)}"; + } + else + { + type = "generic"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md + spec = "${repo}?vcs_url=https://${githubBase}/${owner}/${repo}@${(lib.revOrTag rev tag)}"; + }; + } + // lib.optionalAttrs (position != null) { + # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation + position = "${position.file}:${toString position.line}"; + }; passthruAttrs = removeAttrs args [ "owner" From 2e46d00d76d3c9690e9713a9c2686c328e3779da Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Sat, 20 Sep 2025 18:24:18 +0200 Subject: [PATCH 03/17] stdenv: pURL docu enhancements & list interface --- doc/redirects.json | 3 +++ doc/release-notes/rl-2511.section.md | 2 +- doc/stdenv/meta.chapter.md | 8 ++++++-- pkgs/stdenv/generic/check-meta.nix | 2 ++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/doc/redirects.json b/doc/redirects.json index 0ab407db19f37..72b46ad9aba20 100644 --- a/doc/redirects.json +++ b/doc/redirects.json @@ -652,6 +652,9 @@ "var-meta-identifiers-purlParts": [ "index.html#var-meta-identifiers-purlParts" ], + "var-meta-identifiers-purls": [ + "index.html#var-meta-identifiers-purls" + ], "var-meta-teams": [ "index.html#var-meta-teams" ], diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 6d5cf577fb72a..9f59e6f92ffe2 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -176,7 +176,7 @@ -- Metadata identifier pURL (https://github.com/package-url/purl-spec) has been added, which enables a SBOM generation. Maintainers are urged to check their `drv.meta.identifiers.v1.purl` for completeness. +- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and derivations for Perl, Python and Ruby derivations have been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. - Added `rewriteURL` attribute to the nixpkgs `config`, to allow for rewriting the URLs downloaded by `fetchurl`. diff --git a/doc/stdenv/meta.chapter.md b/doc/stdenv/meta.chapter.md index 606d607e04d13..94352e00d935a 100644 --- a/doc/stdenv/meta.chapter.md +++ b/doc/stdenv/meta.chapter.md @@ -322,7 +322,7 @@ A readonly attribute containing the list of guesses for what CPE for this packag ### Package URL {#sec-meta-identifiers-purl} -[Package URL](https://github.com/package-url/purl-spec) (pURL) is a specification to reliably identify and locate software packages. +[Package URL](https://github.com/package-url/purl-spec) (pURL) is a specification to reliably identify and locate software packages. Through identification of software packages, additional (non-major) use cases are e.g. software license cross-verification via third party databases or initial vulnerability response management. Package URL's default to the mkDerivation.src, as the original consumed software package is the single point of truth. #### `meta.identifiers.purlParts` {#var-meta-identifiers-purlParts} @@ -333,4 +333,8 @@ This attribute contains an attribute set of all parts of the pURL for this packa #### `meta.identifiers.purl` {#var-meta-identifiers-purl} -A readonly attribute which is built based on purlParts. +A readonly attribute which is built based on purlParts. It is the main identifier, consumers should consider using the pURL's list interface to be prepared for edge cases. + +#### `meta.identifiers.purls` {#var-meta-identifiers-purls} + +A readonly attribute list which defaults to a single element equal to the main pURL. It provides an interface for additional identifiers of mkDerivation.src and / or vendored dependencies inside mkDerivation.src, which maintainers can conciously decide to use on top. Identifiers different to the default src identifier are not recommended by default as they might cause maintenance overhead or may diverge (e.g. differences between source distribution pkg:github and binary distribution like pkg:pypi). diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 4dbc7dd0520a5..231867cd04cdf 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -719,12 +719,14 @@ let purlParts = attrs.meta.identifiers.purlParts or { }; purl = if hasAllPURLParts purlParts then "pkg:${purlParts.type}/${purlParts.spec}" else null; + purls = optional (purl != null) purl; v1 = { inherit cpeParts possibleCPEs purlParts + purls ; ${if cpe != null then "cpe" else null} = cpe; ${if purl != null then "purl" else null} = purl; From c78e6a235962eb272981ea6b16939034c0fde575 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Sat, 20 Sep 2025 18:23:32 +0200 Subject: [PATCH 04/17] stdenv: pURL golang support --- doc/release-notes/rl-2511.section.md | 2 +- pkgs/build-support/go/module.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 9f59e6f92ffe2..44099ea8c8b84 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -176,7 +176,7 @@ -- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and derivations for Perl, Python and Ruby derivations have been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. +- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and derivations for Perl, Python, Ruby and Golang derivations have been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. - Added `rewriteURL` attribute to the nixpkgs `config`, to allow for rewriting the URLs downloaded by `fetchurl`. diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 00ba03533e345..7759fbd4b8972 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -424,6 +424,7 @@ lib.extendMkDerivation { meta = { # Add default meta information. platforms = go.meta.platforms or lib.platforms.all; + identifiers.purlParts = finalAttrs.src.meta.identifiers.purlParts or { }; } // meta; }; From 64a6ca1114355caca991817cba83c4beb18136e2 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Sat, 20 Sep 2025 22:53:24 +0200 Subject: [PATCH 05/17] stdenv: pURL speed optimization --- pkgs/build-support/go/module.nix | 7 ++++++- .../interpreters/python/mk-python-derivation.nix | 7 ++++++- pkgs/development/ruby-modules/gem/default.nix | 6 +++++- pkgs/stdenv/generic/check-meta.nix | 16 ++++++---------- 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 7759fbd4b8972..2ed86cb759c7b 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -424,7 +424,12 @@ lib.extendMkDerivation { meta = { # Add default meta information. platforms = go.meta.platforms or lib.platforms.all; - identifiers.purlParts = finalAttrs.src.meta.identifiers.purlParts or { }; + identifiers = { + ${if (finalAttrs.src.meta.identifiers.purl or null) != null then "purl" else null} = + finalAttrs.src.meta.identifiers.purl; + ${if (finalAttrs.src.meta.identifiers.purls or null) != null then "purls" else null} = + finalAttrs.src.meta.identifiers.purls; + }; } // meta; }; diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix index c7ff2f0dce700..c153d2c01fc02 100644 --- a/pkgs/development/interpreters/python/mk-python-derivation.nix +++ b/pkgs/development/interpreters/python/mk-python-derivation.nix @@ -416,7 +416,12 @@ let # default to python's platforms platforms = python.meta.platforms; isBuildPythonPackage = python.meta.platforms; - identifiers.purlParts = attrs.src.meta.identifiers.purlParts or { }; + identifiers = { + ${if (attrs.src.meta.identifiers.purl or null) != null then "purl" else null} = + attrs.src.meta.identifiers.purl; + ${if (attrs.src.meta.identifiers.purls or null) != null then "purls" else null} = + attrs.src.meta.identifiers.purls; + }; } // meta; } diff --git a/pkgs/development/ruby-modules/gem/default.nix b/pkgs/development/ruby-modules/gem/default.nix index d8b91063ef51d..ec4777d1ee502 100644 --- a/pkgs/development/ruby-modules/gem/default.nix +++ b/pkgs/development/ruby-modules/gem/default.nix @@ -308,7 +308,11 @@ lib.makeOverridable ( }; }) // (lib.optionalAttrs (type == "git") { - identifiers.purlParts = src.meta.identifiers.purlParts or { }; + identifiers = { + ${if (src.meta.identifiers.purl or null) != null then "purl" else null} = src.meta.identifiers.purl; + ${if (src.meta.identifiers.purls or null) != null then "purls" else null} = + src.meta.identifiers.purls; + }; }) // meta; } diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 231867cd04cdf..cd690197939b3 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -605,12 +605,6 @@ let }) tryCPEPatchVersionInUpdateWithVendor ]; - hasAllPURLParts = - purlParts: - let - values = attrValues purlParts; - in - (length values == 2) && !any isNull values; # The meta attribute is passed in the resulting attribute set, # but it's not part of the actual derivation, i.e., it's not @@ -718,14 +712,16 @@ let ) possibleCPEPartsFuns; purlParts = attrs.meta.identifiers.purlParts or { }; - purl = if hasAllPURLParts purlParts then "pkg:${purlParts.type}/${purlParts.spec}" else null; - purls = optional (purl != null) purl; + purl = + attrs.meta.identifiers.purl or ( + if purlParts ? type && purlParts ? spec then "pkg:${purlParts.type}/${purlParts.spec}" else null + ); + purls = attrs.meta.identifiers.purls or (optional (purl != null) purl); v1 = { inherit cpeParts possibleCPEs - purlParts purls ; ${if cpe != null then "cpe" else null} = cpe; @@ -734,7 +730,7 @@ let in v1 // { - inherit v1; + inherit v1 purlParts; }; # Expose the result of the checks for everyone to see. From 22dbee80107516b858abd3d7a45c149a316a78d8 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Sun, 21 Sep 2025 12:49:31 +0200 Subject: [PATCH 06/17] stdenv: pURL non-default adjustment examples --- doc/release-notes/rl-2511.section.md | 2 +- pkgs/by-name/jq/jq/package.nix | 4 ++++ pkgs/by-name/po/popt/package.nix | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 44099ea8c8b84..1e88dfe174a40 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -176,7 +176,7 @@ -- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and derivations for Perl, Python, Ruby and Golang derivations have been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. +- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and derivations for Perl, Python, Ruby and Golang derivations have been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers of derivations using the adopted fetchers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. Maintainers using fetchurl for `drv.src` are urged to adopt their `drv.meta.identifiers.purlParts` for proper identification. - Added `rewriteURL` attribute to the nixpkgs `config`, to allow for rewriting the URLs downloaded by `fetchurl`. diff --git a/pkgs/by-name/jq/jq/package.nix b/pkgs/by-name/jq/jq/package.nix index b2a0941a79fe4..5ad75de67faf0 100644 --- a/pkgs/by-name/jq/jq/package.nix +++ b/pkgs/by-name/jq/jq/package.nix @@ -134,5 +134,9 @@ stdenv.mkDerivation (finalAttrs: { ]; platforms = lib.platforms.unix; mainProgram = "jq"; + identifiers.purlParts = { + type = "github"; + spec = "jqlang/jq@jq-${finalAttrs.version}"; + }; }; }) diff --git a/pkgs/by-name/po/popt/package.nix b/pkgs/by-name/po/popt/package.nix index eb9e4f3685ed4..c40e17228f54a 100644 --- a/pkgs/by-name/po/popt/package.nix +++ b/pkgs/by-name/po/popt/package.nix @@ -49,5 +49,9 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ qyliss ]; license = licenses.mit; platforms = platforms.unix; + identifiers.purlParts = { + type = "github"; + spec = "rpm-software-management/popt@popt-${version}-release"; + }; }; } From 1f173d017207dc039a1c2494fd88c20d757d864c Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Fri, 10 Oct 2025 11:09:22 +0200 Subject: [PATCH 07/17] stdenv: pURL review suggestions --- pkgs/build-support/fetchgithub/default.nix | 10 ++++---- pkgs/build-support/go/module.nix | 8 ++----- .../python/mk-python-derivation.nix | 8 ++----- pkgs/development/ruby-modules/gem/default.nix | 23 ++++++++----------- 4 files changed, 19 insertions(+), 30 deletions(-) diff --git a/pkgs/build-support/fetchgithub/default.nix b/pkgs/build-support/fetchgithub/default.nix index caf82cf7de533..92a83de0f0510 100644 --- a/pkgs/build-support/fetchgithub/default.nix +++ b/pkgs/build-support/fetchgithub/default.nix @@ -167,10 +167,12 @@ lib.makeOverridable ( // passthruAttrs // { inherit name; - } - # fetchurl / fetchzip is not a function, but fetchurlBoot is - ensure that the parameter is accepted and passed through - // lib.optionalAttrs (!builtins.isFunction fetcher || (builtins.functionArgs fetcher) ? meta) { - meta = newMeta; + + # fetchurl / fetchzip is not a function, but fetchurlBoot is - ensure that the parameter is accepted and passed through + ${ + if (!builtins.isFunction fetcher || (builtins.functionArgs fetcher) ? meta) then "meta" else null + } = + newMeta; }; in diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 2ed86cb759c7b..a6d027c6bf067 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -424,12 +424,8 @@ lib.extendMkDerivation { meta = { # Add default meta information. platforms = go.meta.platforms or lib.platforms.all; - identifiers = { - ${if (finalAttrs.src.meta.identifiers.purl or null) != null then "purl" else null} = - finalAttrs.src.meta.identifiers.purl; - ${if (finalAttrs.src.meta.identifiers.purls or null) != null then "purls" else null} = - finalAttrs.src.meta.identifiers.purls; - }; + ${if (finalAttrs.src.meta.identifiers or null) != null then "identifiers" else null} = + finalAttrs.src.meta.identifiers; } // meta; }; diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix index c153d2c01fc02..7450fc2b9bc38 100644 --- a/pkgs/development/interpreters/python/mk-python-derivation.nix +++ b/pkgs/development/interpreters/python/mk-python-derivation.nix @@ -416,12 +416,8 @@ let # default to python's platforms platforms = python.meta.platforms; isBuildPythonPackage = python.meta.platforms; - identifiers = { - ${if (attrs.src.meta.identifiers.purl or null) != null then "purl" else null} = - attrs.src.meta.identifiers.purl; - ${if (attrs.src.meta.identifiers.purls or null) != null then "purls" else null} = - attrs.src.meta.identifiers.purls; - }; + ${if (attrs.src.meta.identifiers or null) != null then "identifiers" else null} = + attrs.src.meta.identifiers; } // meta; } diff --git a/pkgs/development/ruby-modules/gem/default.nix b/pkgs/development/ruby-modules/gem/default.nix index ec4777d1ee502..80ad8fa484134 100644 --- a/pkgs/development/ruby-modules/gem/default.nix +++ b/pkgs/development/ruby-modules/gem/default.nix @@ -77,6 +77,13 @@ lib.makeOverridable ( attrs.source.remotes or [ "https://rubygems.org" ] ); inherit (attrs.source) sha256; + meta = { + identifiers.purlParts = { + type = "gem"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/gem-definition.md + spec = "${gemName}@${version}?platform=${platform}"; + }; + }; } else if type == "git" then fetchgit { @@ -299,21 +306,9 @@ lib.makeOverridable ( # default to Ruby's platforms platforms = ruby.meta.platforms; mainProgram = gemName; + ${if (attrs.src.meta.identifiers or null) != null then "identifiers" else null} = + attrs.src.meta.identifiers; } - // (lib.optionalAttrs (type == "gem") { - identifiers.purlParts = { - type = "gem"; - # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/gem-definition.md - spec = "${gemName}@${version}?platform=${platform}"; - }; - }) - // (lib.optionalAttrs (type == "git") { - identifiers = { - ${if (src.meta.identifiers.purl or null) != null then "purl" else null} = src.meta.identifiers.purl; - ${if (src.meta.identifiers.purls or null) != null then "purls" else null} = - src.meta.identifiers.purls; - }; - }) // meta; } ) From cadcde9f7f04c239c0e187903d524ae57afce569 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Fri, 10 Oct 2025 11:54:33 +0000 Subject: [PATCH 08/17] stdenv: pURL review suggestions - part 2 --- pkgs/build-support/go/module.nix | 8 ++++++-- .../interpreters/python/mk-python-derivation.nix | 8 ++++++-- pkgs/development/ruby-modules/gem/default.nix | 5 +++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index a6d027c6bf067..2ed86cb759c7b 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -424,8 +424,12 @@ lib.extendMkDerivation { meta = { # Add default meta information. platforms = go.meta.platforms or lib.platforms.all; - ${if (finalAttrs.src.meta.identifiers or null) != null then "identifiers" else null} = - finalAttrs.src.meta.identifiers; + identifiers = { + ${if (finalAttrs.src.meta.identifiers.purl or null) != null then "purl" else null} = + finalAttrs.src.meta.identifiers.purl; + ${if (finalAttrs.src.meta.identifiers.purls or null) != null then "purls" else null} = + finalAttrs.src.meta.identifiers.purls; + }; } // meta; }; diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix index 7450fc2b9bc38..fa0916fa5a6e3 100644 --- a/pkgs/development/interpreters/python/mk-python-derivation.nix +++ b/pkgs/development/interpreters/python/mk-python-derivation.nix @@ -416,8 +416,12 @@ let # default to python's platforms platforms = python.meta.platforms; isBuildPythonPackage = python.meta.platforms; - ${if (attrs.src.meta.identifiers or null) != null then "identifiers" else null} = - attrs.src.meta.identifiers; + identifiers = { + ${if (finalAttrs.src.meta.identifiers.purl or null) != null then "purl" else null} = + finalAttrs.src.meta.identifiers.purl; + ${if (finalAttrs.src.meta.identifiers.purls or null) != null then "purls" else null} = + finalAttrs.src.meta.identifiers.purls; + }; } // meta; } diff --git a/pkgs/development/ruby-modules/gem/default.nix b/pkgs/development/ruby-modules/gem/default.nix index 80ad8fa484134..8da6bd0d9f0c2 100644 --- a/pkgs/development/ruby-modules/gem/default.nix +++ b/pkgs/development/ruby-modules/gem/default.nix @@ -306,9 +306,10 @@ lib.makeOverridable ( # default to Ruby's platforms platforms = ruby.meta.platforms; mainProgram = gemName; - ${if (attrs.src.meta.identifiers or null) != null then "identifiers" else null} = - attrs.src.meta.identifiers; } + // (lib.optionalAttrs ((attrs.src.meta or { }) ? identifiers) { + inherit (attrs.src.meta) identifiers; + }) // meta; } ) From 25f90d7d20c46acd8eca5a8bf1b7f558e0efda02 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Fri, 10 Oct 2025 14:38:19 +0200 Subject: [PATCH 09/17] stdenv: pURL review suggestions - part 3 --- doc/stdenv/meta.chapter.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/stdenv/meta.chapter.md b/doc/stdenv/meta.chapter.md index 94352e00d935a..fdf7712415b37 100644 --- a/doc/stdenv/meta.chapter.md +++ b/doc/stdenv/meta.chapter.md @@ -333,8 +333,8 @@ This attribute contains an attribute set of all parts of the pURL for this packa #### `meta.identifiers.purl` {#var-meta-identifiers-purl} -A readonly attribute which is built based on purlParts. It is the main identifier, consumers should consider using the pURL's list interface to be prepared for edge cases. +An extendable attribute which is built based on purlParts. It is the main identifier, consumers should consider using the pURL's list interface to be prepared for edge cases. #### `meta.identifiers.purls` {#var-meta-identifiers-purls} -A readonly attribute list which defaults to a single element equal to the main pURL. It provides an interface for additional identifiers of mkDerivation.src and / or vendored dependencies inside mkDerivation.src, which maintainers can conciously decide to use on top. Identifiers different to the default src identifier are not recommended by default as they might cause maintenance overhead or may diverge (e.g. differences between source distribution pkg:github and binary distribution like pkg:pypi). +An extendable attribute list which defaults to a single element equal to the main pURL. It provides an interface for additional identifiers of mkDerivation.src and / or vendored dependencies inside mkDerivation.src, which maintainers can conciously decide to use on top. Identifiers different to the default src identifier are not recommended by default as they might cause maintenance overhead or may diverge (e.g. differences between source distribution pkg:github and binary distribution like pkg:pypi). From 83b6d2e657e2bbc19d55c48b0a888988014ac805 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Fri, 10 Oct 2025 15:13:18 +0200 Subject: [PATCH 10/17] stdenv: pURL review suggestions - part 4 --- pkgs/build-support/fetchgithub/default.nix | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/pkgs/build-support/fetchgithub/default.nix b/pkgs/build-support/fetchgithub/default.nix index 92a83de0f0510..115f8b5e867e3 100644 --- a/pkgs/build-support/fetchgithub/default.nix +++ b/pkgs/build-support/fetchgithub/default.nix @@ -167,12 +167,7 @@ lib.makeOverridable ( // passthruAttrs // { inherit name; - - # fetchurl / fetchzip is not a function, but fetchurlBoot is - ensure that the parameter is accepted and passed through - ${ - if (!builtins.isFunction fetcher || (builtins.functionArgs fetcher) ? meta) then "meta" else null - } = - newMeta; + meta = newMeta; }; in From 87977474f1802bb0a5dbc1e5ad60ce7f04624cc7 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Fri, 10 Oct 2025 17:00:16 +0200 Subject: [PATCH 11/17] stdenv: pURL review suggestions - move all logic to mkDerivation --- doc/release-notes/rl-2511.section.md | 2 +- pkgs/build-support/go/module.nix | 6 ---- .../python/mk-python-derivation.nix | 6 ---- pkgs/development/ruby-modules/gem/default.nix | 3 -- pkgs/stdenv/generic/check-meta.nix | 29 +++++++++++++++++-- 5 files changed, 27 insertions(+), 19 deletions(-) diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index 1e88dfe174a40..93c5143f9679f 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -176,7 +176,7 @@ -- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and derivations for Perl, Python, Ruby and Golang derivations have been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers of derivations using the adopted fetchers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. Maintainers using fetchurl for `drv.src` are urged to adopt their `drv.meta.identifiers.purlParts` for proper identification. +- Metadata identifier purl (Package URL, https://github.com/package-url/purl-spec) has been added for fetchgit, fetchpypi and fetchFromGithub fetchers and mkDerivation has been adjusted to reuse these informations. Package URL's enables a reliable identification and locatization of software packages. Maintainers of derivations using the adopted fetchers should rely on the `drv.src.meta.identifiers.v1.purl` default identifier and can enhance their `drv.meta.identifiers.v1.purls` list once they would like to have additional identifiers. Maintainers using fetchurl for `drv.src` are urged to adopt their `drv.meta.identifiers.purlParts` for proper identification. - Added `rewriteURL` attribute to the nixpkgs `config`, to allow for rewriting the URLs downloaded by `fetchurl`. diff --git a/pkgs/build-support/go/module.nix b/pkgs/build-support/go/module.nix index 2ed86cb759c7b..00ba03533e345 100644 --- a/pkgs/build-support/go/module.nix +++ b/pkgs/build-support/go/module.nix @@ -424,12 +424,6 @@ lib.extendMkDerivation { meta = { # Add default meta information. platforms = go.meta.platforms or lib.platforms.all; - identifiers = { - ${if (finalAttrs.src.meta.identifiers.purl or null) != null then "purl" else null} = - finalAttrs.src.meta.identifiers.purl; - ${if (finalAttrs.src.meta.identifiers.purls or null) != null then "purls" else null} = - finalAttrs.src.meta.identifiers.purls; - }; } // meta; }; diff --git a/pkgs/development/interpreters/python/mk-python-derivation.nix b/pkgs/development/interpreters/python/mk-python-derivation.nix index fa0916fa5a6e3..eb8e76101c492 100644 --- a/pkgs/development/interpreters/python/mk-python-derivation.nix +++ b/pkgs/development/interpreters/python/mk-python-derivation.nix @@ -416,12 +416,6 @@ let # default to python's platforms platforms = python.meta.platforms; isBuildPythonPackage = python.meta.platforms; - identifiers = { - ${if (finalAttrs.src.meta.identifiers.purl or null) != null then "purl" else null} = - finalAttrs.src.meta.identifiers.purl; - ${if (finalAttrs.src.meta.identifiers.purls or null) != null then "purls" else null} = - finalAttrs.src.meta.identifiers.purls; - }; } // meta; } diff --git a/pkgs/development/ruby-modules/gem/default.nix b/pkgs/development/ruby-modules/gem/default.nix index 8da6bd0d9f0c2..7ea5a32d70cc2 100644 --- a/pkgs/development/ruby-modules/gem/default.nix +++ b/pkgs/development/ruby-modules/gem/default.nix @@ -307,9 +307,6 @@ lib.makeOverridable ( platforms = ruby.meta.platforms; mainProgram = gemName; } - // (lib.optionalAttrs ((attrs.src.meta or { }) ? identifiers) { - inherit (attrs.src.meta) identifiers; - }) // meta; } ) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index cd690197939b3..09d5362fc7fea 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -34,6 +34,7 @@ let toList isList elem + flatten ; inherit (lib.meta) @@ -711,12 +712,34 @@ let } ) possibleCPEPartsFuns; + # search for a pURL in the following order: + # - locally set + # - src.meta.pURL + # - srcs[].meta.pURL (for pURLs only) purlParts = attrs.meta.identifiers.purlParts or { }; purl = - attrs.meta.identifiers.purl or ( - if purlParts ? type && purlParts ? spec then "pkg:${purlParts.type}/${purlParts.spec}" else null + if purlParts ? type && purlParts ? spec then + "pkg:${purlParts.type}/${purlParts.spec}" + else + (attrs.src.meta.identifiers.purl or null); + purls = + attrs.meta.identifiers.purls or ( + if purl != null then + [ purl ] + else + (attrs.src.meta.identifiers.purls or ( + # some of the srcs may not have a pURL + builtins.filter (purl: purl != null) ( + map + # get the pURLs from a single derivation + (derivation: derivation.meta.identifiers.purls or null) + + # sometimes srcs is a single derivation + (flatten (attrs.srcs or [ ])) + ) + ) + ) ); - purls = attrs.meta.identifiers.purls or (optional (purl != null) purl); v1 = { inherit From 81dc446ee36274f737a05755af92b74e70e0c07d Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Fri, 10 Oct 2025 17:17:13 +0200 Subject: [PATCH 12/17] stdenv: pURL review suggestions - align naming Co-authored-by: Philippe Ombredanne --- doc/stdenv/meta.chapter.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/stdenv/meta.chapter.md b/doc/stdenv/meta.chapter.md index fdf7712415b37..55727bb84b8b3 100644 --- a/doc/stdenv/meta.chapter.md +++ b/doc/stdenv/meta.chapter.md @@ -322,19 +322,19 @@ A readonly attribute containing the list of guesses for what CPE for this packag ### Package URL {#sec-meta-identifiers-purl} -[Package URL](https://github.com/package-url/purl-spec) (pURL) is a specification to reliably identify and locate software packages. Through identification of software packages, additional (non-major) use cases are e.g. software license cross-verification via third party databases or initial vulnerability response management. Package URL's default to the mkDerivation.src, as the original consumed software package is the single point of truth. +[Package-URL](https://github.com/package-url/purl-spec) (PURL) is a specification to reliably identify and locate software packages. Through identification of software packages, additional (non-major) use cases are e.g. software license cross-verification via third party databases or initial vulnerability response management. Package URL's default to the mkDerivation.src, as the original consumed software package is the single point of truth. #### `meta.identifiers.purlParts` {#var-meta-identifiers-purlParts} -This attribute contains an attribute set of all parts of the pURL for this package. +This attribute contains an attribute set of all parts of the PURL for this package. * `type` mandatory [type](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/docs/standard/summary.md) which needs to be provided -* `spec` specify the pURL in accordance with the [purl-spec](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/purl-specification.md) +* `spec` specify the PURL in accordance with the [purl-spec](https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/purl-specification.md) #### `meta.identifiers.purl` {#var-meta-identifiers-purl} -An extendable attribute which is built based on purlParts. It is the main identifier, consumers should consider using the pURL's list interface to be prepared for edge cases. +An extendable attribute which is built based on purlParts. It is the main identifier, consumers should consider using the PURL's list interface to be prepared for edge cases. #### `meta.identifiers.purls` {#var-meta-identifiers-purls} -An extendable attribute list which defaults to a single element equal to the main pURL. It provides an interface for additional identifiers of mkDerivation.src and / or vendored dependencies inside mkDerivation.src, which maintainers can conciously decide to use on top. Identifiers different to the default src identifier are not recommended by default as they might cause maintenance overhead or may diverge (e.g. differences between source distribution pkg:github and binary distribution like pkg:pypi). +An extendable attribute list which defaults to a single element equal to the main PURL. It provides an interface for additional identifiers of mkDerivation.src and / or vendored dependencies inside mkDerivation.src, which maintainers can conciously decide to use on top. Identifiers different to the default src identifier are not recommended by default as they might cause maintenance overhead or may diverge (e.g. differences between source distribution pkg:github and binary distribution like pkg:pypi). From 3ddee85a175472d063063a3423524f668ed31b86 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Tue, 14 Oct 2025 12:51:15 +0200 Subject: [PATCH 13/17] stdenv: pURL review suggestions - part 5 --- pkgs/stdenv/generic/check-meta.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 09d5362fc7fea..873d75d26d7be 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -35,6 +35,7 @@ let isList elem flatten + filter ; inherit (lib.meta) @@ -300,7 +301,7 @@ let let expectedOutputs = attrs.meta.outputsToInstall or [ ]; actualOutputs = attrs.outputs or [ "out" ]; - missingOutputs = builtins.filter (output: !builtins.elem output actualOutputs) expectedOutputs; + missingOutputs = filter (output: !builtins.elem output actualOutputs) expectedOutputs; in '' The package ${getNameWithVersion attrs} has set meta.outputsToInstall to: ${builtins.concatStringsSep ", " expectedOutputs} @@ -476,7 +477,7 @@ let let expectedOutputs = attrs.meta.outputsToInstall or [ ]; actualOutputs = attrs.outputs or [ "out" ]; - missingOutputs = builtins.filter (output: !builtins.elem output actualOutputs) expectedOutputs; + missingOutputs = filter (output: !builtins.elem output actualOutputs) expectedOutputs; in if config.checkMeta then builtins.length missingOutputs > 0 else false; @@ -712,10 +713,10 @@ let } ) possibleCPEPartsFuns; - # search for a pURL in the following order: + # search for a PURL in the following order: # - locally set - # - src.meta.pURL - # - srcs[].meta.pURL (for pURLs only) + # - src.meta.PURL + # - srcs[].meta.PURL (for PURL only) purlParts = attrs.meta.identifiers.purlParts or { }; purl = if purlParts ? type && purlParts ? spec then @@ -728,11 +729,11 @@ let [ purl ] else (attrs.src.meta.identifiers.purls or ( - # some of the srcs may not have a pURL - builtins.filter (purl: purl != null) ( + # some of the srcs may not have a PURL + filter (purl: purl != null) ( map - # get the pURLs from a single derivation - (derivation: derivation.meta.identifiers.purls or null) + # get the PURLs from a single derivation + (drv: drv.meta.identifiers.purls or null) # sometimes srcs is a single derivation (flatten (attrs.srcs or [ ])) From f7cbf2374b500cc2b87dbba11baa9b4ea03d6086 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Tue, 14 Oct 2025 15:36:56 +0200 Subject: [PATCH 14/17] stdenv: pURL review suggestions - fix srcs flatten case --- pkgs/stdenv/generic/check-meta.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index 873d75d26d7be..e2464e76ac35d 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -731,12 +731,14 @@ let (attrs.src.meta.identifiers.purls or ( # some of the srcs may not have a PURL filter (purl: purl != null) ( - map - # get the PURLs from a single derivation - (drv: drv.meta.identifiers.purls or null) - - # sometimes srcs is a single derivation - (flatten (attrs.srcs or [ ])) + flatten ( + map + # get the PURLs from a single derivation + (drv: drv.meta.identifiers.purls or null) + + # sometimes srcs is a single derivation + (flatten (attrs.srcs or [ ])) + ) ) ) ) From bacccc39a9cfd80b62940002f0c656add2aa3619 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Tue, 14 Oct 2025 14:53:13 +0000 Subject: [PATCH 15/17] stdenv: pURL - fix chaining case (github&submodules using fetchgit) --- pkgs/build-support/fetchgit/default.nix | 4 ++-- pkgs/build-support/fetchgithub/default.nix | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/build-support/fetchgit/default.nix b/pkgs/build-support/fetchgit/default.nix index ed9daa7ff525c..581cd1c9a19cc 100644 --- a/pkgs/build-support/fetchgit/default.nix +++ b/pkgs/build-support/fetchgit/default.nix @@ -187,13 +187,13 @@ lib.makeOverridable ( inherit preferLocalBuild allowedRequisites; - meta = meta // { + meta = lib.recursiveUpdate { identifiers.purlParts = { type = "generic"; # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md spec = "${name}?vcs_url=${url}@${(lib.revOrTag rev tag)}"; }; - }; + } meta; passthru = { gitRepoUrl = url; diff --git a/pkgs/build-support/fetchgithub/default.nix b/pkgs/build-support/fetchgithub/default.nix index 115f8b5e867e3..07c4c393ed88b 100644 --- a/pkgs/build-support/fetchgithub/default.nix +++ b/pkgs/build-support/fetchgithub/default.nix @@ -42,9 +42,8 @@ lib.makeOverridable ( builtins.unsafeGetAttrPos "rev" args ); baseUrl = "https://${githubBase}/${owner}/${repo}"; - newMeta = - meta - // { + newMeta = lib.recursiveUpdate ( + { homepage = meta.homepage or baseUrl; identifiers.purlParts = if githubBase == "github.com" then @@ -63,7 +62,8 @@ lib.makeOverridable ( // lib.optionalAttrs (position != null) { # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation position = "${position.file}:${toString position.line}"; - }; + } + ) meta; passthruAttrs = removeAttrs args [ "owner" From 028af7c17dacf56953cafd8a19aaecd12edf7921 Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Tue, 14 Oct 2025 18:59:25 +0200 Subject: [PATCH 16/17] stdenv: pURL review suggestions - replace merge --- pkgs/build-support/fetchgit/default.nix | 17 ++++++---- pkgs/build-support/fetchgithub/default.nix | 37 ++++++++++++---------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/pkgs/build-support/fetchgit/default.nix b/pkgs/build-support/fetchgit/default.nix index 581cd1c9a19cc..05abacef8d803 100644 --- a/pkgs/build-support/fetchgit/default.nix +++ b/pkgs/build-support/fetchgit/default.nix @@ -187,13 +187,16 @@ lib.makeOverridable ( inherit preferLocalBuild allowedRequisites; - meta = lib.recursiveUpdate { - identifiers.purlParts = { - type = "generic"; - # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md - spec = "${name}?vcs_url=${url}@${(lib.revOrTag rev tag)}"; - }; - } meta; + meta = meta // { + identifiers = { + purlParts = { + type = "generic"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md + spec = "${name}?vcs_url=${url}@${(lib.revOrTag rev tag)}"; + }; + } + // meta.identifiers or { }; + }; passthru = { gitRepoUrl = url; diff --git a/pkgs/build-support/fetchgithub/default.nix b/pkgs/build-support/fetchgithub/default.nix index 07c4c393ed88b..a19a0a5a3cab8 100644 --- a/pkgs/build-support/fetchgithub/default.nix +++ b/pkgs/build-support/fetchgithub/default.nix @@ -42,28 +42,31 @@ lib.makeOverridable ( builtins.unsafeGetAttrPos "rev" args ); baseUrl = "https://${githubBase}/${owner}/${repo}"; - newMeta = lib.recursiveUpdate ( - { + newMeta = + meta + // { homepage = meta.homepage or baseUrl; - identifiers.purlParts = - if githubBase == "github.com" then - { - type = "github"; - # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/github-definition.md - spec = "${owner}/${repo}@${(lib.revOrTag rev tag)}"; - } - else - { - type = "generic"; - # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md - spec = "${repo}?vcs_url=https://${githubBase}/${owner}/${repo}@${(lib.revOrTag rev tag)}"; - }; + identifiers = { + purlParts = + if githubBase == "github.com" then + { + type = "github"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/github-definition.md + spec = "${owner}/${repo}@${(lib.revOrTag rev tag)}"; + } + else + { + type = "generic"; + # https://github.com/package-url/purl-spec/blob/18fd3e395dda53c00bc8b11fe481666dc7b3807a/types-doc/generic-definition.md + spec = "${repo}?vcs_url=https://${githubBase}/${owner}/${repo}@${(lib.revOrTag rev tag)}"; + }; + } + // meta.identifiers or { }; } // lib.optionalAttrs (position != null) { # to indicate where derivation originates, similar to make-derivation.nix's mkDerivation position = "${position.file}:${toString position.line}"; - } - ) meta; + }; passthruAttrs = removeAttrs args [ "owner" From 0ef545933fb1a707b70cb94b475a07343aa9ae7e Mon Sep 17 00:00:00 2001 From: Hans Joachim Kliemeck Date: Thu, 16 Oct 2025 08:42:08 +0000 Subject: [PATCH 17/17] stdenv: pURL - last review suggestion --- pkgs/stdenv/generic/check-meta.nix | 41 ++++++++++++++++-------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/pkgs/stdenv/generic/check-meta.nix b/pkgs/stdenv/generic/check-meta.nix index e2464e76ac35d..da0e8f4bb182a 100644 --- a/pkgs/stdenv/generic/check-meta.nix +++ b/pkgs/stdenv/generic/check-meta.nix @@ -713,33 +713,36 @@ let } ) possibleCPEPartsFuns; - # search for a PURL in the following order: - # - locally set - # - src.meta.PURL - # - srcs[].meta.PURL (for PURL only) purlParts = attrs.meta.identifiers.purlParts or { }; + purlPartsFormatted = + if purlParts ? type && purlParts ? spec then "pkg:${purlParts.type}/${purlParts.spec}" else null; + + # search for a PURL in the following order: purl = - if purlParts ? type && purlParts ? spec then - "pkg:${purlParts.type}/${purlParts.spec}" + # 1) locally set through API + if purlPartsFormatted != null then + purlPartsFormatted else + # 2) locally overwritten through meta.identifiers.purl (attrs.src.meta.identifiers.purl or null); + + # search for a PURL in the following order: purls = + # 1) locally overwritten through meta.identifiers.purls (e.g. extension of list) attrs.meta.identifiers.purls or ( - if purl != null then - [ purl ] + # 2) locally set through API + if purlPartsFormatted != null then + [ purlPartsFormatted ] else + # 3) src.meta.PURL (attrs.src.meta.identifiers.purls or ( - # some of the srcs may not have a PURL - filter (purl: purl != null) ( - flatten ( - map - # get the PURLs from a single derivation - (drv: drv.meta.identifiers.purls or null) - - # sometimes srcs is a single derivation - (flatten (attrs.srcs or [ ])) - ) - ) + # 4) srcs.meta.PURL + if !attrs ? srcs then + [ ] + else if isList attrs.srcs then + concatMap (drv: drv.meta.identifiers.purls or [ ]) attrs.srcs + else + attrs.srcs.meta.identifiers.purls or [ ] ) ) );