introduce permitted_insecure_packages for nixpkgs

TyberiusPrime · Jul 1, 2024 · 5ae73bf · 5ae73bf
1 parent ac9f0bd
commit 5ae73bf
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 20 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "anysnake2"
-version = "1.15.2"
+version = "1.15.5"
 authors = ["Florian Finkernagel <[email protected]>"]
 edition = "2021"
 

diff --git a/src/config.rs b/src/config.rs
@@ -150,6 +150,8 @@ pub struct NixPkgs {
     pub packages: Option<Vec<String>>,
     #[serde(default = "NixPkgs::default_allow_unfree")]
     pub allow_unfree: bool,
+
+    pub permitted_insecure_packages: Option<Vec<String>>,
 }
 
 impl NixPkgs {

diff --git a/src/flake_template.nix b/src/flake_template.nix
@@ -15,6 +15,7 @@
         inherit system overlays;
         config = {
           allowUnfree = "%ALLOW_UNFREE%";
+          permittedInsecurePackages = [ "%PERMITTED_INSECURE_PACKAGES%" ];
         };
       };
       mach-nix_ = "%MACHNIX%";

diff --git a/src/flake_writer.rs b/src/flake_writer.rs
@@ -277,30 +277,39 @@ old: old // {{\"_\"  = old.\"_\" // {{
 
             fn attrset_from_hashmap(attrset: &HashMap<String, String>) -> String {
                 let mut out = "".to_string();
-                    for (pkg_name, override_nix_func) in attrset.iter() {
-                        out
-                            .push_str(&format!("\"{}\" = ({});", pkg_name, override_nix_func));
-                    }
-                    out
-
+                for (pkg_name, override_nix_func) in attrset.iter() {
+                    out.push_str(&format!("\"{}\" = ({});", pkg_name, override_nix_func));
+                }
+                out
             }
 
-            let r_override_args = r_config.override_attrs.as_ref().map_or("".to_string(), attrset_from_hashmap);
-            let r_dependency_overrides = r_config.dependency_overrides.as_ref().map_or("".to_string(), attrset_from_hashmap);
-            let r_additional_packages = r_config.additional_packages.as_ref().map_or("".to_string(), attrset_from_hashmap);
+            let r_override_args = r_config
+                .override_attrs
+                .as_ref()
+                .map_or("".to_string(), attrset_from_hashmap);
+            let r_dependency_overrides = r_config
+                .dependency_overrides
+                .as_ref()
+                .map_or("".to_string(), attrset_from_hashmap);
+            let r_additional_packages = r_config
+                .additional_packages
+                .as_ref()
+                .map_or("".to_string(), attrset_from_hashmap);
 
-            let mut r_pkg_list: Vec<String> = r_config.packages.iter().map(|x| x.to_string()).collect();
+            let mut r_pkg_list: Vec<String> =
+                r_config.packages.iter().map(|x| x.to_string()).collect();
             if let Some(additional_packages) = &r_config.additional_packages {
                 for pkg_ver in additional_packages.keys() {
-                    let (pkg, _ver) = pkg_ver.split_once("_").expect("R.additional_packages key did not conform to 'name_version' schema");
+                    let (pkg, _ver) = pkg_ver.split_once("_").expect(
+                        "R.additional_packages key did not conform to 'name_version' schema",
+                    );
                     r_pkg_list.push(pkg.to_string());
                 }
             }
             //remove duplicates
             r_pkg_list.sort();
             r_pkg_list.dedup();
 
-
             let r_packages = format!(
                 "
                 R_tracked = nixR.R_by_date {{
@@ -312,14 +321,10 @@ old: old // {{\"_\"  = old.\"_\" // {{
                 }};
                 ",
                 &r_config.date,
-                r_pkg_list                    .iter()
-                    .map(|x| format!("\"{}\"", x))
-                    .join(" "),
-
-               r_override_args,
+                r_pkg_list.iter().map(|x| format!("\"{}\"", x)).join(" "),
+                r_override_args,
                 r_dependency_overrides,
                 r_additional_packages
-
             );
             overlays.push(
                 "(final: prev: { 
@@ -408,6 +413,13 @@ old: old // {{\"_\"  = old.\"_\" // {{
             "false"
         },
     );
+    flake_contents = flake_contents.replace(
+        "\"%PERMITTED_INSECURE_PACKAGES%\"",
+        &(parsed_config
+            .nixpkgs
+            .permitted_insecure_packages.as_ref()
+            .map_or_else(|| String::new(), |x| x.join(" "))),
+    );
 
     let input_list: Vec<&str> = inputs.iter().map(|i| &i.name[..]).collect();
     let input_list = input_list.join(", ");