From 5ae73bf21d243c2ab095550d864823b152f775ad Mon Sep 17 00:00:00 2001
From: Florian Finkernagel <finkernagel@imt.uni-marburg.de>
Date: Mon, 1 Jul 2024 14:57:14 +0200
Subject: [PATCH] introduce permitted_insecure_packages for nixpkgs

---
 Cargo.lock             |  2 +-
 Cargo.toml             |  2 +-
 src/config.rs          |  2 ++
 src/flake_template.nix |  1 +
 src/flake_writer.rs    | 48 ++++++++++++++++++++++++++----------------
 5 files changed, 35 insertions(+), 20 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 0d08707..ec37280 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -100,7 +100,7 @@ dependencies = [
 
 [[package]]
 name = "anysnake2"
-version = "1.15.2"
+version = "1.15.5"
 dependencies = [
  "anyhow",
  "base64",
diff --git a/Cargo.toml b/Cargo.toml
index 2bd1c8f..c982080 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "anysnake2"
-version = "1.15.2"
+version = "1.15.5"
 authors = ["Florian Finkernagel <finkernagel@imt.uni-marburg.de>"]
 edition = "2021"
 
diff --git a/src/config.rs b/src/config.rs
index 2d6c834..305013b 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -150,6 +150,8 @@ pub struct NixPkgs {
     pub packages: Option<Vec<String>>,
     #[serde(default = "NixPkgs::default_allow_unfree")]
     pub allow_unfree: bool,
+
+    pub permitted_insecure_packages: Option<Vec<String>>,
 }
 
 impl NixPkgs {
diff --git a/src/flake_template.nix b/src/flake_template.nix
index 7ee4084..084b0be 100644
--- a/src/flake_template.nix
+++ b/src/flake_template.nix
@@ -15,6 +15,7 @@
         inherit system overlays;
         config = {
           allowUnfree = "%ALLOW_UNFREE%";
+          permittedInsecurePackages = [ "%PERMITTED_INSECURE_PACKAGES%" ];
         };
       };
       mach-nix_ = "%MACHNIX%";
diff --git a/src/flake_writer.rs b/src/flake_writer.rs
index a13dfa6..ef8760e 100644
--- a/src/flake_writer.rs
+++ b/src/flake_writer.rs
@@ -277,22 +277,32 @@ old: old // {{\"_\"  = old.\"_\" // {{
 
             fn attrset_from_hashmap(attrset: &HashMap<String, String>) -> String {
                 let mut out = "".to_string();
-                    for (pkg_name, override_nix_func) in attrset.iter() {
-                        out
-                            .push_str(&format!("\"{}\" = ({});", pkg_name, override_nix_func));
-                    }
-                    out
-
+                for (pkg_name, override_nix_func) in attrset.iter() {
+                    out.push_str(&format!("\"{}\" = ({});", pkg_name, override_nix_func));
+                }
+                out
             }
 
-            let r_override_args = r_config.override_attrs.as_ref().map_or("".to_string(), attrset_from_hashmap);
-            let r_dependency_overrides = r_config.dependency_overrides.as_ref().map_or("".to_string(), attrset_from_hashmap);
-            let r_additional_packages = r_config.additional_packages.as_ref().map_or("".to_string(), attrset_from_hashmap);
+            let r_override_args = r_config
+                .override_attrs
+                .as_ref()
+                .map_or("".to_string(), attrset_from_hashmap);
+            let r_dependency_overrides = r_config
+                .dependency_overrides
+                .as_ref()
+                .map_or("".to_string(), attrset_from_hashmap);
+            let r_additional_packages = r_config
+                .additional_packages
+                .as_ref()
+                .map_or("".to_string(), attrset_from_hashmap);
 
-            let mut r_pkg_list: Vec<String> = r_config.packages.iter().map(|x| x.to_string()).collect();
+            let mut r_pkg_list: Vec<String> =
+                r_config.packages.iter().map(|x| x.to_string()).collect();
             if let Some(additional_packages) = &r_config.additional_packages {
                 for pkg_ver in additional_packages.keys() {
-                    let (pkg, _ver) = pkg_ver.split_once("_").expect("R.additional_packages key did not conform to 'name_version' schema");
+                    let (pkg, _ver) = pkg_ver.split_once("_").expect(
+                        "R.additional_packages key did not conform to 'name_version' schema",
+                    );
                     r_pkg_list.push(pkg.to_string());
                 }
             }
@@ -300,7 +310,6 @@ old: old // {{\"_\"  = old.\"_\" // {{
             r_pkg_list.sort();
             r_pkg_list.dedup();
 
-
             let r_packages = format!(
                 "
                 R_tracked = nixR.R_by_date {{
@@ -312,14 +321,10 @@ old: old // {{\"_\"  = old.\"_\" // {{
                 }};
                 ",
                 &r_config.date,
-                r_pkg_list                    .iter()
-                    .map(|x| format!("\"{}\"", x))
-                    .join(" "),
-
-               r_override_args,
+                r_pkg_list.iter().map(|x| format!("\"{}\"", x)).join(" "),
+                r_override_args,
                 r_dependency_overrides,
                 r_additional_packages
-
             );
             overlays.push(
                 "(final: prev: { 
@@ -408,6 +413,13 @@ old: old // {{\"_\"  = old.\"_\" // {{
             "false"
         },
     );
+    flake_contents = flake_contents.replace(
+        "\"%PERMITTED_INSECURE_PACKAGES%\"",
+        &(parsed_config
+            .nixpkgs
+            .permitted_insecure_packages.as_ref()
+            .map_or_else(|| String::new(), |x| x.join(" "))),
+    );
 
     let input_list: Vec<&str> = inputs.iter().map(|i| &i.name[..]).collect();
     let input_list = input_list.join(", ");