From: Scott Worley Date: Wed, 9 Jul 2025 23:17:27 +0000 (-0700) Subject: Stop using ancient nix_2_3 X-Git-Tag: v3.2.0~2 X-Git-Url: http://git.scottworley.com/pinch/commitdiff_plain/2a6cedfe22d12056af5240b983262e98cd5f131d Stop using ancient nix_2_3 Nix commit 787469c7b66aec12ab6847e7db2cdc8aef5c325e removed , preferring to stuff its contents into the nix binary & write it out to a temp file to use it. Pinch unpacks channels. So to retain access to unpack-channel.nix, pinch pinned its nix dependency to nix 2.3. This is no longer viable. The 2.3 branch is no longer maintained. It now has known security vulnerabilities, noted in knownVulnerabilities (which causes it to refuse to build). So now pinch does it the same way as nix, holding its own little unpack-channel.nix and writing it out to a temp file to use it. This lets us go back to not caring about the version of the nix dependency. --- diff --git a/Changelog b/Changelog index f6df13b..db6a06a 100644 --- a/Changelog +++ b/Changelog @@ -1,4 +1,5 @@ ## [Unreleased] +- Stop using ancient nix_2_3 ## [3.1.0] - 2024-06-29 diff --git a/default.nix b/default.nix index 6f297e7..2173f2a 100644 --- a/default.nix +++ b/default.nix @@ -21,7 +21,7 @@ let checkPhase = "./test.sh"; }; -in pkgs.python3Packages.callPackage ({ lib, buildPythonPackage, nix_2_3, git +in pkgs.python3Packages.callPackage ({ lib, buildPythonPackage, nix, git , autopep8, makeWrapper, mypy, pylint, git-cache, }: buildPythonPackage rec { pname = "pinch"; @@ -29,10 +29,10 @@ in pkgs.python3Packages.callPackage ({ lib, buildPythonPackage, nix_2_3, git src = lib.cleanSource ./.; buildInputs = [ makeWrapper ]; propagatedBuildInputs = [ git-cache ]; - "${checkInputsName}" = [ nix_2_3 git mypy ] + "${checkInputsName}" = [ nix git mypy ] ++ lib.optionals lint [ autopep8 pylint ]; postInstall = '' - wrapProgram "$out/bin/pinch" --prefix PATH : ${nix_2_3}/bin + wrapProgram "$out/bin/pinch" --prefix PATH : ${nix}/bin ''; doCheck = true; checkPhase = "./test.sh"; @@ -46,5 +46,4 @@ in pkgs.python3Packages.callPackage ({ lib, buildPythonPackage, nix_2_3, git git-cache = pkgs.python3Packages.git-cache or (pkgs.python3Packages.callPackage git-cache-fallback { }); - nix_2_3 = pkgs.nix_2_3 or pkgs.nix; } diff --git a/pinch.py b/pinch.py index 1a3a94b..bdd7a6e 100644 --- a/pinch.py +++ b/pinch.py @@ -685,23 +685,35 @@ def updateCommand(args: argparse.Namespace) -> None: assert isinstance(sp, AliasSearchPath) # For mypy exprs[section] = exprs[sp.alias_of] - command = [ - 'nix-env', - '--profile', - args.profile, - '--show-trace', - '--file', - '', - '--install', - '--remove-all', - ] + search_paths + ['--from-expression'] + [ - exprs[name] % name for name in sorted(exprs.keys())] - if args.dry_run: - print(' '.join(map(shlex.quote, command))) - else: - v.status('Installing channels with nix-env') - process = subprocess.run(command) - v.result(process.returncode == 0) + with tempfile.NamedTemporaryFile() as unpack_channel_nix: + unpack_channel_nix.write(b''' + { name, channelName, src, }: + derivation { + inherit name channelName src; + builder = "builtin:unpack-channel"; + system = "builtin"; + preferLocalBuild = true; + } + ''') + unpack_channel_nix.flush() + + command = [ + 'nix-env', + '--profile', + args.profile, + '--show-trace', + '--file', + unpack_channel_nix.name, + '--install', + '--remove-all', + ] + search_paths + ['--from-expression'] + [ + exprs[name] % name for name in sorted(exprs.keys())] + if args.dry_run: + print(' '.join(map(shlex.quote, command))) + else: + v.status('Installing channels with nix-env') + process = subprocess.run(command) + v.result(process.returncode == 0) def main() -> None: diff --git a/tests/alias.sh b/tests/alias.sh index bf83c18..470cb13 100755 --- a/tests/alias.sh +++ b/tests/alias.sh @@ -14,7 +14,7 @@ python3 ./pinch.py pin "$conf" actual_env_command=`python3 ./pinch.py update --dry-run "$conf"` -expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\'''\'' --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "bar"; src = builtins.storePath "\3"; \}'\'' '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' +expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file [^ ]+ --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "bar"; src = builtins.storePath "\3"; \}'\'' '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then echo PASS diff --git a/tests/core.sh b/tests/core.sh index b0721df..851525d 100755 --- a/tests/core.sh +++ b/tests/core.sh @@ -8,7 +8,7 @@ python3 ./pinch.py pin "$conf" actual_env_command=`python3 ./pinch.py update --dry-run "$conf"` -expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\'''\'' --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' +expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file [^ ]+ --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then echo PASS diff --git a/tests/multi-update.sh b/tests/multi-update.sh index 5d191ec..b87b7c6 100755 --- a/tests/multi-update.sh +++ b/tests/multi-update.sh @@ -18,7 +18,7 @@ actual_env_command=`python3 ./pinch.py update --dry-run "$conf" "$conf2"` rm -rf "$conf2" -expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\'''\'' --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "bar"; src = builtins.storePath "\3"; \}'\'' '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' +expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file [^ ]+ --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "bar"; src = builtins.storePath "\3"; \}'\'' '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then echo PASS diff --git a/tests/pin-twice.sh b/tests/pin-twice.sh index fda548b..0e651d2 100755 --- a/tests/pin-twice.sh +++ b/tests/pin-twice.sh @@ -17,7 +17,7 @@ python3 ./pinch.py pin "$conf" actual_env_command=`python3 ./pinch.py update --dry-run "$conf"` -expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\'''\'' --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' +expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file [^ ]+ --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\2.tar.xz) --from-expression '\''f: f \{ name = "\2"; channelName = "foo"; src = builtins.storePath "\3"; \}'\''$' if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then echo PASS diff --git a/tests/profile.sh b/tests/profile.sh index 085f2ce..dc1572b 100755 --- a/tests/profile.sh +++ b/tests/profile.sh @@ -8,7 +8,7 @@ python3 ./pinch.py pin "$conf" actual_env_command=`python3 ./pinch.py update --dry-run --profile /path/to/profile "$conf"` -expected_env_command_RE='^nix-env --profile /path/to/profile --show-trace --file '\'''\'' --install --remove-all -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$' +expected_env_command_RE='^nix-env --profile /path/to/profile --show-trace --file [^ ]+ --install --remove-all -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\1.tar.xz) --from-expression '\''f: f \{ name = "\1"; channelName = "foo"; src = builtins.storePath "\2"; \}'\''$' if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then echo PASS diff --git a/tests/symlink.sh b/tests/symlink.sh index 8b59794..e1fa69b 100755 --- a/tests/symlink.sh +++ b/tests/symlink.sh @@ -14,7 +14,7 @@ python3 ./pinch.py pin "$conf" actual_env_command=`python3 ./pinch.py update --dry-run "$conf"` -expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file '\'''\'' --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_link=('"$NIX_STORE_DIR"'/.{32}-link.tar.gz) -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\3.tar.xz) --from-expression '\''f: f \{ name = "link"; channelName = "bar"; src = builtins.storePath "\2"; \}'\'' '\''f: f \{ name = "\3"; channelName = "foo"; src = builtins.storePath "\4"; \}'\''$' +expected_env_command_RE='^nix-env --profile /nix/var/nix/profiles/per-user/[^/]+/channels --show-trace --file [^ ]+ --install --remove-all (-I pinch_profile=/nix/var/nix/profiles/per-user/[^/]+/channels -I pinch_profile_manifest=/nix/store/.{32}-env-manifest.nix )?-I pinch_tarball_for_link=('"$NIX_STORE_DIR"'/.{32}-link.tar.gz) -I pinch_tarball_for_(repo-[0-9]{10}-[0-9a-f]{11})=('"$NIX_STORE_DIR"'/.{32}-\3.tar.xz) --from-expression '\''f: f \{ name = "link"; channelName = "bar"; src = builtins.storePath "\2"; \}'\'' '\''f: f \{ name = "\3"; channelName = "foo"; src = builtins.storePath "\4"; \}'\''$' if echo "$actual_env_command" | egrep "$expected_env_command_RE" > /dev/null;then echo PASS