|
|
|
@ -8,7 +8,7 @@ rec { |
|
|
|
|
fileContentsOr = a: b: (ifelse |
|
|
|
|
(pathIsRegularFile a) |
|
|
|
|
a b); |
|
|
|
|
cwd = toString ./.; |
|
|
|
|
cwd = builtins.getEnv "PWD"; |
|
|
|
|
|
|
|
|
|
# lst (string PATH) (string FILETYPE) (bool RETURNFULLPATH) |
|
|
|
|
lst = { p ? cwd, t ? "regular", b ? false }: (lists.forEach |
|
|
|
@ -25,18 +25,37 @@ rec { |
|
|
|
|
(hasAttrByPath a d) |
|
|
|
|
(hasAttr a d))) |
|
|
|
|
aList); |
|
|
|
|
|
|
|
|
|
# Not sure how list operations are implemented in Nix |
|
|
|
|
# This might be a tad bit inefficient. |
|
|
|
|
# TODO: look for better implementation (map is a builtin function so checking that probably won't help) |
|
|
|
|
# Sequentially checks elements of list (l) for condition (cond) and executes do on first match. |
|
|
|
|
meetsConDo = cond: do: l: ifelse (l == []) false |
|
|
|
|
(let |
|
|
|
|
h = (head l); |
|
|
|
|
t = (tail l); |
|
|
|
|
in ifelse (cond h) (do h) |
|
|
|
|
(meetsConDo (cond) (do) (t))); |
|
|
|
|
deps = p: ifelse (isAttrs p) (filter (p: isAttrs p) |
|
|
|
|
(p.buildInputs ++ p.nativeBuildInputs ++ p.propagatedBuildInputs ++ p.propagatedNativeBuildInputs) |
|
|
|
|
) []; |
|
|
|
|
importFilter = l: p: filter (n: elem (nameFromURL (toString n) ".") l) p; |
|
|
|
|
depsRec = ld: ifelse (ld == []) [] ((toList ld) ++ (depsRec (lists.unique (lists.flatten (map (d: deps d) (toList ld)))))); |
|
|
|
|
isBroken = p: ifelse ((elem true (hasAttrs [["meta" "broken"]] p)) && (p.meta.broken == true)) |
|
|
|
|
(warn "Package ${p.name} is marked as broken." true) |
|
|
|
|
false; |
|
|
|
|
isBroken = p: meetsConDo (s: ((hasAttrByPath s.path p) && (s.check (getAttrFromPath s.path p)))) (s: s.msg) |
|
|
|
|
[ |
|
|
|
|
{ path = ["meta" "broken"]; msg = (warn "Package ${p.name} is marked as broken." true); check = m: m; } |
|
|
|
|
{ path = ["meta" "knownVulnerabilities" ]; msg = (warn "Package ${p.name} has known Vulnerabilities.." true); check = m: m != []; } |
|
|
|
|
# not sure if the following test creates false positives (AFAIK every derivation/package needs to have an outPath) |
|
|
|
|
# , definitely should catch all corner cases/everything that fails to evaluate. |
|
|
|
|
{ path = [ "outPath" ]; msg = (warn "Package ${p.name} has no outPath" true); check = m: !(tryEval m).success; } |
|
|
|
|
]; |
|
|
|
|
depsBroken = p: lists.any (p: (isBroken p)) (deps p); |
|
|
|
|
# Those two lines are quite magical 🧙 |
|
|
|
|
depsBrokenRec = p: (b: b == true) (ifelse (depsBroken p) true |
|
|
|
|
(map (p: depsBrokenRec p) (deps p))); |
|
|
|
|
# No more magic 🧙 here 😢 |
|
|
|
|
# But at least it now (hopefully) checks ONLY dependencies (and all of them at that). |
|
|
|
|
depsBrokenRec = p: (meetsConDo |
|
|
|
|
(p: ifelse (depsBroken p) true (depsBrokenRec (deps p))) |
|
|
|
|
(p: true) (deps p) |
|
|
|
|
); |
|
|
|
|
pkgFilter = ld: (filter |
|
|
|
|
(p: ( |
|
|
|
|
ifelse (isBroken p) |
|
|
|
|