diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d23e8cd..958c153 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,7 +16,9 @@ jobs:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v23
with:
- nix_path: nixpkgs=channel:nixos-unstable
- - run: touch .local && nix-build ci.nix
- - name: ensure demo doesn't rot
- run: nix-shell --run "./demo"
+ nix_path: nixpkgs=channel:nixpkgs-unstable
+ - run: nix build .#ci --print-build-logs
+ - name: validate core CLI demo
+ run: nix-shell --run ./demo
+ - name: validate new CLI demo
+ run: nix develop --command ./demo
diff --git a/.gitignore b/.gitignore
index db336e8..6354a00 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,14 @@
# resholve specific
-.local.nix
*.resolved
*.todo
flarf/
# nix
result
+result-ci
+nix-result-ci
+nixpkgs_source
+nixpkgs_source.touch
# subl
*.sublime-*
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea572d1..da8ea74 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
# Changelog
+## September 14, 2023
+Refactor Nix expressions and convert to flake.
+
## v0.9.0 (Jan 29 2023)
Update oil/osh parser from 0.8.12 -> 0.14.0. In the process of updating the parser, I also cut out some extensions and dependencies that resholve shouldn't need to depend on.
diff --git a/Makefile b/Makefile
index 10bb9f4..644fdbd 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,5 @@
#! /usr/bin/env make
-#export PATH := $(shell nix-shell -p nix coreutils gnused groff util-linux --run 'echo $$PATH')
-export PATH := $(shell nix-shell make.nix --run 'echo $$PATH')
+export PATH := $(shell nix develop .#make --command sh -c 'echo $$makeInputs')
.PHONY: apologeez ci clean update # lint
@@ -12,20 +11,17 @@ all: apologeez
install: apologeez
uninstall: apologeez
-.local : *.nix setup.cfg setup.py test.sh demo tests/* resholve.1 resholve _resholve/*
- touch .local
-
-result-ci: .local
- @echo Building ci.nix
- @nix-build --out-link nix-result-ci ci.nix
+result-ci: *.nix setup.cfg setup.py test.sh demo tests/* resholve.1 resholve _resholve/*
+ @echo Running Nix CI tests
+ @nix build .#ci --out-link nix-result-ci --print-build-logs
@mkdir -p result-ci
@install -m 644 nix-result-ci/* result-ci/
ci: result-ci
clean:
- rm .local nix-result-ci result-ci/* docs/README.nixpkgs.md
+ rm nix-result-ci result-ci/* nixpkgs/README.md
result-ci/test.txt result-ci/demo.txt result-ci/nix-demo.txt: result-ci
@@ -49,7 +45,13 @@ resholve.1: docs/manpage.wwst docs/manpage.css docs/content.wwst
@echo Building manpage
@wordswurst $< > $@
-docs/README.nixpkgs.md: docs/markdown.wwst docs/markdown.css docs/content.wwst docs/examples/*.nix
+# use a touchfile; store will have old timestamps
+nixpkgs_source.touch: flake.lock
+ @echo linking nixpkgs source into $@
+ @nix build --out-link nixpkgs_source "$$(nix eval .#nixpkgs_source --raw)"
+ @touch nixpkgs_source.touch
+
+nixpkgs/README.md: docs/markdown.wwst docs/markdown.css docs/content.wwst docs/examples/*.nix nixpkgs_source.touch
@echo "Building Nixpkgs README (markdown)"
@wordswurst $< > $@
@@ -66,7 +68,7 @@ _resholve/strings.py: docs/strings.wwst docs/strings.css docs/content.wwst
@echo Wursting $@ from $<
@wordswurst $< > $@
-update: timings.md demos.md docs/resholve.1.txt docs/README.nixpkgs.md
+update: timings.md demos.md docs/resholve.1.txt nixpkgs/README.md
# lint: lint-sass # lint-nix
diff --git a/README.md b/README.md
index 2cd3584..f8604e6 100644
--- a/README.md
+++ b/README.md
@@ -33,26 +33,45 @@ In the Nix ecosystem, resholve helps us:
## Quickstart
+If you're looking to use resholve for packaging shell projects with Nix, you'll want to start with resholve's Nix API.
+
+> **Note**: resholve is only packaged with Nix for now, so you'll need to have Nix installed.
+
### Nix API
-If you use Nix, you'll want to use resholve's Nix API/builders included in nixpkgs. Two good places to start:
+Since resholve's Nix API/builders are included in nixpkgs, most Nix users can jump straight to using it. A few good places to start:
- API reference: [NixOS/nixpkgs: pkgs/development/misc/resholve/README.md](https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md).
- [Examples via GitHub code search](https://github.com/search?q=language%3Anix+%2Fresholve%5C.%28mkDerivation%7CwriteScript%7CwriteScriptBin%7CphraseSolution%29%2F+-path%3A**%2Faliases.nix&type=code)
+> **Tip**: Experienced packagers and Shell authors may also want to read through [resholve's Nix demo](demos.md#Nix-demo). It's terse, but it shows that Nix + resholve enable us to build shell packages that are so well-contained that we can safely compose them even they have conflicting dependencies. (This is most useful for composing multiple shell libraries.)
+
### CLI
-If you'd like to look at scripting resholve or integrating it with other toolchains, you can also use the resholve CLI directly. resholve is only packaged with Nix for now, so you'll need to have it installed.
+Most resholve users won't need to directly invoke resholve's CLI, but it's available if you need it. (Most likely because you're integrating it with other toolchains, packaging it, or contributing to resholve itself.)
-#### Latest stable version
+If you're new to resholve, start with the [demo shell](#Demo-shell).
-You can get the latest stable version of resholve from Nixpkgs:
+If you just want resholve itself (without a preconfigured demo environment), use the instructions for building/installing a [Development version](#Development-versions) or a [Stable version](#Stable-versions)
+
+> **Note**: However you obtain the resholve CLI, check `man resholve` for CLI usage.
+
+#### Demo shell
+
+The demo shell pulls in some prerequisites for running resholve's command-line demo. This demo illustrates resholve's basic features, invocation patterns, output, and how this process changes scripts.
+
+The easy way to run the demo is with Nix installed and the experimental `nix-command` and `flakes` features enabled. The following command will load the demo shell environment and print more information on how to proceed:
```shell
-NIXPKGS_ALLOW_INSECURE=1 nix-shell -p resholve
+nix develop github:abathur/resholve
```
-Or, you can get it from this Git repo:
+> **Note**: There's a little more detail on the demo's output format and a plaintext copy of the output in the [Demos](demos.md) document.
+
+
+Traditional `nix-shell` instructions
+
+You can also use the demo via `nix-shell` if you clone the repository:
```shell
git clone https://github.com/abathur/resholve.git
@@ -60,33 +79,62 @@ cd resholve
nix-shell
```
-In both cases, check `man resholve` for CLI usage.
+
-> **Note:** resholve uses python2 because the high-quality shell parser it's built on does. Setting the `NIXPKGS_ALLOW_INSECURE` env is necessary to try resholve out in a shell because `nixpkgs` has taken steps to root out run-time usage of python2. resholve *will* still work at build-time for use in Nix packages. To be safe, don't run resholve on untrusted input.
->
-> (This isn't permanent. resholve should eventually be able to move to python3.)
+#### Development versions
-#### Latest unstable version
+resholve's `master` branch is fairly stable. If you have Nix's experimental nix-command and flakes features enabled, you should generally be able to use it with any of the below:
+
+```shell
+# without cloning
+nix build github:abathur/resholve
+nix shell github:abathur/resholve
+
+# from the root of a resholve checkout
+nix build
+nix shell
+```
+
+
+Traditional `nix-build` instructions
+
+You can build resholve from a checkout with the traditional CLI:
```shell
git clone https://github.com/abathur/resholve.git
cd resholve
-mkdir .local
-nix-shell
+nix-build
```
-`mkdir .local` makes `nix-shell` use whatever code is in the resholve folder. Without a folder named `.local`, `nix-shell` will download a copy of a stable version of resholve.
+> **Caution**: The same isn't quite true of `nix-shell`, which will load the _demo_ shell. This might be fine for your purposes, but keep in mind that it pre-populates some environment variables just for the demo.
-## Contributing
-If you're looking to improve resholve or the broader ecosystem (resholve + binlore), feel free to open issue or reach out to me on Matrix or by email.
+
-There's much to do. Some of it is simple and straightforward. Some of it's creative and green-field. Some of it's difficult. I've focused on primary work at the expense of building an onramp for other contributors, but I'm happy to help you get started and use the opportunity to build the ramp as we go.
+#### Stable versions
+
+You can get the latest stable version of resholve from Nixpkgs:
+
+```shell
+# new CLI/flakes
+NIXPKGS_ALLOW_INSECURE=1 nix shell --impure nixpkgs#resholve
+NIXPKGS_ALLOW_INSECURE=1 nix shell --impure github:nixos/nixpkgs#resholve
+
+# traditional CLI
+NIXPKGS_ALLOW_INSECURE=1 nix-shell -p resholve
+```
+
+> **Note:** the high-quality shell parser resholve is built on uses python2. `nixpkgs` has taken steps to protect users from accidental _run-time_ use of python2. resholve *will* still work at build-time for use in Nix packages. Setting the `NIXPKGS_ALLOW_INSECURE` env is only needed to use resholve from nixpkgs in a shell. To be safe, don't run resholve on untrusted input.
+>
+> (This isn't permanent. resholve should eventually be able to move to python3.)
+
+## Contributing
+If you're looking to improve resholve or the broader ecosystem (resholve + binlore), feel free to open an issue, reach out to me on Matrix, or send an email.
-If you do make code changes, then you can test your changes by following [the instructions for installing an unstable version of resholve](#latest-unstable-version). You can also validate the codebase locally by running `make ci`.
+There's much to do. Some of it is simple and straightforward. Some of it's creative and green-field. Some of it's difficult. I've focused on primary work at the expense of documenting an onramp for other contributors, but I'm happy to help you get started and use the opportunity to build the ramp as we go.
-Some documentation updates entail updating generated files that currently require an adjacent checkout of nixpkgs--it's easiest to just bug me to do this for now.
+If you make code changes, you can rebuild resholve by following [the instructions for building a development version](#development-versions). resholve's tests aren't run during the build, so you should also validate the codebase locally by running `make ci`.
-> Caution: from a dev perspective, `default.nix` is a lie. It’s in the form required by callPackage for syncing with nixpkgs.
+> **Note**: Some documentation updates entail updating generated files. I use `make update` for this, but this will also usually cause some churn in `timings.md` and `demos.md`. It's generally fine to skip committing those changes if they aren't meaningful (feel free to bug me if you aren't comfortable doing this or need feedback).
## Acknowledgements
- resholve leverages the [Oil](https://github.com/oilshell/oil) shell's OSH parser) and wouldn't be feasible without Andy Chu's excellent work on that project.
diff --git a/bits/demos.md.mid b/bits/demos.md.mid
index 74db512..9ad3e1b 100644
--- a/bits/demos.md.mid
+++ b/bits/demos.md.mid
@@ -2,9 +2,8 @@
## Nix demo
-This demo illustrates how to use resholve in Nix to compose a set of modules together. You can see the Nix code for the modules in [ci.nix](ci.nix), and their shell scripts in [tests/nix](tests/nix/). The modules are:
+This demo illustrates how to use resholve in Nix to compose a set of modules together. You can see the Nix code for the modules in [nixpkgs/test.nix](nixpkgs/test.nix), and their shell scripts in [tests/nix](tests/nix/). The modules are:
-- `shunit2` - This re-builds [Nixpkgs existing shunit2 package](https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/misc/shunit2/default.nix) in a resolved form. This module demonstrates the Nix API for telling resholve that some violations are okay.
- `test_module1` - Depends on the jq and libressl executables, and on test_module2.
- `test_module2` - Depends on the openssl executable, and the shunit2 module/shell library.
- `test_module3` - Depends on test_module1.
@@ -15,15 +14,18 @@ This demo (which is just a shell script executing with `set -x` enabled around p
- Before any output begins, `conjure.sh` (test_module3) sources `libressl.sh` (test_module1), which sources `openssl.sh` (test_module2), which sources `shunit2`. *Everything is in one shell namespace when the test begins.*
- When `shunit2` is sourced, it automatically collects and runs functions named test_*.
- `type jq openssl` demonstrates that the jq and openssl executables aren't on the PATH. *Dependencies declared for one module/script aren't leaking into others!*
-- Both `openssl.sh` and `libressl.sh` invoke `openssl`, but *because the scripts were separately resolved by Nix and resholve, `openssl.sh` correctly invokes `OpenSSL 1.1.1d 10 Sep 2019`, while `libressl.sh` correctly invokes `LibreSSL 2.9.2`!*
+- Both `openssl.sh` and `libressl.sh` invoke `openssl`, but *because the scripts were separately resolved by Nix and resholve, `openssl.sh` correctly invokes `OpenSSL x.y.z`, while `libressl.sh` correctly invokes `LibreSSL x.y.z`!*
-It is currently tied into the CI run, so for now you'll have to run the whole thing if you want to see it locally (sorry!):
+After the output from running the demo, it'll output the resholved source of conjure.sh, openssl.sh, and libressl.sh.
+
+The Nix demo is currently tied into resholve's CI run, so for now you'll have to run the whole thing if you want to see it locally:
```shell
-nix-build ci.nix
+nix build .#ci --print-build-logs
```
-I'll try to keep these up-to-date, but if you suspect this file is outdated you can also find the output at the end of the main phase of resholve's latest successful [weekly scheduled CI run](https://github.com/abathur/resholve/actions?query=branch%3Amaster+event%3Aschedule+is%3Asuccess).
+The result will be something like:
```shell
-$ nix-build ci.nix
+$ nix build .#ci --print-build-logs
+...
diff --git a/bits/demos.md.pre b/bits/demos.md.pre
index a062ea1..0970864 100644
--- a/bits/demos.md.pre
+++ b/bits/demos.md.pre
@@ -15,13 +15,21 @@ This demo runs a handful of commands on a set of test `.sh` scripts (you can see
- A status > 0 indicates the script couldn't be resolved. The body of the case report quotes the original file, and any feedback the command gives about why it can't resolve the script.
- A status == 0 indicates the script was resolved. The body of the case report shows a diff of the input script, and the resolved output.
-To run this demo yourself:
+To run this demo yourself, first open the demo shell:
```shell
-nix-shell --run "./demo"
+# without cloning, w/ experimental nix-command flakes
+nix develop github:abathur/resholve
+
+# with a clone
+# w/ experimental nix-command flakes
+nix develop
+
+# or traditional
+nix-shell
```
-The demo output is colored for easier reading, but I've included an example of the output below as well:
+Once the shell loads, run `demo` to begin. The demo output uses color for easier reading, but I've included a plaintext copy of the output below as well:
```shell
-$ nix-shell --run "./demo"
+$ demo
diff --git a/ci.nix b/ci.nix
deleted file mode 100644
index 68c0dc4..0000000
--- a/ci.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ pkgs ? import { }, source ? pkgs.callPackage ./source.nix { } }:
-
-let
- deps = pkgs.callPackage ./deps.nix { };
- inherit (pkgs.callPackage ./default.nix { })
- resholve python27;
- inherit (pkgs.callPackage ./test.nix {
- inherit resholve;
- inherit (source) rSrc;
- inherit (deps) binlore;
- runDemo = true;
- inherit python27;
- })
- module1 module2 module3 cli resholvedScript resholvedScriptBin resholvedScriptBinNone;
-
-in
-pkgs.runCommand "resholve-ci" { } ''
- diff ${resholvedScript} ${resholvedScriptBin}/bin/resholved-script-bin
- bash ${resholvedScriptBinNone}/bin/resholved-script-bin
- mkdir $out
- printf "\033[33m============================= resholve Nix demo ===============================\033[0m\n"
- env -i ${module3}/bin/conjure.sh |& tee nix-demo.ansi
- ${pkgs.bat}/bin/bat --paging=never --color=always ${module3}/bin/conjure.sh ${module2}/bin/openssl.sh ${module1}/bin/libressl.sh |& tee -a nix-demo.ansi
- ${pkgs.ansifilter}/bin/ansifilter -o $out/test.txt --text ${cli}/test.ansi
- ${pkgs.ansifilter}/bin/ansifilter -o $out/demo.txt --text ${cli}/demo.ansi
- ${pkgs.ansifilter}/bin/ansifilter -o $out/nix-demo.txt --text nix-demo.ansi
-''
diff --git a/default.nix b/default.nix
index 1de3bf2..2cccff2 100644
--- a/default.nix
+++ b/default.nix
@@ -1,51 +1,10 @@
-{ lib
-, pkgs
-, pkgsBuildHost
-, ...
-}:
-
-let
- removeKnownVulnerabilities = pkg: pkg.overrideAttrs (old: {
- meta = (old.meta or { }) // { knownVulnerabilities = [ ]; };
- });
- # We are removing `meta.knownVulnerabilities` from `python27`,
- # and setting it in `resholve` itself.
- python27' = (removeKnownVulnerabilities pkgsBuildHost.python27).override {
- self = python27';
- pkgsBuildHost = pkgsBuildHost // { python27 = python27'; };
- # strip down that python version as much as possible
- openssl = null;
- bzip2 = null;
- readline = null;
- ncurses = null;
- gdbm = null;
- sqlite = null;
- rebuildBytecode = false;
- stripBytecode = true;
- strip2to3 = true;
- stripConfig = true;
- stripIdlelib = true;
- stripTests = true;
- enableOptimizations = false;
- };
- callPackage = lib.callPackageWith (pkgs // { python27 = python27'; });
- source = callPackage ./source.nix { };
- deps = callPackage ./deps.nix { };
-in rec
-{
- # resholve itself
- resholve = removeKnownVulnerabilities (callPackage ./resholve.nix {
- inherit (source) rSrc version;
- inherit (deps) binlore;
- inherit (deps.oil) oildev;
- inherit (deps) configargparse;
- inherit resholve-utils;
- });
- # funcs to validate and phrase invocations of resholve
- # and use those invocations to build packages
- resholve-utils = callPackage ./resholve-utils.nix {
- inherit resholve;
- inherit (deps) binlore;
- };
- python27 = python27';
-}
+(import
+ (
+ let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
+ fetchTarball {
+ url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+ sha256 = lock.nodes.flake-compat.locked.narHash;
+ }
+ )
+ { src = ./.; }
+).defaultNix
diff --git a/demos.md b/demos.md
index c7b71d3..cb395f0 100644
--- a/demos.md
+++ b/demos.md
@@ -15,20 +15,28 @@ This demo runs a handful of commands on a set of test `.sh` scripts (you can see
- A status > 0 indicates the script couldn't be resolved. The body of the case report quotes the original file, and any feedback the command gives about why it can't resolve the script.
- A status == 0 indicates the script was resolved. The body of the case report shows a diff of the input script, and the resolved output.
-To run this demo yourself:
+To run this demo yourself, first open the demo shell:
```shell
-nix-shell --run "./demo"
+# without cloning, w/ experimental nix-command flakes
+nix develop github:abathur/resholve
+
+# with a clone
+# w/ experimental nix-command flakes
+nix develop
+
+# or traditional
+nix-shell
```
-The demo output is colored for easier reading, but I've included an example of the output below as well:
+Once the shell loads, run `demo` to begin. The demo output uses color for easier reading, but I've included a plaintext copy of the output below as well:
```shell
-$ nix-shell --run "./demo"
+$ demo
============================= resholve demo ===================================
1..15
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < which_simple.sh (exit: 3) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < which_simple.sh (exit: 3) ]
Original:
>>> # no inputs provide which
@@ -40,9 +48,9 @@ Output:
>>> [ stdinNone ]:3: Couldn't resolve command 'which'
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 1 'which' needs to be in RESHOLVE_PATH in 447ms
+ok 1 'which' needs to be in RESHOLVE_PATH in 499ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < command_in_function.sh (exit: 3) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < command_in_function.sh (exit: 3) ]
Original:
>>> source file_simple.sh
@@ -55,13 +63,13 @@ Output:
>>> command which "$@"
>>> ^~~~~
>>> [ stdinNone ]:5: Couldn't resolve command 'which'
->>> #!/nix/store/...-bash-5.1-p16/bin/bash
->>> source /private/tmp/nix-build-resholve-test.drv-0/resholved/tests/file_simple.sh
+>>> #!/nix/store/...-bash-5.2-p15/bin/bash
+>>> source /private/tmp/nix-build-resholve-test.drv-0/source/tests/file_simple.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 2 Even in a function, 'which' needs to be in RESHOLVE_PATH in 456ms
+ok 2 Even in a function, 'which' needs to be in RESHOLVE_PATH in 512ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < absolute_path.sh (exit: 5) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < absolute_path.sh (exit: 5) ]
Original:
>>> /usr/bin/which resholve
@@ -74,9 +82,9 @@ Output:
>>> Next step: keep, fix, or pre-patch/substitute it.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 3 Absolute executable paths need exemptions in 450ms
+ok 3 Absolute executable paths need exemptions in 501ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < absolute_path_nested.sh (exit: 5) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < absolute_path_nested.sh (exit: 5) ]
Original:
>>> find . -name resholve -exec /usr/bin/file {} +
@@ -87,13 +95,13 @@ Output:
>>> [ stdinNone ]:2: Unexpected absolute command path.
>>>
>>> Next step: keep, fix, or pre-patch/substitute it.
->>> #!/nix/store/...-bash-5.1-p16/bin/bash
+>>> #!/nix/store/...-bash-5.2-p15/bin/bash
>>> /nix/store/...-findutils-4.9.0/bin/find
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 4 Even nested-executable paths need exemptions in 474ms
+ok 4 Even nested-executable paths need exemptions in 493ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < source_var_pwd.sh (exit: 6) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < source_var_pwd.sh (exit: 6) ]
Original:
>>> # fails because $PWD requires a dynamic parse
@@ -109,50 +117,50 @@ Output:
>>> [ stdinNone ]:6: Can't resolve dynamic argument in 'source'
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 5 Source, among others, needs an exemption for arguments containing variables in 455ms
+ok 5 Source, among others, needs an exemption for arguments containing variables in 519ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < file_simple.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < file_simple.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,3 +1,7 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> # resolves file from inputs
>>> -file resholver
>>> -"file" resholver
->>> +/nix/store/...-file-5.43/bin/file resholver
->>> +"/nix/store/...-file-5.43/bin/file" resholver
+>>> +/nix/store/...-file-5.45/bin/file resholver
+>>> +"/nix/store/...-file-5.45/bin/file" resholver
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 6 Resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 463ms
+ok 6 Resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 483ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < file_in_function.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < file_in_function.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,5 +1,10 @@
>>> -source which_simple.sh
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
->>> +source /private/tmp/nix-build-resholve-test.drv-0/resholved/tests/which_simple.sh
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
+>>> +source /private/tmp/nix-build-resholve-test.drv-0/source/tests/which_simple.sh
>>> which() {
>>> # resolves file here too
>>> - file "$@"
->>> + /nix/store/...-file-5.43/bin/file "$@"
+>>> + /nix/store/...-file-5.45/bin/file "$@"
>>> }
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
->>> +# resholve: keep source:/private/tmp/nix-build-resholve-test.drv-0/resholved/tests/which_simple.sh
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
+>>> +# resholve: keep source:/private/tmp/nix-build-resholve-test.drv-0/source/tests/which_simple.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 7 Even in a function, resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 474ms
+ok 7 Even in a function, resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 492ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < file_home_source_pwd.sh (exit: 6) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < file_home_source_pwd.sh (exit: 6) ]
Original:
>>> # $HOME not blocking here; vars currently only checked in:
@@ -167,51 +175,51 @@ Output:
>>> [ stdinNone ]:6: Can't resolve dynamic argument in 'source'
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 8 Only some commands ('source' but NOT 'file', here) are checked for variable arguments. in 459ms
+ok 8 Only some commands ('source' but NOT 'file', here) are checked for variable arguments. in 494ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash --keep 'source:$PWD' < file_home_source_pwd.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash --keep 'source:$PWD' < file_home_source_pwd.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,5 +1,10 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> # $HOME not blocking here; vars currently only checked in:
>>> # alias command eval exec source|. sudo env
>>> -file $HOME/file_simple.sh
->>> +/nix/store/...-file-5.43/bin/file $HOME/file_simple.sh
+>>> +/nix/store/...-file-5.45/bin/file $HOME/file_simple.sh
>>> # PWD needs exemption: --keep source:PWD or RESHOLVE_KEEP='source:PWD'
>>> source $PWD/file_simple.sh
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
>>> +# resholve: keep source:$PWD
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 9 Add an exemption with --keep : in 455ms
+ok 9 Add an exemption with --keep : in 510ms
---[ RESHOLVE_KEEP='source:$PWD' resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < file_home_source_pwd.sh (exit: 0) ]
+--[ RESHOLVE_KEEP='source:$PWD' resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < file_home_source_pwd.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,5 +1,10 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> # $HOME not blocking here; vars currently only checked in:
>>> # alias command eval exec source|. sudo env
>>> -file $HOME/file_simple.sh
->>> +/nix/store/...-file-5.43/bin/file $HOME/file_simple.sh
+>>> +/nix/store/...-file-5.45/bin/file $HOME/file_simple.sh
>>> # PWD needs exemption: --keep source:PWD or RESHOLVE_KEEP='source:PWD'
>>> source $PWD/file_simple.sh
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
>>> +# resholve: keep source:$PWD
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 10 Add an exemption with RESHOLVE_ALLOW=source:$PWD in 450ms
+ok 10 Add an exemption with RESHOLVE_ALLOW=source:$PWD in 509ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < source_missing_target.sh (exit: 4) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < source_missing_target.sh (exit: 4) ]
Original:
>>> # fails to resolve this (from inputs, or relative to directory)
@@ -223,34 +231,34 @@ Output:
>>> [ stdinNone ]:3: Unable to resolve source target 'doesnt_exist.sh' to a known file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 11 'source' targets also need to be in RESHOLVE_PATH in 456ms
+ok 11 'source' targets also need to be in RESHOLVE_PATH in 493ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < source_present_target.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < source_present_target.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,3 +1,7 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> # resolves gettext from inputs
>>> -source gettext.sh
>>> -. gettext.sh
->>> +source /nix/store/...-gettext-0.21/bin/gettext.sh
->>> +. /nix/store/...-gettext-0.21/bin/gettext.sh
+>>> +source /nix/store/...-gettext-0.21.1/bin/gettext.sh
+>>> +. /nix/store/...-gettext-0.21.1/bin/gettext.sh
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
->>> +# resholve: keep source:/nix/store/...-gettext-0.21/bin/gettext.sh
+>>> +# resholve: keep source:/nix/store/...-gettext-0.21.1/bin/gettext.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 12 Resolves unqualified 'source' to absolute path from RESHOLVE_PATH in 498ms
+ok 12 Resolves unqualified 'source' to absolute path from RESHOLVE_PATH in 528ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash --fix aliases < alias_riddle.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash --fix aliases < alias_riddle.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,16 +1,22 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> # don't try to run me; I'll probably crash or hang or something
>>> # I'm just a succinct test for complex resolution logic...
>>> alias file="file -n" # the function
@@ -264,7 +272,7 @@ Diff:
>>> file # I'm the alias
>>> \file # the function!
>>> -command file # external
->>> +command /nix/store/...-file-5.43/bin/file # external
+>>> +command /nix/store/...-file-5.45/bin/file # external
>>>
>>> find # alias
>>> -\find # external
@@ -275,50 +283,50 @@ Diff:
>>> +### resholve directives (auto-generated) ## format_version: 3
>>> +# resholve: fix aliases
>>> +# resholve: keep /nix/store/...-findutils-4.9.0/bin/find
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 13 Has (naive) context-specific resolution rules in 541ms
+ok 13 Has (naive) context-specific resolution rules in 569ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash < nested_execer.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash < nested_execer.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,27 +1,35 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> fargs(){
>>> - echo "nice $(type -ap file) you got there"
->>> + echo "nice $(type -ap /nix/store/...-file-5.43/bin/file) you got there"
+>>> + echo "nice $(type -ap /nix/store/...-file-5.45/bin/file) you got there"
>>> }
>>>
>>> -echo wert | find $(type -p file) -name file -exec file {} + # resolve 1st/~last
->>> +echo wert | /nix/store/...-findutils-4.9.0/bin/find $(type -p /nix/store/...-file-5.43/bin/file) -name file -exec /nix/store/...-file-5.43/bin/file {} + # resolve 1st/~last
+>>> +echo wert | /nix/store/...-findutils-4.9.0/bin/find $(type -p /nix/store/...-file-5.45/bin/file) -name file -exec /nix/store/...-file-5.45/bin/file {} + # resolve 1st/~last
>>> echo wert | fargs file # resolve none
>>> -echo wert | exec find file # resolve 2nd
>>> -echo wert | xargs file # resolve both
>>> +echo wert | exec /nix/store/...-findutils-4.9.0/bin/find file # resolve 2nd
->>> +echo wert | /nix/store/...-findutils-4.9.0/bin/xargs /nix/store/...-file-5.43/bin/file # resolve both
+>>> +echo wert | /nix/store/...-findutils-4.9.0/bin/xargs /nix/store/...-file-5.45/bin/file # resolve both
>>>
>>> -builtin source gettext.sh # resolve last
>>> -builtin command . gettext.sh # resolve last
>>> -builtin command -v . gettext.sh # resolve last
->>> +builtin source /nix/store/...-gettext-0.21/bin/gettext.sh # resolve last
->>> +builtin command . /nix/store/...-gettext-0.21/bin/gettext.sh # resolve last
->>> +builtin command -v . /nix/store/...-gettext-0.21/bin/gettext.sh # resolve last
+>>> +builtin source /nix/store/...-gettext-0.21.1/bin/gettext.sh # resolve last
+>>> +builtin command . /nix/store/...-gettext-0.21.1/bin/gettext.sh # resolve last
+>>> +builtin command -v . /nix/store/...-gettext-0.21.1/bin/gettext.sh # resolve last
>>>
>>> echo wert | exec >&2 # resolve none
>>>
>>> # semi-nonsense, but should resolve bash, gettext, file, bash, file
>>> -bash \
>>> - -c "source gettext.sh" \
->>> +/nix/store/...-bash-5.1-p16/bin/bash \
->>> + -c "source /nix/store/...-gettext-0.21/bin/gettext.sh" \
+>>> +/nix/store/...-bash-5.2-p15/bin/bash \
+>>> + -c "source /nix/store/...-gettext-0.21.1/bin/gettext.sh" \
>>> "bop" \
>>> - -c "command file" \
>>> - -c "bash -c file"
->>> + -c "command /nix/store/...-file-5.43/bin/file" \
->>> + -c "/nix/store/...-bash-5.1-p16/bin/bash -c /nix/store/...-file-5.43/bin/file"
+>>> + -c "command /nix/store/...-file-5.45/bin/file" \
+>>> + -c "/nix/store/...-bash-5.2-p15/bin/bash -c /nix/store/...-file-5.45/bin/file"
>>>
>>> -if type -p find; then
>>> - type -p find
@@ -331,22 +339,22 @@ Diff:
>>> fi
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
->>> +# resholve: keep /nix/store/...-bash-5.1-p16/bin/bash
>>> +# resholve: keep /nix/store/...-findutils-4.9.0/bin/find
>>> +# resholve: keep /nix/store/...-findutils-4.9.0/bin/xargs
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
->>> +# resholve: keep source:/nix/store/...-gettext-0.21/bin/gettext.sh
+>>> +# resholve: keep /nix/store/...-bash-5.2-p15/bin/bash
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
+>>> +# resholve: keep source:/nix/store/...-gettext-0.21.1/bin/gettext.sh
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 14 Has (rudimentary) support for resolving executable arguments in 590ms
+ok 14 Has (rudimentary) support for resolving executable arguments in 642ms
---[ resholve --interpreter /nix/store/...-bash-5.1-p16/bin/bash --fix '$FILE_CMD:file' < file_var.sh (exit: 0) ]
+--[ resholve --interpreter /nix/store/...-bash-5.2-p15/bin/bash --fix '$FILE_CMD:file' < file_var.sh (exit: 0) ]
Diff:
>>> --- original
>>> +++ resolved
>>> @@ -1,12 +1,17 @@
->>> +#!/nix/store/...-bash-5.1-p16/bin/bash
+>>> +#!/nix/store/...-bash-5.2-p15/bin/bash
>>> FILE_CMD="$HOME/.local/bin/file"
>>>
>>> -$FILE_CMD resholver
@@ -359,30 +367,29 @@ Diff:
>>> -exec "$FILE_CMD"
>>> -exec $FILE_CMD | exec $FILE_CMD
>>> -exec "$FILE_CMD" | exec "$FILE_CMD"
->>> +/nix/store/...-file-5.43/bin/file resholver
->>> +"/nix/store/...-file-5.43/bin/file" resholver
->>> +/nix/store/...-file-5.43/bin/file resholver
->>> +"/nix/store/...-file-5.43/bin/file" resholver
->>> +/nix/store/...-file-5.43/bin/file resholver
->>> +"/nix/store/...-file-5.43/bin/file" resholver
->>> +exec /nix/store/...-file-5.43/bin/file
->>> +exec "/nix/store/...-file-5.43/bin/file"
->>> +exec /nix/store/...-file-5.43/bin/file | exec /nix/store/...-file-5.43/bin/file
->>> +exec "/nix/store/...-file-5.43/bin/file" | exec "/nix/store/...-file-5.43/bin/file"
+>>> +/nix/store/...-file-5.45/bin/file resholver
+>>> +"/nix/store/...-file-5.45/bin/file" resholver
+>>> +/nix/store/...-file-5.45/bin/file resholver
+>>> +"/nix/store/...-file-5.45/bin/file" resholver
+>>> +/nix/store/...-file-5.45/bin/file resholver
+>>> +"/nix/store/...-file-5.45/bin/file" resholver
+>>> +exec /nix/store/...-file-5.45/bin/file
+>>> +exec "/nix/store/...-file-5.45/bin/file"
+>>> +exec /nix/store/...-file-5.45/bin/file | exec /nix/store/...-file-5.45/bin/file
+>>> +exec "/nix/store/...-file-5.45/bin/file" | exec "/nix/store/...-file-5.45/bin/file"
>>> +
>>> +### resholve directives (auto-generated) ## format_version: 3
>>> +# resholve: fix $FILE_CMD:file
->>> +# resholve: keep /nix/store/...-file-5.43/bin/file
+>>> +# resholve: keep /nix/store/...-file-5.45/bin/file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ok 15 Can substitute a variable used as a command in 534ms
+ok 15 Can substitute a variable used as a command in 582ms
```
## Nix demo
-This demo illustrates how to use resholve in Nix to compose a set of modules together. You can see the Nix code for the modules in [ci.nix](ci.nix), and their shell scripts in [tests/nix](tests/nix/). The modules are:
+This demo illustrates how to use resholve in Nix to compose a set of modules together. You can see the Nix code for the modules in [nixpkgs/test.nix](nixpkgs/test.nix), and their shell scripts in [tests/nix](tests/nix/). The modules are:
-- `shunit2` - This re-builds [Nixpkgs existing shunit2 package](https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/misc/shunit2/default.nix) in a resolved form. This module demonstrates the Nix API for telling resholve that some violations are okay.
- `test_module1` - Depends on the jq and libressl executables, and on test_module2.
- `test_module2` - Depends on the openssl executable, and the shunit2 module/shell library.
- `test_module3` - Depends on test_module1.
@@ -393,18 +400,18 @@ This demo (which is just a shell script executing with `set -x` enabled around p
- Before any output begins, `conjure.sh` (test_module3) sources `libressl.sh` (test_module1), which sources `openssl.sh` (test_module2), which sources `shunit2`. *Everything is in one shell namespace when the test begins.*
- When `shunit2` is sourced, it automatically collects and runs functions named test_*.
- `type jq openssl` demonstrates that the jq and openssl executables aren't on the PATH. *Dependencies declared for one module/script aren't leaking into others!*
-- Both `openssl.sh` and `libressl.sh` invoke `openssl`, but *because the scripts were separately resolved by Nix and resholve, `openssl.sh` correctly invokes `OpenSSL 1.1.1d 10 Sep 2019`, while `libressl.sh` correctly invokes `LibreSSL 2.9.2`!*
+- Both `openssl.sh` and `libressl.sh` invoke `openssl`, but *because the scripts were separately resolved by Nix and resholve, `openssl.sh` correctly invokes `OpenSSL x.y.z`, while `libressl.sh` correctly invokes `LibreSSL x.y.z`!*
It is currently tied into the CI run, so for now you'll have to run the whole thing if you want to see it locally (sorry!):
```shell
-nix-build ci.nix
+nix build .#ci
```
-I'll try to keep these up-to-date, but if you suspect this file is outdated you can also find the output at the end of the main phase of resholve's latest successful [weekly scheduled CI run](https://github.com/abathur/resholve/actions?query=branch%3Amaster+event%3Aschedule+is%3Asuccess).
+The result will be something like:
```shell
-$ nix-build ci.nix
+$ nix build .#ci
much help
test_future_perfection
nothing up my sleeve
@@ -413,20 +420,20 @@ nothing up my sleeve
/nix/store/...-testmod3-unreleased/bin/conjure.sh: line 7: type: openssl: not found
+++++ set +x
test_openssl
-+++++ /nix/store/...-openssl-3.0.7-bin/bin/openssl version
-OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
++++++ /nix/store/...-openssl-3.0.10-bin/bin/openssl version
+OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
+++++ /nix/store/...-testmod2-unreleased/libexec/invokeme
-OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
+OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
+++++ /nix/store/...-testmod2-unreleased/libexec/invokeme
-OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
+OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
+++++ set +x
test_libressl
+++++ /nix/store/...-jq-1.6-bin/bin/jq -n --arg greeting world '{"hello":$greeting}'
{
"hello": "world"
}
-+++++ /nix/store/...-libressl-3.6.1-bin/bin/openssl version
-LibreSSL 3.6.1
++++++ /nix/store/...-libressl-3.7.3-bin/bin/openssl version
+LibreSSL 3.7.3
+++++ set +x
Ran 3 tests.
@@ -435,7 +442,7 @@ OK
───────┬────────────────────────────────────────────────────────────────────────
│ File: /nix/store/...-testmod3-unreleased/bin/conjure.sh
───────┼────────────────────────────────────────────────────────────────────────
- 1 │ #!/nix/store/...-bash-5.1-p16/bin/bash
+ 1 │ #!/nix/store/...-bash-5.2-p15/bin/bash
2 │ test_future_perfection() {
3 │ echo "nothing up my sleeve"
4 │
@@ -468,19 +475,19 @@ OK
───────┼────────────────────────────────────────────────────────────────────────
1 │ openssl_sh() {
2 │ set -x
- 3 │ /nix/store/...-openssl-3.0.7-bin/bin/openssl version
+ 3 │ /nix/store/...-openssl-3.0.10-bin/bin/openssl version
4 │ /nix/store/...-testmod2-unreleased/libexec/invokeme
5 │ /nix/store/...-testmod2-unreleased/libexec/invokeme
6 │ set +x
7 │ }
- 8 │ alias blah=/nix/store/...-openssl-3.0.7-bin/bin/openssl
+ 8 │ alias blah=/nix/store/...-openssl-3.0.10-bin/bin/openssl
9 │
10 │ source /nix/store/...-shunit2-2.1.8/bin/shunit2
11 │
12 │ ### resholve directives (auto-generated) ## format_version: 3
13 │ # resholve: fix aliases
14 │ # resholve: keep /nix/store/...-testmod2-unreleased/libexec/invokeme
- 15 │ # resholve: keep /nix/store/...-openssl-3.0.7-bin/bin/openssl
+ 15 │ # resholve: keep /nix/store/...-openssl-3.0.10-bin/bin/openssl
16 │ # resholve: keep source:/nix/store/...-shunit2-2.1.8/bin/shunit2
17 │
───────┴────────────────────────────────────────────────────────────────────────
@@ -492,7 +499,7 @@ OK
3 │ libressl_sh() {
4 │ set -x
5 │ /nix/store/...-jq-1.6-bin/bin/jq -n --arg greeting world '{"hello":$greeting}'
- 6 │ /nix/store/...-libressl-3.6.1-bin/bin/openssl version
+ 6 │ /nix/store/...-libressl-3.7.3-bin/bin/openssl version
7 │ set +x
8 │ }
9 │
@@ -502,7 +509,7 @@ OK
13 │
14 │ ### resholve directives (auto-generated) ## format_version: 3
15 │ # resholve: keep /nix/store/...-jq-1.6-bin/bin/jq
- 16 │ # resholve: keep /nix/store/...-libressl-3.6.1-bin/bin/openssl
+ 16 │ # resholve: keep /nix/store/...-libressl-3.7.3-bin/bin/openssl
17 │ # resholve: keep source:/nix/store/...-testmod1-unreleased/submodule/helper.sh
18 │ # resholve: keep source:/nix/store/...-testmod2-unreleased/bin/openssl.sh
19 │
diff --git a/docs/markdown.wwst b/docs/markdown.wwst
index 2a613a6..b870378 100644
--- a/docs/markdown.wwst
+++ b/docs/markdown.wwst
@@ -37,7 +37,7 @@
- #insert[language=nix] ../../nixpkgs/pkgs/tools/misc/dgoss/default.nix
+ #insert[language=nix] ../nixpkgs_source/pkgs/tools/misc/dgoss/default.nix
## Basic `resholve.writeScript` and `resholve.writeScriptBin` examples
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..23159ab
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,196 @@
+{
+ "nodes": {
+ "binlore": {
+ "inputs": {
+ "flake-compat": [
+ "flake-compat"
+ ],
+ "flake-utils": [
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "yallback": "yallback"
+ },
+ "locked": {
+ "lastModified": 1694747787,
+ "narHash": "sha256-Y59hBsNeAUla9q72g6aoNuCPAWzmLOtBumRISavMRec=",
+ "owner": "abathur",
+ "repo": "binlore",
+ "rev": "8ddfdce12ece37b9652b01d405f20c20e802cce6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "abathur",
+ "ref": "flakify",
+ "repo": "binlore",
+ "type": "github"
+ }
+ },
+ "d-mark-python": {
+ "inputs": {
+ "flake-compat": [
+ "wwurst",
+ "flake-compat"
+ ],
+ "flake-utils": [
+ "wwurst",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "wwurst",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1694748087,
+ "narHash": "sha256-pRtcTN3DT0oN0UnfleqdsCExurCmkwMPB64CwHsmkkY=",
+ "owner": "abathur",
+ "repo": "d-mark-python",
+ "rev": "68f0014ce75d23170175f0973f63148d2302c10b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "abathur",
+ "ref": "flakify",
+ "repo": "d-mark-python",
+ "type": "github"
+ }
+ },
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1673956053,
+ "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1694529238,
+ "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1694593561,
+ "narHash": "sha256-WSaIQZ5s9N9bDFkEMTw6P9eaZ9bv39ZhsiW12GtTNM0=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "1697b7d480449b01111e352021f46e5879e47643",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "binlore": "binlore",
+ "flake-compat": "flake-compat",
+ "flake-utils": "flake-utils",
+ "nixpkgs": "nixpkgs",
+ "wwurst": "wwurst"
+ }
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "wwurst": {
+ "inputs": {
+ "d-mark-python": "d-mark-python",
+ "flake-compat": [
+ "flake-compat"
+ ],
+ "flake-utils": [
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1694751495,
+ "narHash": "sha256-Yn2POLQoZT8H/xd3NUm2Vcns8azZLFW2bD0yVF0OT6w=",
+ "owner": "abathur",
+ "repo": "wordswurst",
+ "rev": "cc616b4455cf7b99ad9d6927ac064cee5df1a344",
+ "type": "github"
+ },
+ "original": {
+ "owner": "abathur",
+ "ref": "flakify",
+ "repo": "wordswurst",
+ "type": "github"
+ }
+ },
+ "yallback": {
+ "inputs": {
+ "flake-compat": [
+ "binlore",
+ "flake-compat"
+ ],
+ "flake-utils": [
+ "binlore",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "binlore",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1694747771,
+ "narHash": "sha256-CtcKToQH2m7JfthahV+busdFjS6OxF7hwqBxpan60UQ=",
+ "owner": "abathur",
+ "repo": "yallback",
+ "rev": "38a1675a6d94ba94c941727bd7336cbafb597355",
+ "type": "github"
+ },
+ "original": {
+ "owner": "abathur",
+ "ref": "flakify",
+ "repo": "yallback",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..38ffe0b
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,113 @@
+{
+ inputs = {
+ nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+ flake-utils.url = "github:numtide/flake-utils";
+ flake-compat = {
+ url = "github:edolstra/flake-compat";
+ flake = false;
+ };
+ # TODO: see extract_require_bats branch
+ # bats-require = {
+ # url = "github:abathur/bats-require";
+ # inputs.nixpkgs.follows = "nixpkgs";
+ # inputs.flake-utils.follows = "flake-utils";
+ # inputs.flake-compat.follows = "flake-compat";
+ # };
+ # obtuse name to avoid package/flake clash
+ wwurst = {
+ url = "github:abathur/wordswurst/flakify";
+ inputs.nixpkgs.follows = "nixpkgs";
+ inputs.flake-utils.follows = "flake-utils";
+ inputs.flake-compat.follows = "flake-compat";
+ };
+ binlore = {
+ url = "github:abathur/binlore/flakify";
+ inputs.nixpkgs.follows = "nixpkgs";
+ inputs.flake-utils.follows = "flake-utils";
+ inputs.flake-compat.follows = "flake-compat";
+ };
+ };
+
+ description = "Resolve external shell-script dependencies";
+
+ outputs = { self, nixpkgs, flake-utils, flake-compat, /*bats-require,*/ wwurst, binlore }:
+ {
+ # TODO:
+ # - document if I need nixpkgs.lib.composeExtensions wwurst.overlays.default or not. TL;DR: make sure you aren't holding this wrong or cargo culting
+ # - update other flakes based on this?
+ overlays.default = (final: prev: {
+ inherit (prev.callPackage ./nixpkgs {
+ version = prev.resholve.version + "-" + (self.shortRev or "dirty");
+ rSrc = final.lib.cleanSource self;
+ }) resholve;
+ });
+ nixpkgs_source = nixpkgs.outPath;
+ } // flake-utils.lib.eachDefaultSystem (system:
+ let
+ pkgs = import nixpkgs {
+ inherit system;
+ overlays = [
+ # bats-require.overlays.default
+ wwurst.overlays.default
+ binlore.overlays.default
+ self.overlays.default
+ ];
+ };
+ in
+ {
+ packages = {
+ inherit (pkgs) resholve;
+ default = pkgs.resholve;
+ ci = let
+ inherit (pkgs.resholve.tests.override(prev: { runDemo = true; })) module1 module2 module3 cli resholvedScript resholvedScriptBin resholvedScriptBinNone;
+ in pkgs.runCommand "resholve-ci" { } ''
+ diff ${resholvedScript} ${resholvedScriptBin}/bin/resholved-script-bin
+ bash ${resholvedScriptBinNone}/bin/resholved-script-bin
+ mkdir $out
+ printf "\033[33m============================= resholve Nix demo ===============================\033[0m\n"
+ env -i ${module3}/bin/conjure.sh |& tee nix-demo.ansi
+ ${pkgs.bat}/bin/bat --paging=never --color=always ${module3}/bin/conjure.sh ${module2}/bin/openssl.sh ${module1}/bin/libressl.sh |& tee -a nix-demo.ansi
+ ${pkgs.ansifilter}/bin/ansifilter -o $out/test.txt --text ${cli}/test.ansi
+ ${pkgs.ansifilter}/bin/ansifilter -o $out/demo.txt --text ${cli}/demo.ansi
+ ${pkgs.ansifilter}/bin/ansifilter -o $out/nix-demo.txt --text nix-demo.ansi
+ '';
+ };
+ checks = pkgs.callPackages nixpkgs/test.nix {
+ inherit (pkgs) resholve;
+ rSrc = pkgs.lib.cleanSource self;
+ };
+ devShells = let
+ resolveTimeDeps = [ pkgs.bash pkgs.coreutils pkgs.file pkgs.findutils pkgs.gettext ];
+ in {
+ default = pkgs.mkShell {
+ buildInputs = [ pkgs.bash pkgs.resholve pkgs.bats pkgs.man ];
+ RESHOLVE_PATH = "${pkgs.lib.makeBinPath resolveTimeDeps}";
+ RESHOLVE_LORE = "${pkgs.binlore.collect { drvs = resolveTimeDeps; } }";
+ INTERP = "${pkgs.bash}/bin/bash";
+ shellHook = ''
+ demo()(
+ cd ${pkgs.lib.cleanSource self}
+ ./demo
+ )
+ '';
+ };
+ make = pkgs.mkShell {
+ makeInputs = with pkgs; lib.makeBinPath [
+ git
+ bash
+ nix
+ coreutils
+ gnused
+ groff
+ ansifilter
+ wordswurst
+ sassc
+ # TODO: lint/format stuff? or do you want this in a dev shell once you convert to flake?
+ # nixpkgs-fmt
+ # scss-lint
+ ];
+ };
+ };
+ }
+ );
+}
diff --git a/make.nix b/make.nix
deleted file mode 100644
index 981e6b8..0000000
--- a/make.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs ? import { } }:
-
-with pkgs;
-let
- wordswurst = import ./wordswurst.nix { };
-in
-pkgs.mkShell {
-
- buildInputs = [
- nix
- coreutils
- gnused
- groff
- ansifilter
- wordswurst
- sassc
- # TODO: lint/format stuff? or do you want this in a dev shell once you convert to flake?
- # nixpkgs-fmt
- # scss-lint
- ];
-}
diff --git a/docs/README.nixpkgs.md b/nixpkgs/README.md
similarity index 96%
rename from docs/README.nixpkgs.md
rename to nixpkgs/README.md
index c3be4ad..617c18e 100644
--- a/docs/README.nixpkgs.md
+++ b/nixpkgs/README.md
@@ -52,13 +52,13 @@ Here's a simple example of how `resholve.mkDerivation` is already used in nixpkg
resholve.mkDerivation rec {
pname = "dgoss";
- version = "0.3.18";
+ version = "0.4.1";
src = fetchFromGitHub {
- owner = "aelsabbahy";
+ owner = "goss-org";
repo = "goss";
- rev = "v${version}";
- sha256 = "01ssc7rnnwpyhjv96qy8drsskghbfpyxpsahk8s62lh8pxygynhv";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-dpMTUBMEG5tDi7E6ZRg1KHqIj5qDlvwfwJEgq/5z7RE=";
};
dontConfigure = true;
@@ -81,11 +81,12 @@ resholve.mkDerivation rec {
};
meta = with lib; {
- homepage = "https://github.com/aelsabbahy/goss/blob/v${version}/extras/dgoss/README.md";
+ homepage = "https://github.com/goss-org/goss/blob/v${version}/extras/dgoss/README.md";
+ changelog = "https://github.com/goss-org/goss/releases/tag/v${version}";
description = "Convenience wrapper around goss that aims to bring the simplicity of goss to docker containers";
license = licenses.asl20;
platforms = platforms.linux;
- maintainers = with maintainers; [ hyzual ];
+ maintainers = with maintainers; [ hyzual anthonyroussel ];
};
}
```
diff --git a/nixpkgs/default.nix b/nixpkgs/default.nix
new file mode 100644
index 0000000..f7628cf
--- /dev/null
+++ b/nixpkgs/default.nix
@@ -0,0 +1,58 @@
+{ lib
+, pkgs
+, pkgsBuildHost
+, version ? "0.9.0"
+, rSrc ? pkgs.fetchFromGitHub {
+ owner = "abathur";
+ repo = "resholve";
+ rev = "v${version}";
+ hash = "sha256-FRdCeeC2c3bMEXekEyilgW0PwFfUWGstZ5mXdmRPM5w=";
+ }
+}:
+
+let
+ removeKnownVulnerabilities = pkg: pkg.overrideAttrs (old: {
+ meta = (old.meta or { }) // { knownVulnerabilities = [ ]; };
+ });
+ # We are removing `meta.knownVulnerabilities` from `python27`,
+ # and setting it in `resholve` itself.
+ python27' = (removeKnownVulnerabilities pkgsBuildHost.python27).override {
+ self = python27';
+ pkgsBuildHost = pkgsBuildHost // { python27 = python27'; };
+ # strip down that python version as much as possible
+ openssl = null;
+ bzip2 = null;
+ readline = null;
+ ncurses = null;
+ gdbm = null;
+ sqlite = null;
+ rebuildBytecode = false;
+ stripBytecode = true;
+ strip2to3 = true;
+ stripConfig = true;
+ stripIdlelib = true;
+ stripTests = true;
+ enableOptimizations = false;
+ };
+ callPackage = lib.callPackageWith (pkgs // { python27 = python27'; });
+ deps = callPackage ./deps.nix { };
+in
+rec {
+ # not exposed in all-packages
+ resholveBuildTimeOnly = removeKnownVulnerabilities resholve;
+ # resholve itself
+ resholve = removeKnownVulnerabilities (callPackage ./resholve.nix {
+ inherit rSrc version resholve-utils;
+ inherit (deps.oil) oildev;
+ inherit (deps) configargparse;
+ # used only in tests
+ resholve = resholveBuildTimeOnly;
+ });
+ # funcs to validate and phrase invocations of resholve
+ # and use those invocations to build packages
+ resholve-utils = callPackage ./resholve-utils.nix {
+ # we can still use resholve-utils without triggering a security warn
+ # this is safe since we will only use `resholve` at build time
+ resholve = resholveBuildTimeOnly;
+ };
+}
diff --git a/deps.nix b/nixpkgs/deps.nix
similarity index 63%
rename from deps.nix
rename to nixpkgs/deps.nix
index 1a561be..3ec2f2d 100644
--- a/deps.nix
+++ b/nixpkgs/deps.nix
@@ -2,6 +2,7 @@
, callPackage
, fetchFromGitHub
, python27
+, fetchPypi
, ...
}:
@@ -9,39 +10,14 @@
Notes on specific dependencies:
- if/when python2.7 is removed from nixpkgs, this may need to figure
out how to build oil's vendored python2
- - I'm not sure if glibcLocales is worth the addition here. It's to fix
- a libc test oil runs. My oil fork just disabled the libc tests, but
- I haven't quite decided if that's the right long-term call, so I
- didn't add a patch for it here yet.
*/
rec {
- # binlore = callPackage ../binlore { };
- binlore = callPackage
- (fetchFromGitHub {
- owner = "abathur";
- repo = "binlore";
- rev = "v0.2.0";
- hash = "sha256-bBJky7Km+mieHTqoMz3mda3KaKxr9ipYpfQqn/4w8J0=";
- })
- { };
- # oil = callPackage ../oildev {
- # inherit python27;
- # inherit six;
- # inherit typing;
- # };
- oil = callPackage
- (fetchFromGitHub {
- owner = "abathur";
- repo = "nix-py-dev-oil";
- rev = "v0.14.0.0";
- hash = "sha256-U6uR8G6yB2xwuDE/fznco23mVFSVdCxPUNdCRYz4Mj8=";
- })
- {
- inherit python27;
- inherit six;
- inherit typing;
- };
+ oil = callPackage ./oildev.nix {
+ inherit python27;
+ inherit six;
+ inherit typing;
+ };
configargparse = python27.pkgs.buildPythonPackage rec {
pname = "configargparse";
version = "1.5.3";
@@ -67,7 +43,7 @@ rec {
pname = "six";
version = "1.16.0";
- src = python27.pkgs.fetchPypi {
+ src = fetchPypi {
inherit pname version;
sha256 = "1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926";
};
@@ -84,7 +60,7 @@ rec {
pname = "typing";
version = "3.10.0.0";
- src = python27.pkgs.fetchPypi {
+ src = fetchPypi {
inherit pname version;
sha256 = "13b4ad211f54ddbf93e5901a9967b1e07720c1d1b78d596ac6a439641aa1b130";
};
diff --git a/nixpkgs/oildev.nix b/nixpkgs/oildev.nix
new file mode 100644
index 0000000..de3ac08
--- /dev/null
+++ b/nixpkgs/oildev.nix
@@ -0,0 +1,151 @@
+{ lib
+, stdenv
+, python27
+, callPackage
+, fetchFromGitHub
+, makeWrapper
+, # re2c deps
+ autoreconfHook
+, # py-yajl deps
+ git
+, # oil deps
+ cmark
+, file
+, glibcLocales
+, six
+, typing
+}:
+
+rec {
+ re2c = stdenv.mkDerivation rec {
+ pname = "re2c";
+ version = "1.0.3";
+ sourceRoot = "${src.name}/re2c";
+ src = fetchFromGitHub {
+ owner = "skvadrik";
+ repo = "re2c";
+ rev = version;
+ sha256 = "0grx7nl9fwcn880v5ssjljhcb9c5p2a6xpwil7zxpmv0rwnr3yqi";
+ };
+ nativeBuildInputs = [ autoreconfHook ];
+ preCheck = ''
+ patchShebangs run_tests.sh
+ '';
+ };
+
+ py-yajl = python27.pkgs.buildPythonPackage rec {
+ pname = "oil-pyyajl-unstable";
+ version = "2022-09-01";
+ src = fetchFromGitHub {
+ owner = "oilshell";
+ repo = "py-yajl";
+ rev = "72686b0e2e9d13d3ce5fefe47ecd607c540c90a3";
+ hash = "sha256-H3GKN0Pq1VFD5+SWxm8CXUVO7zAyj/ngKVmDaG/aRT4=";
+ fetchSubmodules = true;
+ };
+ # just for submodule IIRC
+ nativeBuildInputs = [ git ];
+ };
+
+ /*
+ Upstream isn't interested in packaging this as a library
+ (or accepting all of the patches we need to do so).
+ This creates one without disturbing upstream too much.
+ */
+ oildev = python27.pkgs.buildPythonPackage rec {
+ pname = "oildev-unstable";
+ version = "2021-07-14";
+
+ src = fetchFromGitHub {
+ owner = "oilshell";
+ repo = "oil";
+ # rev == present HEAD of release/0.14.0
+ rev = "3d0427e222f7e42ae7be90c706d7fde555efca2e";
+ hash = "sha256-XMoNkBEEmD6AwNSu1uSh3OcWLfy4/ADtRckn/Pj2cP4=";
+
+ /*
+ It's not critical to drop most of these; the primary target is
+ the vendored fork of Python-2.7.13, which is ~ 55M and over 3200
+ files, dozens of which get interpreter script patches in fixup.
+
+ Note: -f is necessary to keep it from being a pain to update
+ hash on rev updates. Command will fail w/o and not print hash.
+ */
+ postFetch = ''
+ rm -rf $out/{Python-2.7.13,metrics,py-yajl,rfc,gold,web,testdata,services,demo,devtools}
+ '';
+ };
+
+ # patch to support a python package, pass tests on macOS, drop deps, etc.
+ patchSrc = fetchFromGitHub {
+ owner = "abathur";
+ repo = "nix-py-dev-oil";
+ rev = "v0.14.0.0";
+ hash = "sha256-U6uR8G6yB2xwuDE/fznco23mVFSVdCxPUNdCRYz4Mj8=";
+ };
+ patches = [
+ "${patchSrc}/0001-add_setup_py.patch"
+ "${patchSrc}/0002-add_MANIFEST_in.patch"
+ "${patchSrc}/0004-disable-internal-py-yajl-for-nix-built.patch"
+ "${patchSrc}/0006-disable_failing_libc_tests.patch"
+ "${patchSrc}/0007-namespace_via_init.patch"
+ "${patchSrc}/0009-avoid_nix_arch64_darwin_toolchain_bug.patch"
+ "${patchSrc}/0010-disable-line-input.patch"
+ "${patchSrc}/0011-disable-fanos.patch"
+ "${patchSrc}/0012-disable-doc-cmark.patch"
+ ];
+
+ configureFlags = [
+ "--without-readline"
+ ];
+
+ nativeBuildInputs = [ re2c file makeWrapper ];
+
+ propagatedBuildInputs = [ six typing py-yajl ];
+
+ doCheck = true;
+
+ preBuild = ''
+ build/dev.sh all
+ '';
+
+ postPatch = ''
+ patchShebangs asdl build core doctools frontend pyext oil_lang
+ substituteInPlace pyext/fastlex.c --replace '_gen/frontend' '../_gen/frontend'
+ substituteInPlace core/main_loop.py --replace 'import fanos' '# import fanos'
+ rm cpp/stdlib.h # keep modules from finding the wrong stdlib?
+ # work around hard parse failure documented in oilshell/oil#1468
+ substituteInPlace osh/cmd_parse.py --replace 'elif self.c_id == Id.Op_LParen' 'elif False'
+ '';
+
+ /*
+ We did convince oil to upstream an env for specifying
+ this to support a shell.nix. Would need a patch if they
+ later drop this support. See:
+ https://github.com/oilshell/oil/blob/46900310c7e4a07a6223eb6c08e4f26460aad285/doctools/cmark.py#L30-L34
+ */
+ _NIX_SHELL_LIBCMARK = "${cmark}/lib/libcmark${stdenv.hostPlatform.extensions.sharedLibrary}";
+
+ # See earlier note on glibcLocales TODO: verify needed?
+ LOCALE_ARCHIVE = lib.optionalString (stdenv.buildPlatform.libc == "glibc") "${glibcLocales}/lib/locale/locale-archive";
+
+ # not exhaustive; sample what resholve uses as a sanity check
+ pythonImportsCheck = [
+ "oil"
+ "oil.asdl"
+ "oil.core"
+ "oil.frontend"
+ "oil._devbuild"
+ "oil._devbuild.gen.id_kind_asdl"
+ "oil._devbuild.gen.syntax_asdl"
+ "oil.tools.osh2oil"
+ ];
+
+ meta = {
+ license = with lib.licenses; [
+ psfl # Includes a portion of the python interpreter and standard library
+ asl20 # Licence for Oil itself
+ ];
+ };
+ };
+}
diff --git a/resholve-utils.nix b/nixpkgs/resholve-utils.nix
similarity index 99%
rename from resholve-utils.nix
rename to nixpkgs/resholve-utils.nix
index a3bc159..a903b67 100644
--- a/resholve-utils.nix
+++ b/nixpkgs/resholve-utils.nix
@@ -183,6 +183,7 @@ rec {
src = unresholved;
inherit version pname;
buildInputs = [ resholve ];
+ disallowedReferences = [ resholve ];
# retain a reference to the base
passthru = unresholved.passthru // {
diff --git a/resholve.nix b/nixpkgs/resholve.nix
similarity index 78%
rename from resholve.nix
rename to nixpkgs/resholve.nix
index 2ad764b..28a0e40 100644
--- a/resholve.nix
+++ b/nixpkgs/resholve.nix
@@ -8,6 +8,7 @@
, oildev
, configargparse
, binlore
+, resholve
, resholve-utils
}:
@@ -41,7 +42,7 @@ python27.pkgs.buildPythonApplication {
passthru = {
inherit (resholve-utils) mkDerivation phraseSolution writeScript writeScriptBin;
- tests = callPackage (rSrc + /test.nix) { inherit rSrc binlore python27; };
+ tests = callPackage ./test.nix { inherit rSrc binlore python27 resholve; };
};
meta = with lib; {
@@ -50,5 +51,10 @@ python27.pkgs.buildPythonApplication {
license = with licenses; [ mit ];
maintainers = with maintainers; [ abathur ];
platforms = platforms.all;
+ knownVulnerabilities = [ ''
+ resholve depends on python27 (EOL). While it's safe to
+ run on trusted input in the build sandbox, you should
+ avoid running it on untrusted input.
+ '' ];
};
}
diff --git a/test.nix b/nixpkgs/test.nix
similarity index 99%
rename from test.nix
rename to nixpkgs/test.nix
index a9e7412..7834d84 100644
--- a/test.nix
+++ b/nixpkgs/test.nix
@@ -127,7 +127,7 @@ rec {
'';
doCheck = true;
buildInputs = [ resholve ];
- checkInputs = [ coreutils bats python27 ];
+ nativeCheckInputs = [ coreutils bats ];
# LOGLEVEL="DEBUG";
# default path
diff --git a/quick.nix b/quick.nix
deleted file mode 100644
index 36dfc9b..0000000
--- a/quick.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ pkgs ? import { }, source ? pkgs.callPackage ./source.nix { } }:
-
-with pkgs;
-let
- deps = pkgs.callPackage ./deps.nix { };
- inherit (callPackage ./default.nix { })
- resholve;
- inherit (callPackage ./test.nix {
- inherit resholve;
- inherit (source) rSrc;
- inherit (deps) binlore;
- runDemo = false;
- })
- cli;
-
-in
-cli
diff --git a/shell.nix b/shell.nix
index 22fcfb8..6234bb4 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,18 +1,10 @@
-/*
- This shell is for using resholve--it builds and loads
- resholve itself, not just resholve's dependencies.
-*/
-{ pkgs ? import { } }:
-
-with pkgs;
-let
- deps = callPackage ./deps.nix { };
- resholve = (callPackage ./default.nix { }).resholve;
- resolveTimeDeps = [ bash coreutils file findutils gettext ];
-in
-pkgs.mkShell {
- buildInputs = [ resholve bats ];
- RESHOLVE_PATH = "${pkgs.lib.makeBinPath resolveTimeDeps}";
- RESHOLVE_LORE = "${deps.binlore.collect { drvs = resolveTimeDeps; } }";
- INTERP = "${bash}/bin/bash";
-}
+(import
+ (
+ let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
+ fetchTarball {
+ url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+ sha256 = lock.nodes.flake-compat.locked.narHash;
+ }
+ )
+ { src = ./.; }
+).shellNix
diff --git a/source.nix b/source.nix
deleted file mode 100644
index ce8aa79..0000000
--- a/source.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ fetchFromGitHub
-, ...
-}:
-
-rec {
- version = "0.9.0";
- rSrc =
- # local build -> `make ci`; `make clean` to restore
- # return to remote source
- if builtins.pathExists ./.local
- then ./.
- else
- fetchFromGitHub {
- owner = "abathur";
- repo = "resholve";
- rev = "v${version}";
- hash = "sha256-FRdCeeC2c3bMEXekEyilgW0PwFfUWGstZ5mXdmRPM5w=";
- };
-}
diff --git a/timings.md b/timings.md
index 6dcb830..d4b7fa6 100644
--- a/timings.md
+++ b/timings.md
@@ -6,71 +6,71 @@ if it'll stick.
```text
============================= resholve test suite ===================================
1..67
-ok 1 verify warnings are thrown for quoted evals in 785ms
-ok 2 verify --keep '$varname' allows dynamic commands in 890ms
-ok 3 verify --fix '$varname:cmd' substitutes dynamic commands in 841ms
-ok 4 can resolve a simple coproc in 649ms
-ok 5 can't resolve a named braced coproc w/o upstream support :( in 753ms
-ok 6 can't resolve a named paren coproc w/o upstream support :( in 666ms
-ok 7 objects to unexempted absolute source paths in 547ms
-ok 8 allows exempted absolute source paths in 565ms
-ok 9 allow (but do not parse) --fake 'source:path' in 478ms
-ok 10 allow (*and* do not parse) --keep 'source:path' + --fake 'source:path' in 917ms
-ok 11 objects to unexempted tilde executable paths in 475ms
-ok 12 allows exempted tilde executable paths in 570ms
-ok 13 allows --fake executable in 671ms
-ok 14 allows --fake function with colons in 471ms
-ok 15 resolve abspath with --fix abspath in 504ms
-ok 16 resolve fails without lore in 516ms
-ok 17 resolve fails without assay in 468ms
-ok 18 resolve fails with bad assay in 904ms
-ok 19 resolve fails with overshooting assay wordnum in 970ms
-ok 20 resolve fails with assay wordnum 0 in 474ms
-ok 21 resolve fails with undershooting assay wordnum in 974ms
-ok 22 resolve succeeds with assay in 482ms
-ok 23 resolve commands mixed with varlike assignments in 544ms
-ok 24 verify warnings are thrown for overridden builtins in 533ms
-ok 25 Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo in 539ms
-ok 26 don't get confused by input redirections in 485ms
-ok 27 invoking resholve without --interpreter prints an error in 909ms
-ok 28 invoking resholve without path/inputs prints an error in 1110ms
-ok 29 invoking resholve with missing interpreter prints an error in 977ms
-ok 30 invoking resholve with a relative interpreter prints an error in 1045ms
-ok 31 invoking resholve with a non-executable interpreter prints an error in 997ms
-ok 32 invoking resholve without script's deps prints an error in 1084ms
-ok 33 ensure shebangs are identical in 1023ms
-ok 34 resholve resolves simple external dependency from command-line args in 1183ms
-ok 35 resholve resolves simple external dependency from stdin in 604ms
-ok 36 path/inputs can be supplied with the inputs alias in 1113ms
-ok 37 only one of path/inputs can be supplied in 1023ms
-ok 38 resholve fails if target script isn't found in 987ms
-ok 39 resholve fails with duplicate input scripts in 550ms
-ok 40 resholve fails when scripts have untriaged dynamic elements in 1019ms
-ok 41 resholve fails when 'keep' directives are misformatted in 1476ms
-ok 42 resholve fails when triage directive doesn't specify the right thing in 3521ms
-ok 43 resholve succeeds when 1x 'keep' directives are correct in 1540ms
-ok 44 resholve succeeds when 2x 'keep' directives are correct in 2861ms
-ok 45 resholve accepts empty directives in 562ms
-ok 46 don't resolve aliases without '--fix aliases' in 693ms
-ok 47 inject before and after script in 1114ms
-ok 48 inject before/after in multiple scripts in 569ms
-ok 49 fail with bad lore argument in 571ms
-ok 50 accept good lore argument in 595ms
-ok 51 'which' needs to be in RESHOLVE_PATH in 623ms
-ok 52 Even in a function, 'which' needs to be in RESHOLVE_PATH in 573ms
-ok 53 Absolute executable paths need exemptions in 532ms
-ok 54 Even nested-executable paths need exemptions in 492ms
-ok 55 Source, among others, needs an exemption for arguments containing variables in 540ms
-ok 56 Resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 550ms
-ok 57 Even in a function, resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 574ms
-ok 58 Only some commands ('source' but NOT 'file', here) are checked for variable arguments. in 551ms
-ok 59 Add an exemption with --keep : in 560ms
-ok 60 Add an exemption with RESHOLVE_ALLOW=source:$PWD in 561ms
-ok 61 'source' targets also need to be in RESHOLVE_PATH in 565ms
-ok 62 Resolves unqualified 'source' to absolute path from RESHOLVE_PATH in 573ms
-ok 63 Has (naive) context-specific resolution rules in 681ms
-ok 64 Has (rudimentary) support for resolving executable arguments in 873ms
-ok 65 Can substitute a variable used as a command in 667ms
-ok 66 modern resholve versions reject v1 files in 557ms
-ok 67 exercise built-in syntax parsers in 1668ms
+ok 1 verify warnings are thrown for quoted evals in 612ms
+ok 2 verify --keep '$varname' allows dynamic commands in 636ms
+ok 3 verify --fix '$varname:cmd' substitutes dynamic commands in 597ms
+ok 4 can resolve a simple coproc in 468ms
+ok 5 can't resolve a named braced coproc w/o upstream support :( in 455ms
+ok 6 can't resolve a named paren coproc w/o upstream support :( in 464ms
+ok 7 objects to unexempted absolute source paths in 470ms
+ok 8 allows exempted absolute source paths in 492ms
+ok 9 allow (but do not parse) --fake 'source:path' in 465ms
+ok 10 allow (*and* do not parse) --keep 'source:path' + --fake 'source:path' in 890ms
+ok 11 objects to unexempted tilde executable paths in 462ms
+ok 12 allows exempted tilde executable paths in 453ms
+ok 13 allows --fake executable in 452ms
+ok 14 allows --fake function with colons in 464ms
+ok 15 resolve abspath with --fix abspath in 455ms
+ok 16 resolve fails without lore in 478ms
+ok 17 resolve fails without assay in 452ms
+ok 18 resolve fails with bad assay in 871ms
+ok 19 resolve fails with overshooting assay wordnum in 895ms
+ok 20 resolve fails with assay wordnum 0 in 462ms
+ok 21 resolve fails with undershooting assay wordnum in 877ms
+ok 22 resolve succeeds with assay in 453ms
+ok 23 resolve commands mixed with varlike assignments in 480ms
+ok 24 verify warnings are thrown for overridden builtins in 464ms
+ok 25 Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo in 459ms
+ok 26 don't get confused by input redirections in 466ms
+ok 27 invoking resholve without --interpreter prints an error in 860ms
+ok 28 invoking resholve without path/inputs prints an error in 877ms
+ok 29 invoking resholve with missing interpreter prints an error in 869ms
+ok 30 invoking resholve with a relative interpreter prints an error in 868ms
+ok 31 invoking resholve with a non-executable interpreter prints an error in 888ms
+ok 32 invoking resholve without script's deps prints an error in 870ms
+ok 33 ensure shebangs are identical in 909ms
+ok 34 resholve resolves simple external dependency from command-line args in 899ms
+ok 35 resholve resolves simple external dependency from stdin in 475ms
+ok 36 path/inputs can be supplied with the inputs alias in 903ms
+ok 37 only one of path/inputs can be supplied in 875ms
+ok 38 resholve fails if target script isn't found in 908ms
+ok 39 resholve fails with duplicate input scripts in 460ms
+ok 40 resholve fails when scripts have untriaged dynamic elements in 886ms
+ok 41 resholve fails when 'keep' directives are misformatted in 1311ms
+ok 42 resholve fails when triage directive doesn't specify the right thing in 3054ms
+ok 43 resholve succeeds when 1x 'keep' directives are correct in 1346ms
+ok 44 resholve succeeds when 2x 'keep' directives are correct in 2276ms
+ok 45 resholve accepts empty directives in 493ms
+ok 46 don't resolve aliases without '--fix aliases' in 533ms
+ok 47 inject before and after script in 912ms
+ok 48 inject before/after in multiple scripts in 499ms
+ok 49 fail with bad lore argument in 469ms
+ok 50 accept good lore argument in 468ms
+ok 51 'which' needs to be in RESHOLVE_PATH in 468ms
+ok 52 Even in a function, 'which' needs to be in RESHOLVE_PATH in 469ms
+ok 53 Absolute executable paths need exemptions in 454ms
+ok 54 Even nested-executable paths need exemptions in 461ms
+ok 55 Source, among others, needs an exemption for arguments containing variables in 470ms
+ok 56 Resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 469ms
+ok 57 Even in a function, resolves unqualified 'file' to absolute path from RESHOLVE_PATH in 479ms
+ok 58 Only some commands ('source' but NOT 'file', here) are checked for variable arguments. in 467ms
+ok 59 Add an exemption with --keep : in 461ms
+ok 60 Add an exemption with RESHOLVE_ALLOW=source:$PWD in 460ms
+ok 61 'source' targets also need to be in RESHOLVE_PATH in 473ms
+ok 62 Resolves unqualified 'source' to absolute path from RESHOLVE_PATH in 518ms
+ok 63 Has (naive) context-specific resolution rules in 556ms
+ok 64 Has (rudimentary) support for resolving executable arguments in 631ms
+ok 65 Can substitute a variable used as a command in 556ms
+ok 66 modern resholve versions reject v1 files in 472ms
+ok 67 exercise built-in syntax parsers in 1468ms
```
diff --git a/wordswurst.nix b/wordswurst.nix
deleted file mode 100644
index 900a349..0000000
--- a/wordswurst.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs ? import { } }:
-
-with pkgs;
-#callPackage ../wordswurst { }
-callPackage
- (fetchFromGitHub {
- owner = "abathur";
- repo = "wordswurst";
- rev = "66763c5f46cda53d6244383b1322d2699affe167";
- hash = "sha256-d3ieqsYPNghCsid8WcW3z4wqQbtEFOu6kb8j8mxPuc4=";
- })
-{ }