!SgYlXivkogarTVcnZO:nixos.org

Nix Flakes

871 Members
176 Servers

Load older messages

SenderMessageTime
6 Jul 2021
@multivariante:matrix.orgmultivariante joined the room.02:40:58
@blaggacao:matrix.orgDavid Arnold I created https://github.com/divnix/blank/ to semantically void inputs via the input.<name>.follows mechanism. WIth this tick, one can craft flake.lockfiles that acually represents an accurate SBOM (minusdivnix/blank` of course). 08:21:24
@blaggacao:matrix.orgDavid Arnold * I created https://github.com/divnix/blank/ to semantically void inputs via the input.<name>.follows mechanism. With this trick, one can craft flake.lockfiles that actually represents an accurate SBOM (minusdivnix/blank of course). 08:21:57
@blaggacao:matrix.orgDavid Arnold

Example:

      nixpkgs.url = "github:nixos/nixpkgs/release-21.05";
      nixlib.follows = "nixpkgs"; # "github:nix-community/nixpkgs.lib";
      blank.url = "github:divnix/blank";
      deploy.url = "github:serokell/deploy-rs";
      deploy.inputs.nixpkgs.follows = "nixpkgs";
      deploy.inputs.utils.follows = "utils/flake-utils";

      devshell.url = "github:numtide/devshell";
      utils.url = "github:gytis-ivaskevicius/flake-utils-plus/staging";

      nixos-generators.url = "github:nix-community/nixos-generators";
      nixos-generators.inputs.nixpkgs.follows = "blank";
      nixos-generators.inputs.nixlib.follows = "nixlib";
      nixos-generators.inputs.utils.follows = "utils/flake-utils";
08:22:58
@nurelin:matrix.orgnurelin joined the room.11:43:27
@tomberek:matrix.orgtomberek David Arnold: perhaps I’m not understanding your goal. If the resulting lock file is what you want, then okay, but something doesn’t smell right. 19:49:30
@spacesbot:nixos.devspacesbot - keeps a log of public NixOS channels changed their display name from spacesbot to spacesbot - keeps a log of public NixOS channels.22:11:39
@blaggacao:matrix.orgDavid Arnold
In reply to @tomberek:matrix.org
David Arnold: perhaps I’m not understanding your goal. If the resulting lock file is what you want, then okay, but something doesn’t smell right.
I'm really just playing around, but yeah my impetus here was to craft a genuinely useful lock file that only holds (transient) dependencies that you actually depend on. I think the lock file could be pretty nice basis for a SBOM, eventually: it has all the info and useful metadata to reconstruct a DAG. This strategy, of course, cannot be right as long as fetch* are allowed outside of inputs, since they would not enter such SBOM. 		23:11:42

There are no newer messages yet.

Back to Room ListRoom Version: 6