Skip to content

Commit

Permalink
Disable implicit nixpkgs config file
Browse files Browse the repository at this point in the history
*This is a breaking change*

By default, nixpkgs will read a global configuration file, by default
`~/.config/nixpkgs/config.nix`. This leads to reproducibility issues
if the configuration is different between users of the repository.

Users  of `nixpkgs_packages` must set the `nix_file_deps` argument
with all the files used by the nix process.

We were previously accepting a global nixpkgs configuration file as
implicit dependency, but this commit now disallow that. User must
explicitly set its own nixpkgs configuration, such as:

```
import nixpkgs_path { config = {}; };
```
  • Loading branch information
guibou committed Jun 2, 2019
1 parent 5ffb8a4 commit 9e8cd72
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 11 deletions.
6 changes: 3 additions & 3 deletions WORKSPACE
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ nixpkgs_package(

nixpkgs_package(
name = "expr-test",
nix_file_content = "let pkgs = import <nixpkgs> {}; in pkgs.hello",
nix_file_content = "let pkgs = import <nixpkgs> { config = {}; }; in pkgs.hello",
# Deliberately not @nixpkgs, to test whether explict file works.
repositories = {"nixpkgs": "//:nixpkgs.nix"},
)
Expand All @@ -50,7 +50,7 @@ nixpkgs_package(
nixpkgs_package(
name = "expr-attribute-test",
attribute_path = "hello",
nix_file_content = "import <nixpkgs> {}",
nix_file_content = "import <nixpkgs> { config = {}; }",
repository = "@nixpkgs",
)

Expand All @@ -77,7 +77,7 @@ nixpkgs_package(
nixpkgs_package(
name = "extra-args-test",
nix_file_content = """
{ packagePath }: (import <nixpkgs> {}).${packagePath}
{ packagePath }: (import <nixpkgs> { config = {}; }).${packagePath}
""",
repository = "@nixpkgs",
nixopts = ["--argstr", "packagePath", "hello"],
Expand Down
9 changes: 5 additions & 4 deletions nixpkgs/nixpkgs.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def _nixpkgs_package_impl(repository_ctx):
elif not repositories:
fail(strFailureImplicitNixpkgs)
else:
expr_args = ["-E", "import <nixpkgs> {}"]
expr_args = ["-E", "import <nixpkgs> { config = {}; }"]

_symlink_nix_file_deps(repository_ctx, repository_ctx.attr.nix_file_deps)

Expand Down Expand Up @@ -185,11 +185,9 @@ def _nixpkgs_package_impl(repository_ctx):
# We ignore some files:
# - Anything in /nix/store, they are not explicit dependencies are are supposed to be immutable
# - Anything from .cache/bazel, only case I encountered was a local nixpkgs clone handled by bazel
# - .config/nixpkgs. user configuration should not impact the reproducibility of the build
if (
not line[2].startswith("'/nix/store")
and ".cache/bazel" not in line[2]
and ".config/nixpkgs" not in line[2]
):
filename = line[2][1:-1] # trimming quotes

Expand Down Expand Up @@ -241,6 +239,9 @@ nix_file_deps = [
"{deps_listing}",
]
Note: if it points to the nixpkgs global configuration file, such as ~/.config/nixpkgs/config.nix. You must force nixpkgs to not use the local configuration, by providing a `config` argument to your nixpkgs import, such as:
import (nixpkgs_path) {{ config = {{}}; }};
""".format(repo_name = repository_ctx.name,
deps_listing = '",\n "'.join(deps_minus_declared_deps.keys())))

Expand Down Expand Up @@ -371,7 +372,7 @@ def nixpkgs_cc_configure(
"""
if not nix_file and not nix_file_content:
nix_file_content = """
with import <nixpkgs> {}; buildEnv {
with import <nixpkgs> { config = {}; }; buildEnv {
name = "bazel-cc-toolchain";
paths = [ stdenv.cc binutils ];
}
Expand Down
2 changes: 1 addition & 1 deletion shell.nix
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ pkgs ? import ./nixpkgs.nix {} }:
{ pkgs ? import ./nixpkgs.nix { config = {}; } }:

with pkgs;

Expand Down
2 changes: 1 addition & 1 deletion tests/hello.nix
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
with import ./pkgname.nix;
let pkgs = import <nixpkgs> {}; in builtins.getAttr pkgname pkgs
let pkgs = import <nixpkgs> { config = {}; }; in builtins.getAttr pkgname pkgs

2 changes: 1 addition & 1 deletion tests/nixpkgs.nix
Original file line number Diff line number Diff line change
@@ -1 +1 @@
import <nixpkgs> {}
import <nixpkgs> { config = {}; }
2 changes: 1 addition & 1 deletion tests/output.nix
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
with import <nixpkgs> {};
with import <nixpkgs> { config = {}; };

runCommand "some-output" {
preferLocalBuild = true;
Expand Down

0 comments on commit 9e8cd72

Please sign in to comment.