nix-security-tracker icon indicating copy to clipboard operation
nix-security-tracker copied to clipboard

Published 20 hours ago verified publisher icon Nix-Security-WG

[Tracking Issue] Nixpkgs data issue

Open RaitoBezarius opened this issue 1 year ago • 0 comments

As always, in data stuff, our data source can have quality issues. Here's a compilation of known problems.

  • meta is null for
{'attr': 'stdenvBootstrapTools.aarch64-unknown-linux-gnu.test', 'attrPath': ['stdenvBootstrapTools', 'aarch64-unknown-linux-gnu', 'test'], 'drvPath': '/nix/store/b1nwr6jiblzhxm6ni9mpaxlx3zkgjxfk-test-bootstrap-tools.drv', 'inputDrvs': {'/nix/store/hbpla4nc7z0ik0imalk3n0zd49jzyy9c-hello-2.12.1.tar.gz.drv': ['out'], '/nix/store/il6xl6vb5hqwzyg9ravb7jwhbz8rqjyz-bootstrap-tools.drv': ['out'], '/nix/store/z3764agijp9gabn6kp0pnwy9qqv06mz2-busybox.drv': ['out']}, 'meta': None, 'name': 'test-bootstrap-tools', 'outputs': {'out': '/nix/store/bw1hy352cm9mh0yrrw34q34c7jc2gqdw-test-bootstrap-tools'}, 'system': 'aarch64-linux'}
{'attr': 'stdenvBootstrapTools.aarch64-unknown-linux-musl.test', 'attrPath': ['stdenvBootstrapTools', 'aarch64-unknown-linux-musl', 'test'], 'drvPath': '/nix/store/hlmpaha8v4x3v68d28ihv2rk3xp9wp75-test-bootstrap-tools.drv', 'inputDrvs': {'/nix/store/ix7qnpw4bn31igspzhbid3j643n8j6cl-busybox.drv': ['out'], '/nix/store/l5l1izfmia8yx6ndvi97y1zq8i5ck48i-bootstrap-tools.drv': ['out'], '/nix/store/q1iyjr3rqcm7nq5l30wp64s60kkbzviy-hello-2.12.1.tar.gz.drv': ['out']}, 'meta': None, 'name': 'test-bootstrap-tools', 'outputs': {'out': '/nix/store/szqba4y11m2310znnbx97g37nxm806yg-test-bootstrap-tools'}, 'system': 'aarch64-linux'}
{'attr': 'stdenvBootstrapTools.i686-unknown-linux-gnu.test', 'attrPath': ['stdenvBootstrapTools', 'i686-unknown-linux-gnu', 'test'], 'drvPath': '/nix/store/wmm8crzbvzdpvc2kkj7bwrhlxrzfwzk9-test-bootstrap-tools.drv', 'inputDrvs': {'/nix/store/3lmvd6g9l7w824pj3j08ffdpbwds9xpm-hello-2.12.1.tar.gz.drv': ['out'], '/nix/store/6xv8qimh688wyq15zvwmg036vmks6dpg-bootstrap-tools.drv': ['out'], '/nix/store/8i219njwndszi5ai67m16js3ip7sriwi-busybox.drv': ['out']}, 'meta': None, 'name': 'test-bootstrap-tools', 'outputs': {'out': '/nix/store/yqjcq9g8ylypibcr7hi4iv9jf5difsi1-test-bootstrap-tools'}, 'system': 'i686-linux'}
{'attr': 'stdenvBootstrapTools.x86_64-unknown-linux-gnu.test', 'attrPath': ['stdenvBootstrapTools', 'x86_64-unknown-linux-gnu', 'test'], 'drvPath': '/nix/store/b2kc6wsg0px3lmhb993zcl33d8020vpr-test-bootstrap-tools.drv', 'inputDrvs': {'/nix/store/arhk2wra2a3a3vh4bj105kmyjsfyw25m-bootstrap-tools.drv': ['out'], '/nix/store/qxxv8jm6z12vl6dvgnn3yjfqfgc68jhc-hello-2.12.1.tar.gz.drv': ['out'], '/nix/store/sva980ym3ifafm162n8h8ra71wvhp871-busybox.drv': ['out']}, 'meta': None, 'name': 'test-bootstrap-tools', 'outputs': {'out': '/nix/store/10ll5130c228fwdjygqg0cq6glb8gp4m-test-bootstrap-tools'}, 'system': 'x86_64-linux'}
{'attr': 'stdenvBootstrapTools.x86_64-unknown-linux-musl.test', 'attrPath': ['stdenvBootstrapTools', 'x86_64-unknown-linux-musl', 'test'], 'drvPath': '/nix/store/scg969crpb8j6y47xb248gb4zv42ax0p-test-bootstrap-tools.drv', 'inputDrvs': {'/nix/store/87syrjxc76792pxab7y2h29jbj9xf3d5-bootstrap-tools.drv': ['out'], '/nix/store/nbs9hrqb3wid33vvf6zdgcig3y238389-hello-2.12.1.tar.gz.drv': ['out'], '/nix/store/vcvzc2is1ryprr5zjn887jkmkddky27v-busybox.drv': ['out']}, 'meta': None, 'name': 'test-bootstrap-tools', 'outputs': {'out': '/nix/store/5f91z4p3l5ln21g9qy53bai7xf47kz66-test-bootstrap-tools'}, 'system': 'x86_64-linux'}
  • license can be unknown for a lot of packages
  • maintainers can be improperly formed in presence of teams, trivial examples:
❯ rg 'teams.ororatech'                                                    
pkgs/development/tools/misc/yakut/default.nix
49:    maintainers = [ teams.ororatech ];

pkgs/development/python-modules/dronecan/default.nix
34:    maintainers = [ teams.ororatech ];

pkgs/development/python-modules/pkg-about/default.nix
57:    maintainers = [ teams.ororatech ];

pkgs/development/python-modules/pycyphal/default.nix
47:    maintainers = [ teams.ororatech ];

pkgs/development/python-modules/libpcap/default.nix
65:    maintainers = [ teams.ororatech ];

pkgs/development/python-modules/cobs/default.nix
40:    maintainers = [ teams.ororatech ];
  • license data does not have any relevant primary key, everything set and unset everything, it's impossible to know what is what.
  • 2 maintainers didn't set github and githubId: 8c6f525d12a2a and 9d193512a7cb0 (both two months ago...)

Fixes are proposed in https://github.com/NixOS/nixpkgs/pull/272199.

RaitoBezarius avatar Dec 05 '23 06:12 RaitoBezarius