Make build compatible with newer nixpkgs

Nodejs 10 was marked as insecure which leads to the build failing. This
overrides the nodejs 10 derivation to not be marked as insecure. It does
not pose a high security risk due to it only being used in the
(sandboxed) build process with pinned inputs.
This commit is contained in:
Simon Bruder 2022-01-02 21:43:09 +01:00
parent 2dc260f73f
commit ea678a781a
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -10,7 +10,13 @@
overlay = final: prev: {
AriaNg =
let
nodeDependencies = (prev.callPackage ./build-dependencies.nix { pkgs = prev; }).shell.nodeDependencies;
# mark nodejs 10 as secure, YOLO
# it is somewhat acceptable, because it only gets used for the build
# upstream recommends using node 8, so using node 10 is the more secure option
# https://github.com/mayswind/AriaNg/issues/606#issuecomment-842461874
nodejs = prev.nodejs-10_x.overrideAttrs (o: o // { meta = o.meta // { knownVulnerabilities = [ ]; }; });
nodeDependencies = (prev.callPackage ./build-dependencies.nix { pkgs = prev; inherit nodejs; }).shell.nodeDependencies;
in
prev.stdenvNoCC.mkDerivation {
pname = "AriaNg";
@ -22,7 +28,7 @@
ln -s ${nodeDependencies}/lib/node_modules ./node_modules
# shebang uses nodejs-12_x?
${prev.nodejs-10_x}/bin/node ${nodeDependencies}/bin/gulp clean build
${nodejs}/bin/node ${nodeDependencies}/bin/gulp clean build
'';
installPhase = ''