xen: only add maintainers if version is security-supported (70ff32c4) · Commits · nix / nixpkgs

pkgs/applications/virtualization/xen/generic/default.nix

+9 −2

Original line number	Diff line number	Diff line
		@@ -97,12 +97,16 @@ let
		which
		];

		# Inherit attributes from a versionDefinition.
		inherit (versionDefinition) pname;
		inherit (versionDefinition) branch;
		inherit (versionDefinition) version;
		inherit (versionDefinition) latest;
		inherit (versionDefinition) pkg;

		# Mark versions older than minSupportedVersion as EOL.
		minSupportedVersion = "4.16";

		## Pre-fetched Source Handling ##

		# Main attribute set for sources needed to build tools and firmwares.
		@@ -700,11 +704,14 @@ stdenv.mkDerivation (finalAttrs: {
		# Development headers in $dev/include.
		mit
		];
		maintainers = with lib.maintainers; [ sigmasquadron ];
		# This automatically removes maintainers from EOL versions of Xen, so we aren't bothered about versions we don't explictly support.
		maintainers = lib.lists.optionals (lib.strings.versionAtLeast version minSupportedVersion) (
		with lib.maintainers; [ sigmasquadron ]
		);
		mainProgram = "xl";
		# Evaluates to x86_64-linux.
		platforms = lib.lists.intersectLists lib.platforms.linux lib.platforms.x86_64;
		knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "4.16") [
		knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version minSupportedVersion) [
		"Xen ${version} is no longer supported by the Xen Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html"
		];
		};

+1 −1

Original line number	Diff line number	Diff line
		@@ -31,7 +31,7 @@ latestVersion=$(echo "$versionList" \| tr ' ' '\n' \| tail --lines=1)
		branchList=($(echo "$versionList" \| tr ' ' '\n' \| sed s/\.[0-9]*$//g \| awk '!seen[$0]++'))

		# Figure out which versions we're actually going to install.
		minSupportedBranch="$(grep " knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version " "$xenPath"/generic/default.nix \| sed s/' knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "'//g \| sed s/'") \['//g)"
		minSupportedBranch="$(grep " minSupportedVersion = " "$xenPath"/generic/default.nix \| sed s/' minSupportedVersion = "'//g \| sed s/'";'//g)"
		supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" \| sort -V \| head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))
		supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" \| tr ' ' '\n' \| grep "$version" \| tail --lines=1; done))

Original line number	Diff line number	Diff line
		@@ -31,7 +31,7 @@ latestVersion=$(echo "$versionList" \| tr ' ' '\n' \| tail --lines=1)
		branchList=($(echo "$versionList" \| tr ' ' '\n' \| sed s/\.[0-9]*$//g \| awk '!seen[$0]++'))

		# Figure out which versions we're actually going to install.
		minSupportedBranch="$(grep " knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version " "$xenPath"/generic/default.nix \| sed s/' knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "'//g \| sed s/'") \['//g)"
		minSupportedBranch="$(grep " minSupportedVersion = " "$xenPath"/generic/default.nix \| sed s/' minSupportedVersion = "'//g \| sed s/'";'//g)"
		supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" \| sort -V \| head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))
		supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" \| tr ' ' '\n' \| grep "$version" \| tail --lines=1; done))