doc: add knownVulnerabilities (c0a2db75) · Commits · nix / nixpkgs

doc/redirects.json

+3 −0

Original line number	Diff line number	Diff line
		@@ -1101,6 +1101,9 @@
		"var-meta-broken": [
		"index.html#var-meta-broken"
		],
		"var-meta-knownVulnerabilities": [
		"index.html#var-meta-knownVulnerabilities"
		],
		"sec-meta-license": [
		"index.html#sec-meta-license"
		],

+16 −0

Original line number	Diff line number	Diff line
		@@ -185,6 +185,22 @@ This means that `broken` can be used to express constraints, for example:
		This makes `broken` strictly more powerful than `meta.badPlatforms`.
		However `meta.availableOn` currently examines only `meta.platforms` and `meta.badPlatforms`, so `meta.broken` does not influence the default values for optional dependencies.

		## `knownVulnerabilities` {#var-meta-knownVulnerabilities}

		A list of known vulnerabilities affecting the package, usually identified by CVE identifiers.

		This metadata allows users and tools to be aware of unresolved security issues before using the package, for example:

		```nix
		{
		meta.knownVulnerabilities = [
		"CVE-2024-3094: Malicious backdoor allowing unauthorized remote code execution"
		];
		}
		```

		If this list is not empty, the package is marked as "insecure", meaning that it cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_INSECURE`](#sec-allow-insecure) is set.

		## Licenses {#sec-meta-license}

		The `meta.license` attribute should preferably contain a value from `lib.licenses` defined in [`nixpkgs/lib/licenses.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix), or in-place license description of the same format if the license is unlikely to be useful in another expression.

+2 −2

Original line number	Diff line number	Diff line
		@@ -390,6 +390,8 @@ let
		(isDerivation x && x ? meta.timeout);
		};
		timeout = int;
		knownVulnerabilities = listOf str;
		badPlatforms = platforms;

		# Needed for Hydra to expose channel tarballs:
		# https://github.com/NixOS/hydra/blob/53335323ae79ca1a42643f58e520b376898ce641/doc/manual/src/jobs.md#meta-fields
		@@ -397,7 +399,6 @@ let

		# Weirder stuff that doesn't appear in the documentation?
		maxSilent = int;
		knownVulnerabilities = listOf str;
		name = str;
		version = str;
		tag = str;
		@@ -410,7 +411,6 @@ let
		isFcitxEngine = bool;
		isIbusEngine = bool;
		isGutenprint = bool;
		badPlatforms = platforms;
		};

		checkMetaAttr =