boostrap fetchurl: Add SRI support

main
Janne Heß 2 years ago
parent f8594cd431
commit 0b3e7f063c
No known key found for this signature in database
GPG Key ID: 69165158F05265DF
  1. 2
      lib/minver.nix
  2. 5
      nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
  3. 2
      nixos/doc/manual/release-notes/rl-2211.section.md
  4. 9
      pkgs/build-support/fetchurl/boot.nix

@ -1,2 +1,2 @@
# Expose the minimum required version for evaluating Nixpkgs
"2.2"
"2.3"

@ -255,6 +255,11 @@
<section xml:id="sec-release-22.11-incompatibilities">
<title>Backward Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
Nixpkgs now requires Nix 2.3 or newer.
</para>
</listitem>
<listitem>
<para>
The <literal>isCompatible</literal> predicate checking CPU

@ -94,6 +94,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
- Nixpkgs now requires Nix 2.3 or newer.
- The `isCompatible` predicate checking CPU compatibility is no longer exposed
by the platform sets generated using `lib.systems.elaborate`. In most cases
you will want to use the new `canExecute` predicate instead which also

@ -4,12 +4,17 @@ let mirrors = import ./mirrors.nix; in
{ url ? builtins.head urls
, urls ? []
, sha256
, sha256 ? ""
, hash ? ""
, name ? baseNameOf (toString url)
}:
# assert exactly one hash is set
assert hash != "" || sha256 != "";
assert hash != "" -> sha256 == "";
import <nix/fetchurl.nix> {
inherit system sha256 name;
inherit system hash sha256 name;
url =
# Handle mirror:// URIs. Since <nix/fetchurl.nix> currently

Loading…
Cancel
Save