support different nixpkgs locked types

tiiuae / sbomnix

A suite of utilities to help with software supply chain challenges on nix targets

125 stars 22 forks source link

support different nixpkgs locked types #119

Closed pyqlsa closed 2 months ago

pyqlsa commented 2 months ago

Avoid hard-coding the nixpkgs flakeref to github:NixOS/nixpkgs in order to handle alternate nixpkgs locations.

henrirosten commented 2 months ago

Thanks @pyqlsa, this change seems good to me.

The only question I have is why do you add the pkgs.git as a dependency to all the out tools in the postInstall step here?

pyqlsa commented 2 months ago

@henrirosten git is required to resolve git+ssh and git+https urls.

I inspected some of the other scripts a little more diligently, and only sbomnix, nix_outdated, and vulnxscan either directly or transitively depend on nixmeta.scanner.NixMetaScanner; thus, I will remove git from nixgraph and provenance.

Fix incoming shortly!

henrirosten commented 2 months ago

Merged, thanks @pyqlsa.