git-big-picture: 0.10.1 -> 1.0.0 (fixes CVE-2021-3028) #109569
Conversation
hartwork
force-pushed
the
update-git-big-picture
branch
from
d405fc3
to
e553816
Compare
ofborg
bot
added
10.rebuild-darwin: 0
10.rebuild-linux: 1-10
10.rebuild-linux: 1
labels
| @@ -22,7 +22,7 @@ python2Packages.buildPythonApplication rec { | |||
|
|
|||
| meta = { | |||
| description = "Tool for visualization of Git repositories"; | |||
| homepage = "https://github.com/esc/git-big-picture"; | |||
| homepage = "https://github.com/git-big-picture/git-big-picture"; | |||
| license = lib.licenses.gpl3; | |||
There was a problem hiding this comment.
Nice to meet a fellow who cares about licensing too. It's gpl3Plus indeed. Fixed.
|
hartwork
force-pushed
the
update-git-big-picture
branch
from
e553816
to
311a48c
Compare
@SuperSandro2000 can you help me understand what's causing this and how to fix it? I'm not a user of nixOS and I don't see either SHA256 in the file or even in the whole repository anywhere. Thank you! |
|
@SuperSandro2000 PS: I noticed that the old value in |
hartwork
force-pushed
the
update-git-big-picture
branch
from
311a48c
to
04a7a97
Compare
| repo = pname; | ||
| rev = "v${version}"; | ||
| sha256 = "0b0zdq7d7k7f6p3wwc799347fraphbr20rxd1ysnc4xi1cj4wpmi"; | ||
| sha256 = stdenv.lib.fakeSha256; # TODO |
There was a problem hiding this comment.
| sha256 = stdenv.lib.fakeSha256; # TODO | |
| sha256 = "14yf71iwgk78nw8w0bpijsnnl4vg3bvxsw3vvypxmbrc1nh0bdha"; |
There was a problem hiding this comment.
Thanks, I've put it in now to have the CI give it a try. Can you teach me how to derive a hash like that myself for next time using say plain Python on a non-nixOS Linux?
hartwork
force-pushed
the
update-git-big-picture
branch
from
04a7a97
to
ce55af6
Compare
The one hash is base64 encoded and you need just nix to get it. |
|
Now it asks for PyPI package scruf while that actually a test-only dependency. Any ideas how to make it ignore scruf? |
I took a look at the setup.py and it should be checkInputs only. |
I'm not sure what "should be checkInputs only" means. What do you suggest for a change? |
hartwork
force-pushed
the
update-git-big-picture
branch
2 times, most recently
from
efada1e
to
423b8fe
Compare
Also propagates move of repository from https://github.com/esc/git-big-picture to https://github.com/git-big-picture/git-big-picture . Upstream change log at https://github.com/git-big-picture/git-big-picture#changelog
hartwork
force-pushed
the
update-git-big-picture
branch
from
423b8fe
to
b706315
Compare
|
@SuperSandro2000 thanks! 🎉 |
Also propagates move of repository from https://github.com/esc/git-big-picture to https://github.com/git-big-picture/git-big-picture. Upstream change log for 1.0.0 is at https://github.com/git-big-picture/git-big-picture#changelog
Motivation for this change
Fix for vulnerability CVE-2021-3028 + bugfixes + new features
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)