danhab99@programming.dev to linuxmemes@lemmy.world · 18 hours agonixpkgs > aurprogramming.devimagemessage-square33fedilinkarrow-up1233arrow-down122file-text
arrow-up1211arrow-down1imagenixpkgs > aurprogramming.devdanhab99@programming.dev to linuxmemes@lemmy.world · 18 hours agomessage-square33fedilinkfile-text
minus-squaremoonpiedumplings@programming.devlinkfedilinkarrow-up11·15 hours agoNo, it would actually be quite easy to spot. Nixpkgs templates the source code url fro the url, and then it injects a variable Here is an example from bash: pname = "bash${lib.optionalString interactive "-interactive"}"; version = "5.3${fa.patch_suffix}"; patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { url = "mirror://gnu/bash/bash-$%7Blib.removeSuffix fa.patch_suffix fa.version}.tar.gz"; hash = "sha256-DVzYaWX4aaJs9k9Lcb57lvkKO6iz104n6OnZ1VUPMbo="; }; If the url were to be changed, it would show up as a change in git when someone is reviewing before merging.
No, it would actually be quite easy to spot.
Nixpkgs templates the source code url fro the url, and then it injects a variable
Here is an example from bash:
pname = "bash${lib.optionalString interactive "-interactive"}"; version = "5.3${fa.patch_suffix}"; patch_suffix = "p${toString (builtins.length upstreamPatches)}"; src = fetchurl { url = "mirror://gnu/bash/bash-$%7Blib.removeSuffix fa.patch_suffix fa.version}.tar.gz"; hash = "sha256-DVzYaWX4aaJs9k9Lcb57lvkKO6iz104n6OnZ1VUPMbo="; };If the url were to be changed, it would show up as a change in git when someone is reviewing before merging.