shell.nix: provide adafruit-nrfutil#2251
Open
mweinelt wants to merge 1 commit intomeshcore-dev:mainfrom
Open
Conversation
This is marked unfree in nixpkgs upstream, which is something we need to explicitly allow in our shell. Then we need to permit CVE-2024-23342 in ecdsa, a timing security issue which upstream does not plan to resolve, but isn't relevant to the use of adafruit-nrfutil at all. The switch to `mkShellNoCC` makes the shell closure smaller, since it does not include the nixpkgs stdenv. Renamed from default.nix, as shell.nix is the cleaner name for when the entrypoint is a nix shell. This does not require changes to the direnv configuration.
Contributor
|
Thanks for the CC. I'll test this later today when I'm home :)
…On Sat, Apr 4, 2026, at 12:44, Martin Weinelt wrote:
This is marked unfree in nixpkgs upstream, which is something we need to explicitly allow in our shell.
Then we need to permit CVE-2024-23342 <https://github.com/advisories/GHSA-wj6h-64fc-37mp> in ecdsa, a timing security issue which upstream does not plan to resolve, but isn't relevant to the use of adafruit-nrfutil at all.
The switch to `mkShellNoCC` makes the shell closure smaller, since it does not include the nixpkgs stdenv.
Renamed from default.nix, as shell.nix is the cleaner name for when the entrypoint is a nix shell. This does not require changes to the direnv configuration.
cc @neutralinsomniac <https://github.com/neutralinsomniac>
You can view, comment on, or merge this pull request online at:
#2251
Commit Summary
• 46eba9e <46eba9e> shell.nix: provide adafruit-nrfutil
File Changes
(2 files <https://github.com/meshcore-dev/MeshCore/pull/2251/files>)
• *D* default.nix <https://github.com/meshcore-dev/MeshCore/pull/2251/files#diff-245563af9e34754739b12b294f3324c1d42c116ace7ce8735e21dfbc82d8e064> (11)
• *A* shell.nix <https://github.com/meshcore-dev/MeshCore/pull/2251/files#diff-e53dfbfffe62ae3c0b411b3938ccffa9fb6a2ecc565f55785ef8daa756631a6b> (23)
Patch Links:
• https://github.com/meshcore-dev/MeshCore/pull/2251.patch
• https://github.com/meshcore-dev/MeshCore/pull/2251.diff
—
Reply to this email directly, view it on GitHub <#2251>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAWPJ4NQE4INDKBZW3GE7L4UE3YXAVCNFSM6AAAAACXMXLRKOVHI2DSMVQWIX3LMV43ASLTON2WKOZUGIYDKMRYGY3TKNA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Contributor
|
Looks good to me and worked fine! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is marked unfree in nixpkgs upstream, which is something we need to explicitly allow in our shell.
Then we need to permit CVE-2024-23342 in ecdsa, a timing security issue which upstream does not plan to resolve, but isn't relevant to the use of adafruit-nrfutil at all.
The switch to
mkShellNoCCmakes the shell closure smaller, since it does not include the nixpkgs stdenv.Renamed from default.nix, as shell.nix is the cleaner name for when the entrypoint is a nix shell. This does not require changes to the direnv configuration.
This increases the shell closure from 21.55 MiB to 21.66 MiB.
cc @neutralinsomniac