Is there any way to filter a list of all Nixpkgs attributes that are ever called when I rebuild my system? I’m not just talking about the content of environment.systemPackages
, but all packages that produce outputs in the system closure.
At first glance vulnix --system
achieves such a thing for reported CVEs present in the system closure, but they seem to scan only the resulting output, where meta
attributes are not available any more, as they are not stored in the drv files.
I want this to take over unmaintained packages that are used to build my systems.