Get all unmaintained Nixpkgs attributes that are part of my NixOS system

erictapen · October 13, 2021, 11:30am

Is there any way to filter a list of all Nixpkgs attributes that are ever called when I rebuild my system? I’m not just talking about the content of environment.systemPackages, but all packages that produce outputs in the system closure.

At first glance vulnix --system achieves such a thing for reported CVEs present in the system closure, but they seem to scan only the resulting output, where meta attributes are not available any more, as they are not stored in the drv files.

I want this to take over unmaintained packages that are used to build my systems.

sternenseemann · October 13, 2021, 12:40pm

See RFC 0081, @lassulus wants to add this as a builtin feature to nixos-rebuild at some point.

erictapen · October 14, 2021, 11:29am

Ah thanks, I read that RFC but forgot about it the meantime.

Looks like there doesn’t exist any implementation for my use case atm.