I have a NixOS config that disallows non-source packages that aren’t kernel firmware (with an explicit exclusion list, finalNonSourcePackageNames
):
nixpkgs.config = {
allowNonSource = false;
allowNonSourcePredicate =
pkg:
lib.elem (lib.getName pkg) cfg.finalNonSourcePackageNames
|| lib.all (
provenance:
provenance.isSource
|| provenance == lib.sourceTypes.binaryFirmware && config.hardware.enableRedistributableFirmware
) pkg.meta.sourceProvenance;
};
This was working simply enough until recently, as fetchNupkg
in nixpkgs was changed (in be577a25f468db75c2927d65e6d16473dc25c3e2
) to specify that it downloads binary blobs.
Unfortunately every single little dependency of any dotnet package is considered a separate package, so adding everything manually to the exclusion list is a bit onerous.
How would I go about getting a certain package’s closure so I can add it to the exclusion list?
I only use a couple of dotnet packages, so excluding them is simple enough if I can come up with a general concept.