xen: only add maintainers if version is security-supported

This prevents users browsing the package in search.nixos.org from messaging maintainers about an EOL Xen. Signed-off-by: Fernando Rodrigues <[email protected]>
Zocker1999NET · Aug 21, 2024 · 70ff32c · 70ff32c
1 parent 28f1c87
commit 70ff32c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/pkgs/applications/virtualization/xen/generic/default.nix b/pkgs/applications/virtualization/xen/generic/default.nix
@@ -97,12 +97,16 @@ let
     which
   ];
 
+  # Inherit attributes from a versionDefinition.
   inherit (versionDefinition) pname;
   inherit (versionDefinition) branch;
   inherit (versionDefinition) version;
   inherit (versionDefinition) latest;
   inherit (versionDefinition) pkg;
 
+  # Mark versions older than minSupportedVersion as EOL.
+  minSupportedVersion = "4.16";
+
   ## Pre-fetched Source Handling ##
 
   # Main attribute set for sources needed to build tools and firmwares.
@@ -700,11 +704,14 @@ stdenv.mkDerivation (finalAttrs: {
       # Development headers in $dev/include.
       mit
     ];
-    maintainers = with lib.maintainers; [ sigmasquadron ];
+    # This automatically removes maintainers from EOL versions of Xen, so we aren't bothered about versions we don't explictly support.
+    maintainers = lib.lists.optionals (lib.strings.versionAtLeast version minSupportedVersion) (
+      with lib.maintainers; [ sigmasquadron ]
+    );
     mainProgram = "xl";
     # Evaluates to x86_64-linux.
     platforms = lib.lists.intersectLists lib.platforms.linux lib.platforms.x86_64;
-    knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "4.16") [
+    knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version minSupportedVersion) [
       "Xen ${version} is no longer supported by the Xen Security Team. See https://xenbits.xenproject.org/docs/unstable/support-matrix.html"
     ];
   };

diff --git a/pkgs/applications/virtualization/xen/update.sh b/pkgs/applications/virtualization/xen/update.sh
@@ -31,7 +31,7 @@ latestVersion=$(echo "$versionList" | tr ' ' '\n' | tail --lines=1)
 branchList=($(echo "$versionList" | tr ' ' '\n' | sed s/\.[0-9]*$//g | awk '!seen[$0]++'))
 
 # Figure out which versions we're actually going to install.
-minSupportedBranch="$(grep "    knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version " "$xenPath"/generic/default.nix | sed s/'    knownVulnerabilities = lib.lists.optionals (lib.strings.versionOlder version "'//g | sed s/'") \['//g)"
+minSupportedBranch="$(grep "  minSupportedVersion = " "$xenPath"/generic/default.nix | sed s/'  minSupportedVersion = "'//g | sed s/'";'//g)"
 supportedBranches=($(for version in "${branchList[@]}"; do if [ "$(printf '%s\n' "$minSupportedBranch" "$version" | sort -V | head -n1)" = "$minSupportedBranch" ]; then echo "$version"; fi; done))
 supportedVersions=($(for version in "${supportedBranches[@]}"; do echo "$versionList" | tr ' ' '\n' | grep "$version" | tail --lines=1; done))