From 46eba9ea675adf4fad9a491dc23ceadca33a5ca7 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 4 Apr 2026 18:21:45 +0200 Subject: [PATCH] shell.nix: provide adafruit-nrfutil This is marked unfree in nixpkgs upstream, which is something we need to explicitly allow in our shell. Then we need to permit CVE-2024-23342 in ecdsa, a timing security issue which upstream does not plan to resolve, but isn't relevant to the use of adafruit-nrfutil at all. The switch to `mkShellNoCC` makes the shell closure smaller, since it does not include the nixpkgs stdenv. Renamed from default.nix, as shell.nix is the cleaner name for when the entrypoint is a nix shell. This does not require changes to the direnv configuration. --- default.nix | 11 ----------- shell.nix | 23 +++++++++++++++++++++++ 2 files changed, 23 insertions(+), 11 deletions(-) delete mode 100644 default.nix create mode 100644 shell.nix diff --git a/default.nix b/default.nix deleted file mode 100644 index 4f9e1c59b8..0000000000 --- a/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs ? import {} }: -let -in - pkgs.mkShell { - buildInputs = [ - pkgs.platformio - pkgs.python3 - # optional: needed as a programmer i.e. for esp32 - pkgs.avrdude - ]; -} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000000..d437668adb --- /dev/null +++ b/shell.nix @@ -0,0 +1,23 @@ +let + pkgs = import { + config = { + # Allow unfree adafruit-nrfutil, see https://github.com/adafruit/Adafruit_nRF52_nrfutil/issues/41 + allowUnfreePredicate = pkg: pkg.pname or null == "adafruit-nrfutil"; + + # Ignore CVE-2024-23342 for python-ecdsa, see https://github.com/tlsfuzzer/python-ecdsa/issues/330 + permittedInsecurePackages = [ + "python3.13-ecdsa-0.19.1" + ]; + }; + }; +in +pkgs.mkShellNoCC { + packages = with pkgs; [ + platformio + python3 + # optional: needed as a programmer i.e. for esp32 + avrdude + # optional: programmer for some nrf52 devices + adafruit-nrfutil + ]; +}