tjh.dev
1# Meta-attributes {#chap-meta}
2
3Nix packages can declare *meta-attributes* that contain information about a package such as a description, its homepage, its license, and so on. For instance, the GNU Hello package has a `meta` declaration like this:
4
5```nix
6{
7 meta = {
8 description = "Program that produces a familiar, friendly greeting";
9 longDescription = ''
10 GNU Hello is a program that prints "Hello, world!" when you run it.
11 It is fully customizable.
12 '';
13 homepage = "https://www.gnu.org/software/hello/manual/";
14 license = lib.licenses.gpl3Plus;
15 maintainers = with lib.maintainers; [ eelco ];
16 platforms = lib.platforms.all;
17 };
18}
19```
20
21Meta-attributes are not passed to the builder of the package. Thus, a change to a meta-attribute doesn’t trigger a recompilation of the package.
22
23## Standard meta-attributes {#sec-standard-meta-attributes}
24
25If the package is to be submitted to Nixpkgs, please check out the
26[requirements for meta attributes](https://github.com/NixOS/nixpkgs/tree/master/pkgs#meta-attributes)
27in the contributing documentation.
28
29It is expected that each meta-attribute is one of the following:
30
31### `description` {#var-meta-description}
32
33A short (one-line) description of the package.
34This is displayed on [search.nixos.org](https://search.nixos.org/packages).
35
36The general requirements of a description are:
37
38- Be short, just one sentence.
39- Be capitalized.
40- Not start with definite ("The") or indefinite ("A"/"An") article.
41- Not start with the package name.
42 - More generally, it should not refer to the package name.
43- Not end with a period (or any punctuation for that matter).
44- Provide factual information.
45 - Avoid subjective language.
46
47
48Wrong: `"libpng is a library that allows you to decode PNG images."`
49
50Right: `"Library for decoding PNG images"`
51
52### `longDescription` {#var-meta-longDescription}
53
54An arbitrarily long description of the package in [CommonMark](https://commonmark.org) Markdown.
55
56### `branch` {#var-meta-branch}
57
58Release branch. Used to specify that a package is not going to receive updates that are not in this branch; for example, Linux kernel 3.0 is supposed to be updated to 3.0.X, not 3.1.
59
60### `homepage` {#var-meta-homepage}
61
62The package’s homepage. Example: `https://www.gnu.org/software/hello/manual/`
63
64### `downloadPage` {#var-meta-downloadPage}
65
66The page where a link to the current version can be found. Example: `https://ftp.gnu.org/gnu/hello/`
67
68### `changelog` {#var-meta-changelog}
69
70A link or a list of links to the location of Changelog for a package. A link may use expansion to refer to the correct changelog version. Example: `"https://git.savannah.gnu.org/cgit/hello.git/plain/NEWS?h=v${version}"`
71
72### `license` {#var-meta-license}
73
74The license, or licenses, for the package. One from the attribute set defined in [`nixpkgs/lib/licenses.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix). At this moment using both a list of licenses and a single license is valid. If the license field is in the form of a list representation, then it means that parts of the package are licensed differently. Each license should preferably be referenced by their attribute. The non-list attribute value can also be a space delimited string representation of the contained attribute `shortNames` or `spdxIds`. The following are all valid examples:
75
76- Single license referenced by attribute (preferred) `lib.licenses.gpl3Only`.
77- Single license referenced by its attribute shortName (frowned upon) `"gpl3Only"`.
78- Single license referenced by its attribute spdxId (frowned upon) `"GPL-3.0-only"`.
79- Multiple licenses referenced by attribute (preferred) `with lib.licenses; [ asl20 free ofl ]`.
80- Multiple licenses referenced as a space delimited string of attribute shortNames (frowned upon) `"asl20 free ofl"`.
81
82For details, see [Licenses](#sec-meta-license).
83
84### `sourceProvenance` {#var-meta-sourceProvenance}
85
86A list containing the type or types of source inputs from which the package is built, e.g. original source code, pre-built binaries, etc.
87
88For details, see [Source provenance](#sec-meta-sourceProvenance).
89
90### `maintainers` {#var-meta-maintainers}
91
92A list of the maintainers of this Nix expression. Maintainers are defined in [`nixpkgs/maintainers/maintainer-list.nix`](https://github.com/NixOS/nixpkgs/blob/master/maintainers/maintainer-list.nix). There is no restriction to becoming a maintainer, just add yourself to that list in a separate commit titled “maintainers: add alice” in the same pull request, and reference maintainers with `maintainers = with lib.maintainers; [ alice bob ]`.
93
94### `teams` {#var-meta-teams}
95
96A list of the teams of this Nix expression. Teams are defined in [`nixpkgs/maintainers/team-list.nix`](https://github.com/NixOS/nixpkgs/blob/master/maintainers/team-list.nix), and can be defined in a package with `meta.teams = with lib.teams; [ team1 team2 ]`.
97
98### `mainProgram` {#var-meta-mainProgram}
99
100The name of the main binary for the package. This affects the binary `nix run` executes. Example: `"rg"`
101
102### `priority` {#var-meta-priority}
103
104The *priority* of the package, used by `nix-env` to resolve file name conflicts between packages. See the [manual page for `nix-env`](https://nixos.org/manual/nix/stable/command-ref/nix-env) for details. Example: `"10"` (a low-priority package).
105
106### `platforms` {#var-meta-platforms}
107
108The list of Nix platform types on which the package is supported. Hydra builds packages according to the platform specified. If no platform is specified, the package does not have prebuilt binaries. An example is:
109
110```nix
111{ meta.platforms = lib.platforms.linux; }
112```
113
114Attribute Set `lib.platforms` defines [various common lists](https://github.com/NixOS/nixpkgs/blob/master/lib/systems/doubles.nix) of platforms types.
115
116### `badPlatforms` {#var-meta-badPlatforms}
117
118The list of Nix [platform types](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L75-L81) on which the package is known not to be buildable.
119Hydra will never create prebuilt binaries for these platform types, even if they are in [`meta.platforms`](#var-meta-platforms).
120In general it is preferable to set `meta.platforms = lib.platforms.all` and then exclude any platforms on which the package is known not to build.
121For example, a package which requires dynamic linking and cannot be linked statically could use this:
122
123```nix
124{
125 meta.platforms = lib.platforms.all;
126 meta.badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ];
127}
128```
129
130The [`lib.meta.availableOn`](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/lib/meta.nix#L95-L106) function can be used to test whether or not a package is available (i.e. buildable) on a given platform.
131Some packages use this to automatically detect the maximum set of features with which they can be built.
132For example, `systemd` [requires dynamic linking](https://github.com/systemd/systemd/issues/20600#issuecomment-912338965), and [has a `meta.badPlatforms` setting](https://github.com/NixOS/nixpkgs/blob/b03ac42b0734da3e7be9bf8d94433a5195734b19/pkgs/os-specific/linux/systemd/default.nix#L752) similar to the one above.
133Packages which can be built with or without `systemd` support will use `lib.meta.availableOn` to detect whether or not `systemd` is available on the [`hostPlatform`](#ssec-cross-platform-parameters) for which they are being built; if it is not available (e.g. due to a statically-linked host platform like `pkgsStatic`) this support will be disabled by default.
134
135### `timeout` {#var-meta-timeout}
136
137A timeout (in seconds) for building the derivation. If the derivation takes longer than this time to build, Hydra will fail it due to breaking the timeout. However, all computers do not have the same computing power, hence some builders may decide to apply a multiplicative factor to this value. When filling this value in, try to keep it approximately consistent with other values already present in `nixpkgs`.
138
139`meta` attributes are not stored in the instantiated derivation.
140Therefore, this setting may be lost when the package is used as a dependency.
141To be effective, it must be presented directly to an evaluation process that handles the `meta.timeout` attribute.
142
143### `hydraPlatforms` {#var-meta-hydraPlatforms}
144
145The list of Nix platform types for which the [Hydra](https://github.com/nixos/hydra) [instance at `hydra.nixos.org`](https://nixos.org/hydra) will build the package. (Hydra is the Nix-based continuous build system.) It defaults to the value of `meta.platforms`. Thus, the only reason to set `meta.hydraPlatforms` is if you want `hydra.nixos.org` to build the package on a subset of `meta.platforms`, or not at all, e.g.
146
147```nix
148{
149 meta.platforms = lib.platforms.linux;
150 meta.hydraPlatforms = [ ];
151}
152```
153
154### `broken` {#var-meta-broken}
155
156If set to `true`, the package is marked as "broken", meaning that it won’t show up in [search.nixos.org](https://search.nixos.org/packages), and cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_BROKEN`](#opt-allowBroken) is set.
157Such unconditionally-broken packages should be removed from Nixpkgs eventually unless they are fixed.
158
159The value of this attribute can depend on a package's arguments, including `stdenv`.
160This means that `broken` can be used to express constraints, for example:
161
162- Does not cross compile
163
164 ```nix
165 { meta.broken = !(stdenv.buildPlatform.canExecute stdenv.hostPlatform); }
166 ```
167
168- Broken if all of a certain set of its dependencies are broken
169
170 ```nix
171 {
172 meta.broken = lib.all (
173 map (p: p.meta.broken) [
174 glibc
175 musl
176 ]
177 );
178 }
179 ```
180
181This makes `broken` strictly more powerful than `meta.badPlatforms`.
182However `meta.availableOn` currently examines only `meta.platforms` and `meta.badPlatforms`, so `meta.broken` does not influence the default values for optional dependencies.
183
184## `knownVulnerabilities` {#var-meta-knownVulnerabilities}
185
186A list of known vulnerabilities affecting the package, usually identified by CVE identifiers.
187
188This metadata allows users and tools to be aware of unresolved security issues before using the package, for example:
189
190```nix
191{
192 meta.knownVulnerabilities = [
193 "CVE-2024-3094: Malicious backdoor allowing unauthorized remote code execution"
194 ];
195}
196```
197
198If this list is not empty, the package is marked as "insecure", meaning that it cannot be built or installed unless the environment variable [`NIXPKGS_ALLOW_INSECURE`](#sec-allow-insecure) is set.
199
200## Licenses {#sec-meta-license}
201
202The `meta.license` attribute should preferably contain a value from `lib.licenses` defined in [`nixpkgs/lib/licenses.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix), or in-place license description of the same format if the license is unlikely to be useful in another expression.
203
204Although it’s typically better to indicate the specific license, a few generic options are available:
205
206### `lib.licenses.free`, `"free"` {#lib.licenses.free-free}
207
208Catch-all for free software licenses not listed above.
209
210### `lib.licenses.unfreeRedistributable`, `"unfree-redistributable"` {#lib.licenses.unfreeredistributable-unfree-redistributable}
211
212Unfree package that can be redistributed in binary form. That is, it’s legal to redistribute the *output* of the derivation. This means that the package can be included in the Nixpkgs channel.
213
214Sometimes proprietary software can only be redistributed unmodified. Make sure the builder doesn’t actually modify the original binaries; otherwise we’re breaking the license. For instance, the NVIDIA X11 drivers can be redistributed unmodified, but our builder applies `patchelf` to make them work. Thus, its license is `"unfree"` and it cannot be included in the Nixpkgs channel.
215
216### `lib.licenses.unfree`, `"unfree"` {#lib.licenses.unfree-unfree}
217
218Unfree package that cannot be redistributed. You can build it yourself, but you cannot redistribute the output of the derivation. Thus it cannot be included in the Nixpkgs channel.
219
220### `lib.licenses.unfreeRedistributableFirmware`, `"unfree-redistributable-firmware"` {#lib.licenses.unfreeredistributablefirmware-unfree-redistributable-firmware}
221
222This package supplies unfree, redistributable firmware. This is a separate value from `unfree-redistributable` because not everybody cares whether firmware is free.
223
224## Source provenance {#sec-meta-sourceProvenance}
225
226The value of a package's `meta.sourceProvenance` attribute specifies the provenance of the package's derivation outputs.
227
228If a package contains elements that are not built from the original source by a nixpkgs derivation, the `meta.sourceProvenance` attribute should be a list containing one or more value from `lib.sourceTypes` defined in [`nixpkgs/lib/source-types.nix`](https://github.com/NixOS/nixpkgs/blob/master/lib/source-types.nix).
229
230Adding this information helps users who have needs related to build transparency and supply-chain security to gain some visibility into their installed software or set policy to allow or disallow installation based on source provenance.
231
232The presence of a particular `sourceType` in a package's `meta.sourceProvenance` list indicates that the package contains some components falling into that category, though the *absence* of that `sourceType` does not *guarantee* the absence of that category of `sourceType` in the package's contents. A package with no `meta.sourceProvenance` set implies it has no *known* `sourceType`s other than `fromSource`.
233
234The meaning of the `meta.sourceProvenance` attribute does not depend on the value of the `meta.license` attribute.
235
236### `lib.sourceTypes.fromSource` {#lib.sourceTypes.fromSource}
237
238Package elements which are produced by a nixpkgs derivation which builds them from source code.
239
240### `lib.sourceTypes.binaryNativeCode` {#lib.sourceTypes.binaryNativeCode}
241
242Native code to be executed on the target system's CPU, built by a third party. This includes packages which wrap a downloaded AppImage or Debian package.
243
244### `lib.sourceTypes.binaryFirmware` {#lib.sourceTypes.binaryFirmware}
245
246Code to be executed on a peripheral device or embedded controller, built by a third party.
247
248### `lib.sourceTypes.binaryBytecode` {#lib.sourceTypes.binaryBytecode}
249
250Code to run on a VM interpreter or JIT compiled into bytecode by a third party. This includes packages which download Java `.jar` files from another source.