tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / by-name / ne / nexus / package.nix
at devShellTools-shell 74 lines 1.7 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchurl, 5 makeWrapper, 6 jre_headless, 7 gawk, 8 nixosTests, 9}: 10 11stdenv.mkDerivation rec { 12 pname = "nexus"; 13 version = "3.70.1-02"; 14 15 src = fetchurl { 16 url = "https://download.sonatype.com/nexus/3/nexus-${version}-unix.tar.gz"; 17 hash = "sha256-oBappm8WRcgyD5HWqJKPbMHjlwCUo9y5+FtB2Kq1PCE="; 18 }; 19 20 preferLocalBuild = true; 21 22 sourceRoot = "${pname}-${version}"; 23 24 nativeBuildInputs = [ makeWrapper ]; 25 26 patches = [ 27 ./nexus-bin.patch 28 ./nexus-vm-opts.patch 29 ]; 30 31 postPatch = '' 32 substituteInPlace bin/nexus.vmoptions \ 33 --replace-fail ../sonatype-work /var/lib/sonatype-work \ 34 --replace-fail etc/karaf $out/etc/karaf \ 35 --replace-fail =. =$out 36 ''; 37 38 installPhase = '' 39 runHook preInstall 40 41 mkdir -p $out 42 cp -rfv * .install4j $out 43 rm -fv $out/bin/nexus.bat 44 45 wrapProgram $out/bin/nexus \ 46 --set JAVA_HOME ${jre_headless} \ 47 --set ALTERNATIVE_NAME "nexus" \ 48 --prefix PATH "${lib.makeBinPath [ gawk ]}" 49 50 runHook postInstall 51 ''; 52 53 passthru.tests = { 54 inherit (nixosTests) nexus; 55 }; 56 57 meta = { 58 description = "Repository manager for binary software components"; 59 homepage = "https://www.sonatype.com/products/sonatype-nexus-oss"; 60 sourceProvenance = with lib.sourceTypes; [ binaryBytecode ]; 61 license = lib.licenses.epl10; 62 platforms = lib.platforms.all; 63 knownVulnerabilities = [ 64 "Nexus 3.77 + 3.78 fixed a bunch of security issues: https://help.sonatype.com/en/sonatype-nexus-repository-3-78-0-release-notes.html" 65 "CVE-2024-47554" 66 "CVE-2024-5764" 67 "Sonatype-2015-0286" 68 "Sonatype-2022-6438" 69 "CVE-2023-6378" 70 "CVE-2023-4218" 71 ]; 72 maintainers = with lib.maintainers; [ ]; 73 }; 74}