chore(nix): make vendored dependencies update-able

Previously running e.g `update-python-libraries nix/treelib` would
update the vendored treelib derivation to the latest version from
pypi. However it was brittle and could not get it to work in GitHub
action in a stable manner.

While extracting the version information, I made sure to also
reworked the nix derivations to follow upstream more closely:

- jefferson and unblob are applications
- made the python package set an actual extension of the builtin one

Author: vlaci

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
-exclude: ^tests/integration|\.patch$
+exclude: ^tests/integration|\.patch|nix/_sources$
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0

default.nix

@@ -0,0 +1,10 @@
+let
+  lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+  flake-compat = fetchTarball {
+    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+    sha256 = lock.nodes.flake-compat.locked.narHash;
+  };
+
+  src = ./.;
+in
+(import flake-compat { inherit src; }).defaultNix.legacyPackages.${builtins.currentSystem}

flake.lock

@@ -15,8 +15,12 @@
     url = "github:onekey-sec/sasquatch";
     inputs.nixpkgs.follows = "nixpkgs";
   };
+  inputs.flake-compat = {
+    url = "github:edolstra/flake-compat";
+    flake = false;
+  };
 
-  outputs = { self, nixpkgs, filter, unblob-native, pyperscan, sasquatch }:
+  outputs = { self, nixpkgs, filter, unblob-native, pyperscan, sasquatch, ... }:
     let
       # System types to support.
       supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ];

flake.nix

@@ -0,0 +1,72 @@
+{
+    "jefferson": {
+        "cargoLocks": null,
+        "date": null,
+        "extract": null,
+        "name": "jefferson",
+        "passthru": null,
+        "pinned": false,
+        "src": {
+            "name": null,
+            "sha256": "sha256-RHEXbKRQWTyPWIzSRLwW82u/TsDgiL7L5o+cUWgLLk0=",
+            "type": "url",
+            "url": "https://pypi.org/packages/source/j/jefferson/jefferson-0.4.4.tar.gz"
+        },
+        "version": "0.4.4"
+    },
+    "lzallright": {
+        "cargoLocks": {
+            "Cargo.lock": [
+                "./lzallright-v0.2.2/Cargo.lock",
+                {}
+            ]
+        },
+        "date": null,
+        "extract": null,
+        "name": "lzallright",
+        "passthru": null,
+        "pinned": false,
+        "src": {
+            "deepClone": false,
+            "fetchSubmodules": false,
+            "leaveDotGit": false,
+            "name": null,
+            "owner": "vlaci",
+            "repo": "lzallright",
+            "rev": "v0.2.2",
+            "sha256": "sha256-MOTIUC/G92tB2ZOp3OzgKq3d9zGN6bfv83vXOK3deFI=",
+            "type": "github"
+        },
+        "version": "v0.2.2"
+    },
+    "treelib": {
+        "cargoLocks": null,
+        "date": null,
+        "extract": null,
+        "name": "treelib",
+        "passthru": null,
+        "pinned": false,
+        "src": {
+            "name": null,
+            "sha256": "sha256-HL//stK3XMrCfQIAzuBQe2+7Bybgr7n64Bet5dLOh4g=",
+            "type": "url",
+            "url": "https://pypi.org/packages/source/t/treelib/treelib-1.6.1.tar.gz"
+        },
+        "version": "1.6.1"
+    },
+    "ubi_reader": {
+        "cargoLocks": null,
+        "date": null,
+        "extract": null,
+        "name": "ubi_reader",
+        "passthru": null,
+        "pinned": false,
+        "src": {
+            "name": null,
+            "sha256": "sha256-b6Jp8xB6jie35F/oLEea1RF+F8J64AiiQE3/ufwu1mE=",
+            "type": "url",
+            "url": "https://pypi.org/packages/source/u/ubi_reader/ubi_reader-0.8.9.tar.gz"
+        },
+        "version": "0.8.9"
+    }
+}

nix/_sources/generated.json

@@ -0,0 +1,43 @@
+# This file was generated by nvfetcher, please do not modify it manually.
+{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }:
+{
+  jefferson = {
+    pname = "jefferson";
+    version = "0.4.4";
+    src = fetchurl {
+      url = "https://pypi.org/packages/source/j/jefferson/jefferson-0.4.4.tar.gz";
+      sha256 = "sha256-RHEXbKRQWTyPWIzSRLwW82u/TsDgiL7L5o+cUWgLLk0=";
+    };
+  };
+  lzallright = {
+    pname = "lzallright";
+    version = "v0.2.2";
+    src = fetchFromGitHub {
+      owner = "vlaci";
+      repo = "lzallright";
+      rev = "v0.2.3";
+      fetchSubmodules = false;
+      sha256 = "sha256-MOTIUC/G92tB2ZOp3OzgKq3d9zGN6bfv83vXOK3deFI=";
+    };
+    cargoLock."Cargo.lock" = {
+      lockFile = ./lzallright-v0.2.2/Cargo.lock;
+      outputHashes = { };
+    };
+  };
+  treelib = {
+    pname = "treelib";
+    version = "1.6.1";
+    src = fetchurl {
+      url = "https://pypi.org/packages/source/t/treelib/treelib-1.6.1.tar.gz";
+      sha256 = "sha256-HL//stK3XMrCfQIAzuBQe2+7Bybgr7n64Bet5dLOh4g=";
+    };
+  };
+  ubi_reader = {
+    pname = "ubi_reader";
+    version = "0.8.9";
+    src = fetchurl {
+      url = "https://pypi.org/packages/source/u/ubi_reader/ubi_reader-0.8.9.tar.gz";
+      sha256 = "sha256-b6Jp8xB6jie35F/oLEea1RF+F8J64AiiQE3/ufwu1mE=";
+    };
+  };
+}