conan-center-index
nixpkgs
conan-center-index | nixpkgs | |
---|---|---|
41 | 975 | |
896 | 15,753 | |
1.7% | 2.8% | |
10.0 | 10.0 | |
1 day ago | 4 days ago | |
Python | Nix | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
conan-center-index
-
The xz attack shell script
Conan is a package manager for C/C++. See: https://conan.io/.
The way it works is that you can provide "recipes", which are Python scripts, that automate the process of collecting source code (usually from a remote Git repository, or a remote source tarball), patching it, making its dependencies and transitive dependencies available, building for specific platform and architecture (via any number of build systems), then packaging up and serving binaries. There's a lot of complexity involved.
Here are the two recipes I mentioned:
libcurl: https://github.com/conan-io/conan-center-index/blob/master/r...
OpenSSL v3: https://github.com/conan-io/conan-center-index/blob/master/r...
Now, for the sake of this thread I want to highlight three things here:
- Conan recipes are usually made by people unaffiliated with the libraries they're packaging;
- The recipes are fully Turing-complete, do a lot of work, have their own bugs - therefore they should really be treated as software comonents themselves, for the purpose of OSS clearing/supply chain verification, except as far as I know, nobody does it;
- The recipes can, and do, patch source code and build scripts. There's supporting infrastruture for this built into Conan, and of course one can also do it by brute-force search and replace. See e.g. ZLib recipe that does it both at the same time:
https://github.com/conan-io/conan-center-index/blob/7b0ac710... -- `_patch_sources` does both direct search-and-replace in source files, and applies the patches from https://github.com/conan-io/conan-center-index/tree/master/r....
Now, good luck keeping track of what's going on there.
-
Mokara.io Open Beta (Pre-Built C++ Third-Party Libraries)
Just checkout ConanCenter https://conan.io/center it's free.
-
Looking for projects to contribute to
https://github.com/conan-io/conan-center-index there's 200+ PR that need reviewing :) we add community reviewers fairly often
-
Conan package manager completely broken after 2.0 release
As for ffmpeg it was last updated 10 days ago https://github.com/conan-io/conan-center-index/commits/master/recipes/ffmpeg/all :)
-
PcapPlusPlus in Conan 2.0
This is a more complicated recipe https://github.com/conan-io/conan-center-index/blob/master/recipes/pcapplusplus/all/conanfile.py
-
OpenSSL 3.1 Released
You can use the Conan package manager with prebuilt binaries/libraries
https://conan.io/center
-
Compiling CrowCPP on Windows and about to kms
It's available in Conan too https://github.com/conan-io/conan-center-index/tree/master/recipes/crowcpp-crow though it's not well maintained so no promises if it's working
-
Is there a way to make sure that my friend on windows can compile my c++ project that i made on linux?
You need something like https://conan.io/center/ to install the dependencies. You're lucky because it works well with CMake.
-
Conan 2.0, the new version of the open-source C and C++ package manager
This post on github contains a list of packages supported by conan 2.0, its also kept up to date https://github.com/conan-io/conan-center-index/discussions/16196
-
First piece of complex CMake code. Need good roasting to help improeve.
Use a package manager: https://vcpkg.link/ https://conan.io/center/
nixpkgs
-
Nix: The Breaking Point
I don't think so. The article is probably intended for the Nix community, so the author doesn't need to convince HN that something is going on. If as an outsider you are interested then you need to look into it yourself, the community has no obligation to make their internal conflicts legible to the outside world.
As an outsider myself, it certainly looks like something is going on as more than 20 Nixpkg maintainers left in a week: https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3...
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
What are some alternatives?
Vcpkg - C++ Library Manager for Windows, Linux, and MacOS
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
libpq - build2 package for PostgreSQL C client library
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
VulkanExamples - Examples and demos for the Vulkan C++ API
git-lfs - Git extension for versioning large files
cmake-init-vcpkg-example - cmake-init generated executable project with vcpkg integration
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
C++ REST SDK - The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
neuronika - Tensors and dynamic neural networks in pure Rust.
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.