From e4cb0049056d54c6c30ef56d1d30c9755bf0ae01 Mon Sep 17 00:00:00 2001 From: nixbitcoin Date: Sat, 11 Nov 2023 18:40:49 +0100 Subject: [PATCH 01/11] joinmarket: 0.9.9 -> 0.9.10 --- modules/joinmarket.nix | 2 +- pkgs/joinmarket/default.nix | 4 +- pkgs/joinmarket/get-sha256.sh | 2 + pkgs/python-packages/default.nix | 9 -- pkgs/python-packages/jmbase/default.nix | 4 +- pkgs/python-packages/jmbitcoin/default.nix | 4 +- pkgs/python-packages/jmclient/default.nix | 4 +- pkgs/python-packages/jmdaemon/default.nix | 3 + .../cryptography/default.nix | 84 ------------------- .../cryptography/vectors.nix | 25 ------ .../specific-versions/pyopenssl.nix | 82 ------------------ 11 files changed, 14 insertions(+), 209 deletions(-) delete mode 100644 pkgs/python-packages/specific-versions/cryptography/default.nix delete mode 100644 pkgs/python-packages/specific-versions/cryptography/vectors.nix delete mode 100644 pkgs/python-packages/specific-versions/pyopenssl.nix diff --git a/modules/joinmarket.nix b/modules/joinmarket.nix index 4e68d66e3..cb7be1abe 100644 --- a/modules/joinmarket.nix +++ b/modules/joinmarket.nix @@ -212,6 +212,7 @@ let segwit = true native = true merge_algorithm = default + gaplimit = 6 tx_fees = 3 tx_fees_factor = 0.2 absurd_fee_per_kb = 350000 @@ -252,7 +253,6 @@ let txfee_contribution_factor = ${toString yg.txfee_contribution_factor} minsize = ${toString yg.minsize} size_factor = ${toString yg.size_factor} - gaplimit = 6 [SNICKER] enabled = false diff --git a/pkgs/joinmarket/default.nix b/pkgs/joinmarket/default.nix index ae89e631e..91df4896b 100644 --- a/pkgs/joinmarket/default.nix +++ b/pkgs/joinmarket/default.nix @@ -1,12 +1,12 @@ { stdenv, lib, fetchFromGitHub, python3, nbPython3PackagesJoinmarket }: let - version = "0.9.9"; + version = "0.9.10"; src = fetchFromGitHub { owner = "joinmarket-org"; repo = "joinmarket-clientserver"; rev = "v${version}"; - sha256 = "sha256-dkeSgAhjNl8o/ATKYAlQxxCrur5fLdXuMDXSnWaxYP8="; + sha256 = "sha256-uNweI7VKC16CFn8MNOAvadcSnTjK/Fznfy4qctM5PR8="; }; runtimePackages = with nbPython3PackagesJoinmarket; [ diff --git a/pkgs/joinmarket/get-sha256.sh b/pkgs/joinmarket/get-sha256.sh index 546d0f9de..6314778d2 100755 --- a/pkgs/joinmarket/get-sha256.sh +++ b/pkgs/joinmarket/get-sha256.sh @@ -11,6 +11,8 @@ git clone --depth 1 --branch "${newVersion}" -c advice.detachedHead=false https: export GNUPGHOME=$tmpdir echo "Fetching Adam Gibson's key" gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null +echo "Fetch Kristaps Kaupe's key" +gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 70A1D47DD44F59DF8B22244333E472FE870C7E5D 2> /dev/null echo echo "Verifying commit" git -C "$repo" verify-commit HEAD diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index d8f7c4536..7d4726afd 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -70,18 +70,9 @@ rec { ## Specific versions of packages that already exist in nixpkgs - # cryptography 3.3.2, required by joinmarketdaemon - cryptography = callPackage ./specific-versions/cryptography { - openssl = openssl_1_1; - cryptography_vectors = callPackage ./specific-versions/cryptography/vectors.nix {}; - }; - # autobahn 20.12.3, required by joinmarketclient autobahn = callPackage ./specific-versions/autobahn.nix {}; - # pyopenssl 21.0.0, required by joinmarketdaemon - pyopenssl = callPackage ./specific-versions/pyopenssl.nix {}; - # txtorcon 22.0.0, required by joinmarketdaemon txtorcon = callPackage ./specific-versions/txtorcon.nix {}; }; diff --git a/pkgs/python-packages/jmbase/default.nix b/pkgs/python-packages/jmbase/default.nix index 42ee252f2..34b0ec191 100644 --- a/pkgs/python-packages/jmbase/default.nix +++ b/pkgs/python-packages/jmbase/default.nix @@ -1,4 +1,4 @@ -{ version, src, lib, buildPythonPackage, fetchurl, future, twisted, service-identity, chromalog, txtorcon }: +{ version, src, lib, buildPythonPackage, fetchurl, future, twisted, service-identity, chromalog, txtorcon, pyaes }: buildPythonPackage rec { pname = "joinmarketbase"; @@ -11,7 +11,7 @@ buildPythonPackage rec { sed -i 's|service-identity==21.1.0|service-identity==23.1.0|' setup.py ''; - propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon ]; + propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon pyaes ]; meta = with lib; { homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; diff --git a/pkgs/python-packages/jmbitcoin/default.nix b/pkgs/python-packages/jmbitcoin/default.nix index 072ac8572..e2041b717 100644 --- a/pkgs/python-packages/jmbitcoin/default.nix +++ b/pkgs/python-packages/jmbitcoin/default.nix @@ -1,4 +1,4 @@ -{ version, src, lib, buildPythonPackage, fetchurl, pyaes, python-bitcointx, joinmarketbase }: +{ version, src, lib, buildPythonPackage, fetchurl, python-bitcointx, joinmarketbase }: buildPythonPackage rec { pname = "joinmarketbitcoin"; @@ -6,7 +6,7 @@ buildPythonPackage rec { postUnpack = "sourceRoot=$sourceRoot/jmbitcoin"; - propagatedBuildInputs = [ pyaes python-bitcointx ]; + propagatedBuildInputs = [ python-bitcointx ]; checkInputs = [ joinmarketbase ]; diff --git a/pkgs/python-packages/jmclient/default.nix b/pkgs/python-packages/jmclient/default.nix index 020236188..54d420431 100644 --- a/pkgs/python-packages/jmclient/default.nix +++ b/pkgs/python-packages/jmclient/default.nix @@ -1,4 +1,4 @@ -{ version, src, lib, buildPythonPackage, fetchurl, future, configparser, joinmarketbase, joinmarketdaemon, mnemonic, argon2_cffi, bencoderpyx, pyaes, joinmarketbitcoin, klein, pyjwt, autobahn }: +{ version, src, lib, buildPythonPackage, fetchurl, future, configparser, joinmarketbase, joinmarketdaemon, mnemonic, argon2_cffi, bencoderpyx, joinmarketbitcoin, klein, pyjwt, autobahn, werkzeug }: buildPythonPackage rec { pname = "joinmarketclient"; @@ -8,7 +8,7 @@ buildPythonPackage rec { checkInputs = [ joinmarketbitcoin joinmarketdaemon ]; - propagatedBuildInputs = [ future configparser joinmarketbase mnemonic argon2_cffi bencoderpyx pyaes klein pyjwt autobahn ]; + propagatedBuildInputs = [ future configparser joinmarketbase mnemonic argon2_cffi bencoderpyx klein pyjwt autobahn werkzeug ]; patchPhase = '' substituteInPlace setup.py \ diff --git a/pkgs/python-packages/jmdaemon/default.nix b/pkgs/python-packages/jmdaemon/default.nix index dd5430fb9..f046f2d72 100644 --- a/pkgs/python-packages/jmdaemon/default.nix +++ b/pkgs/python-packages/jmdaemon/default.nix @@ -9,9 +9,12 @@ buildPythonPackage rec { propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ]; # libnacl 1.8.0 is not on github + # cryptography 41.0.3 already in ../specific-versions patchPhase = '' substituteInPlace setup.py \ --replace "'libnacl==1.8.0'" "'libnacl==1.7.2'" + substituteInPlace setup.py \ + --replace "'cryptography==41.0.2" "'cryptography==41.0.3" ''; meta = with lib; { diff --git a/pkgs/python-packages/specific-versions/cryptography/default.nix b/pkgs/python-packages/specific-versions/cryptography/default.nix deleted file mode 100644 index b47550c0e..000000000 --- a/pkgs/python-packages/specific-versions/cryptography/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -# Copied from nixpkgs rev c7d0dbe094c988209edac801eb2a0cc21aa498d8 - -{ lib, stdenv -, buildPythonPackage -, fetchPypi -, fetchpatch -, isPy27 -, ipaddress -, openssl -, cryptography_vectors -, darwin -, packaging -, six -, pythonOlder -, isPyPy -, cffi -, pytest -, pretend -, iso8601 -, pytz -, hypothesis -, enum34 -}: - -buildPythonPackage rec { - pname = "cryptography"; - version = "3.3.2"; # Also update the hash in vectors.nix - - src = fetchPypi { - inherit pname version; - sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s"; - }; - - outputs = [ "out" "dev" ]; - - nativeBuildInputs = lib.optionals (!isPyPy) [ - cffi - ]; - - buildInputs = [ openssl ] - ++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; - propagatedBuildInputs = [ - packaging - six - ] ++ lib.optionals (!isPyPy) [ - cffi - ] ++ lib.optionals isPy27 [ - ipaddress enum34 - ]; - - checkInputs = [ - cryptography_vectors - # Work around `error: infinite recursion encountered` - (hypothesis.override { enableDocumentation = false; }) - iso8601 - pretend - pytest - pytz - ]; - - checkPhase = '' - ${pytest}/bin/py.test --disable-pytest-warnings tests - ''; - - # IOKit's dependencies are inconsistent between OSX versions, so this is the best we - # can do until nix 1.11's release - __impureHostDeps = [ "/usr/lib" ]; - - meta = with lib; { - description = "A package which provides cryptographic recipes and primitives"; - longDescription = '' - Cryptography includes both high level recipes and low level interfaces to - common cryptographic algorithms such as symmetric ciphers, message - digests, and key derivation functions. - Our goal is for it to be your "cryptographic standard library". It - supports Python 2.7, Python 3.5+, and PyPy 5.4+. - ''; - homepage = "https://github.com/pyca/cryptography"; - changelog = "https://cryptography.io/en/latest/changelog/#v" - + replaceStrings [ "." ] [ "-" ] version; - license = with licenses; [ asl20 bsd3 psfl ]; - maintainers = with maintainers; [ primeos ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/cryptography/vectors.nix b/pkgs/python-packages/specific-versions/cryptography/vectors.nix deleted file mode 100644 index e7f78e558..000000000 --- a/pkgs/python-packages/specific-versions/cryptography/vectors.nix +++ /dev/null @@ -1,25 +0,0 @@ -# Copied from nixpkgs rev c7d0dbe094c988209edac801eb2a0cc21aa498d8 - -{ buildPythonPackage, fetchPypi, lib, cryptography }: - -buildPythonPackage rec { - pname = "cryptography_vectors"; - # The test vectors must have the same version as the cryptography package: - version = cryptography.version; - - src = fetchPypi { - inherit pname version; - sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc"; - }; - - # No tests included - doCheck = false; - - meta = with lib; { - description = "Test vectors for the cryptography package"; - homepage = "https://cryptography.io/en/latest/development/test-vectors/"; - # Source: https://github.com/pyca/cryptography/tree/master/vectors; - license = with licenses; [ asl20 bsd3 ]; - maintainers = with maintainers; [ primeos ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/pyopenssl.nix b/pkgs/python-packages/specific-versions/pyopenssl.nix deleted file mode 100644 index 5d7a00866..000000000 --- a/pkgs/python-packages/specific-versions/pyopenssl.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ lib -, stdenv -, buildPythonPackage -, fetchPypi -, openssl -, cryptography -, pyasn1 -, idna -, pytestCheckHook -, pretend -, flaky -, glibcLocales -, six -}: - -buildPythonPackage rec { - pname = "pyopenssl"; - version = "21.0.0"; - - src = fetchPypi { - pname = "pyOpenSSL"; - inherit version; - sha256 = "5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3"; - }; - - outputs = [ "out" "dev" ]; - - # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1 - # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail. - doCheck = !stdenv.isDarwin; - - nativeBuildInputs = [ openssl ]; - propagatedBuildInputs = [ cryptography pyasn1 idna six ]; - - checkInputs = [ pytestCheckHook pretend flaky glibcLocales ]; - - preCheck = '' - export LANG="en_US.UTF-8" - ''; - - disabledTests = [ - # https://github.com/pyca/pyopenssl/issues/692 - # These tests, we disable always. - "test_set_default_verify_paths" - "test_fallback_default_verify_paths" - # https://github.com/pyca/pyopenssl/issues/768 - "test_wantWriteError" - # https://github.com/pyca/pyopenssl/issues/1043 - "test_alpn_call_failure" - ] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [ - # https://github.com/pyca/pyopenssl/issues/791 - # These tests, we disable in the case that libressl is passed in as openssl. - "test_op_no_compression" - "test_npn_advertise_error" - "test_npn_select_error" - "test_npn_client_fail" - "test_npn_success" - "test_use_certificate_chain_file_unicode" - "test_use_certificate_chain_file_bytes" - "test_add_extra_chain_cert" - "test_set_session_id_fail" - "test_verify_with_revoked" - "test_set_notAfter" - "test_set_notBefore" - ] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [ - # these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation. - "test_dump_certificate" - "test_dump_privatekey_text" - "test_dump_certificate_request" - "test_export_text" - ] ++ lib.optionals stdenv.is32bit [ - # https://github.com/pyca/pyopenssl/issues/974 - "test_verify_with_time" - ]; - - meta = with lib; { - description = "Python wrapper around the OpenSSL library"; - homepage = "https://github.com/pyca/pyopenssl"; - license = licenses.asl20; - maintainers = with maintainers; [ SuperSandro2000 ]; - }; -} From 1676445a51c7e3d3406bd2e1ae6163cde21728b3 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:48 +0100 Subject: [PATCH 02/11] update to NixOS 23.11 --- .cirrus.yml | 2 +- docs/install.md | 6 +++--- examples/configuration.nix | 2 +- examples/flakes/flake.nix | 2 +- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- pkgs/pinned.nix | 14 +++++++------- test/nixos-search/flake.lock | 12 ++++++------ 8 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 918c89141..094d9aca9 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -9,7 +9,7 @@ task: container: # Defined in https://github.com/nix-community/docker-nixpkgs - image: nixpkgs/nix-flakes:nixos-23.05 + image: nixpkgs/nix-flakes:nixos-23.11 matrix: - name: modules_test diff --git a/docs/install.md b/docs/install.md index 77efb0e3a..a902f4e8d 100644 --- a/docs/install.md +++ b/docs/install.md @@ -20,9 +20,9 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht 1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example: ``` - wget https://releases.nixos.org/nixos/23.05/nixos-23.05.3701.e9b4b56e5a20/nixos-minimal-23.05.3701.e9b4b56e5a20-x86_64-linux.iso - sha256sum nixos-minimal-23.05.3701.e9b4b56e5a20-x86_64-linux.iso - # output: 0bbc1919654a6b3212f7bdc9faf9e7a89ba5607e626e8d651a1cbb79ce2831c2 + wget https://releases.nixos.org/nixos/23.11/nixos-23.11.1494.b4372c4924d9/nixos-minimal-23.11.1494.b4372c4924d9-x86_64-linux.iso + sha256sum nixos-minimal-23.11.1494.b4372c4924d9-x86_64-linux.iso + # output: f48cf810432c1f04b291c947b36f824823dfef8ebfa0e1906602a516450189d8 ``` Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd. diff --git a/examples/configuration.nix b/examples/configuration.nix index b6af8e2e0..3cdabf477 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -318,7 +318,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? + system.stateVersion = "23.11"; # Did you read the comment? # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an diff --git a/examples/flakes/flake.nix b/examples/flakes/flake.nix index 355c400e6..9b018f507 100644 --- a/examples/flakes/flake.nix +++ b/examples/flakes/flake.nix @@ -10,7 +10,7 @@ inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release"; # You can also use a version branch to track a specific NixOS release - # inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/nixos-23.05"; + # inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/nixos-23.11"; inputs.nixpkgs.follows = "nix-bitcoin/nixpkgs"; inputs.nixpkgs-unstable.follows = "nix-bitcoin/nixpkgs-unstable"; diff --git a/flake.lock b/flake.lock index a63c3cca2..a4415baf1 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -43,27 +43,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1701053011, - "narHash": "sha256-8QQ7rFbKFqgKgLoaXVJRh7Ik5LtI3pyBBCfOnNOGkF0=", + "lastModified": 1702233072, + "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5b528f99f73c4fad127118a8c1126b5e003b01a9", + "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1701040486, - "narHash": "sha256-vawYwoHA5CwvjfqaT3A5CT9V36Eq43gxdwpux32Qkjw=", + "lastModified": 1701336116, + "narHash": "sha256-kEmpezCR/FpITc6yMbAh4WrOCiT2zg5pSjnKrq51h5Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "45827faa2132b8eade424f6bdd48d8828754341a", + "rev": "f5c27c6136db4d76c30e533c20517df6864c46ee", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 391f2c1fa..71eb100fa 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ ''; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; extra-container = { diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index 69ca81140..65061b75a 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -4,21 +4,21 @@ pkgs: pkgsUnstable: inherit (pkgs) bitcoin bitcoind - charge-lnd - elementsd - extra-container - lndconnect; - - inherit (pkgsUnstable) btcpayserver + charge-lnd clightning electrs - fulcrum + elementsd + extra-container hwi lightning-loop lightning-pool lnd + lndconnect nbxplorer; + inherit (pkgsUnstable) + fulcrum; + inherit pkgs pkgsUnstable; } diff --git a/test/nixos-search/flake.lock b/test/nixos-search/flake.lock index 177d2b4c2..8cd93bf57 100644 --- a/test/nixos-search/flake.lock +++ b/test/nixos-search/flake.lock @@ -18,11 +18,11 @@ "nixos-org-configurations": { "flake": false, "locked": { - "lastModified": 1688381214, - "narHash": "sha256-0g/rZUiXIk1H6D6Oa1VcK41REeIRGSdVDPAFVqZKf1E=", + "lastModified": 1701287284, + "narHash": "sha256-tu30FJa7e8eZCZg0CmQuAGimFQ/RVPooTFl59SiELxY=", "owner": "NixOS", "repo": "nixos-org-configurations", - "rev": "083c137b7ae19a1a8d6822fea7ca30aeeda72ac8", + "rev": "33bc481f102213c0c4e41cd356e7bcf1aea28107", "type": "github" }, "original": { @@ -39,11 +39,11 @@ "npmlock2nix": "npmlock2nix" }, "locked": { - "lastModified": 1693902773, - "narHash": "sha256-JFsiBAixnnkkPBl1RvnSvRKUiOZxwF6lXnm70LUIW4w=", + "lastModified": 1701444930, + "narHash": "sha256-in+L+Qv85ClccGe4u21czoUZABpS/HC89iPDAcBp9qE=", "owner": "nixos", "repo": "nixos-search", - "rev": "00f61f52aefe60b18059ec13201d9c94bdc04045", + "rev": "744ec58e082a3fcdd741b2c9b0654a0f7fda4603", "type": "github" }, "original": { From be2028f2e8354c8db0bcc55bb6d93e4e71eb3e3c Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:49 +0100 Subject: [PATCH 03/11] mempool: use `recommendedBrotliSettings` --- modules/mempool.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/mempool.nix b/modules/mempool.nix index de0d0d4ae..422f2196d 100644 --- a/modules/mempool.nix +++ b/modules/mempool.nix @@ -306,6 +306,7 @@ in { services.nginx = mkIf cfg.frontend.enable { enable = true; enableReload = true; + recommendedBrotliSettings = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; From 9efcdaf8bb83587609d79a563c5a82c7058241e2 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:50 +0100 Subject: [PATCH 04/11] treewide: use `vendorHash` for golang drvs `vendorSha256` has been deprecated. --- pkgs/lndinit/default.nix | 2 +- pkgs/trustedcoin/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/lndinit/default.nix b/pkgs/lndinit/default.nix index 67c54e7f9..932a542b5 100644 --- a/pkgs/lndinit/default.nix +++ b/pkgs/lndinit/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "sha256-sO1DpbppCurxr9g9nUl9Vx82FJK1mTcUw3rY1Fm1wEU="; }; - vendorSha256 = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE="; + vendorHash = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE="; subPackages = [ "." ]; diff --git a/pkgs/trustedcoin/default.nix b/pkgs/trustedcoin/default.nix index 1a3c27ff7..f65d2c544 100644 --- a/pkgs/trustedcoin/default.nix +++ b/pkgs/trustedcoin/default.nix @@ -20,7 +20,7 @@ buildGoModule rec { }) ]; - vendorSha256 = "sha256-xvkK9rMQlXTnNyOMd79qxVSvhgPobcBk9cq4/YWbupY="; + vendorHash = "sha256-xvkK9rMQlXTnNyOMd79qxVSvhgPobcBk9cq4/YWbupY="; subPackages = [ "." ]; From 770a4354b4cec3ad181a3b94769fb732d71bc679 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:51 +0100 Subject: [PATCH 05/11] btcpayserver: fix PostgreSQL 15 user permissions Since PostgreSQL 15, DB users need to be DB owners to be able to create tables. We can't use the new `ensureDBOwnerhip` NixOS option [1] to set this up, because it requires the PostgreSQL user name and the database name to be identical, which is not the case for btcpayserver. Instead, we manually issue a PostgreSQL admin statement similar to the one used by `ensureDBOwnerhip`. This method of setting up the user is also compatible with older PostgreSQL versions that come with older NixOS `system.stateVersion`s. [1] https://github.com/NixOS/nixpkgs/pull/266270 --- modules/btcpayserver.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix index 24c73b2a6..e03247d1d 100644 --- a/modules/btcpayserver.nix +++ b/modules/btcpayserver.nix @@ -138,16 +138,16 @@ in { enable = true; ensureDatabases = [ "btcpaydb" "nbxplorer" ]; ensureUsers = [ - { - name = cfg.btcpayserver.user; - ensurePermissions."DATABASE btcpaydb" = "ALL PRIVILEGES"; - } - { - name = cfg.nbxplorer.user; - ensurePermissions."DATABASE nbxplorer" = "ALL PRIVILEGES"; - } + { name = cfg.btcpayserver.user; } + { name = cfg.nbxplorer.user; } ]; }; + systemd.services.postgresql.postStart = lib.mkAfter '' + $PSQL -tAc ' + ALTER DATABASE "btcpaydb" OWNER TO "${cfg.btcpayserver.user}"; + ALTER DATABASE "nbxplorer" OWNER TO "${cfg.nbxplorer.user}"; + ' + ''; systemd.tmpfiles.rules = [ "d '${cfg.nbxplorer.dataDir}' 0770 ${cfg.nbxplorer.user} ${cfg.nbxplorer.group} - -" From b110e2aea6858a6a3b12198f432b90dd5a3b7d1a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:52 +0100 Subject: [PATCH 06/11] fetch-node-modules: provide CA certs Without this, the `npm ci` command in `fetchNodeModules` hangs. It seems that npm didn't check certs previously, because these are not availble in Nix build environments by default. --- pkgs/build-support/fetch-node-modules.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/build-support/fetch-node-modules.nix b/pkgs/build-support/fetch-node-modules.nix index 78899da00..2376b6f28 100644 --- a/pkgs/build-support/fetch-node-modules.nix +++ b/pkgs/build-support/fetch-node-modules.nix @@ -1,7 +1,7 @@ # This is a modified version of # https://github.com/NixOS/nixpkgs/pull/128749 -{ lib, stdenvNoCC, makeWrapper, nodejs }: +{ lib, stdenvNoCC, makeWrapper, nodejs, cacert }: { src , hash ? "" @@ -25,6 +25,9 @@ stdenvNoCC.mkDerivation ({ phases = "unpackPhase patchPhase buildPhase installPhase"; + # npm doesn't support var `SSL_CERT_FILE`. + NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + buildPhase = '' runHook preBuild From e82da351747f7a2fdbb585e75185211eabe0958a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:53 +0100 Subject: [PATCH 07/11] examples/deploy-krops: fix duplicate import error `qemu-vm.nix` is already imported in `vm-config.nix` but under a different path. This causes an "already declared" error on NixOS 23.11. --- examples/krops-vm-configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/krops-vm-configuration.nix b/examples/krops-vm-configuration.nix index 7815347c1..bf4d89449 100644 --- a/examples/krops-vm-configuration.nix +++ b/examples/krops-vm-configuration.nix @@ -3,6 +3,5 @@ ./configuration.nix - ]; } From de51f20ccbad93e5947ed88c786eea0f8a3b929a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:55 +0100 Subject: [PATCH 08/11] python-packages/clightning: update --- pkgs/clightning-plugins/default.nix | 2 +- pkgs/python-packages/default.nix | 20 -- .../setuptools-rust-hook/default.nix | 13 -- .../setuptools-rust-hook.sh | 18 -- .../cryptography_41/default.nix | 116 ---------- .../cryptography_41/vectors.nix | 38 ---- .../pyopenssl_23_2/default.nix | 100 --------- .../service-identity_23_1/default.nix | 59 ----- .../twisted_22_10/default.nix | 208 ------------------ pkgs/python-packages/txzmq/default.nix | 6 +- 10 files changed, 5 insertions(+), 575 deletions(-) delete mode 100644 pkgs/python-packages/setuptools-rust-hook/default.nix delete mode 100644 pkgs/python-packages/setuptools-rust-hook/setuptools-rust-hook.sh delete mode 100644 pkgs/python-packages/specific-versions/cryptography_41/default.nix delete mode 100644 pkgs/python-packages/specific-versions/cryptography_41/vectors.nix delete mode 100644 pkgs/python-packages/specific-versions/pyopenssl_23_2/default.nix delete mode 100644 pkgs/python-packages/specific-versions/service-identity_23_1/default.nix delete mode 100644 pkgs/python-packages/specific-versions/twisted_22_10/default.nix diff --git a/pkgs/clightning-plugins/default.nix b/pkgs/clightning-plugins/default.nix index 76af9e41b..36f7e412c 100644 --- a/pkgs/clightning-plugins/default.nix +++ b/pkgs/clightning-plugins/default.nix @@ -31,7 +31,7 @@ let description = "Lightning node exporter for the prometheus timeseries server"; extraPkgs = [ prometheus_client ]; patchRequirements = - "--replace prometheus-client==0.6.0 prometheus-client==0.16.0" + "--replace prometheus-client==0.6.0 prometheus-client==0.17.1" + " --replace pyln-client~=0.9.3 pyln-client~=23.02"; }; rebalance = { diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index 7d4726afd..af614480d 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -23,26 +23,6 @@ rec { pyln-bolt7 = clightningPkg ./pyln-bolt7; pylightning = clightningPkg ./pylightning; - # cryptography 41, required by pyln-proto - cryptography = callPackage ./specific-versions/cryptography_41 { - Security = super.darwin.apple_sdk.frameworks.Security; - }; - - # The versions of these packages that ship with nixos-23.05 are incompatible - # with cryptography 41 - pyopenssl = callPackage ./specific-versions/pyopenssl_23_2 {}; - service-identity = callPackage ./specific-versions/service-identity_23_1 {}; - - # The twisted package in nixos-23.05 runs a test that fails with - # service-identity 23.1. This package is backported from nixos-unstable - # and disables the test. (see - # https://github.com/twisted/twisted/issues/11877, - # https://github.com/NixOS/nixpkgs/commit/1ee622b10fcafcf2343960e3ffae0169afc59804) - twisted = callPackage ./specific-versions/twisted_22_10 {}; - - # Used by cryptography 41, backported from nixpkgs-unstable - setuptoolsRustBuildHook = callPackage ./setuptools-rust-hook {}; - # bitstring 3.1.9, required by pyln-proto bitstring = callPackage ./specific-versions/bitstring.nix {}; diff --git a/pkgs/python-packages/setuptools-rust-hook/default.nix b/pkgs/python-packages/setuptools-rust-hook/default.nix deleted file mode 100644 index 86c65a1f9..000000000 --- a/pkgs/python-packages/setuptools-rust-hook/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, stdenv, python, makePythonHook, setuptools-rust, rust }: -makePythonHook { - name = "setuptools-rust-setup-hook"; - propagatedBuildInputs = [ setuptools-rust ]; - substitutions = { - pyLibDir = "${python}/lib/${python.libPrefix}"; - cargoBuildTarget = rust.toRustTargetSpec stdenv.hostPlatform; - cargoLinkerVar = lib.toUpper ( - builtins.replaceStrings ["-"] ["_"] ( - rust.toRustTarget stdenv.hostPlatform)); - targetLinker = "${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc"; - }; -} ./setuptools-rust-hook.sh diff --git a/pkgs/python-packages/setuptools-rust-hook/setuptools-rust-hook.sh b/pkgs/python-packages/setuptools-rust-hook/setuptools-rust-hook.sh deleted file mode 100644 index 917c19ef9..000000000 --- a/pkgs/python-packages/setuptools-rust-hook/setuptools-rust-hook.sh +++ /dev/null @@ -1,18 +0,0 @@ -echo "Sourcing setuptools-rust-hook" - -setuptoolsRustSetup() { - # This can work only if rustPlatform.cargoSetupHook is also included - if ! command -v cargoSetupPostPatchHook >/dev/null; then - echo "ERROR: setuptools-rust has to be used alongside with rustPlatform.cargoSetupHook!" - exit 1 - fi - - export PYO3_CROSS_LIB_DIR="@pyLibDir@" - export CARGO_BUILD_TARGET=@cargoBuildTarget@ - # TODO theoretically setting linker should not be required because it is - # already set in pkgs/build-support/rust/hooks/default.nix but build fails - # on missing linker without this. - export CARGO_TARGET_@cargoLinkerVar@_LINKER=@targetLinker@ -} - -preConfigureHooks+=(setuptoolsRustSetup) diff --git a/pkgs/python-packages/specific-versions/cryptography_41/default.nix b/pkgs/python-packages/specific-versions/cryptography_41/default.nix deleted file mode 100644 index d82215de7..000000000 --- a/pkgs/python-packages/specific-versions/cryptography_41/default.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ lib -, stdenv -, buildPythonPackage -, callPackage -, cargo -, cffi -, fetchPypi -, hypothesis -, iso8601 -, isPyPy -, libiconv -, libxcrypt -, openssl -, pkg-config -, pretend -, py -, pytest-subtests -, pytestCheckHook -, pythonOlder -, pytz -, rustc -, rustPlatform -, Security -, setuptoolsRustBuildHook -}: - -let - cryptography-vectors = callPackage ./vectors.nix { }; -in -buildPythonPackage rec { - pname = "cryptography"; - version = "41.0.3"; # Also update the hash in vectors.nix - format = "pyproject"; - disabled = pythonOlder "3.7"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-bRknQRE+9eMNidy1uVbvThV48wRwhwG4tz044+FGHzQ="; - }; - - cargoDeps = rustPlatform.fetchCargoTarball { - inherit src; - sourceRoot = "${pname}-${version}/${cargoRoot}"; - name = "${pname}-${version}"; - hash = "sha256-LQu7waympGUs+CZun2yDQd2gUUAgyisKBG5mddrfSo0="; - }; - - postPatch = '' - substituteInPlace pyproject.toml \ - --replace "--benchmark-disable" "" - ''; - - cargoRoot = "src/rust"; - - nativeBuildInputs = [ - rustPlatform.cargoSetupHook - setuptoolsRustBuildHook - cargo - rustc - pkg-config - ] ++ lib.optionals (!isPyPy) [ - cffi - ]; - - buildInputs = [ - openssl - ] ++ lib.optionals stdenv.isDarwin [ - Security - libiconv - ] ++ lib.optionals (pythonOlder "3.9") [ - libxcrypt - ]; - - propagatedBuildInputs = lib.optionals (!isPyPy) [ - cffi - ]; - - nativeCheckInputs = [ - cryptography-vectors - # Work around `error: infinite recursion encountered` - (hypothesis.override { enableDocumentation = false; }) - iso8601 - pretend - py - pytestCheckHook - pytest-subtests - pytz - ]; - - pytestFlagsArray = [ - "--disable-pytest-warnings" - ]; - - disabledTestPaths = [ - # save compute time by not running benchmarks - "tests/bench" - ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ - # aarch64-darwin forbids W+X memory, but this tests depends on it: - # * https://cffi.readthedocs.io/en/latest/using.html#callbacks - "tests/hazmat/backends/test_openssl_memleak.py" - ]; - - meta = with lib; { - description = "A package which provides cryptographic recipes and primitives"; - longDescription = '' - Cryptography includes both high level recipes and low level interfaces to - common cryptographic algorithms such as symmetric ciphers, message - digests, and key derivation functions. - ''; - homepage = "https://github.com/pyca/cryptography"; - changelog = "https://cryptography.io/en/latest/changelog/#v" - + replaceStrings [ "." ] [ "-" ] version; - license = with licenses; [ asl20 bsd3 psfl ]; - maintainers = with maintainers; [ SuperSandro2000 ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/cryptography_41/vectors.nix b/pkgs/python-packages/specific-versions/cryptography_41/vectors.nix deleted file mode 100644 index ff8bfa05e..000000000 --- a/pkgs/python-packages/specific-versions/cryptography_41/vectors.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, cryptography -, setuptools -}: - -buildPythonPackage rec { - pname = "cryptography-vectors"; - # The test vectors must have the same version as the cryptography package - inherit (cryptography) version; - format = "pyproject"; - - src = fetchPypi { - pname = "cryptography_vectors"; - inherit version; - hash = "sha256-gN4EUsSzT1b1UY6B69dba5BfVyiq7VIdQuQfTryKQ/s="; - }; - - nativeBuildInputs = [ - setuptools - ]; - - # No tests included - doCheck = false; - - pythonImportsCheck = [ - "cryptography_vectors" - ]; - - meta = with lib; { - description = "Test vectors for the cryptography package"; - homepage = "https://cryptography.io/en/latest/development/test-vectors/"; - downloadPage = "https://github.com/pyca/cryptography/tree/master/vectors"; - license = with licenses; [ asl20 bsd3 ]; - maintainers = with maintainers; [ SuperSandro2000 ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/pyopenssl_23_2/default.nix b/pkgs/python-packages/specific-versions/pyopenssl_23_2/default.nix deleted file mode 100644 index 4e67fd078..000000000 --- a/pkgs/python-packages/specific-versions/pyopenssl_23_2/default.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib -, stdenv -, buildPythonPackage -, fetchPypi -, openssl -, cryptography -, pytestCheckHook -, pretend -, sphinxHook -, sphinx-rtd-theme -, flaky -}: - -buildPythonPackage rec { - pname = "pyopenssl"; - version = "23.2.0"; - format = "setuptools"; - - src = fetchPypi { - pname = "pyOpenSSL"; - inherit version; - hash = "sha256-J2+TH1WkUufeppxxc+mE6ypEB85BPJGKo0tV+C+bi6w="; - }; - - outputs = [ - "out" - "dev" - "doc" - ]; - - nativeBuildInputs = [ - openssl - sphinxHook - sphinx-rtd-theme - ]; - - postPatch = '' - # remove cryptography pin - sed "/cryptography/ s/,<[0-9]*//g" setup.py - ''; - - propagatedBuildInputs = [ - cryptography - ]; - - nativeCheckInputs = [ - flaky - pretend - pytestCheckHook - ]; - - __darwinAllowLocalNetworking = true; - - preCheck = '' - export LANG="en_US.UTF-8" - ''; - - disabledTests = [ - # https://github.com/pyca/pyopenssl/issues/692 - # These tests, we disable always. - "test_set_default_verify_paths" - "test_fallback_default_verify_paths" - # https://github.com/pyca/pyopenssl/issues/768 - "test_wantWriteError" - # https://github.com/pyca/pyopenssl/issues/1043 - "test_alpn_call_failure" - ] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [ - # https://github.com/pyca/pyopenssl/issues/791 - # These tests, we disable in the case that libressl is passed in as openssl. - "test_op_no_compression" - "test_npn_advertise_error" - "test_npn_select_error" - "test_npn_client_fail" - "test_npn_success" - "test_use_certificate_chain_file_unicode" - "test_use_certificate_chain_file_bytes" - "test_add_extra_chain_cert" - "test_set_session_id_fail" - "test_verify_with_revoked" - "test_set_notAfter" - "test_set_notBefore" - ] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [ - # these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation. - "test_dump_certificate" - "test_dump_privatekey_text" - "test_dump_certificate_request" - "test_export_text" - ] ++ lib.optionals stdenv.is32bit [ - # https://github.com/pyca/pyopenssl/issues/974 - "test_verify_with_time" - ]; - - meta = with lib; { - description = "Python wrapper around the OpenSSL library"; - homepage = "https://github.com/pyca/pyopenssl"; - changelog = "https://github.com/pyca/pyopenssl/blob/${version}/CHANGELOG.rst"; - license = licenses.asl20; - maintainers = with maintainers; [ ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/service-identity_23_1/default.nix b/pkgs/python-packages/specific-versions/service-identity_23_1/default.nix deleted file mode 100644 index 53fa54a5a..000000000 --- a/pkgs/python-packages/specific-versions/service-identity_23_1/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ lib -, attrs -, buildPythonPackage -, cryptography -, fetchFromGitHub -, hatch-fancy-pypi-readme -, hatch-vcs -, hatchling -, idna -, pyasn1 -, pyasn1-modules -, pytestCheckHook -, pythonOlder -}: - -buildPythonPackage rec { - pname = "service-identity"; - version = "23.1.0"; - format = "pyproject"; - - disabled = pythonOlder "3.8"; - - src = fetchFromGitHub { - owner = "pyca"; - repo = pname; - rev = "refs/tags/${version}"; - hash = "sha256-PGDtsDgRwh7GuuM4OuExiy8L4i3Foo+OD0wMrndPkvo="; - }; - - nativeBuildInputs = [ - hatch-fancy-pypi-readme - hatch-vcs - hatchling - ]; - - propagatedBuildInputs = [ - attrs - cryptography - idna - pyasn1 - pyasn1-modules - ]; - - nativeCheckInputs = [ - pytestCheckHook - ]; - - pythonImportsCheck = [ - "service_identity" - ]; - - meta = with lib; { - description = "Service identity verification for pyOpenSSL"; - homepage = "https://service-identity.readthedocs.io"; - changelog = "https://github.com/pyca/service-identity/releases/tag/${version}"; - license = licenses.mit; - maintainers = with maintainers; [ fab ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/twisted_22_10/default.nix b/pkgs/python-packages/specific-versions/twisted_22_10/default.nix deleted file mode 100644 index 582a9e0f5..000000000 --- a/pkgs/python-packages/specific-versions/twisted_22_10/default.nix +++ /dev/null @@ -1,208 +0,0 @@ -{ lib -, stdenv -, buildPythonPackage -, pythonAtLeast -, pythonOlder -, fetchPypi -, fetchpatch -, python -, appdirs -, attrs -, automat -, bcrypt -, constantly -, cryptography -, git -, glibcLocales -, h2 -, hyperlink -, hypothesis -, idna -, incremental -, priority -, pyasn1 -, pyhamcrest -, pynacl -, pyopenssl -, pyserial -, service-identity -, setuptools -, typing-extensions -, zope_interface - - # for passthru.tests -, cassandra-driver -, klein -, magic-wormhole -, scrapy -, treq -, txaio -, txamqp -, txrequests -, txtorcon -, thrift -, nixosTests -}: - -buildPythonPackage rec { - pname = "twisted"; - version = "22.10.0"; - format = "setuptools"; - - disabled = pythonOlder "3.6"; - - src = fetchPypi { - pname = "Twisted"; - inherit version; - extension = "tar.gz"; - hash = "sha256-Mqy9QKlPX0bntCwQm/riswIlCUVWF4Oot6BZBI8tTTE="; - }; - - patches = [ - (fetchpatch { - url = "https://github.com/twisted/twisted/pull/11787.diff"; - hash = "sha256-bQgUmbvDa61Vg8p/o/ivfkOAHyj1lTgHkrRVEGLM9aU="; - }) - (fetchpatch { - # Conditionally skip tests that require METHOD_CRYPT - # https://github.com/twisted/twisted/pull/11827 - url = "https://github.com/mweinelt/twisted/commit/e69e652de671aac0abf5c7e6c662fc5172758c5a.patch"; - hash = "sha256-LmvKUTViZoY/TPBmSlx4S9FbJNZfB5cxzn/YcciDmoI="; - }) - # remove half broken pyasn1 integration that blow up with pyasn 0.5.0 - # https://github.com/twisted/twisted/pull/11843 - (fetchpatch { - url = "https://github.com/twisted/twisted/commit/bdee0eb835a76b2982beaf10c85269ff25ea09fa.patch"; - excludes = [ "pyproject.toml" "tox.ini" ]; - hash = "sha256-oGAHmZMpMWfK+2zEDjHD115sW7exCYqfORVOLw+Wa6M="; - }) - ] ++ lib.optionals (pythonAtLeast "3.11") [ - (fetchpatch { - url = "https://github.com/twisted/twisted/pull/11734.diff"; - excludes = [ ".github/workflows/*" ]; - hash = "sha256-Td08pDxHwl7fPLCA6rUySuXpy8YmZfvXPHGsBpdcmSo="; - }) - (fetchpatch { - url = "https://github.com/twisted/twisted/commit/00bf5be704bee022ba4d9b24eb6c2c768b4a1921.patch"; - hash = "sha256-fnBzczm3OlhbjRcePIQ7dSX6uldlCZ9DJTS+UFO2nAQ="; - }) - ]; - - __darwinAllowLocalNetworking = true; - - propagatedBuildInputs = [ - attrs - automat - constantly - hyperlink - incremental - setuptools - typing-extensions - zope_interface - ]; - - postPatch = '' - substituteInPlace pyproject.toml \ - --replace '"pyasn1 >= 0.4",' "" - - echo 'ListingTests.test_localeIndependent.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py - echo 'ListingTests.test_newFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py - echo 'ListingTests.test_newSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py - echo 'ListingTests.test_oldFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py - echo 'ListingTests.test_oldSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py - - echo 'WrapClientTLSParserTests.test_tls.skip = "pyopenssl update"' >> src/twisted/internet/test/test_endpoints.py - echo 'UNIXTestsBuilder_AsyncioSelectorReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py - echo 'UNIXTestsBuilder_SelectReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py - - echo 'FileObserverTests.test_getTimezoneOffsetEastOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py - echo 'FileObserverTests.test_getTimezoneOffsetWestOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py - echo 'FileObserverTests.test_getTimezoneOffsetWithoutDaylightSavingTime.skip = "tuple differs, values not"'>> src/twisted/test/test_log.py - - echo 'MulticastTests.test_joinLeave.skip = "No such device"'>> src/twisted/test/test_udp.py - echo 'MulticastTests.test_loopback.skip = "No such device"'>> src/twisted/test/test_udp.py - echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py - echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py - - # fails since migrating to libxcrypt - echo 'HelperTests.test_refuteCryptedPassword.skip = "OSError: Invalid argument"' >> src/twisted/conch/test/test_checkers.py - - # not packaged - substituteInPlace src/twisted/test/test_failure.py \ - --replace "from cython_test_exception_raiser import raiser # type: ignore[import]" "raiser = None" - '' + lib.optionalString stdenv.isLinux '' - echo 'PTYProcessTestsBuilder_EPollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py - echo 'PTYProcessTestsBuilder_PollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py - echo 'UNIXTestsBuilder_EPollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py - echo 'UNIXTestsBuilder_PollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py - - # Patch t.p._inotify to point to libc. Without this, - # twisted.python.runtime.platform.supportsINotify() == False - substituteInPlace src/twisted/python/_inotify.py --replace \ - "ctypes.util.find_library(\"c\")" "'${stdenv.cc.libc}/lib/libc.so.6'" - '' + lib.optionalString (stdenv.isAarch64 && stdenv.isDarwin) '' - echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_fullWriteBufferAfterByteExchange.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py - echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbort.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py - - echo 'PosixReactorBaseTests.test_removeAllSkipsInternalReaders.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py - echo 'PosixReactorBaseTests.test_wakerIsInternalReader.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py - - echo 'TCPPortTests.test_connectionLostFailed.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py - ''; - - # Generate Twisted's plug-in cache. Twisted users must do it as well. See - # http://twistedmatrix.com/documents/current/core/howto/plugin.html#auto3 - # and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477103 for details. - postFixup = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' - $out/bin/twistd --help > /dev/null - ''; - - nativeCheckInputs = [ - git - glibcLocales - hypothesis - pyhamcrest - ] - ++ passthru.optional-dependencies.conch - # not supported on aarch64-darwin: https://github.com/pyca/pyopenssl/issues/873 - ++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) passthru.optional-dependencies.tls; - - checkPhase = '' - export SOURCE_DATE_EPOCH=315532800 - export PATH=$out/bin:$PATH - # race conditions when running in paralell - ${python.interpreter} -m twisted.trial twisted - ''; - - passthru = { - optional-dependencies = rec { - conch = [ appdirs bcrypt cryptography pyasn1 ]; - conch_nacl = conch ++ [ pynacl ]; - http2 = [ h2 priority ]; - serial = [ pyserial ]; - tls = [ idna pyopenssl service-identity ]; - }; - - tests = { - inherit - cassandra-driver - klein - magic-wormhole - scrapy - treq - txaio - txamqp - txrequests - txtorcon - thrift; - inherit (nixosTests) buildbot matrix-synapse; - }; - }; - - meta = with lib; { - homepage = "https://github.com/twisted/twisted"; - description = "Asynchronous networking framework written in Python"; - license = licenses.mit; - maintainers = with maintainers; [ ]; - }; -} diff --git a/pkgs/python-packages/txzmq/default.nix b/pkgs/python-packages/txzmq/default.nix index fc2ee1132..b3799aae1 100644 --- a/pkgs/python-packages/txzmq/default.nix +++ b/pkgs/python-packages/txzmq/default.nix @@ -1,8 +1,9 @@ { lib , buildPythonPackage , fetchPypi -, twisted , pyzmq +, setuptools +, twisted }: buildPythonPackage rec { @@ -16,8 +17,9 @@ buildPythonPackage rec { }; propagatedBuildInputs = [ - twisted pyzmq + setuptools + twisted ]; meta = with lib; { From dc1033f1c8bd09f4f1bb03efb3488e262cfea3ed Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 2 Dec 2023 23:26:56 +0100 Subject: [PATCH 09/11] python-packages/joinmarket: update - Add `doCheck = false` and `pythonImportsCheck` where appropriate. This is good practice in general, but specifically works around a `buildPythonPackage` bug where the test phase fails due to a requirements check that is unrelated to testing. - Enable tests for `jmbitcoin`. - Patch some requirements. I've checked the release notes of the required deps for backwards compatibility. --- pkgs/joinmarket/default.nix | 2 +- pkgs/python-packages/default.nix | 15 +----- pkgs/python-packages/jmbase/default.nix | 11 +++- pkgs/python-packages/jmbitcoin/default.nix | 4 ++ pkgs/python-packages/jmclient/default.nix | 51 +++++++++++++++++-- pkgs/python-packages/jmdaemon/default.nix | 12 +++-- .../specific-versions/txtorcon.nix | 48 ----------------- 7 files changed, 71 insertions(+), 72 deletions(-) delete mode 100644 pkgs/python-packages/specific-versions/txtorcon.nix diff --git a/pkgs/joinmarket/default.nix b/pkgs/joinmarket/default.nix index 91df4896b..9d6fa3aba 100644 --- a/pkgs/joinmarket/default.nix +++ b/pkgs/joinmarket/default.nix @@ -6,7 +6,7 @@ let owner = "joinmarket-org"; repo = "joinmarket-clientserver"; rev = "v${version}"; - sha256 = "sha256-uNweI7VKC16CFn8MNOAvadcSnTjK/Fznfy4qctM5PR8="; + hash = "sha256-uNweI7VKC16CFn8MNOAvadcSnTjK/Fznfy4qctM5PR8="; }; runtimePackages = with nbPython3PackagesJoinmarket; [ diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index af614480d..e455080e9 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -14,6 +14,7 @@ rec { pyPkgsOverrides = self: super: let inherit (self) callPackage; clightningPkg = pkg: callPackage pkg { inherit (nbPkgs.pinned) clightning; }; + joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; }; in { txzmq = callPackage ./txzmq {}; @@ -35,14 +36,7 @@ rec { }; runes = callPackage ./runes {}; sha256 = callPackage ./sha256 {}; - }; - # Joinmarket requires a custom package set because it uses older versions of Python pkgs - pyPkgsOverridesJoinmarket = self: super: let - inherit (self) callPackage; - joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; }; - in - (pyPkgsOverrides self super) // { joinmarketbase = joinmarketPkg ./jmbase; joinmarketclient = joinmarketPkg ./jmclient; joinmarketbitcoin = joinmarketPkg ./jmbitcoin; @@ -52,16 +46,11 @@ rec { # autobahn 20.12.3, required by joinmarketclient autobahn = callPackage ./specific-versions/autobahn.nix {}; - - # txtorcon 22.0.0, required by joinmarketdaemon - txtorcon = callPackage ./specific-versions/txtorcon.nix {}; }; nbPython3Packages = (python3.override { packageOverrides = pyPkgsOverrides; }).pkgs; - nbPython3PackagesJoinmarket = (python3.override { - packageOverrides = pyPkgsOverridesJoinmarket; - }).pkgs; + nbPython3PackagesJoinmarket = nbPython3Packages; } diff --git a/pkgs/python-packages/jmbase/default.nix b/pkgs/python-packages/jmbase/default.nix index 34b0ec191..5de84235b 100644 --- a/pkgs/python-packages/jmbase/default.nix +++ b/pkgs/python-packages/jmbase/default.nix @@ -6,12 +6,19 @@ buildPythonPackage rec { postUnpack = "sourceRoot=$sourceRoot/jmbase"; + propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon pyaes ]; + patchPhase = '' - sed -i 's|twisted==22.4.0|twisted==22.10.0|' setup.py + sed -i 's|twisted==22.4.0|twisted==23.8.0|' setup.py sed -i 's|service-identity==21.1.0|service-identity==23.1.0|' setup.py ''; - propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon pyaes ]; + # Has no tests + doCheck = false; + + pythonImportsCheck = [ + "jmbase" + ]; meta = with lib; { homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; diff --git a/pkgs/python-packages/jmbitcoin/default.nix b/pkgs/python-packages/jmbitcoin/default.nix index e2041b717..a718d9217 100644 --- a/pkgs/python-packages/jmbitcoin/default.nix +++ b/pkgs/python-packages/jmbitcoin/default.nix @@ -10,6 +10,10 @@ buildPythonPackage rec { checkInputs = [ joinmarketbase ]; + nativeCheckInputs = [ + pytestCheckHook + ]; + meta = with lib; { homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; maintainers = with maintainers; [ nixbitcoin ]; diff --git a/pkgs/python-packages/jmclient/default.nix b/pkgs/python-packages/jmclient/default.nix index 54d420431..d306d0e20 100644 --- a/pkgs/python-packages/jmclient/default.nix +++ b/pkgs/python-packages/jmclient/default.nix @@ -1,4 +1,23 @@ -{ version, src, lib, buildPythonPackage, fetchurl, future, configparser, joinmarketbase, joinmarketdaemon, mnemonic, argon2_cffi, bencoderpyx, joinmarketbitcoin, klein, pyjwt, autobahn, werkzeug }: +{ + pipBuildHook +, version +, src +, lib +, buildPythonPackage +, argon2_cffi +, autobahn +, bencoderpyx +, configparser +, fetchurl +, future +, joinmarketbase +, joinmarketbitcoin +, joinmarketdaemon +, klein +, mnemonic +, pyjwt +, werkzeug +}: buildPythonPackage rec { pname = "joinmarketclient"; @@ -6,17 +25,39 @@ buildPythonPackage rec { postUnpack = "sourceRoot=$sourceRoot/jmclient"; - checkInputs = [ joinmarketbitcoin joinmarketdaemon ]; - - propagatedBuildInputs = [ future configparser joinmarketbase mnemonic argon2_cffi bencoderpyx klein pyjwt autobahn werkzeug ]; + propagatedBuildInputs = [ + argon2_cffi + autobahn + bencoderpyx + configparser + future + joinmarketbase + joinmarketbitcoin + joinmarketdaemon + klein + mnemonic + pyjwt + werkzeug + ]; patchPhase = '' substituteInPlace setup.py \ --replace "'klein==20.6.0'" "'klein>=20.6.0'" substituteInPlace setup.py \ - --replace "'pyjwt==2.4.0'" "'pyjwt==2.6.0'" + --replace "'argon2_cffi==21.3.0'" "'argon2_cffi==23.1.0'" + substituteInPlace setup.py \ + --replace "'pyjwt==2.4.0'" "'pyjwt==2.8.0'" + substituteInPlace setup.py \ + --replace "'werkzeug==2.2.3'" "'werkzeug==2.3.7'" ''; + # The unit tests can't be run in a Nix build environment + doCheck = false; + + pythonImportsCheck = [ + "jmclient" + ]; + meta = with lib; { description = "Client library for Bitcoin coinjoins"; homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; diff --git a/pkgs/python-packages/jmdaemon/default.nix b/pkgs/python-packages/jmdaemon/default.nix index f046f2d72..4e737f931 100644 --- a/pkgs/python-packages/jmdaemon/default.nix +++ b/pkgs/python-packages/jmdaemon/default.nix @@ -8,15 +8,21 @@ buildPythonPackage rec { propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ]; - # libnacl 1.8.0 is not on github - # cryptography 41.0.3 already in ../specific-versions patchPhase = '' substituteInPlace setup.py \ - --replace "'libnacl==1.8.0'" "'libnacl==1.7.2'" + --replace "'txtorcon==22.0.0'" "'txtorcon==23.5.0'" + substituteInPlace setup.py \ + --replace "'libnacl==1.8.0'" "'libnacl==2.1.0'" substituteInPlace setup.py \ --replace "'cryptography==41.0.2" "'cryptography==41.0.3" ''; + # The unit tests can't be run in a Nix build environment + doCheck = false; + + pythonImportsCheck = [ + "jmdaemon" + ]; meta = with lib; { description = "Client library for Bitcoin coinjoins"; homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; diff --git a/pkgs/python-packages/specific-versions/txtorcon.nix b/pkgs/python-packages/specific-versions/txtorcon.nix deleted file mode 100644 index 85385347b..000000000 --- a/pkgs/python-packages/specific-versions/txtorcon.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ lib -, stdenv -, python -, buildPythonPackage -, pythonOlder -, fetchPypi -, cryptography -, incremental -, twisted -, automat -, zope_interface -, idna -, pyopenssl -, service-identity -, pytestCheckHook -, mock -, lsof -, GeoIP -}: - -buildPythonPackage rec { - pname = "txtorcon"; - version = "22.0.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-iaG2XjKks2nWfmwWY4f7xGjMXQUidEjSOaXn6XGKoFM="; - }; - - propagatedBuildInputs = [ - cryptography - incremental - twisted - automat - zope_interface - ] ++ twisted.optional-dependencies.tls; - - nativeCheckInputs = [ pytestCheckHook mock lsof GeoIP ]; - - doCheck = !(stdenv.isDarwin && stdenv.isAarch64); - - meta = { - description = "Twisted-based Tor controller client, with state-tracking and configuration abstractions"; - homepage = "https://github.com/meejah/txtorcon"; - maintainers = with lib.maintainers; [ jluttine exarkun ]; - license = lib.licenses.mit; - }; -} From 1c07c5fa5c0d8f5274f696a27eee77b83b012572 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 12 Dec 2023 11:57:43 +0100 Subject: [PATCH 10/11] python-packages: add workaround to reenable requirements checking --- pkgs/python-packages/bencoderpyx/default.nix | 4 ++-- pkgs/python-packages/chromalog/default.nix | 4 ++-- pkgs/python-packages/default.nix | 11 +++++++++++ pkgs/python-packages/jmbase/default.nix | 4 ++-- pkgs/python-packages/jmbitcoin/default.nix | 4 ++-- pkgs/python-packages/jmclient/default.nix | 4 ++-- pkgs/python-packages/jmdaemon/default.nix | 5 +++-- pkgs/python-packages/pylightning/default.nix | 4 ++-- pkgs/python-packages/pyln-bolt7/default.nix | 4 ++-- pkgs/python-packages/pyln-client/default.nix | 4 ++-- pkgs/python-packages/pyln-proto/default.nix | 4 ++-- pkgs/python-packages/python-bitcointx/default.nix | 4 ++-- pkgs/python-packages/runes/default.nix | 4 ++-- pkgs/python-packages/sha256/default.nix | 4 ++-- 14 files changed, 38 insertions(+), 26 deletions(-) diff --git a/pkgs/python-packages/bencoderpyx/default.nix b/pkgs/python-packages/bencoderpyx/default.nix index 586c41916..ff773aa9d 100644 --- a/pkgs/python-packages/bencoderpyx/default.nix +++ b/pkgs/python-packages/bencoderpyx/default.nix @@ -1,6 +1,6 @@ -{ lib, buildPythonPackage, fetchurl, cython, pytest, coverage }: +{ lib, buildPythonPackageWithDepsCheck, fetchurl, cython, pytest, coverage }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "bencoder.pyx"; version = "3.0.1"; diff --git a/pkgs/python-packages/chromalog/default.nix b/pkgs/python-packages/chromalog/default.nix index 0d2e0c803..5a125c17c 100644 --- a/pkgs/python-packages/chromalog/default.nix +++ b/pkgs/python-packages/chromalog/default.nix @@ -1,5 +1,5 @@ -{ lib, buildPythonPackage, fetchFromGitHub, colorama, future, six }: -buildPythonPackage rec { +{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, colorama, future, six }: +buildPythonPackageWithDepsCheck rec { pname = "chromalog"; version = "1.0.5"; diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index e455080e9..88e103022 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -46,6 +46,17 @@ rec { # autobahn 20.12.3, required by joinmarketclient autobahn = callPackage ./specific-versions/autobahn.nix {}; + + # A version of `buildPythonPackage` which checks that Python package + # requirements are met. + # This was the case for NixOS <= 23.05. + # TODO-EXTERNAL: Remove when this is resolved: + # https://github.com/NixOS/nixpkgs/issues/253131 + buildPythonPackageWithDepsCheck = attrs: + self.buildPythonPackage (attrs // { + dontUsePypaInstall = true; + nativeBuildInputs = (attrs.nativeBuildInputs or []) ++ [ self.pipInstallHook ]; + }); }; nbPython3Packages = (python3.override { diff --git a/pkgs/python-packages/jmbase/default.nix b/pkgs/python-packages/jmbase/default.nix index 5de84235b..7f8d13a71 100644 --- a/pkgs/python-packages/jmbase/default.nix +++ b/pkgs/python-packages/jmbase/default.nix @@ -1,6 +1,6 @@ -{ version, src, lib, buildPythonPackage, fetchurl, future, twisted, service-identity, chromalog, txtorcon, pyaes }: +{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, future, twisted, service-identity, chromalog, txtorcon, pyaes }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "joinmarketbase"; inherit version src; diff --git a/pkgs/python-packages/jmbitcoin/default.nix b/pkgs/python-packages/jmbitcoin/default.nix index a718d9217..af50e23de 100644 --- a/pkgs/python-packages/jmbitcoin/default.nix +++ b/pkgs/python-packages/jmbitcoin/default.nix @@ -1,6 +1,6 @@ -{ version, src, lib, buildPythonPackage, fetchurl, python-bitcointx, joinmarketbase }: +{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, python-bitcointx, joinmarketbase, pytestCheckHook }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "joinmarketbitcoin"; inherit version src; diff --git a/pkgs/python-packages/jmclient/default.nix b/pkgs/python-packages/jmclient/default.nix index d306d0e20..807893887 100644 --- a/pkgs/python-packages/jmclient/default.nix +++ b/pkgs/python-packages/jmclient/default.nix @@ -3,7 +3,7 @@ , version , src , lib -, buildPythonPackage +, buildPythonPackageWithDepsCheck , argon2_cffi , autobahn , bencoderpyx @@ -19,7 +19,7 @@ , werkzeug }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "joinmarketclient"; inherit version src; diff --git a/pkgs/python-packages/jmdaemon/default.nix b/pkgs/python-packages/jmdaemon/default.nix index 4e737f931..5a6f7209b 100644 --- a/pkgs/python-packages/jmdaemon/default.nix +++ b/pkgs/python-packages/jmdaemon/default.nix @@ -1,6 +1,6 @@ -{ version, src, lib, buildPythonPackage, fetchurl, txtorcon, cryptography, pyopenssl, libnacl, joinmarketbase }: +{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, txtorcon, cryptography, pyopenssl, libnacl, joinmarketbase }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "joinmarketdaemon"; inherit version src; @@ -23,6 +23,7 @@ buildPythonPackage rec { pythonImportsCheck = [ "jmdaemon" ]; + meta = with lib; { description = "Client library for Bitcoin coinjoins"; homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; diff --git a/pkgs/python-packages/pylightning/default.nix b/pkgs/python-packages/pylightning/default.nix index 2c4b59c00..a646c1e55 100644 --- a/pkgs/python-packages/pylightning/default.nix +++ b/pkgs/python-packages/pylightning/default.nix @@ -1,6 +1,6 @@ -{ buildPythonPackage, clightning, pyln-client }: +{ buildPythonPackageWithDepsCheck, clightning, pyln-client }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "pylightning"; version = "0.10.1"; # defined in ${src}/contrib/pyln-client/pyln/client/__init__.py diff --git a/pkgs/python-packages/pyln-bolt7/default.nix b/pkgs/python-packages/pyln-bolt7/default.nix index 16bf920c2..140799ee3 100644 --- a/pkgs/python-packages/pyln-bolt7/default.nix +++ b/pkgs/python-packages/pyln-bolt7/default.nix @@ -1,6 +1,6 @@ -{ buildPythonPackage, poetry-core, pytestCheckHook, clightning, pyln-proto }: +{ buildPythonPackageWithDepsCheck, poetry-core, pytestCheckHook, clightning, pyln-proto }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "pyln-bolt7"; # The version is defined here: # https://github.com/ElementsProject/lightning/blob/master/contrib/pyln-spec/bolt7/pyproject.toml diff --git a/pkgs/python-packages/pyln-client/default.nix b/pkgs/python-packages/pyln-client/default.nix index 99e1a2c42..872aaf804 100644 --- a/pkgs/python-packages/pyln-client/default.nix +++ b/pkgs/python-packages/pyln-client/default.nix @@ -1,6 +1,6 @@ -{ buildPythonPackage, poetry-core, pytestCheckHook, clightning, pyln-bolt7, pyln-proto }: +{ buildPythonPackageWithDepsCheck, poetry-core, pytestCheckHook, clightning, pyln-bolt7, pyln-proto }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "pyln-client"; version = clightning.version; format = "pyproject"; diff --git a/pkgs/python-packages/pyln-proto/default.nix b/pkgs/python-packages/pyln-proto/default.nix index cde5e4492..6d3b1facb 100644 --- a/pkgs/python-packages/pyln-proto/default.nix +++ b/pkgs/python-packages/pyln-proto/default.nix @@ -1,4 +1,4 @@ -{ buildPythonPackage +{ buildPythonPackageWithDepsCheck , clightning , poetry-core , pytestCheckHook @@ -9,7 +9,7 @@ , pysocks }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "pyln-proto"; version = clightning.version; format = "pyproject"; diff --git a/pkgs/python-packages/python-bitcointx/default.nix b/pkgs/python-packages/python-bitcointx/default.nix index 422aeb64c..91e1fc01c 100644 --- a/pkgs/python-packages/python-bitcointx/default.nix +++ b/pkgs/python-packages/python-bitcointx/default.nix @@ -1,6 +1,6 @@ -{ lib, buildPythonPackage, fetchurl, secp256k1, openssl }: +{ lib, buildPythonPackageWithDepsCheck, fetchurl, secp256k1, openssl }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "python-bitcointx"; version = "1.1.3"; diff --git a/pkgs/python-packages/runes/default.nix b/pkgs/python-packages/runes/default.nix index 125c0bb07..46a564240 100644 --- a/pkgs/python-packages/runes/default.nix +++ b/pkgs/python-packages/runes/default.nix @@ -1,6 +1,6 @@ -{ sha256, lib, buildPythonPackage, fetchFromGitHub }: +{ sha256, lib, buildPythonPackageWithDepsCheck, fetchFromGitHub }: -buildPythonPackage { +buildPythonPackageWithDepsCheck { pname = "runes"; version = "0.4.0"; diff --git a/pkgs/python-packages/sha256/default.nix b/pkgs/python-packages/sha256/default.nix index 50fd0c7cf..73ec24cbe 100644 --- a/pkgs/python-packages/sha256/default.nix +++ b/pkgs/python-packages/sha256/default.nix @@ -1,6 +1,6 @@ -{ lib, buildPythonPackage, fetchFromGitHub, cython }: +{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, cython }: -buildPythonPackage rec { +buildPythonPackageWithDepsCheck rec { pname = "sha256"; version = builtins.substring 0 8 src.rev; From 85bbdb857a40fbe6fa34e9c095112b494e599501 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Mon, 11 Dec 2023 23:13:52 +0100 Subject: [PATCH 11/11] python-bitcointx: 1.1.3 -> 1.1.4 --- pkgs/python-packages/default.nix | 16 +--------------- pkgs/python-packages/jmbitcoin/default.nix | 5 +++++ .../python-packages/python-bitcointx/default.nix | 14 +++++++------- .../python-bitcointx/get-sha256.sh | 8 +++++--- 4 files changed, 18 insertions(+), 25 deletions(-) diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index 88e103022..94a40aa5b 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -1,15 +1,4 @@ nbPkgs: python3: -let - # Ignore eval error: - # `OpenSSL 1.1 is reaching its end of life on 2023/09/11 and cannot - # be supported through the NixOS 23.05 release cycle.` - # TODO-EXTERNAL: consider removing when - # https://github.com/Simplexum/python-bitcointx/issues/76 and - # https://github.com/JoinMarket-Org/joinmarket-clientserver#1451 are resolved. - openssl_1_1 = python3.pkgs.pkgs.openssl_1_1.overrideAttrs (old: { - meta = builtins.removeAttrs old.meta [ "knownVulnerabilities" ]; - }); -in rec { pyPkgsOverrides = self: super: let inherit (self) callPackage; @@ -30,10 +19,7 @@ rec { # Packages only used by joinmarket bencoderpyx = callPackage ./bencoderpyx {}; chromalog = callPackage ./chromalog {}; - python-bitcointx = callPackage ./python-bitcointx { - inherit (nbPkgs) secp256k1; - openssl = openssl_1_1; - }; + python-bitcointx = callPackage ./python-bitcointx { inherit (nbPkgs) secp256k1; }; runes = callPackage ./runes {}; sha256 = callPackage ./sha256 {}; diff --git a/pkgs/python-packages/jmbitcoin/default.nix b/pkgs/python-packages/jmbitcoin/default.nix index af50e23de..5c72ed6ae 100644 --- a/pkgs/python-packages/jmbitcoin/default.nix +++ b/pkgs/python-packages/jmbitcoin/default.nix @@ -14,6 +14,11 @@ buildPythonPackageWithDepsCheck rec { pytestCheckHook ]; + patchPhase = '' + substituteInPlace setup.py \ + --replace "'python-bitcointx==1.1.3'" "'python-bitcointx==1.1.4'" + ''; + meta = with lib; { homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; maintainers = with maintainers; [ nixbitcoin ]; diff --git a/pkgs/python-packages/python-bitcointx/default.nix b/pkgs/python-packages/python-bitcointx/default.nix index 91e1fc01c..a39ee5bf0 100644 --- a/pkgs/python-packages/python-bitcointx/default.nix +++ b/pkgs/python-packages/python-bitcointx/default.nix @@ -1,12 +1,14 @@ -{ lib, buildPythonPackageWithDepsCheck, fetchurl, secp256k1, openssl }: +{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, secp256k1 }: buildPythonPackageWithDepsCheck rec { pname = "python-bitcointx"; - version = "1.1.3"; + version = "1.1.4"; - src = fetchurl { - url = "https://github.com/Simplexum/${pname}/archive/${pname}-v${version}.tar.gz"; - sha256 = "f0f487c29619df0e94a04f6deb3dc950ff9954c072017bd3eda90f73c24f0953"; + src = fetchFromGitHub { + owner = "Simplexum"; + repo = "python-bitcointx"; + rev = "python-bitcointx-v${version}"; + hash = "sha256-y8/cyLQr3GbpYqCg8LKTfyL0OX7eIo5AxjdFTWTqHmk="; }; patchPhase = '' @@ -14,8 +16,6 @@ buildPythonPackageWithDepsCheck rec { substituteInPlace "bitcointx/$path" \ --replace "ctypes.util.find_library('secp256k1')" "'${secp256k1}/lib/libsecp256k1.so'" done - substituteInPlace bitcointx/core/key.py \ - --replace "ctypes.util.find_library('ssl')" "'${openssl.out}/lib/libssl.so'" ''; meta = with lib; { diff --git a/pkgs/python-packages/python-bitcointx/get-sha256.sh b/pkgs/python-packages/python-bitcointx/get-sha256.sh index ce70cc895..0ecceb9f2 100755 --- a/pkgs/python-packages/python-bitcointx/get-sha256.sh +++ b/pkgs/python-packages/python-bitcointx/get-sha256.sh @@ -9,7 +9,7 @@ cd "$TMPDIR" echo "Fetching latest release" git clone https://github.com/simplexum/python-bitcointx 2> /dev/null cd python-bitcointx -latest=python-bitcointx-v1.1.3 +latest=python-bitcointx-v1.1.4 echo "Latest release is ${latest}" # GPG verification @@ -19,6 +19,8 @@ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B17A35BBA187395784E2A6B3 echo "Verifying latest release" git verify-commit "$latest" +git checkout -q "tags/$latest" +rm -rf .git + echo "tag: $latest" -# The prefix option is necessary because GitHub prefixes the archive contents in this format -echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"$latest"/ "$latest" | sha256sum | cut -d\ -f1)" +nix hash path .