diff --git a/morph/make-grid.nix b/morph/make-grid.nix
index 60d80aae1053119a0731af563290582409da9b9b..1728dacac5413fb014ef257172181b2e19078164 100644
--- a/morph/make-grid.nix
+++ b/morph/make-grid.nix
@@ -5,15 +5,7 @@
# server in the morph network.
{ name, nodes }:
let
- # Pin the deployment package-set to a specific version of nixpkgs. This is
- # NixOS 19.03 as of Aug 28 2019. There's nothing special about it. It's
- # just recent at the time of development. It can be upgraded when there is
- # value in doing so. Meanwhile, our platform doesn't shift around beneath
- # us in surprising ways as time passes.
- pkgs = import (builtins.fetchTarball {
- url = "https://github.com/NixOS/nixpkgs/archive/3c83ad6ac13b67101cc3e2e07781963a010c1624.tar.gz";
- sha256 = "0cdq342wrkvkyccygpp1gvwp7hhqg68hljjwld4vjixm901ayy14";
- }) {};
+ pkgs = import ./nixpkgs.nix { };
# Load our JSON configuration for later use.
cfg = pkgs.lib.trivial.importJSON ./grid.config.json;
in
diff --git a/morph/nixpkgs.nix b/morph/nixpkgs.nix
new file mode 100644
index 0000000000000000000000000000000000000000..ab317b2e6821b0c35310eb95e8b9d9532dc67dd2
--- /dev/null
+++ b/morph/nixpkgs.nix
@@ -0,0 +1,9 @@
+# Pin the deployment package-set to a specific version of nixpkgs. This is
+# NixOS 19.03 as of Aug 28 2019. There's nothing special about it. It's
+# just recent at the time of development. It can be upgraded when there is
+# value in doing so. Meanwhile, our platform doesn't shift around beneath
+# us in surprising ways as time passes.
+(builtins.fetchTarball {
+ url = "https://github.com/NixOS/nixpkgs/archive/3c83ad6ac13b67101cc3e2e07781963a010c1624.tar.gz";
+ sha256 = "0cdq342wrkvkyccygpp1gvwp7hhqg68hljjwld4vjixm901ayy14";
+})
diff --git a/nixos/modules/overlays.nix b/nixos/modules/overlays.nix
index 7e22c2f1d06f56e474e63492d3232ce9ef545cd7..ad41b406e3f7629f1e0765a9230a17c85fdba577 100644
--- a/nixos/modules/overlays.nix
+++ b/nixos/modules/overlays.nix
@@ -1,40 +1,8 @@
self: super: {
- python27 = super.python27.override {
- packageOverrides = python-self: python-super: {
- # Get the newest Tahoe-LAFS as a module instead of an application.
- tahoe-lafs = python-super.toPythonModule (python-super.callPackage ../pkgs/tahoe-lafs.nix { });
-
- # Get our ZKAP authorizer plugin package.
- zkapauthorizer = python-self.callPackage ../pkgs/zkapauthorizer.nix { };
-
- # new tahoe-lafs has a new dependency on eliot.
- eliot = python-super.callPackage ../pkgs/eliot.nix { };
-
- # new tahoe-lafs depends on a very recent autobahn for better websocket
- # testing features.
- autobahn = python-super.callPackage ../pkgs/autobahn.nix { };
-
- # new autobahn requires a newer cryptography
- cryptography = python-super.callPackage ../pkgs/cryptography.nix { };
-
- # new cryptography requires a newer cryptography_vectors
- cryptography_vectors = python-super.callPackage ../pkgs/cryptography_vectors.nix { };
-
- # upstream twisted package is missing a recently added dependency.
- twisted = python-super.twisted.overrideAttrs (old:
- { propagatedBuildInputs = old.propagatedBuildInputs ++ [ python-super.appdirs ];
- checkPhase = ''
- ${self.python.interpreter} -m twisted.trial twisted
- '';
- });
-
- };
- };
-
- privatestorage = self.python27.buildEnv.override
+ privatestorage = super.python27.buildEnv.override
{ extraLibs =
- [ self.python27Packages.tahoe-lafs
- self.python27Packages.zkapauthorizer
+ [ super.python27Packages.tahoe-lafs
+ super.python27Packages.zkapauthorizer
];
# Twisted's dropin.cache always collides between different
# plugin-providing packages.
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
index 863426a5159d54ceb65a69bd04b04fb7941af570..ca44959ea25942bdadc6e014a2aa300b26b1f800 100644
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -6,7 +6,11 @@ let
# overlay defines a new version of Tahoe-LAFS and some of its dependencies
# and maybe other useful Private Storage customizations.
pspkgs = import pkgs.path
- { overlays = [ (import ./overlays.nix) ];
+ { overlays = [
+ # needs fetchFromGitHub to check out zkapauthorizer
+ (pkgs.callPackage ./zkap-overlay.nix { })
+ (import ./overlays.nix)
+ ];
};
# Grab the configuration for this module for convenient access below.
cfg = config.services.private-storage;
diff --git a/nixos/modules/zkap-overlay.nix b/nixos/modules/zkap-overlay.nix
new file mode 100644
index 0000000000000000000000000000000000000000..75433f0fc10663aecbd16593fea9ba40073281fa
--- /dev/null
+++ b/nixos/modules/zkap-overlay.nix
@@ -0,0 +1,5 @@
+{ fetchFromGitHub }:
+let
+ zkapauthorizer = import ../pkgs/zkapauthorizer-repo.nix { inherit fetchFromGitHub; };
+in
+ import "${zkapauthorizer}/overlays.nix"
diff --git a/nixos/pkgs/autobahn.nix b/nixos/pkgs/autobahn.nix
deleted file mode 100644
index 3cc1df2138e783f7bb212b50ba09435773233b88..0000000000000000000000000000000000000000
--- a/nixos/pkgs/autobahn.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ lib, buildPythonPackage, fetchFromGitHub, isPy3k,
- six, txaio, twisted, zope_interface, cffi, trollius, futures, cryptography,
- mock, pytest
-}:
-buildPythonPackage rec {
- pname = "autobahn";
- version = "19.7.1";
-
- src = fetchFromGitHub {
- owner = "crossbario";
- repo = "autobahn-python";
- rev = "v${version}";
- sha256 = "1gl2m18s77hlpiglh44plv3k6b965n66ylnxbzgvzcdl9jf3l3q3";
- };
-
- propagatedBuildInputs = [ six txaio twisted zope_interface cffi cryptography ] ++
- (lib.optionals (!isPy3k) [ trollius futures ]);
-
- checkInputs = [ mock pytest ];
- checkPhase = ''
- runHook preCheck
- USE_TWISTED=true py.test $out
- runHook postCheck
- '';
-
- # XXX Fails for some reason I don't understand.
- doCheck = false;
-
- meta = with lib; {
- description = "WebSocket and WAMP in Python for Twisted and asyncio.";
- homepage = "https://crossbar.io/autobahn";
- license = licenses.mit;
- maintainers = with maintainers; [ nand0p ];
- };
-}
diff --git a/nixos/pkgs/cryptography.nix b/nixos/pkgs/cryptography.nix
deleted file mode 100644
index bfa6d30208387b334af63b072b3e409b6d39a063..0000000000000000000000000000000000000000
--- a/nixos/pkgs/cryptography.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-{ stdenv
-, buildPythonPackage
-, fetchFromGitHub
-, openssl
-, cryptography_vectors
-, darwin
-, asn1crypto
-, packaging
-, six
-, pythonOlder
-, enum34
-, ipaddress
-, isPyPy
-, cffi
-, pytest
-, pretend
-, iso8601
-, pytz
-, hypothesis
-}:
-
-buildPythonPackage rec {
- pname = "cryptography";
- version = "2.7"; # Also update the hash in vectors.nix
-
- src = fetchFromGitHub {
- owner = "pyca";
- repo = "cryptography";
- rev = "2.7";
- sha256 = "145byri5c3b8m6dbhwb6yxrv9jrr652l3z1w16mz205z8dz38qja";
- };
-
- outputs = [ "out" "dev" ];
-
- buildInputs = [ openssl ]
- ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
- propagatedBuildInputs = [
- asn1crypto
- packaging
- six
- ] ++ stdenv.lib.optional (pythonOlder "3.4") enum34
- ++ stdenv.lib.optional (pythonOlder "3.3") ipaddress
- ++ stdenv.lib.optional (!isPyPy) cffi;
-
- checkInputs = [
- cryptography_vectors
- hypothesis
- iso8601
- pretend
- pytest
- pytz
- ];
-
- checkPhase = ''
- py.test --disable-pytest-warnings tests
- '';
-
- # IOKit's dependencies are inconsistent between OSX versions, so this is the best we
- # can do until nix 1.11's release
- __impureHostDeps = [ "/usr/lib" ];
-
- meta = with stdenv.lib; {
- description = "A package which provides cryptographic recipes and primitives";
- longDescription = ''
- Cryptography includes both high level recipes and low level interfaces to
- common cryptographic algorithms such as symmetric ciphers, message
- digests, and key derivation functions.
- Our goal is for it to be your "cryptographic standard library". It
- supports Python 2.7, Python 3.4+, and PyPy 5.3+.
- '';
- homepage = https://github.com/pyca/cryptography;
- license = with licenses; [ asl20 bsd3 psfl ];
- maintainers = with maintainers; [ primeos ];
- };
-}
diff --git a/nixos/pkgs/cryptography_vectors.nix b/nixos/pkgs/cryptography_vectors.nix
deleted file mode 100644
index ea24ed908016b8ad2a534923709072b171b00b9a..0000000000000000000000000000000000000000
--- a/nixos/pkgs/cryptography_vectors.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ buildPythonPackage, fetchPypi, lib, cryptography }:
-
-buildPythonPackage rec {
- pname = "cryptography_vectors";
- # The test vectors must have the same version as the cryptography package:
- version = cryptography.version;
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "1g38zw90510azyfrj6mxbslx2gp9yrnv5dac0w2819k9ssdznbgi";
- };
-
- # No tests included
- doCheck = false;
-
- meta = with lib; {
- description = "Test vectors for the cryptography package";
- homepage = https://cryptography.io/en/latest/development/test-vectors/;
- # Source: https://github.com/pyca/cryptography/tree/master/vectors;
- license = with licenses; [ asl20 bsd3 ];
- maintainers = with maintainers; [ primeos ];
- };
-}
diff --git a/nixos/pkgs/eliot.nix b/nixos/pkgs/eliot.nix
deleted file mode 100644
index f6d6b3061b1ea635bac0e694be407ca8d1b6befb..0000000000000000000000000000000000000000
--- a/nixos/pkgs/eliot.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ lib, buildPythonPackage, fetchPypi, zope_interface, pyrsistent, boltons
-, hypothesis, testtools, pytest }:
-buildPythonPackage rec {
- pname = "eliot";
- version = "1.7.0";
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "0ylyycf717s5qsrx8b9n6m38vyj2k8328lfhn8y6r31824991wv8";
- };
-
- postPatch = ''
- substituteInPlace setup.py \
- --replace "boltons >= 19.0.1" boltons
- # depends on eliot.prettyprint._main which we don't have here.
- rm eliot/tests/test_prettyprint.py
- '';
-
- checkInputs = [ testtools pytest hypothesis ];
- propagatedBuildInputs = [ zope_interface pyrsistent boltons ];
-
- meta = with lib; {
- homepage = https://github.com/itamarst/eliot/;
- description = "Logging library that tells you why it happened";
- license = licenses.asl20;
- };
-}
diff --git a/nixos/pkgs/tahoe-lafs.nix b/nixos/pkgs/tahoe-lafs.nix
deleted file mode 100644
index 7d8b7b8efd35e27a1968e5fd69ce0f223d57f153..0000000000000000000000000000000000000000
--- a/nixos/pkgs/tahoe-lafs.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ fetchFromGitHub, eliot, tahoelafs, plugins ? [ ] }:
-tahoelafs.overrideAttrs (old:
-{ src = fetchFromGitHub
- { owner = "tahoe-lafs";
- repo = "tahoe-lafs";
- rev = "6c1a37c95188c1d9a877286ef726280a68d38a4b";
- sha256 = "1fd8b6j52wn04bnvnvysws4c713max6k1592lz4nzyjlhrcwawwh";
- };
- propagatedBuildInputs = old.propagatedBuildInputs ++ [ eliot ] ++ plugins;
- doInstallCheck = false;
-})
diff --git a/nixos/pkgs/zkapauthorizer-repo.nix b/nixos/pkgs/zkapauthorizer-repo.nix
new file mode 100644
index 0000000000000000000000000000000000000000..dc50d589f36da17d6bf24fbb6b441fc326b6d13f
--- /dev/null
+++ b/nixos/pkgs/zkapauthorizer-repo.nix
@@ -0,0 +1,7 @@
+{ fetchFromGitHub }:
+fetchFromGitHub {
+ owner = "PrivateStorageio";
+ repo = "ZKAPAuthorizer";
+ rev = "36dd4c2cffa2e9df651dda4c9ac8977bafe2ed64";
+ sha256 = "sha256:1i5nli73gk56r5brmimcd97dkf7wd4mf6viw4vbcssa7xj6s84af";
+}
diff --git a/nixos/pkgs/zkapauthorizer.nix b/nixos/pkgs/zkapauthorizer.nix
index 21c0a55b5de5810f0c3757a6afb4a140fbc70523..fe12cb60a0ad4edaf6e499be0b581a6d70fb5996 100644
--- a/nixos/pkgs/zkapauthorizer.nix
+++ b/nixos/pkgs/zkapauthorizer.nix
@@ -1,12 +1,5 @@
-{ pkgs, fetchFromGitHub, tahoe-lafs }:
+{ fetchFromGitHub, python27Packages }:
let
- src = fetchFromGitHub
- { owner = "PrivateStorageio";
- repo = "ZKAPAuthorizer";
- rev = "a14b38f39e48d1560ea10ec26fffad6ce50fd00a";
- sha256 = "1v81l0ylx8r8xflhi16m8hb1dm3rlzyfrldiknvggqkyi5psdja4";
- };
+ zkapauthorizer = import ./zkapauthorizer-repo.nix { inherit fetchFromGitHub; };
in
-pkgs.python27Packages.callPackage "${src}/zkapauthorizer.nix"
-{ inherit tahoe-lafs;
-}
+ python27Packages.callPackage "${zkapauthorizer}/zkapauthorizer.nix" { }