From 8403fc80b1c92824fdbf10b38e486f582a9a3fe8 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Tue, 6 Aug 2019 11:15:24 -0400
Subject: [PATCH] Package the plugin and newer tahoe and the other deps
---
nixos/modules/overlays.nix | 43 +++++++++++++++++
nixos/modules/private-storage.nix | 29 +++++++++++
nixos/pkgs/autobahn.nix | 35 ++++++++++++++
nixos/pkgs/cryptography.nix | 75 +++++++++++++++++++++++++++++
nixos/pkgs/cryptography_vectors.nix | 23 +++++++++
nixos/pkgs/eliot.nix | 27 +++++++++++
nixos/pkgs/tahoe-lafs.nix | 11 +++++
nixos/pkgs/zkapauthorizer.nix | 12 +++++
8 files changed, 255 insertions(+)
create mode 100644 nixos/modules/overlays.nix
create mode 100644 nixos/modules/private-storage.nix
create mode 100644 nixos/pkgs/autobahn.nix
create mode 100644 nixos/pkgs/cryptography.nix
create mode 100644 nixos/pkgs/cryptography_vectors.nix
create mode 100644 nixos/pkgs/eliot.nix
create mode 100644 nixos/pkgs/tahoe-lafs.nix
create mode 100644 nixos/pkgs/zkapauthorizer.nix
diff --git a/nixos/modules/overlays.nix b/nixos/modules/overlays.nix
new file mode 100644
index 00000000..7e22c2f1
--- /dev/null
+++ b/nixos/modules/overlays.nix
@@ -0,0 +1,43 @@
+self: super: {
+ python27 = super.python27.override {
+ packageOverrides = python-self: python-super: {
+ # Get the newest Tahoe-LAFS as a module instead of an application.
+ tahoe-lafs = python-super.toPythonModule (python-super.callPackage ../pkgs/tahoe-lafs.nix { });
+
+ # Get our ZKAP authorizer plugin package.
+ zkapauthorizer = python-self.callPackage ../pkgs/zkapauthorizer.nix { };
+
+ # new tahoe-lafs has a new dependency on eliot.
+ eliot = python-super.callPackage ../pkgs/eliot.nix { };
+
+ # new tahoe-lafs depends on a very recent autobahn for better websocket
+ # testing features.
+ autobahn = python-super.callPackage ../pkgs/autobahn.nix { };
+
+ # new autobahn requires a newer cryptography
+ cryptography = python-super.callPackage ../pkgs/cryptography.nix { };
+
+ # new cryptography requires a newer cryptography_vectors
+ cryptography_vectors = python-super.callPackage ../pkgs/cryptography_vectors.nix { };
+
+ # upstream twisted package is missing a recently added dependency.
+ twisted = python-super.twisted.overrideAttrs (old:
+ { propagatedBuildInputs = old.propagatedBuildInputs ++ [ python-super.appdirs ];
+ checkPhase = ''
+ ${self.python.interpreter} -m twisted.trial twisted
+ '';
+ });
+
+ };
+ };
+
+ privatestorage = self.python27.buildEnv.override
+ { extraLibs =
+ [ self.python27Packages.tahoe-lafs
+ self.python27Packages.zkapauthorizer
+ ];
+ # Twisted's dropin.cache always collides between different
+ # plugin-providing packages.
+ ignoreCollisions = true;
+ };
+}
diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix
new file mode 100644
index 00000000..cf8cbca1
--- /dev/null
+++ b/nixos/modules/private-storage.nix
@@ -0,0 +1,29 @@
+# A NixOS module which can instantiate a Tahoe-LAFS storage server in the
+# preferred configuration for the Private Storage grid.
+{ pkgs, lib, config, ... }:
+let
+ pspkgs = import pkgs.path
+ { overlays = [ (import ./overlays.nix) ];
+ };
+ cfg = config.services.private-storage;
+in
+{ imports = [ ];
+ options =
+ { services.private-storage.enable = lib.mkEnableOption "private storage service";
+ services.private-storage.tahoe.package = lib.mkOption
+ { default = pspkgs.privatestorage;
+ type = lib.types.package;
+ example = lib.literalExample "pkgs.tahoelafs";
+ description = ''
+ The package to use for the Tahoe-LAFS daemon.
+ '';
+ };
+ };
+ config = lib.mkIf cfg.enable
+ { services.tahoe.nodes."alpha" =
+ { package = config.services.private-storage.tahoe.package;
+ nickname = "alpha";
+ storage.enable = true;
+ };
+ };
+}
diff --git a/nixos/pkgs/autobahn.nix b/nixos/pkgs/autobahn.nix
new file mode 100644
index 00000000..3cc1df21
--- /dev/null
+++ b/nixos/pkgs/autobahn.nix
@@ -0,0 +1,35 @@
+{ lib, buildPythonPackage, fetchFromGitHub, isPy3k,
+ six, txaio, twisted, zope_interface, cffi, trollius, futures, cryptography,
+ mock, pytest
+}:
+buildPythonPackage rec {
+ pname = "autobahn";
+ version = "19.7.1";
+
+ src = fetchFromGitHub {
+ owner = "crossbario";
+ repo = "autobahn-python";
+ rev = "v${version}";
+ sha256 = "1gl2m18s77hlpiglh44plv3k6b965n66ylnxbzgvzcdl9jf3l3q3";
+ };
+
+ propagatedBuildInputs = [ six txaio twisted zope_interface cffi cryptography ] ++
+ (lib.optionals (!isPy3k) [ trollius futures ]);
+
+ checkInputs = [ mock pytest ];
+ checkPhase = ''
+ runHook preCheck
+ USE_TWISTED=true py.test $out
+ runHook postCheck
+ '';
+
+ # XXX Fails for some reason I don't understand.
+ doCheck = false;
+
+ meta = with lib; {
+ description = "WebSocket and WAMP in Python for Twisted and asyncio.";
+ homepage = "https://crossbar.io/autobahn";
+ license = licenses.mit;
+ maintainers = with maintainers; [ nand0p ];
+ };
+}
diff --git a/nixos/pkgs/cryptography.nix b/nixos/pkgs/cryptography.nix
new file mode 100644
index 00000000..bfa6d302
--- /dev/null
+++ b/nixos/pkgs/cryptography.nix
@@ -0,0 +1,75 @@
+{ stdenv
+, buildPythonPackage
+, fetchFromGitHub
+, openssl
+, cryptography_vectors
+, darwin
+, asn1crypto
+, packaging
+, six
+, pythonOlder
+, enum34
+, ipaddress
+, isPyPy
+, cffi
+, pytest
+, pretend
+, iso8601
+, pytz
+, hypothesis
+}:
+
+buildPythonPackage rec {
+ pname = "cryptography";
+ version = "2.7"; # Also update the hash in vectors.nix
+
+ src = fetchFromGitHub {
+ owner = "pyca";
+ repo = "cryptography";
+ rev = "2.7";
+ sha256 = "145byri5c3b8m6dbhwb6yxrv9jrr652l3z1w16mz205z8dz38qja";
+ };
+
+ outputs = [ "out" "dev" ];
+
+ buildInputs = [ openssl ]
+ ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
+ propagatedBuildInputs = [
+ asn1crypto
+ packaging
+ six
+ ] ++ stdenv.lib.optional (pythonOlder "3.4") enum34
+ ++ stdenv.lib.optional (pythonOlder "3.3") ipaddress
+ ++ stdenv.lib.optional (!isPyPy) cffi;
+
+ checkInputs = [
+ cryptography_vectors
+ hypothesis
+ iso8601
+ pretend
+ pytest
+ pytz
+ ];
+
+ checkPhase = ''
+ py.test --disable-pytest-warnings tests
+ '';
+
+ # IOKit's dependencies are inconsistent between OSX versions, so this is the best we
+ # can do until nix 1.11's release
+ __impureHostDeps = [ "/usr/lib" ];
+
+ meta = with stdenv.lib; {
+ description = "A package which provides cryptographic recipes and primitives";
+ longDescription = ''
+ Cryptography includes both high level recipes and low level interfaces to
+ common cryptographic algorithms such as symmetric ciphers, message
+ digests, and key derivation functions.
+ Our goal is for it to be your "cryptographic standard library". It
+ supports Python 2.7, Python 3.4+, and PyPy 5.3+.
+ '';
+ homepage = https://github.com/pyca/cryptography;
+ license = with licenses; [ asl20 bsd3 psfl ];
+ maintainers = with maintainers; [ primeos ];
+ };
+}
diff --git a/nixos/pkgs/cryptography_vectors.nix b/nixos/pkgs/cryptography_vectors.nix
new file mode 100644
index 00000000..ea24ed90
--- /dev/null
+++ b/nixos/pkgs/cryptography_vectors.nix
@@ -0,0 +1,23 @@
+{ buildPythonPackage, fetchPypi, lib, cryptography }:
+
+buildPythonPackage rec {
+ pname = "cryptography_vectors";
+ # The test vectors must have the same version as the cryptography package:
+ version = cryptography.version;
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "1g38zw90510azyfrj6mxbslx2gp9yrnv5dac0w2819k9ssdznbgi";
+ };
+
+ # No tests included
+ doCheck = false;
+
+ meta = with lib; {
+ description = "Test vectors for the cryptography package";
+ homepage = https://cryptography.io/en/latest/development/test-vectors/;
+ # Source: https://github.com/pyca/cryptography/tree/master/vectors;
+ license = with licenses; [ asl20 bsd3 ];
+ maintainers = with maintainers; [ primeos ];
+ };
+}
diff --git a/nixos/pkgs/eliot.nix b/nixos/pkgs/eliot.nix
new file mode 100644
index 00000000..f6d6b306
--- /dev/null
+++ b/nixos/pkgs/eliot.nix
@@ -0,0 +1,27 @@
+{ lib, buildPythonPackage, fetchPypi, zope_interface, pyrsistent, boltons
+, hypothesis, testtools, pytest }:
+buildPythonPackage rec {
+ pname = "eliot";
+ version = "1.7.0";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "0ylyycf717s5qsrx8b9n6m38vyj2k8328lfhn8y6r31824991wv8";
+ };
+
+ postPatch = ''
+ substituteInPlace setup.py \
+ --replace "boltons >= 19.0.1" boltons
+ # depends on eliot.prettyprint._main which we don't have here.
+ rm eliot/tests/test_prettyprint.py
+ '';
+
+ checkInputs = [ testtools pytest hypothesis ];
+ propagatedBuildInputs = [ zope_interface pyrsistent boltons ];
+
+ meta = with lib; {
+ homepage = https://github.com/itamarst/eliot/;
+ description = "Logging library that tells you why it happened";
+ license = licenses.asl20;
+ };
+}
diff --git a/nixos/pkgs/tahoe-lafs.nix b/nixos/pkgs/tahoe-lafs.nix
new file mode 100644
index 00000000..7d8b7b8e
--- /dev/null
+++ b/nixos/pkgs/tahoe-lafs.nix
@@ -0,0 +1,11 @@
+{ fetchFromGitHub, eliot, tahoelafs, plugins ? [ ] }:
+tahoelafs.overrideAttrs (old:
+{ src = fetchFromGitHub
+ { owner = "tahoe-lafs";
+ repo = "tahoe-lafs";
+ rev = "6c1a37c95188c1d9a877286ef726280a68d38a4b";
+ sha256 = "1fd8b6j52wn04bnvnvysws4c713max6k1592lz4nzyjlhrcwawwh";
+ };
+ propagatedBuildInputs = old.propagatedBuildInputs ++ [ eliot ] ++ plugins;
+ doInstallCheck = false;
+})
diff --git a/nixos/pkgs/zkapauthorizer.nix b/nixos/pkgs/zkapauthorizer.nix
new file mode 100644
index 00000000..21c0a55b
--- /dev/null
+++ b/nixos/pkgs/zkapauthorizer.nix
@@ -0,0 +1,12 @@
+{ pkgs, fetchFromGitHub, tahoe-lafs }:
+let
+ src = fetchFromGitHub
+ { owner = "PrivateStorageio";
+ repo = "ZKAPAuthorizer";
+ rev = "a14b38f39e48d1560ea10ec26fffad6ce50fd00a";
+ sha256 = "1v81l0ylx8r8xflhi16m8hb1dm3rlzyfrldiknvggqkyi5psdja4";
+ };
+in
+pkgs.python27Packages.callPackage "${src}/zkapauthorizer.nix"
+{ inherit tahoe-lafs;
+}
--
GitLab