diff --git a/.circleci/config.yml b/.circleci/config.yml
index 691a231518ffe4c9e7aed7b3f75ee862d8de8170..8c947f76e0e2a30e4b4267eb26e903c8171644dd 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -24,46 +24,16 @@ jobs:
resource_class: "xlarge"
- environment:
- # Specify a revision of NixOS/nixpkgs to run against. This essentially
- # pins the majority of the software involved in the build. This
- # revision is selected arbitrarily. It's somewhat current as of the
- # time of this comment. We can bump it to a newer version when that
- # makes sense. Meanwhile, the platform won't shift around beneath us
- # unexpectedly.
- NIXPKGS_REV: "92609f3d9bc3acffbdbe54fa1c591a885612aa73"
-
steps:
- run:
name: "Setup Environment Variables"
command: |
- # Get NIX_PATH set for the rest of the job so that the revision of
- # nixpkgs we selected will be used everywhere Nix pulls in software.
- # There is no way to set an environment variable containing the
- # value of another environment variable on CircleCI except to use
- # the `BASH_ENV` feature as we do here.
- echo "export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV
# Set XDG_CONFIG_DIRS to point at the source directory, so that nix
# will pickup nix/nix.conf as a configuration file from there.
echo "export XDG_CONFIG_DIRS=$CIRCLE_WORKING_DIRECTORY" >> $BASH_ENV
# Get *our* source code.
- "checkout"
-
- - "run":
- # CircleCI won't let us interpolate NIXPKGS_REV into a cache key.
- # Only CircleCI's own environment variables or variables set via the
- # web interface in a "context" can be interpolated into cache keys.
- # However, we can interpolate the checksum of a file... Since we
- # don't care about the exact revision, we just care that a new
- # revision gives us a new string, we can write the revision to a
- # file and then put the checksum of that file into the cache key.
- # This way, we don't have to maintain the nixpkgs revision in two
- # places and risk having them desynchronize.
- name: "Prepare For Cache Key"
- command: |
- echo "${NIXPKGS_REV}" > nixpkgs.rev
-
- restore_cache:
# Get all of Nix's state relating to the particular revision of
# nixpkgs we're using. It will always be the same. CircleCI
@@ -87,9 +57,8 @@ jobs:
# If nixpkgs changes then potentially a lot of cached packages for
# the base system will be invalidated so we may as well drop them
# and make a new cache with the new packages.
- - paymentserver-nix-store-v5-{{ checksum "nixpkgs.rev" }}-{{ checksum "nix/challenge-bypass-ristretto-repo.nix" }}
- - paymentserver-nix-store-v5-{{ checksum "nixpkgs.rev" }}-
- - paymentserver-nix-store-v5-
+ - paymentserver-nix-store-v6-{{ checksum "nix/sources.json" }}
+ - paymentserver-nix-store-v6-
- run:
name: "Building with Nix"
@@ -114,7 +83,7 @@ jobs:
- save_cache:
name: "Cache Nix Store Paths"
- key: paymentserver-nix-store-v5-{{ checksum "nixpkgs.rev" }}-{{ checksum "nix/challenge-bypass-ristretto-repo.nix" }}
+ key: paymentserver-nix-store-v6-{{ checksum "nix/sources.json" }}
paths:
- "/nix"
diff --git a/nix/challenge-bypass-ristretto-repo.nix b/nix/challenge-bypass-ristretto-repo.nix
deleted file mode 100644
index 1357efe3e9ab3c9480109c7a52864f751d9bfdc3..0000000000000000000000000000000000000000
--- a/nix/challenge-bypass-ristretto-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
- pkgs = import <nixpkgs> {};
-in
- pkgs.fetchFromGitHub {
- owner = "LeastAuthority";
- repo = "python-challenge-bypass-ristretto";
- rev = "v2021.07.12";
- sha256 = "16af1qmx7srhvcc936x7hl2bz50hafm39311dbzqam9ms1i5q89j";
- }
diff --git a/nix/challenge-bypass-ristretto.nix b/nix/challenge-bypass-ristretto.nix
index dc08608de18a4fec80c90e75839b52c11817d59f..10bf5e88a11dff116c80776a91f53c8561d166aa 100644
--- a/nix/challenge-bypass-ristretto.nix
+++ b/nix/challenge-bypass-ristretto.nix
@@ -1,6 +1,8 @@
# Provide the ffi bindings to the Rust challenge-bypass-ristretto library.
-{ fetchFromGitHub, callPackage }:
let
- src = import ./challenge-bypass-ristretto-repo.nix;
+ sources = import ./sources.nix;
in
- import "${src}/default-challenge-bypass-ristretto-ffi.nix" { }
+{ callPackage
+, libchallenge_bypass_ristretto_ffi_repo ? sources.libchallenge_bypass_ristretto_ffi
+}:
+ callPackage "${libchallenge_bypass_ristretto_ffi_repo}/challenge-bypass-ristretto.nix" { }
diff --git a/nix/sources.json b/nix/sources.json
index fc5bbbbb6468aed32a38328e7577a4fd2a54c2a9..fd1415e329c4ad896bbf987b513b88204eb7156f 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -11,6 +11,18 @@
"url": "https://github.com/input-output-hk/haskell.nix/archive/f624ca56629d5be438c7d44a721b0c1d944eda23.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
+ "libchallenge_bypass_ristretto_ffi": {
+ "branch": "master",
+ "description": "Python bindings for Brave's challenge-bypass-ristretto library",
+ "homepage": null,
+ "owner": "leastauthority",
+ "repo": "python-challenge-bypass-ristretto",
+ "rev": "6e25af8a721a9d8507745efad3d15dae75b78909",
+ "sha256": "0w5vpq9kqhdbbynbbky1ibx1im5582yacqnb9y2y3h114diywdyq",
+ "type": "tarball",
+ "url": "https://github.com/leastauthority/python-challenge-bypass-ristretto/archive/6e25af8a721a9d8507745efad3d15dae75b78909.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
"niv": {
"branch": "master",
"description": "Easy dependency management for Nix projects",