diff --git a/.circleci/config.yml b/.circleci/config.yml
index d477118ab06beb28edc6d95b03a6d2767342e67b..c7a34563355d1c80c3b31ee076ac1cc002ab3036 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -136,12 +136,11 @@ jobs:
linux-tests: &LINUX_TESTS
parameters:
- tahoe-version:
- # A Tahoe-LAFS version number string like "1.15.0" which corresponds
- # to a version known by default.nix . This is the version that will
- # be declared as a dependency of the Nix package of ZKAPAuthorizer
- # (and therefore used in the test run and pulled in should you install
- # this package).
+ tahoe-lafs-source:
+ # The name of a niv source in nix/sources.json which corresponds to
+ # a Tahoe-LAFS version. This is the version that will be declared as a
+ # dependency of the Nix package of ZKAPAuthorizer (and therefore used
+ # in the test run and pulled in should you install this package).
type: "string"
docker:
@@ -188,11 +187,10 @@ jobs:
#
# Further, we want the "doc" output built as well because that's
# where the coverage data ends up.
- nix-build \
+ nix-build tests.nix \
--argstr hypothesisProfile ci \
--arg collectCoverage true \
- --argstr tahoe-lafs << parameters.tahoe-version >> \
- --attr doc
+ --argstr tahoe-lafs-source << parameters.tahoe-lafs-source >>
- run:
name: "Push to Cachix"
@@ -226,9 +224,8 @@ workflows:
- "linux-tests":
matrix:
parameters:
- tahoe-version:
- - "1.14.0"
- - "1.16.0rc1"
+ tahoe-lafs-source:
+ - "tahoe-lafs"
- "macos-tests":
matrix:
diff --git a/.circleci/report-coverage.sh b/.circleci/report-coverage.sh
index d7f8c24eac5379a67b9371edeeaac218728f4377..7eec56e8c76251b60460db3c985e3a73603dc05d 100755
--- a/.circleci/report-coverage.sh
+++ b/.circleci/report-coverage.sh
@@ -1,8 +1,8 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p "curl" -p "python.withPackages (ps: [ ps.coverage ])"
set -x
-find ./result-doc/share/doc
-cp ./result-doc/share/doc/*/.coverage.* ./
+find ./result/share/doc
+cp ./result/share/doc/*/.coverage.* ./
python -m coverage combine
python -m coverage report
python -m coverage xml
diff --git a/CONTRIBUTING b/CONTRIBUTING
deleted file mode 100644
index 587c37bc5cf8bd3580a6c65dfa1d63220760d2f2..0000000000000000000000000000000000000000
--- a/CONTRIBUTING
+++ /dev/null
@@ -1,23 +0,0 @@
-Contributing to ZKAPAuthorizer
-==============================
-
-Contributions are accepted in many forms.
-
-Examples of contributions include:
-
-* Bug reports and patch reviews
-* Documentation improvements
-* Code patches
-
-File a ticket at:
-
-https://github.com/PrivateStorageio/ZKAPAuthorizer/issues/new
-
-ZKAPAuthorizer uses GitHub keep track of bugs, feature requests, and associated patches.
-
-Contributions are managed using GitHub's Pull Requests.
-For a PR to be accepted it needs to have:
-
-* an associated issue
-* all CI tests passing
-* patch coverage of 100% as reported by codecov.io
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
new file mode 100644
index 0000000000000000000000000000000000000000..467ebe7c1e6199366594768bcb4a246091157651
--- /dev/null
+++ b/CONTRIBUTING.rst
@@ -0,0 +1,75 @@
+Contributing to ZKAPAuthorizer
+==============================
+
+Contributions are accepted in many forms.
+
+Examples of contributions include:
+
+* Bug reports and patch reviews
+* Documentation improvements
+* Code patches
+
+File a ticket at:
+
+https://github.com/PrivateStorageio/ZKAPAuthorizer/issues/new
+
+ZKAPAuthorizer uses GitHub keep track of bugs, feature requests, and associated patches.
+
+Contributions are managed using GitHub's Pull Requests.
+For a PR to be accepted it needs to have:
+
+* an associated issue
+* all CI tests passing
+* patch coverage of 100% as reported by codecov.io
+
+Updating Dependencies
+---------------------
+
+We use `niv <https://github.com/nmattia/niv>`_ to manage several of our dependencies.
+
+Python Dependencies
+...................
+
+We use `mach-nix <https://github.com/DavHau/mach-nix/>`_ to build python packages.
+It uses a snapshot of pypi to expose python dependencies to nix,
+thus our python depedencies (on nix) are automatically pinned.
+To update the pypy snapshot (and thus our python dependencies), run
+
+.. code:: shell
+
+ nix-shell --run 'niv update pypi-deps-db'
+
+tahoe-lafs
+..........
+
+We depend on pinned commit of tahoe-lafs.
+To update to the latest commit, run
+
+.. code:: shell
+
+ nix-shell --run 'niv update tahoe-lafs --branch master'
+
+It is also possible to pass ``pull/<pr-number>/head`` to test against a specific PR.
+
+.. note::
+
+ Since tahoe-lafs doesn't have correct version information when installed from a github archive,
+ the packaging in ``default.nix`` includes a fake version number.
+ This will need to be update manually at least when the minor version of tahoe-lafs changes.
+
+If you want to test multiple versions, you can add an additional source, pointing at other version
+
+.. code:: shell
+
+ nix-shell --run 'niv add -n tahoe-lafs-next tahoe-lafs/tahoe-lafs --rev "<rev>"'
+ nix-build tests.nix --argstr tahoe-lafs-source tahoe-lafs-next
+
+``--argstr tahoe-lafs-source <...>`` can also be passed to ``nix-shell`` and ``nix-build default.nix``.
+
+nixpkgs
+.......
+
+We pin to a nixos channel release, which isn't directly supported by niv (`issue <https://github.com/nmattia/niv/issues/225>`_).
+Thus, the pin needs to be update manually.
+To do this, copy the ``url`` and ``sha256`` values from PrivateStorageio's `nixpkgs-2105.json <https://whetstone.privatestorage.io/privatestorage/PrivateStorageio/-/blob/develop/nixpkgs-2105.json>`_ into the ``release2015`` entry in ``nix/sources.json``.
+When this is deployed as part of Privatestorageio, we use the value pinned there, rather than the pin in this repository.
diff --git a/default.nix b/default.nix
index 6d24dab31df44598c1baff1feefa9e2e836cf724..7f9b277c7290c3a277c7f80ff194ddabbb32c00b 100644
--- a/default.nix
+++ b/default.nix
@@ -1,22 +1,96 @@
-{ pkgs ? import <nixpkgs> { }
-, hypothesisProfile ? null
-, collectCoverage ? false
-, testSuite ? null
-, trialArgs ? null
-, tahoe-lafs ? "1.14.0"
-}:
let
- tahoe-packages = {
- "1.14.0" = pkgs.python2Packages.tahoe-lafs-1_14;
- "1.16.0rc1" = pkgs.python2Packages.callPackage ./nix/tahoe-lafs-1_16.nix { };
- };
- tahoe-lafs' = builtins.getAttr tahoe-lafs tahoe-packages;
-
- pkgs' = pkgs.extend (import ./overlays.nix);
- callPackage = pkgs'.python27Packages.callPackage;
+ sources = import nix/sources.nix;
in
-callPackage ./zkapauthorizer.nix {
- challenge-bypass-ristretto = callPackage ./python-challenge-bypass-ristretto.nix { };
- inherit hypothesisProfile collectCoverage testSuite trialArgs;
- tahoe-lafs = tahoe-lafs';
-}
+{ pkgs ? import sources.release2015 {}
+, pypiData ? sources.pypi-deps-db
+, mach-nix ? import sources.mach-nix { inherit pkgs pypiData; }
+, tahoe-lafs-source ? "tahoe-lafs"
+, tahoe-lafs-repo ? sources.${tahoe-lafs-source}
+}:
+ let
+ lib = pkgs.lib;
+ python = "python27";
+ providers = {
+ _default = "sdist,nixpkgs,wheel";
+ # mach-nix doesn't provide a good way to depend on mach-nix packages,
+ # so we get it as a nixpkgs dependency from an overlay. See below for
+ # details.
+ tahoe-lafs = "nixpkgs";
+ # not packaged in nixpkgs at all, we can use the binary wheel from
+ # pypi though.
+ python-challenge-bypass-ristretto = "wheel";
+ # Pure python packages that don't build correctly from sdists
+ # - patches in nixpkgs that don't apply
+ boltons = "wheel";
+ chardet = "wheel";
+ urllib3 = "wheel";
+ # - incorrectly detected dependencies due to pbr
+ fixtures = "wheel";
+ testtools = "wheel";
+ traceback2 = "wheel";
+ # - Incorrectly merged extras - https://github.com/DavHau/mach-nix/pull/334
+ tqdm = "wheel";
+ };
+ in
+ rec {
+ tahoe-lafs = mach-nix.buildPythonPackage rec {
+ inherit python providers;
+ name = "tahoe-lafs";
+ version = "1.16.post999";
+ # See https://github.com/DavHau/mach-nix/issues/190
+ requirementsExtra = ''
+ pyrsistent < 0.17
+ foolscap == 0.13.1
+ configparser
+ eliot
+ '';
+ postPatch = ''
+ cat > src/allmydata/_version.py <<EOF
+ # This _version.py is generated by nix.
+
+ verstr = "${version}+git-${tahoe-lafs-repo.rev}"
+ __version__ = verstr
+ EOF
+ '';
+ src = tahoe-lafs-repo;
+ };
+ zkapauthorizer = mach-nix.buildPythonApplication rec {
+ inherit python providers;
+ src = lib.cleanSource ./.;
+ # mach-nix does not provide a way to specify dependencies on other
+ # mach-nix packages, that incorporates the requirements and overlays
+ # of that package.
+ # See https://github.com/DavHau/mach-nix/issues/123
+ # In particular, we explicitly include the requirements of tahoe-lafs
+ # here, and include it in a python package overlay.
+ requirementsExtra = tahoe-lafs.requirements;
+ overridesPre = [
+ (
+ self: super: {
+ inherit tahoe-lafs;
+ }
+ )
+ ];
+ # Record some settings here, so downstream nix files can consume them.
+ meta.mach-nix = { inherit python providers; };
+ };
+
+ privatestorage = let
+ python-env = mach-nix.mkPython {
+ inherit python providers;
+ packagesExtra = [ zkapauthorizer tahoe-lafs ];
+ };
+ in
+ # Since we use this derivation in `environment.systemPackages`,
+ # we create a derivation that has just the executables we use,
+ # to avoid polluting the system PATH with all the executables
+ # from our dependencies.
+ pkgs.runCommandNoCC "privatestorage" {}
+ ''
+ mkdir -p $out/bin
+ ln -s ${python-env}/bin/tahoe $out/bin
+ # Include some tools that are useful for debugging.
+ ln -s ${python-env}/bin/flogtool $out/bin
+ ln -s ${python-env}/bin/eliot-prettyprint $out/bin
+ '';
+ }
diff --git a/docs/source/CONTRIBUTING.rst b/docs/source/CONTRIBUTING.rst
index fe245d9d5560297d0d8fb5c6d53e0fa674c822c8..ac7b6bcf35e98139c791cb5c4b94f08849972d65 100644
--- a/docs/source/CONTRIBUTING.rst
+++ b/docs/source/CONTRIBUTING.rst
@@ -1 +1 @@
-.. include:: ../../CONTRIBUTING
+.. include:: ../../CONTRIBUTING.rst
diff --git a/nix/repo-1_16_0_rc1.nix b/nix/repo-1_16_0_rc1.nix
deleted file mode 100644
index 4dce852de07a9ae2116b6ef3a813e44aca8d5d15..0000000000000000000000000000000000000000
--- a/nix/repo-1_16_0_rc1.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ fetchFromGitHub }:
-fetchFromGitHub {
- owner = "fenn-cs";
- repo = "tahoe-lafs";
- rev = "f6a96ae3976ee21ad0376f7b6a22fc3d12110dce";
- sha256 = "sha256:127z83c388mvxkz1qdjqdnlj5xgshyn5w5v40vda6mpyy7k9bpb4";
-}
diff --git a/nix/setup.cfg.patch b/nix/setup.cfg.patch
deleted file mode 100644
index 3a2762bdb9f3e03979393e1c79f09b3ed4b67970..0000000000000000000000000000000000000000
--- a/nix/setup.cfg.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/setup.cfg b/setup.cfg
-index dfc49607..822ea8dd 100644
---- a/setup.cfg
-+++ b/setup.cfg
-@@ -40,5 +40,5 @@ install_requires =
- # incompatible with Tahoe-LAFS'. So duplicate them here (the ones that
- # have been observed to cause problems).
- Twisted[tls,conch]>=18.4.0
-- tahoe-lafs >=1.14, <1.17, !=1.15.*
-+ tahoe-lafs
- treq
-
- [versioneer]
diff --git a/nix/sources.json b/nix/sources.json
new file mode 100644
index 0000000000000000000000000000000000000000..d5482b693a41b0e2eb8b5b29dd6ae8a779481d2d
--- /dev/null
+++ b/nix/sources.json
@@ -0,0 +1,56 @@
+{
+ "mach-nix": {
+ "branch": "merged",
+ "description": "Create highly reproducible python environments",
+ "homepage": "",
+ "owner": "PrivateStorageio",
+ "repo": "mach-nix",
+ "rev": "0872dd81afe9c4a6552604f7d21fe7f2baddf454",
+ "sha256": "0hsbm6rmjjjzxdciirmcxyvrrlz19cbhprd2hfksrv6nnl4c3mc3",
+ "type": "tarball",
+ "url": "https://github.com/PrivateStorageio/mach-nix/archive/0872dd81afe9c4a6552604f7d21fe7f2baddf454.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "niv": {
+ "branch": "master",
+ "description": "Easy dependency management for Nix projects",
+ "homepage": "https://github.com/nmattia/niv",
+ "owner": "nmattia",
+ "repo": "niv",
+ "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070",
+ "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx",
+ "type": "tarball",
+ "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "pypi-deps-db": {
+ "branch": "master",
+ "description": "Probably the most complete python dependency database",
+ "homepage": "",
+ "owner": "DavHau",
+ "repo": "pypi-deps-db",
+ "rev": "96d01556b4597c022647acbf8c3b58d2a99bc963",
+ "sha256": "0s6ll2hi40gj6mp2zdg7w3dq17g381gnfkm390mqgp574lmbq6yw",
+ "type": "tarball",
+ "url": "https://github.com/DavHau/pypi-deps-db/archive/96d01556b4597c022647acbf8c3b58d2a99bc963.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "release2015": {
+ "sha256": "112drvixj81vscj8cncmks311rk2ik5gydpd03d3r0yc939zjskg",
+ "type": "tarball",
+ "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3740.ce7a1190a0f/nixexprs.tar.xz",
+ "url_template": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3740.ce7a1190a0f/nixexprs.tar.xz"
+ },
+ "tahoe-lafs": {
+ "branch": "tahoe-lafs-1.16.0",
+ "description": "The Tahoe-LAFS decentralized secure filesystem.",
+ "homepage": "https://tahoe-lafs.org/",
+ "owner": "tahoe-lafs",
+ "repo": "tahoe-lafs",
+ "rev": "4bfb9d21700b8084d5fb2c697ceeb7088dd97c37",
+ "sha256": "1hcp9gq5hcw43xmg7n24xx580jrg0fd382pklv79r5lr4cicyx7g",
+ "type": "tarball",
+ "url": "https://github.com/tahoe-lafs/tahoe-lafs/archive/4bfb9d21700b8084d5fb2c697ceeb7088dd97c37.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ }
+}
diff --git a/nix/sources.nix b/nix/sources.nix
new file mode 100644
index 0000000000000000000000000000000000000000..1938409dddb0b57d9f298046cf51875060283df2
--- /dev/null
+++ b/nix/sources.nix
@@ -0,0 +1,174 @@
+# This file has been generated by Niv.
+
+let
+
+ #
+ # The fetchers. fetch_<type> fetches specs of type <type>.
+ #
+
+ fetch_file = pkgs: name: spec:
+ let
+ name' = sanitizeName name + "-src";
+ in
+ if spec.builtin or true then
+ builtins_fetchurl { inherit (spec) url sha256; name = name'; }
+ else
+ pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
+
+ fetch_tarball = pkgs: name: spec:
+ let
+ name' = sanitizeName name + "-src";
+ in
+ if spec.builtin or true then
+ builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
+ else
+ pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
+
+ fetch_git = name: spec:
+ let
+ ref =
+ if spec ? ref then spec.ref else
+ if spec ? branch then "refs/heads/${spec.branch}" else
+ if spec ? tag then "refs/tags/${spec.tag}" else
+ abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
+ in
+ builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
+
+ fetch_local = spec: spec.path;
+
+ fetch_builtin-tarball = name: throw
+ ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
+ $ niv modify ${name} -a type=tarball -a builtin=true'';
+
+ fetch_builtin-url = name: throw
+ ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
+ $ niv modify ${name} -a type=file -a builtin=true'';
+
+ #
+ # Various helpers
+ #
+
+ # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
+ sanitizeName = name:
+ (
+ concatMapStrings (s: if builtins.isList s then "-" else s)
+ (
+ builtins.split "[^[:alnum:]+._?=-]+"
+ ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
+ )
+ );
+
+ # The set of packages used when specs are fetched using non-builtins.
+ mkPkgs = sources: system:
+ let
+ sourcesNixpkgs =
+ import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
+ hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
+ hasThisAsNixpkgsPath = <nixpkgs> == ./.;
+ in
+ if builtins.hasAttr "nixpkgs" sources
+ then sourcesNixpkgs
+ else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
+ import <nixpkgs> {}
+ else
+ abort
+ ''
+ Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
+ add a package called "nixpkgs" to your sources.json.
+ '';
+
+ # The actual fetching function.
+ fetch = pkgs: name: spec:
+
+ if ! builtins.hasAttr "type" spec then
+ abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+ else if spec.type == "file" then fetch_file pkgs name spec
+ else if spec.type == "tarball" then fetch_tarball pkgs name spec
+ else if spec.type == "git" then fetch_git name spec
+ else if spec.type == "local" then fetch_local spec
+ else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
+ else if spec.type == "builtin-url" then fetch_builtin-url name
+ else
+ abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
+
+ # If the environment variable NIV_OVERRIDE_${name} is set, then use
+ # the path directly as opposed to the fetched source.
+ replace = name: drv:
+ let
+ saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
+ ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
+ in
+ if ersatz == "" then drv else
+ # this turns the string into an actual Nix path (for both absolute and
+ # relative paths)
+ if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
+
+ # Ports of functions for older nix versions
+
+ # a Nix version of mapAttrs if the built-in doesn't exist
+ mapAttrs = builtins.mapAttrs or (
+ f: set: with builtins;
+ listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
+ );
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+ range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+ stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+ stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+ concatMapStrings = f: list: concatStrings (map f list);
+ concatStrings = builtins.concatStringsSep "";
+
+ # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
+ optionalAttrs = cond: as: if cond then as else {};
+
+ # fetchTarball version that is compatible between all the versions of Nix
+ builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
+ let
+ inherit (builtins) lessThan nixVersion fetchTarball;
+ in
+ if lessThan nixVersion "1.12" then
+ fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
+ else
+ fetchTarball attrs;
+
+ # fetchurl version that is compatible between all the versions of Nix
+ builtins_fetchurl = { url, name ? null, sha256 }@attrs:
+ let
+ inherit (builtins) lessThan nixVersion fetchurl;
+ in
+ if lessThan nixVersion "1.12" then
+ fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
+ else
+ fetchurl attrs;
+
+ # Create the final "sources" from the config
+ mkSources = config:
+ mapAttrs (
+ name: spec:
+ if builtins.hasAttr "outPath" spec
+ then abort
+ "The values in sources.json should not have an 'outPath' attribute"
+ else
+ spec // { outPath = replace name (fetch config.pkgs name spec); }
+ ) config.sources;
+
+ # The "config" used by the fetchers
+ mkConfig =
+ { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
+ , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
+ , system ? builtins.currentSystem
+ , pkgs ? mkPkgs sources system
+ }: rec {
+ # The sources, i.e. the attribute set of spec name to spec
+ inherit sources;
+
+ # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
+ inherit pkgs;
+ };
+
+in
+mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
diff --git a/nix/tahoe-lafs-1_16.nix b/nix/tahoe-lafs-1_16.nix
deleted file mode 100644
index 0aed9bd9b1b83c3ff40bf33c5597c10cfd46c28e..0000000000000000000000000000000000000000
--- a/nix/tahoe-lafs-1_16.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ callPackage }:
-let
- repo = callPackage ./repo-1_16_0_rc1.nix { };
- tahoe-lafs = callPackage "${repo}/nix" { };
-in
- tahoe-lafs
diff --git a/overlays.nix b/overlays.nix
deleted file mode 100644
index a56387cc6297699930dbde34ae7ed3327218bb50..0000000000000000000000000000000000000000
--- a/overlays.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-self: super: {
- ristretto = super.callPackage ./ristretto.nix { };
-
- python27 = super.python27.override {
- packageOverrides = python-self: python-super: {
- # The newest typing is incompatible with the packaged version of
- # Hypothesis. Upgrading Hypothesis is like pulling on a loose thread in
- # a sweater. I pulled it as far as pytest where I found there was no
- # upgrade route because pytest has dropped Python 2 support.
- # Fortunately, downgrading typing ends up being fairly straightforward.
- #
- # For now. This is, no doubt, a sign of things to come for the Python 2
- # ecosystem - the early stages of a slow, painful death by the thousand
- # cuts of incompatibilities between libraries with no maintained Python
- # 2 support.
- typing = python-self.callPackage ./typing.nix { };
- };
- };
-}
diff --git a/python-challenge-bypass-ristretto-repo.nix b/python-challenge-bypass-ristretto-repo.nix
deleted file mode 100644
index c7e246f6c2bfb2b8b2fb73bc02ef38b818ac4ddf..0000000000000000000000000000000000000000
--- a/python-challenge-bypass-ristretto-repo.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
- pkgs = import <nixpkgs> {};
-in
- pkgs.fetchFromGitHub {
- owner = "LeastAuthority";
- repo = "python-challenge-bypass-ristretto";
- rev = "f1a7cfab1a7f1bf8b3345c228c2183064889ad83";
- sha256 = "12myak2jwaisljs7bmx1vydgd0fnxvkaisk4zsf0kshwxrlnyh3x";
- }
\ No newline at end of file
diff --git a/python-challenge-bypass-ristretto.nix b/python-challenge-bypass-ristretto.nix
deleted file mode 100644
index 0824d347c371b03705e3021e074508ebbd5a5a0f..0000000000000000000000000000000000000000
--- a/python-challenge-bypass-ristretto.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ callPackage }:
-let
- src = import ./python-challenge-bypass-ristretto-repo.nix;
- python-challenge-bypass-ristretto = callPackage "${src}" { };
-in
- python-challenge-bypass-ristretto.overrideAttrs (old: {
- patches = [
- ./remove-setuptools-scm.patch
- ];
- })
diff --git a/requirements/test.in b/requirements/test.in
new file mode 100644
index 0000000000000000000000000000000000000000..93cf1deaefec1eb0aaa179f111d4533fa3c8b8b7
--- /dev/null
+++ b/requirements/test.in
@@ -0,0 +1,5 @@
+coverage
+fixtures
+testtools
+hypothesis
+pyflakes
diff --git a/ristretto.nix b/ristretto.nix
deleted file mode 100644
index a2bd2c0cd0158455127bd3fd3eef17aae274eefd..0000000000000000000000000000000000000000
--- a/ristretto.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ fetchFromGitHub, callPackage }:
-let
- src = import ./python-challenge-bypass-ristretto-repo.nix { inherit fetchFromGitHub; };
-in
- callPackage "${src}/challenge-bypass-ristretto.nix" { }
diff --git a/setup.cfg b/setup.cfg
index 6b99b460b88f7e7f96e14f84f65be7da50a5bee9..0c4f044719917527c1935362b1b2b41492e8b4c3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,8 @@
# Generally describe the project
[metadata]
-name = Zero-Knowledge Access Pass Authorizer
+# See https://packaging.python.org/guides/distributing-packages-using-setuptools/#name
+# for requiremnts of a valid project name.
+name = zero-knowledge-access-pass-authorizer
version = attr: _zkapauthorizer.__version__
description = A `Tahoe-LAFS`_ storage-system plugin which authorizes storage operations based on privacy-respecting tokens.
long_description = file: README.rst, CHANGELOG.rst, LICENSE-2.0.txt
diff --git a/shell.nix b/shell.nix
index 82afac579e08b5fe57cd8fb8e787fbdd19e78605..f34fcf949ca84d7b092cf06761aae4f03db8df51 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,14 +1,17 @@
-{ pkgs ? import ./nixpkgs.nix { } }:
let
- zkapauthorizer = pkgs.callPackage ./default.nix { };
+ sources = import nix/sources.nix;
in
- (pkgs.python27.buildEnv.override {
- extraLibs = with pkgs.python27Packages; [
- fixtures
- testtools
- hypothesis
- pyhamcrest
- zkapauthorizer
- ];
- ignoreCollisions = true;
- }).env
+{ pkgs ? import sources.release2015 {}
+, tahoe-lafs-source ? "tahoe-lafs"
+}:
+ let
+ tests = pkgs.callPackage ./tests.nix {
+ inherit tahoe-lafs-source;
+ };
+ in
+ pkgs.mkShell {
+ packages = [
+ tests.python
+ pkgs.niv
+ ];
+ }
diff --git a/tests.nix b/tests.nix
new file mode 100644
index 0000000000000000000000000000000000000000..961d29d3399ff0bec7f9e0af63fae3cef12a86c8
--- /dev/null
+++ b/tests.nix
@@ -0,0 +1,58 @@
+let
+ sources = import nix/sources.nix;
+in
+{ pkgs ? import sources.release2015 {}
+, pypiData ? sources.pypi-deps-db
+, mach-nix ? import sources.mach-nix { inherit pkgs pypiData; }
+, tahoe-lafs-source ? "tahoe-lafs"
+, tahoe-lafs-repo ? sources.${tahoe-lafs-source}
+, privatestorage ? import ./. {
+ inherit pkgs pypiData mach-nix;
+ inherit tahoe-lafs-repo;
+ }
+, hypothesisProfile ? null
+, collectCoverage ? false
+, testSuite ? null
+, trialArgs ? null
+,
+}:
+ let
+ inherit (pkgs) lib;
+ inherit (privatestorage) zkapauthorizer;
+ hypothesisProfile' = if hypothesisProfile == null then "default" else hypothesisProfile;
+ defaultTrialArgs = [ "--rterrors" ] ++ (lib.optional (! collectCoverage) "--jobs=$NIX_BUILD_CORES");
+ trialArgs' = if trialArgs == null then defaultTrialArgs else trialArgs;
+ extraTrialArgs = builtins.concatStringsSep " " trialArgs';
+ testSuite' = if testSuite == null then "_zkapauthorizer" else testSuite;
+
+ python = mach-nix.mkPython {
+ inherit (zkapauthorizer.meta.mach-nix) python providers;
+ requirements =
+ builtins.readFile ./requirements/test.in;
+ packagesExtra = [ zkapauthorizer ];
+ _.hypothesis.postUnpack = "";
+ };
+ in
+ pkgs.runCommand "zkapauthorizer-tests" {
+ passthru = {
+ inherit python;
+ };
+ } ''
+ mkdir -p $out
+
+ pushd ${zkapauthorizer.src}
+ ${python}/bin/pyflakes
+ popd
+
+ ZKAPAUTHORIZER_HYPOTHESIS_PROFILE=${hypothesisProfile'} ${python}/bin/python -m ${if collectCoverage
+ then "coverage run --debug=config --rcfile=${zkapauthorizer.src}/.coveragerc --module"
+ else ""
+ } twisted.trial ${extraTrialArgs} ${testSuite'}
+
+ ${lib.optionalString collectCoverage
+ ''
+ mkdir -p "$out/coverage"
+ cp -v .coverage.* "$out/coverage"
+ ''
+ }
+ ''
diff --git a/typing.nix b/typing.nix
deleted file mode 100644
index 84c08746f9fdc6bc19bd121e37f168febefb2025..0000000000000000000000000000000000000000
--- a/typing.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ lib, buildPythonPackage, fetchPypi, pythonOlder, isPy3k, isPyPy, python }:
-
-let
- testDir = if isPy3k then "src" else "python2";
-
-in buildPythonPackage rec {
- pname = "typing";
- version = "3.6.6";
-
- src = fetchPypi {
- inherit pname version;
- sha256 = "sha256:0ba9acs4awx15bf9v3nrs781msbd2nx826906nj6fqks2bvca9s0";
- };
-
- # Error for Python3.6: ImportError: cannot import name 'ann_module'
- # See https://github.com/python/typing/pull/280
- # Also, don't bother on PyPy: AssertionError: TypeError not raised
- doCheck = pythonOlder "3.6" && !isPyPy;
-
- checkPhase = ''
- cd ${testDir}
- ${python.interpreter} -m unittest discover
- '';
-
- meta = with lib; {
- description = "Backport of typing module to Python versions older than 3.5";
- homepage = https://docs.python.org/3/library/typing.html;
- license = licenses.psfl;
- };
-}
diff --git a/zkapauthorizer.nix b/zkapauthorizer.nix
deleted file mode 100644
index 484c364166b2179a50e47e97acc468600949755e..0000000000000000000000000000000000000000
--- a/zkapauthorizer.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ lib
-, buildPythonPackage, sphinx, git
-, attrs, zope_interface, aniso8601, twisted, tahoe-lafs, challenge-bypass-ristretto, treq
-, fixtures, testtools, hypothesis, pyflakes, coverage
-, hypothesisProfile ? null
-, collectCoverage ? false
-, testSuite ? null
-, trialArgs ? null
-}:
-let
- hypothesisProfile' = if hypothesisProfile == null then "default" else hypothesisProfile;
- testSuite' = if testSuite == null then "_zkapauthorizer" else testSuite;
- defaultTrialArgs = [ "--rterrors" ] ++ ( lib.optional ( ! collectCoverage ) "--jobs=$NIX_BUILD_CORES" );
- trialArgs' = if trialArgs == null then defaultTrialArgs else trialArgs;
- extraTrialArgs = builtins.concatStringsSep " " trialArgs';
-in
-buildPythonPackage rec {
- version = "0.0";
- pname = "zero-knowledge-access-pass-authorizer";
- name = "${pname}-${version}";
- src = ./.;
-
- outputs = [ "out" ] ++ (if collectCoverage then [ "doc" ] else [ ]);
-
- depsBuildBuild = [
- git
- sphinx
- ];
-
- patches = [
- # Remove the Tahoe-LAFS version pin in distutils config. We have our own
- # pinning and also our Tahoe-LAFS package has a bogus version number. :/
- ./nix/setup.cfg.patch
- ];
-
- propagatedBuildInputs = [
- aniso8601
- tahoe-lafs
- challenge-bypass-ristretto
-
- # Inherit some things from tahoe-lafs to avoid conflicting versions
- #
- # attrs
- # zope_interface
- # twisted
- # eliot
- # treq
- ];
-
- checkInputs = [
- coverage
- fixtures
- testtools
- hypothesis
- ];
-
- checkPhase = ''
- runHook preCheck
- "${pyflakes}/bin/pyflakes" src/_zkapauthorizer
- ZKAPAUTHORIZER_HYPOTHESIS_PROFILE=${hypothesisProfile'} python -m ${if collectCoverage
- then "coverage run --debug=config --module"
- else ""
- } twisted.trial ${extraTrialArgs} ${testSuite'}
- runHook postCheck
- '';
-
- postCheck = if collectCoverage
- then ''
- mkdir -p "$doc/share/doc/${name}"
- cp -v .coverage.* "$doc/share/doc/${name}"
- ''
- else "";
-}