diff --git a/new.nix b/new.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b053d219ef7223624cbad8d45b91cb2910f9b3fa
--- /dev/null
+++ b/new.nix
@@ -0,0 +1,63 @@
+let
+ sources = import nix/sources.nix;
+in
+{ pkgs ? import sources.release2015 {}
+, pypiData ? sources.pypi-deps-db
+, mach-nix ? import sources.mach-nix { inherit pkgs pypiData; python = "python27"; }
+,
+}:
+ let
+ python-challenge-bypass-ristretto =
+ (
+ mach-nix.buildPythonPackage rec {
+ nativeBuildInputs = [
+ pkgs.git
+ pkgs.rustPlatform.rust.rustc
+ pkgs.rustPlatform.rust.cargo
+ ];
+ buildInputs = [
+ pkgs.rustPlatform.cargoSetupHook
+ pkgs.python2.pkgs.milksnake
+ pkgs.python2.pkgs.setuptools-scm
+ ];
+ cargoRoot = "challenge-bypass-ristretto-ffi";
+ cargoDeps = pkgs.rustPlatform.fetchCargoTarball {
+ inherit src;
+ sourceRoot = "source/${cargoRoot}";
+ sha256 = "sha256-ewqfNMaOZyNSs8epaviER63iUzljr4fbOeWd3WXYDO4=";
+ };
+ format = "setuptools";
+ src = pkgs.fetchFromGitHub {
+ owner = "LeastAuthority";
+ repo = "python-challenge-bypass-ristretto";
+ rev = "02482f4afe72521377d5bbe2dc1402fecd4c6a9a";
+ sha256 = "sha256-PtyC1fk/WAOZvsCc2vK3XNDt/V21DT5Txdo09LmO8bc=";
+ fetchSubmodules = true;
+ leaveDotGit = true;
+ };
+ version = "2021.07.12";
+ }
+ );
+ in
+ mach-nix.buildPythonApplication rec {
+ name = "zero-knowledge-access-pass-authorizer";
+ src = ./.;
+ providers = {
+ _default = "sdist,nixpkgs,wheel";
+ # Pure python packages that don't build correctly from sdists
+ # - patches in nixpkgs that don't apply
+ # - missing build dependencies
+ platformdirs = "wheel";
+ boltons = "wheel";
+ klein = "wheel";
+ humanize = "wheel";
+ chardet = "wheel";
+ urllib3 = "wheel";
+ # FIMXE
+ };
+ format = "setuptools";
+ overridesPre = [ (self: super: { inherit python-challenge-bypass-ristretto; }) ];
+ requirements = builtins.readFile ./requirements/base.txt;
+ # Record some settings here, so downstream nix files can consume them.
+ #meta.mach-nix = { inherit python providers; };
+ }
diff --git a/nix/sources.json b/nix/sources.json
new file mode 100644
index 0000000000000000000000000000000000000000..25e7f0bed44e8507b217eff0a03ea166b14ce799
--- /dev/null
+++ b/nix/sources.json
@@ -0,0 +1,44 @@
+{
+ "mach-nix": {
+ "branch": "refs/tags/3.3.0",
+ "description": "Create highly reproducible python environments",
+ "homepage": "",
+ "owner": "DavHau",
+ "repo": "mach-nix",
+ "rev": "773580c35bcdb8cbd0820018d304686282f88d16",
+ "sha256": "105d6b6kgvn8kll639vx5adh5hp4gjcl4bs9rjzzyqz7367wbxj6",
+ "type": "tarball",
+ "url": "https://github.com/DavHau/mach-nix/archive/773580c35bcdb8cbd0820018d304686282f88d16.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "niv": {
+ "branch": "master",
+ "description": "Easy dependency management for Nix projects",
+ "homepage": "https://github.com/nmattia/niv",
+ "owner": "nmattia",
+ "repo": "niv",
+ "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070",
+ "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx",
+ "type": "tarball",
+ "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "pypi-deps-db": {
+ "branch": "master",
+ "description": "Probably the most complete python dependency database",
+ "homepage": "",
+ "owner": "DavHau",
+ "repo": "pypi-deps-db",
+ "rev": "86593d090eb4753138a501fef60cdfbd2c612e77",
+ "sha256": "0dfr92vh4fr8cyd5cgicxaa4wy4m53a7nmwbn1352isph2zbp0kk",
+ "type": "tarball",
+ "url": "https://github.com/DavHau/pypi-deps-db/archive/86593d090eb4753138a501fef60cdfbd2c612e77.tar.gz",
+ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+ },
+ "release2015": {
+ "sha256": "12p7v805xj5as2fbdh30i0b9iwy8y24sk256rgqfqylxj1784mn8",
+ "type": "tarball",
+ "url": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3367.fd8a7fd07da/nixexprs.tar.xz",
+ "url_template": "https://releases.nixos.org/nixos/21.05/nixos-21.05.3367.fd8a7fd07da/nixexprs.tar.xz"
+ }
+}
diff --git a/nix/sources.nix b/nix/sources.nix
new file mode 100644
index 0000000000000000000000000000000000000000..1938409dddb0b57d9f298046cf51875060283df2
--- /dev/null
+++ b/nix/sources.nix
@@ -0,0 +1,174 @@
+# This file has been generated by Niv.
+
+let
+
+ #
+ # The fetchers. fetch_<type> fetches specs of type <type>.
+ #
+
+ fetch_file = pkgs: name: spec:
+ let
+ name' = sanitizeName name + "-src";
+ in
+ if spec.builtin or true then
+ builtins_fetchurl { inherit (spec) url sha256; name = name'; }
+ else
+ pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
+
+ fetch_tarball = pkgs: name: spec:
+ let
+ name' = sanitizeName name + "-src";
+ in
+ if spec.builtin or true then
+ builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
+ else
+ pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
+
+ fetch_git = name: spec:
+ let
+ ref =
+ if spec ? ref then spec.ref else
+ if spec ? branch then "refs/heads/${spec.branch}" else
+ if spec ? tag then "refs/tags/${spec.tag}" else
+ abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
+ in
+ builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
+
+ fetch_local = spec: spec.path;
+
+ fetch_builtin-tarball = name: throw
+ ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`.
+ $ niv modify ${name} -a type=tarball -a builtin=true'';
+
+ fetch_builtin-url = name: throw
+ ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`.
+ $ niv modify ${name} -a type=file -a builtin=true'';
+
+ #
+ # Various helpers
+ #
+
+ # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
+ sanitizeName = name:
+ (
+ concatMapStrings (s: if builtins.isList s then "-" else s)
+ (
+ builtins.split "[^[:alnum:]+._?=-]+"
+ ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
+ )
+ );
+
+ # The set of packages used when specs are fetched using non-builtins.
+ mkPkgs = sources: system:
+ let
+ sourcesNixpkgs =
+ import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
+ hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
+ hasThisAsNixpkgsPath = <nixpkgs> == ./.;
+ in
+ if builtins.hasAttr "nixpkgs" sources
+ then sourcesNixpkgs
+ else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
+ import <nixpkgs> {}
+ else
+ abort
+ ''
+ Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
+ add a package called "nixpkgs" to your sources.json.
+ '';
+
+ # The actual fetching function.
+ fetch = pkgs: name: spec:
+
+ if ! builtins.hasAttr "type" spec then
+ abort "ERROR: niv spec ${name} does not have a 'type' attribute"
+ else if spec.type == "file" then fetch_file pkgs name spec
+ else if spec.type == "tarball" then fetch_tarball pkgs name spec
+ else if spec.type == "git" then fetch_git name spec
+ else if spec.type == "local" then fetch_local spec
+ else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
+ else if spec.type == "builtin-url" then fetch_builtin-url name
+ else
+ abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
+
+ # If the environment variable NIV_OVERRIDE_${name} is set, then use
+ # the path directly as opposed to the fetched source.
+ replace = name: drv:
+ let
+ saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name;
+ ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}";
+ in
+ if ersatz == "" then drv else
+ # this turns the string into an actual Nix path (for both absolute and
+ # relative paths)
+ if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}";
+
+ # Ports of functions for older nix versions
+
+ # a Nix version of mapAttrs if the built-in doesn't exist
+ mapAttrs = builtins.mapAttrs or (
+ f: set: with builtins;
+ listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
+ );
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+ range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1);
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+ stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+ # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+ stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+ concatMapStrings = f: list: concatStrings (map f list);
+ concatStrings = builtins.concatStringsSep "";
+
+ # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
+ optionalAttrs = cond: as: if cond then as else {};
+
+ # fetchTarball version that is compatible between all the versions of Nix
+ builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
+ let
+ inherit (builtins) lessThan nixVersion fetchTarball;
+ in
+ if lessThan nixVersion "1.12" then
+ fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
+ else
+ fetchTarball attrs;
+
+ # fetchurl version that is compatible between all the versions of Nix
+ builtins_fetchurl = { url, name ? null, sha256 }@attrs:
+ let
+ inherit (builtins) lessThan nixVersion fetchurl;
+ in
+ if lessThan nixVersion "1.12" then
+ fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
+ else
+ fetchurl attrs;
+
+ # Create the final "sources" from the config
+ mkSources = config:
+ mapAttrs (
+ name: spec:
+ if builtins.hasAttr "outPath" spec
+ then abort
+ "The values in sources.json should not have an 'outPath' attribute"
+ else
+ spec // { outPath = replace name (fetch config.pkgs name spec); }
+ ) config.sources;
+
+ # The "config" used by the fetchers
+ mkConfig =
+ { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
+ , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
+ , system ? builtins.currentSystem
+ , pkgs ? mkPkgs sources system
+ }: rec {
+ # The sources, i.e. the attribute set of spec name to spec
+ inherit sources;
+
+ # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
+ inherit pkgs;
+ };
+
+in
+mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }