proof-of-concept: tahoe via mach-nix on nixos-21.05

nixos/pkgs/default.nix

@@ -20,6 +20,7 @@ let
 in
 {
   zkapissuer = callPackage ./zkapissuer {};
+  inherit (ourpkgs) leasereport;
   zkap-spending-service = callPackage ./zkap-spending-service {};
-  inherit (ourpkgs) privatestorage leasereport;
+  privatestorage = callPackage ./privatestorage.nix {};
 }

nixos/pkgs/privatestorage.nix

+{ pkgs, fetchFromGitHub, callPackage }:
+let
+  pypi-deps-db = fetchFromGitHub {
+    owner = "DavHau";
+    repo =  "pypi-deps-db";
+    rev = "dff83027fa68b7f70142a551efa4ebe1f018290a";
+    sha256 = "1plc6hgcraza9wwsziill7ig9hswpg8vzgm0yzwillc4vqrb5prr";
+  };
+  mach-nix = import (fetchFromGitHub {
+    owner = "DavHau";
+    repo = "mach-nix";
+    rev = "773580c35bcdb8cbd0820018d304686282f88d16";
+    sha256 = "105d6b6kgvn8kll639vx5adh5hp4gjcl4bs9rjzzyqz7367wbxj6";
+  })/* /tmp/mach-nix */ { inherit pkgs; pypiData = pypi-deps-db; python = "python27"; };
+  zkap-authorizer-src = fetchFromGitHub {
+    owner = "PrivateStorageio";
+    repo = "ZKAPAuthorizer";
+    rev = "e4430a0050cef286b723da7f8013c7affd5a58f7";
+    sha256 = "148d79zppsd6bnyagbx126s9x9yy975dx6rrbm26dh98kl1r8mbh";
+  };
+  zkap-authorizer = mach-nix.buildPythonPackage rec {
+    name = "ZKAPAuthorizer";
+    src = zkap-authorizer-src;
+    requirements = builtins.readFile ../../reqs;
+    providers = {
+      _default="wheel,sdist,nixpkgs"; #FIXME
+      autobahn = "wheel";
+      python-challenge-bypass-ristretto = "wheel"; #FIXME
+      boltons = "wheel";
+      humanize = "wheel";
+      tqdm = "wheel";
+      chardet = "wheel";
+      urllib3 = "wheel";
+      setuptools = "sdist";
+      pip = "sdist";
+      importlib-resources = "wheel";
+      tahoe-lafs = "sdist";
+    };
+    _.tahoe-lafs.patches = [ (
+      pkgs.fetchpatch {
+        url = "https://raw.githubusercontent.com/PrivateStorageio/nixpkgs/privatestorageio/pkgs/development/python-modules/tahoe-lafs/rsa-exponent.patch";
+        sha256 = "sha256-0vIMj5gZPbKLkow6wpA+Tz7bpyy+mZRSSFGmpg0VMyk=";
+      }
+      ) ]; 
+    meta.providers = providers;
+    meta._ = _;
+  };
+in 
+  mach-nix.mkPython {
+    inherit (zkap-authorizer.meta) providers _;
+    #requirements =  builtins.readFile ../../reqs;
+    packagesExtra = [ zkap-authorizer ];
+  }

reqs

+#
+# This file is autogenerated by pip-compile
+# To update, run:
+#
+#    pip-compile --allow-unsafe --output-file=reqs /tmp/zshccaPWV
+#
+aniso8601==9.0.1
+    # via zero-knowledge-access-pass-authorizer
+appdirs==1.4.4
+    # via twisted
+argparse==1.4.0
+    # via zfec
+attrs==21.2.0
+    # via
+    #   automat
+    #   magic-wormhole
+    #   python-challenge-bypass-ristretto
+    #   service-identity
+    #   tahoe-lafs
+    #   treq
+    #   twisted
+    #   zero-knowledge-access-pass-authorizer
+autobahn[twisted]==19.11.2
+    # via
+    #   magic-wormhole
+    #   tahoe-lafs
+automat==20.2.0
+    # via
+    #   magic-wormhole
+    #   twisted
+    #   txtorcon
+bcrypt==3.1.7
+    # via twisted
+boltons==21.0.0
+    # via eliot
+certifi==2021.5.30
+    # via requests
+cffi==1.14.6
+    # via
+    #   bcrypt
+    #   cryptography
+    #   pynacl
+    #   python-challenge-bypass-ristretto
+chardet==4.0.0
+    # via requests
+click==7.1.2
+    # via magic-wormhole
+constantly==15.1.0
+    # via twisted
+cryptography==3.3.2
+    # via
+    #   autobahn
+    #   pyopenssl
+    #   service-identity
+    #   tahoe-lafs
+    #   twisted
+    #   txtorcon
+eliot==1.7.0
+    # via
+    #   tahoe-lafs
+    #   zero-knowledge-access-pass-authorizer
+enum34==1.1.10
+    # via cryptography
+foolscap==0.13.1
+    # via tahoe-lafs
+hkdf==0.0.3
+    # via
+    #   magic-wormhole
+    #   spake2
+humanize==1.0.0
+    # via magic-wormhole
+hyperlink==21.0.0
+    # via
+    #   treq
+    #   twisted
+idna==2.10
+    # via
+    #   hyperlink
+    #   requests
+    #   twisted
+incremental==21.3.0
+    # via
+    #   treq
+    #   twisted
+    #   txtorcon
+ipaddress==1.0.23
+    # via
+    #   cryptography
+    #   service-identity
+    #   txtorcon
+magic-wormhole==0.12.0
+    # via tahoe-lafs
+nevow==0.14.5
+    # via tahoe-lafs
+pyasn1-modules==0.2.8
+    # via service-identity
+pyasn1==0.4.8
+    # via
+    #   pyasn1-modules
+    #   service-identity
+    #   twisted
+pycparser==2.20
+    # via cffi
+pyhamcrest==1.10.1
+    # via twisted
+pynacl==1.4.0
+    # via magic-wormhole
+pyopenssl==20.0.1
+    # via
+    #   foolscap
+    #   twisted
+pyrsistent==0.16.1
+    # via eliot
+python-challenge-bypass-ristretto
+    # via zero-knowledge-access-pass-authorizer
+pyutil==3.3.0
+    # via zero-knowledge-access-pass-authorizer
+pyyaml==5.4.1
+    # via tahoe-lafs
+requests==2.26.0
+    # via treq
+service-identity==21.1.0
+    # via twisted
+six==1.16.0
+    # via
+    #   autobahn
+    #   automat
+    #   bcrypt
+    #   cryptography
+    #   eliot
+    #   magic-wormhole
+    #   pyhamcrest
+    #   pynacl
+    #   pyopenssl
+    #   pyrsistent
+    #   service-identity
+    #   tahoe-lafs
+    #   treq
+    #   txaio
+spake2==0.8
+    # via magic-wormhole
+tahoe-lafs==1.14.0
+    # via zero-knowledge-access-pass-authorizer
+tqdm==4.62.2
+    # via magic-wormhole
+treq==21.1.0
+    # via zero-knowledge-access-pass-authorizer
+twisted[conch,tls]==20.3.0
+    # via
+    #   autobahn
+    #   foolscap
+    #   magic-wormhole
+    #   nevow
+    #   tahoe-lafs
+    #   treq
+    #   txtorcon
+    #   zero-knowledge-access-pass-authorizer
+txaio==18.8.1
+    # via autobahn
+txtorcon==21.1.0
+    # via magic-wormhole
+typing==3.10.0.0
+    # via hyperlink
+urllib3==1.26.6
+    # via requests
+zfec==1.5.5
+    # via tahoe-lafs
+zope.interface==5.4.0
+    # via
+    #   autobahn
+    #   eliot
+    #   tahoe-lafs
+    #   twisted
+    #   txtorcon
+    #   zero-knowledge-access-pass-authorizer
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==44.1.1
+    # via
+    #   tahoe-lafs
+    #   zope.interface