From 6d7ea49ce088c7be74db87204a8db2dd1012f156 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 1 Mar 2024 23:49:17 +0000 Subject: [PATCH] authentik: 2023.10.5.2 -> 2024.2.1 --- nix/pkgs/authentik/default.nix | 6 +- nix/pkgs/authentik/docs/default.nix | 4 +- nix/pkgs/authentik/goserver/default.nix | 2 +- nix/pkgs/authentik/pythonapp/default.nix | 77 +++++++++---------- nix/pkgs/authentik/webui/default.nix | 2 +- third_party/default.nix | 19 ++++- .../poetry2nix-cryptography-42.0.4.patch | 12 +++ 7 files changed, 71 insertions(+), 51 deletions(-) create mode 100644 third_party/poetry2nix-cryptography-42.0.4.patch diff --git a/nix/pkgs/authentik/default.nix b/nix/pkgs/authentik/default.nix index 10b638987a..49a16d4a0e 100644 --- a/nix/pkgs/authentik/default.nix +++ b/nix/pkgs/authentik/default.nix @@ -1,12 +1,12 @@ { pkgs, ... }@args: let - version = "2023.10.5.2-lukegb"; + version = "2024.2.1-lukegb"; src = pkgs.fetchFromGitHub { owner = "lukegb"; repo = "authentik"; - rev = "9ea1129ca7948641649ec7f9e7199dbd63aa41d1"; - hash = "sha256:1bipfilavgbfdx4ypidf5vh69mnqamy0ibppdp0kkj9dcdnyva9w"; + rev = "7bc32aa0e466824b7b21514c4e855b963268cde8"; + hash = "sha256:0q4yq0x320x0gfiyjs7kcnh83vq1c50xjsh56l9z7yaxqvc9z1qp"; }; subargs = args // { inherit src version; }; in rec { diff --git a/nix/pkgs/authentik/docs/default.nix b/nix/pkgs/authentik/docs/default.nix index eebce01e10..749edd5137 100644 --- a/nix/pkgs/authentik/docs/default.nix +++ b/nix/pkgs/authentik/docs/default.nix @@ -6,8 +6,8 @@ pkgs.buildNpmPackage rec { sourceRoot = "source/website"; - npmDepsHash = "sha256:1sa7yb4vrkxj26rn4pxrhjm7blw63k0kd43lwsvrz7nc9g20bn71"; - npmBuildFlags = "-- --config docusaurus.docs-only.js"; + npmDepsHash = "sha256:03w483wh6dxarwh3bp6dva1r7kcy9py0lcg95l94915vf42h5855"; + npmBuildFlags = "-- --config docusaurus.docs-only.ts"; dontNpmInstall = true; installPhase = '' diff --git a/nix/pkgs/authentik/goserver/default.nix b/nix/pkgs/authentik/goserver/default.nix index 46da51d402..2c6af39542 100644 --- a/nix/pkgs/authentik/goserver/default.nix +++ b/nix/pkgs/authentik/goserver/default.nix @@ -4,6 +4,6 @@ pkgs.buildGoModule { pname = "authentik-server"; inherit src version; - vendorHash = "sha256:13mx1xrjbn186c0x30c81axabnpiz4618wshvy2wap3vmzarrzbs"; + vendorHash = "sha256:0drzpccf3qrdhb5f2lv7lp2yaa81nhf60wr25g95c740931xiws4"; subPackages = "cmd/server"; } diff --git a/nix/pkgs/authentik/pythonapp/default.nix b/nix/pkgs/authentik/pythonapp/default.nix index 05e78a0784..4a6e59df54 100644 --- a/nix/pkgs/authentik/pythonapp/default.nix +++ b/nix/pkgs/authentik/pythonapp/default.nix @@ -68,21 +68,6 @@ let urllib3-secure-extra = super.urllib3-secure-extra.overridePythonAttrs (old: { nativeBuildInputs = old.nativeBuildInputs ++ [ self.flit-core ]; }); - #watchfiles = self.callPackage ../../../../third_party/nixpkgs/pkgs/development/python-modules/watchfiles/default.nix { CoreServices = null; }; - - #kombu = assert assertVersion super.kombu "5.2.4"; super.kombu.overridePythonAttrs (old: { - # buildInputs = (old.buildInputs or []) ++ [ self.setuptools ]; - # postPatch = '' - # ${old.postPatch or ""} - # substituteInPlace requirements/test.txt --replace "pytz>dev" "pytz" - # ''; - #}); - #isort = assert assertVersion super.isort "5.10.1"; super.isort.overridePythonAttrs (old: { - # postPatch = '' - # ${old.postPatch or ""} - # substituteInPlace pyproject.toml --replace "pip-shims<=0.3.4" "pip-shims" - # ''; - #}); asyncio = null; pyrad = assert assertVersion super.pyrad "2.4"; super.pyrad.overridePythonAttrs (old: { patches = [ (pkgs.fetchpatch { @@ -104,43 +89,53 @@ let gunicorn = assert assertVersion super.gunicorn "21.2.0"; super.gunicorn.overridePythonAttrs (old: { buildInputs = (old.buildInputs or []) ++ [ self.packaging ]; }); - psycopg-c = assert assertVersion super.psycopg-c "3.1.12"; super.psycopg-c.overridePythonAttrs (old: { + django-tenants = assert assertVersion super.django-tenants "3.6.1"; super.django-tenants.overridePythonAttrs (old: { + buildInputs = (old.buildInputs or []) ++ [ self.setuptools ]; + }); + psycopg-c = assert assertVersion super.psycopg-c "3.1.18"; super.psycopg-c.overridePythonAttrs (old: { propagatedBuildInputs = (old.propagatedBuildInputs or []) ++ [ self.tomli ]; nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ pkgs.postgresql ]; buildInputs = (old.buildInputs or []) ++ [ self.setuptools ]; }); - rpds-py = assert assertVersion super.rpds-py "0.10.0"; super.rpds-py.overridePythonAttrs (old: { - cargoDeps = pkgs.rustPlatform.importCargoLock { - lockFile = ./Cargo.rpds-py.lock; - }; - nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ - pkgs.cargo - pkgs.rustPlatform.cargoSetupHook - pkgs.rustPlatform.maturinBuildHook - pkgs.rustc - ]; - }); - #annotated-types = assert assertVersion super.annotated-types "0.5.0"; super.annotated-types.overridePythonAttrs (old: { - # nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ pkgs.cargo pkgs.rustc pkgs.maturin ]; + #rpds-py = assert assertVersion super.rpds-py "0.16.2"; super.rpds-py.overridePythonAttrs (old: { + # cargoDeps = pkgs.rustPlatform.importCargoLock { + # lockFile = ./Cargo.rpds-py.lock; + # }; + # nativeBuildInputs = (old.nativeBuildInputs or []) ++ [ + # pkgs.cargo + # pkgs.rustPlatform.cargoSetupHook + # pkgs.rustPlatform.maturinBuildHook + # pkgs.rustc + # ]; #}); - annotated-types = assert assertVersion super.annotated-types "0.5.0"; super.annotated-types.overridePythonAttrs (old: { - buildInputs = (old.buildInputs or []) ++ [ self.hatchling ]; + #annotated-types = assert assertVersion super.annotated-types "0.6.0"; super.annotated-types.overridePythonAttrs (old: { + # buildInputs = (old.buildInputs or []) ++ [ self.hatchling ]; + #}); + #service-identity = assert assertVersion super.service-identity "24.1.0"; super.service-identity.overridePythonAttrs (old: { + # buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs self.hatch-fancy-pypi-readme ]; + #}); + lxml = assert assertVersion super.lxml "5.1.0"; super.lxml.overridePythonAttrs (old: { + name = "lxml-4.9.4"; + version = "4.9.4"; + src = pkgs.fetchFromGitHub { + owner = "lxml"; + repo = "lxml"; + rev = "lxml-4.9.4"; + sha256 = "sha256:160x1z93q916lqcj571g7295hyl8an8dnppni2lmcy1ppz0v8bd9"; + }; }); - service-identity = assert assertVersion super.service-identity "23.1.0"; super.service-identity.overridePythonAttrs (old: { - buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs self.hatch-fancy-pypi-readme ]; - }); - twisted = assert assertVersion super.twisted "23.8.0"; super.twisted.overridePythonAttrs (old: { + twisted = assert assertVersion super.twisted "23.10.0"; super.twisted.overridePythonAttrs (old: { buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-fancy-pypi-readme self.incremental ]; }); argon2-cffi = assert assertVersion super.argon2-cffi "23.1.0"; super.argon2-cffi.overridePythonAttrs (old: { buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs self.hatch-fancy-pypi-readme ]; }); - referencing = assert assertVersion super.referencing "0.30.2"; super.referencing.overridePythonAttrs (old: { - buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs ]; - }); - jsonschema-specifications = assert assertVersion super.jsonschema-specifications "2023.7.1"; super.jsonschema-specifications.overridePythonAttrs (old: { - buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs ]; - }); + #referencing = assert assertVersion super.referencing "0.32.1"; super.referencing.overridePythonAttrs (old: { + # buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs ]; + #}); + #jsonschema-specifications = assert assertVersion super.jsonschema-specifications "2023.12.1"; super.jsonschema-specifications.overridePythonAttrs (old: { + # buildInputs = (old.buildInputs or []) ++ [ self.hatchling self.hatch-vcs ]; + #}); }); buildInputs = [ pkgs.bash ]; diff --git a/nix/pkgs/authentik/webui/default.nix b/nix/pkgs/authentik/webui/default.nix index 9c187d9c39..3a4897a82a 100644 --- a/nix/pkgs/authentik/webui/default.nix +++ b/nix/pkgs/authentik/webui/default.nix @@ -7,7 +7,7 @@ pkgs.buildNpmPackage { sourceRoot = "source/web"; nativeBuildInputs = [ pkgs.python3 ]; - npmDepsHash = "sha256:12d637kdmcmrbm99idyppyii0pd1yf6qk6573aili87d1aa8m875"; + npmDepsHash = "sha256:1v69zmbksras3b3fggiqkfaj727gjb3v9x0a9ziyxamyb7vyrp2y"; dontNpmInstall = true; installPhase = '' diff --git a/third_party/default.nix b/third_party/default.nix index cc1c656e71..51d2ba5833 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -82,12 +82,25 @@ let rev = "e0fe990b478a66178a58c69cf53daec0478ca6f9"; sha256 = "sha256:0qjyfmw5v7s6ynjns4a61vlyj9cghj7vbpgrp9147ngb1f8krz2c"; }; - poetry2nixSrc = nixpkgs.fetchFromGitHub { + poetry2nixSrcRaw = nixpkgs.fetchFromGitHub { owner = "nix-community"; repo = "poetry2nix"; - rev = "528d500ea826383cc126a9be1e633fc92b19ce5d"; - hash = "sha256:1q245v4q0bb30ncfj66gl6dl1k46am28x7kjj6d3y7r6l4fzppq8"; + rev = "3c92540611f42d3fb2d0d084a6c694cd6544b609"; + hash = "sha256:1jfrangw0xb5b8sdkimc550p3m98zhpb1fayahnr7crg74as4qyq"; }; + poetry2nixSrc = nixpkgs.runCommand "poetry2nix-patched" { + patches = [ + ./poetry2nix-cryptography-42.0.4.patch + ]; + src = poetry2nixSrcRaw; + } '' + cp -R $src $out + chmod -R +w $out + cd $out + for p in $patches; do + patch -p1 < "$p" + done + ''; tvlDepot = import ./tvl { nixpkgsBisectPath = ./nixpkgs; inherit nixpkgsConfig; nixpkgsSystem = system; }; in diff --git a/third_party/poetry2nix-cryptography-42.0.4.patch b/third_party/poetry2nix-cryptography-42.0.4.patch new file mode 100644 index 0000000000..7892b7fd3c --- /dev/null +++ b/third_party/poetry2nix-cryptography-42.0.4.patch @@ -0,0 +1,12 @@ +diff --git a/overrides/default.nix b/overrides/default.nix +index c0f6dab200...ccbdedc947 100644 +--- a/overrides/default.nix ++++ b/overrides/default.nix +@@ -559,6 +559,7 @@ + "42.0.1" = "sha256-Kq/TSoI1cm9Pwg5CulNlAADmxdq0oWbgymHeMErUtcE="; + "42.0.2" = "sha256-jw/FC5rQO77h6omtBp0Nc2oitkVbNElbkBUduyprTIc="; + "42.0.3" = "sha256-QBZLGXdQz2WIBlAJM+yBk1QgmfF4b3G0Y1I5lZmAmtU="; ++ "42.0.4" = "sha256-qaXQiF1xZvv4sNIiR2cb5TfD7oNiYdvUwcm37nh2P2M="; + }.${version} or ( + lib.warn "Unknown cryptography version: '${version}'. Please update getCargoHash." lib.fakeHash + );