diff --git a/examples/configuration.nix b/examples/configuration.nix index c946a35..bb36d07 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -274,7 +274,7 @@ # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. - system.stateVersion = "21.11"; # Did you read the comment? + system.stateVersion = "22.05"; # Did you read the comment? # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an diff --git a/examples/deploy-container.sh b/examples/deploy-container.sh index f3c7ea2..2127bf1 100755 --- a/examples/deploy-container.sh +++ b/examples/deploy-container.sh @@ -53,7 +53,7 @@ echo "lightning-cli state:" c lightning-cli getinfo echo echo "Bitcoind data dir:" -sudo ls -al /var/lib/containers/demo-node/var/lib/bitcoind +sudo ls -al /var/lib/*containers/demo-node/var/lib/bitcoind ' nodeInfoCmd=' echo diff --git a/examples/deploy-krops.sh b/examples/deploy-krops.sh index cf7de7f..6cbd0e1 100755 --- a/examples/deploy-krops.sh +++ b/examples/deploy-krops.sh @@ -26,15 +26,17 @@ echo "Building the target VM" # Build the initial VM to which the nix-bitcoin node is deployed via krops nix-build --out-link $tmpDir/vm - <<'EOF' (import { - configuration = { lib, ... }: { + configuration = { config, lib, ... }: { imports = [ ]; services.openssh.enable = true; # Silence the following warning that appears when deploying via krops: # warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring nix.nixPath = lib.mkForce []; + + system.stateVersion = config.system.nixos.release; }; -}).vm +}).config.system.build.vm EOF vmNumCPUs=4 diff --git a/examples/deploy-qemu-vm.sh b/examples/deploy-qemu-vm.sh index 77869b2..53c971c 100755 --- a/examples/deploy-qemu-vm.sh +++ b/examples/deploy-qemu-vm.sh @@ -31,7 +31,7 @@ nix-build --out-link $tmpDir/vm - <<'EOF' ]; nix-bitcoin.generateSecrets = true; }; -}).vm +}).config.system.build.vm EOF vmNumCPUs=4 diff --git a/examples/qemu-vm/minimal-vm.nix b/examples/qemu-vm/minimal-vm.nix index eb89eb6..2c1f51a 100644 --- a/examples/qemu-vm/minimal-vm.nix +++ b/examples/qemu-vm/minimal-vm.nix @@ -13,19 +13,21 @@ rec { vm = (import "${nixpkgs}/nixos" { inherit system; - configuration = { lib, ... }: { + configuration = { config, lib, modulesPath, ... }: { imports = [ nix-bitcoin.nixosModules.default "${nix-bitcoin}/modules/presets/secure-node.nix" + "${modulesPath}/virtualisation/qemu-vm.nix" ]; + virtualisation.graphics = false; + nix-bitcoin.generateSecrets = true; services.clightning.enable = true; # For faster startup in offline VMs services.clightning.extraConfig = "disable-dns"; nixpkgs.pkgs = pkgs; - virtualisation.graphics = false; services.getty.autologinUser = "root"; nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; @@ -42,8 +44,10 @@ rec { systemd.services."serial-getty@".preStop = '' echo o >/proc/sysrq-trigger ''; + + system.stateVersion = config.system.nixos.release; }; - }).vm; + }).config.system.build.vm; runVM = mkVMScript vm; } diff --git a/examples/qemu-vm/vm-config.nix b/examples/qemu-vm/vm-config.nix index df3d40c..28f8cd3 100644 --- a/examples/qemu-vm/vm-config.nix +++ b/examples/qemu-vm/vm-config.nix @@ -1,7 +1,10 @@ +{ modulesPath, ... }: { # Disable the hardened preset to improve VM performance disabledModules = [ ]; + imports = [ "${modulesPath}/virtualisation/qemu-vm.nix" ]; + config = { virtualisation.graphics = false; services.getty.autologinUser = "root"; diff --git a/flake.lock b/flake.lock index 3db4bb9..05d77c5 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1656065134, + "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c", "type": "github" }, "original": { @@ -17,27 +17,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1653830209, - "narHash": "sha256-V+HnLKJzvk2HZcLUKt9z2puZ46vLo74chOakxbLfXek=", + "lastModified": 1656265786, + "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cc257c49c495b2d0d7d40c5753a452d0abc8adf3", + "rev": "cd90e773eae83ba7733d2377b6cdf84d45558780", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgsUnstable": { "locked": { - "lastModified": 1653738054, - "narHash": "sha256-IaR8iLN4Ms3f5EjU1CJkXSc49ZzyS5qv03DtVAti6/s=", + "lastModified": 1656250965, + "narHash": "sha256-2IlNf6jxEJiuCrGymqLOLjxk2SIj4HhVIwEb0kvcs24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17b62c338f2a0862a58bb6951556beecd98ccda9", + "rev": "9a17f325397d137ac4d219ecbd5c7f15154422f4", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 338bce1..2cf84cf 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ ''; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; }; diff --git a/helper/update-flake.nix b/helper/update-flake.nix index 43fbd9c..2bc592e 100644 --- a/helper/update-flake.nix +++ b/helper/update-flake.nix @@ -8,8 +8,8 @@ in rec { # stable = { bitcoind = "0.21.1"; ... }; # unstable = { btcpayserver = "1.2.1"; ... }; # } - # A pinned pkg is added to `stable` if the stable and unstable pkg versions - # are identical. + # A pinned pkg is added to `stable` if its stable version is newer or + # identical to the unstable version. versions = let pinned = flake.legacyPackages.x86_64-linux.pinned; pinnedPkgs = lib.filterAttrs (n: v: lib.isDerivation v) pinned; @@ -17,7 +17,8 @@ in rec { unstable = pinned.pkgsUnstable; isStable = builtins.partition (pkgName: !(unstable ? "${pkgName}") || - ((stable ? "${pkgName}") && stable.${pkgName}.version == unstable.${pkgName}.version) + ((stable ? "${pkgName}") + && (builtins.compareVersions stable.${pkgName}.version unstable.${pkgName}.version >= 0)) ) (builtins.attrNames pinnedPkgs); in { stable = lib.genAttrs isStable.right (pkgName: stable.${pkgName}.version); diff --git a/pkgs/clightning-plugins/default.nix b/pkgs/clightning-plugins/default.nix index d8eb58e..68187ab 100644 --- a/pkgs/clightning-plugins/default.nix +++ b/pkgs/clightning-plugins/default.nix @@ -22,7 +22,7 @@ let description = "Lightning node exporter for the prometheus timeseries server"; extraPkgs = [ prometheus_client ]; patchRequirements = - "--replace prometheus-client==0.6.0 prometheus-client==0.11.0" + "--replace prometheus-client==0.6.0 prometheus-client==0.13.1" + " --replace pyln-client~=0.9.3 pyln-client~=0.10.1"; }; rebalance = { description = "Keeps your channels balanced"; }; diff --git a/pkgs/lndinit/default.nix b/pkgs/lndinit/default.nix index 4cbd760..a24ceaf 100644 --- a/pkgs/lndinit/default.nix +++ b/pkgs/lndinit/default.nix @@ -11,7 +11,7 @@ buildGoModule rec { sha256 = "sha256-sO1DpbppCurxr9g9nUl9Vx82FJK1mTcUw3rY1Fm1wEU="; }; - vendorSha256 = "sha256-xdxxixSabcuGzwCctHrP/RV/Z8sCQDmk2PU4j1u8MX8="; + vendorSha256 = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE="; subPackages = [ "." ]; diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index 2a4f963..608ac72 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -2,21 +2,21 @@ pkgs: pkgsUnstable: { inherit (pkgs) - charge-lnd - extra-container; - - inherit (pkgsUnstable) bitcoin bitcoind - btcpayserver + charge-lnd clightning electrs elementsd - hwi - lightning-loop + extra-container lightning-pool lnd - lndconnect + lndconnect; + + inherit (pkgsUnstable) + btcpayserver + hwi + lightning-loop nbxplorer; inherit pkgs pkgsUnstable; diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index 1479ee1..cd2c593 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -26,6 +26,12 @@ in { pyln-bolt7 = clightningPkg ./pyln-bolt7; pylightning = clightningPkg ./pylightning; + # Don't mark `klein` as broken. + # `klein` is fixed by using werkzeug 2.1.0 (see below) + klein = super.klein.overrideAttrs (old: { + meta = builtins.removeAttrs old.meta [ "broken" ]; + }); + ## Specific versions of packages that already exist in nixpkgs # cryptography 3.3.2, required by joinmarketdaemon @@ -34,17 +40,12 @@ in { cryptography_vectors = callPackage ./specific-versions/cryptography/vectors.nix {}; }; - # cryptography 36.0.0, required by pyln-proto. - cryptography = callPackage "${unstable}/pkgs/development/python-modules/cryptography" { - Security = self.darwin.apple_sdk.frameworks.Security; - }; - # autobahn 20.12.3, required by joinmarketclient autobahn = callPackage ./specific-versions/autobahn.nix {}; - # tubes 0.2.0, required by jmclient (via pkg `klein`) - tubes = callPackage ./specific-versions/tubes.nix {}; + # werkzeug 2.1.0, required by jmclient (via pkg `klein`) + werkzeug = callPackage ./specific-versions/werkzeug.nix {}; - # recommonmark 0.7.1, required by pyln-client - recommonmark = callPackage ./specific-versions/recommonmark.nix { inherit (super) recommonmark; }; + # pyopenssl 20.0.1, required by joinmarketdaemon + pyopenssl = callPackage ./specific-versions/pyopenssl.nix {}; } diff --git a/pkgs/python-packages/jmclient/default.nix b/pkgs/python-packages/jmclient/default.nix index dde369b..2044691 100644 --- a/pkgs/python-packages/jmclient/default.nix +++ b/pkgs/python-packages/jmclient/default.nix @@ -13,6 +13,8 @@ buildPythonPackage rec { patchPhase = '' substituteInPlace setup.py \ --replace "'klein==20.6.0'" "'klein==21.8.0'" + substituteInPlace setup.py \ + --replace "'pyjwt==2.1.0'" "'pyjwt==2.3.0'" ''; meta = with lib; { diff --git a/pkgs/python-packages/specific-versions/pyopenssl.nix b/pkgs/python-packages/specific-versions/pyopenssl.nix new file mode 100644 index 0000000..6887310 --- /dev/null +++ b/pkgs/python-packages/specific-versions/pyopenssl.nix @@ -0,0 +1,92 @@ +{ lib +, stdenv +, buildPythonPackage +, fetchPypi +, openssl +, cryptography +, pyasn1 +, idna +, pytest +, pretend +, flaky +, glibcLocales +, six +}: + +let + # https://github.com/pyca/pyopenssl/issues/791 + # These tests, we disable in the case that libressl is passed in as openssl. + failingLibresslTests = [ + "test_op_no_compression" + "test_npn_advertise_error" + "test_npn_select_error" + "test_npn_client_fail" + "test_npn_success" + "test_use_certificate_chain_file_unicode" + "test_use_certificate_chain_file_bytes" + "test_add_extra_chain_cert" + "test_set_session_id_fail" + "test_verify_with_revoked" + "test_set_notAfter" + "test_set_notBefore" + ]; + + # these tests are extremely tightly wed to the exact output of the openssl cli tool, + # including exact punctuation. + failingOpenSSL_1_1Tests = [ + "test_dump_certificate" + "test_dump_privatekey_text" + "test_dump_certificate_request" + "test_export_text" + ]; + + disabledTests = [ + # https://github.com/pyca/pyopenssl/issues/692 + # These tests, we disable always. + "test_set_default_verify_paths" + "test_fallback_default_verify_paths" + # https://github.com/pyca/pyopenssl/issues/768 + "test_wantWriteError" + ] ++ ( + lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests + ) ++ ( + lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests + ) ++ ( + # https://github.com/pyca/pyopenssl/issues/974 + lib.optionals stdenv.is32bit [ "test_verify_with_time" ] + ); + + # Compose the final string expression, including the "-k" and the single quotes. + testExpression = lib.optionalString (disabledTests != []) + "-k 'not ${lib.concatStringsSep " and not " disabledTests}'"; + +in + +buildPythonPackage rec { + pname = "pyopenssl"; + version = "20.0.1"; + + src = fetchPypi { + pname = "pyOpenSSL"; + inherit version; + sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51"; + }; + + outputs = [ "out" "dev" ]; + + checkPhase = '' + runHook preCheck + export LANG="en_US.UTF-8" + py.test tests ${testExpression} + runHook postCheck + ''; + + # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1 + # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail. + doCheck = !stdenv.isDarwin; + + nativeBuildInputs = [ openssl ]; + propagatedBuildInputs = [ cryptography pyasn1 idna six ]; + + checkInputs = [ pytest pretend flaky glibcLocales ]; +} diff --git a/pkgs/python-packages/specific-versions/recommonmark.nix b/pkgs/python-packages/specific-versions/recommonmark.nix deleted file mode 100644 index 1fba1c1..0000000 --- a/pkgs/python-packages/specific-versions/recommonmark.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ recommonmark, fetchFromGitHub }: - -recommonmark.overridePythonAttrs (old: rec { - version = "0.7.1"; - - src = fetchFromGitHub { - owner = "rtfd"; - repo = old.pname; - rev = version; - sha256 = "0kwm4smxbgq0c0ybkxfvlgrfb3gq9amdw94141jyykk9mmz38379"; - }; -}) diff --git a/pkgs/python-packages/specific-versions/tubes.nix b/pkgs/python-packages/specific-versions/tubes.nix deleted file mode 100644 index 0dbfe22..0000000 --- a/pkgs/python-packages/specific-versions/tubes.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, buildPythonPackage, fetchPypi, python -, characteristic, six, twisted -}: - -buildPythonPackage rec { - pname = "tubes"; - version = "0.2.0"; - - src = fetchPypi { - pname = "Tubes"; - inherit version; - sha256 = "0sg1gg2002h1xsgxigznr1zk1skwmhss72dzk6iysb9k9kdgymcd"; - }; - - propagatedBuildInputs = [ characteristic six twisted ]; - - checkPhase = '' - ${python.interpreter} -m twisted.trial -j $NIX_BUILD_CORES tubes - ''; - - pythonImportsCheck = [ "tubes" ]; - - meta = with lib; { - description = "a data-processing and flow-control engine for event-driven programs"; - homepage = "https://github.com/twisted/tubes"; - license = licenses.mit; - maintainers = with maintainers; [ exarkun ]; - }; -} diff --git a/pkgs/python-packages/specific-versions/werkzeug.nix b/pkgs/python-packages/specific-versions/werkzeug.nix new file mode 100644 index 0000000..f961d03 --- /dev/null +++ b/pkgs/python-packages/specific-versions/werkzeug.nix @@ -0,0 +1,68 @@ +{ lib +, stdenv +, buildPythonPackage +, pythonOlder +, fetchPypi +, watchdog +, dataclasses +, ephemeral-port-reserve +, pytest-timeout +, pytest-xprocess +, pytestCheckHook +}: + +buildPythonPackage rec { + pname = "werkzeug"; + version = "2.1.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; + + src = fetchPypi { + pname = "Werkzeug"; + inherit version; + sha256 = "sha256-m1VGaj6Z4TsfBoamYRfTm9qFqZIWbgp5rt/PNYYyj3o="; + }; + + propagatedBuildInputs = lib.optionals (!stdenv.isDarwin) [ + # watchdog requires macos-sdk 10.13+ + watchdog + ] ++ lib.optionals (pythonOlder "3.7") [ + dataclasses + ]; + + checkInputs = [ + ephemeral-port-reserve + pytest-timeout + pytest-xprocess + pytestCheckHook + ]; + + disabledTests = lib.optionals stdenv.isDarwin [ + "test_get_machine_id" + ]; + + disabledTestPaths = [ + # ConnectionRefusedError: [Errno 111] Connection refused + "tests/test_serving.py" + ]; + + pytestFlagsArray = [ + # don't run tests that are marked with filterwarnings, they fail with + # warnings._OptionError: unknown warning category: 'pytest.PytestUnraisableExceptionWarning' + "-m 'not filterwarnings'" + ]; + + meta = with lib; { + homepage = "https://palletsprojects.com/p/werkzeug/"; + description = "The comprehensive WSGI web application library"; + longDescription = '' + Werkzeug is a comprehensive WSGI web application library. It + began as a simple collection of various utilities for WSGI + applications and has become one of the most advanced WSGI + utility libraries. + ''; + license = licenses.bsd3; + maintainers = with maintainers; [ ]; + }; +} diff --git a/pkgs/spark-wallet/generate.sh b/pkgs/spark-wallet/generate.sh index 756790b..0fa672e 100755 --- a/pkgs/spark-wallet/generate.sh +++ b/pkgs/spark-wallet/generate.sh @@ -27,10 +27,6 @@ tar xvf $TMPDIR/$file -C $src --strip-components 1 >/dev/null # Make qrcode-terminal a strict dependency so that node2nix includes it in the package derivation. jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' $src/package.json | sponge $src/package.json -# Generate nix pkg -# TODO-EXTERNAL: remove --nodejs-14 option once -# https://github.com/svanderburg/node2nix/pull/296 has made its way into a -# node2nix release. node2nix \ --nodejs-14 \ --input $src/package.json \ diff --git a/test/lib/make-test.nix b/test/lib/make-test.nix index e7cf84f..36782e7 100644 --- a/test/lib/make-test.nix +++ b/test/lib/make-test.nix @@ -9,7 +9,7 @@ name: testConfig: vm = makeVM { name = "nix-bitcoin-${name}"; - machine = { + nodes.machine = { imports = [ testConfig ]; virtualisation = { # Needed because duplicity requires 270 MB of free temp space, regardless of backup size diff --git a/test/nixos-search/flake.lock b/test/nixos-search/flake.lock index 92eb376..5f1deab 100644 --- a/test/nixos-search/flake.lock +++ b/test/nixos-search/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "type": "github" }, "original": { @@ -18,11 +18,11 @@ "nixos-org-configurations": { "flake": false, "locked": { - "lastModified": 1653498760, - "narHash": "sha256-KCNAUCcWkTQy/ddrZzYZrtiT3Zg6rLb7QIylUDvKcco=", + "lastModified": 1654268653, + "narHash": "sha256-oTW2IFRAE1juNLE1tJ/mqVeSG1P+XPrm9o2E0irBVKg=", "owner": "NixOS", "repo": "nixos-org-configurations", - "rev": "34b9422847c5b67cbdbe26b89201b3354557f677", + "rev": "8e8668be80e6d3b6f5f602770dca42e6c6f33d50", "type": "github" }, "original": { @@ -38,11 +38,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1653738462, - "narHash": "sha256-2eOJBUcahP6C7KmsYCM9GyZhGNFGyyUNmn0LNhEVKY4=", + "lastModified": 1654646126, + "narHash": "sha256-GjfJq6tK2IB8aQcXA3UkFa2/hsPYvT/H+KE9Ghse4j4=", "owner": "nixos", "repo": "nixos-search", - "rev": "1bf3ce7c9829d3daedc46a000062d09339936034", + "rev": "74ed61a9152400465f590a1ad2575c2526ee375b", "type": "github" }, "original": { @@ -53,11 +53,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1651726670, - "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=", + "lastModified": 1654230545, + "narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c777cdf5c564015d5f63b09cc93bef4178b19b01", + "rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec", "type": "github" }, "original": {