diff --git a/flake.lock b/flake.lock index 54b2648..a424b6d 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -17,11 +17,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658406394, - "narHash": "sha256-hgibXbbmxucpVJy9eOXKn7HxQtVkpeZ8euSnWl6c9Mk=", + "lastModified": 1661009065, + "narHash": "sha256-i+Q2ttGp4uOL3j0wEYP3MXLcu/4L/WbChxGQogiNSZo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c93e5ab157b45adbb6165bd85a9d8f67e49ff31d", + "rev": "9a91318fffec81ad009b73fd3b640d2541d87909", "type": "github" }, "original": { @@ -33,11 +33,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1658430343, - "narHash": "sha256-cZ7dw+dyHELMnnMQvCE9HTJ4liqwpsIt2VFbnC+GNNk=", + "lastModified": 1661008273, + "narHash": "sha256-UpDqsGzUswIHG7FwzeIewjWlElF17UVLNbI2pwlbcBY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2b34f0f11ed8ad83d9ec9c14260192c3bcccb0d", + "rev": "0cc6444e74cd21e8da8d81ef4cd778492e10f843", "type": "github" }, "original": { diff --git a/pkgs/clightning-mistune-workaround/default.nix b/pkgs/clightning-mistune-workaround/default.nix new file mode 100644 index 0000000..5fd55d9 --- /dev/null +++ b/pkgs/clightning-mistune-workaround/default.nix @@ -0,0 +1,12 @@ +{ clightning, python3 }: + +clightning.override { + python3 = python3.override { + packageOverrides = self: super: { + mistune = self.callPackage ./mistune.nix { + version = "0.8.4"; + sha256 = "59a3429db53c50b5c6bcc8a07f8848cb00d7dc8bdb431a4ab41920d201d4756e"; + }; + }; + }; +} diff --git a/pkgs/clightning-mistune-workaround/mistune.nix b/pkgs/clightning-mistune-workaround/mistune.nix new file mode 100644 index 0000000..2450837 --- /dev/null +++ b/pkgs/clightning-mistune-workaround/mistune.nix @@ -0,0 +1,27 @@ +{ lib +, buildPythonPackage +, fetchPypi +, nose +, version +, sha256 +, format ? "setuptools" +, extraMeta ? {} +}: + +buildPythonPackage rec { + inherit version format; + pname = "mistune"; + + src = fetchPypi { + inherit pname version sha256; + }; + + buildInputs = [ nose ]; + pythonImportsCheck = [ "mistune" ]; + + meta = with lib; { + description = "The fastest markdown parser in pure Python"; + homepage = "https://github.com/lepture/mistune"; + license = licenses.bsd3; + } // extraMeta; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 3dfbc14..97d40b8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -25,6 +25,14 @@ let self = { packageOverrides = import ./python-packages self; }).pkgs; + # Fix clightning build by using python package mistune 0.8.4, which is a + # strict requirement. This version is affected by CVE-2022-34749, but this + # is irrelevant in this context. + # + # TODO-EXTERNAL: + # Remove this when the clightning build is fixed upstream. + clightning = pkgs.callPackage ./clightning-mistune-workaround { inherit (pkgs) clightning; }; + # Internal pkgs netns-exec = pkgs.callPackage ./netns-exec { }; krops = import ./krops { inherit pkgs; }; diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index e31e69f..91629b3 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -4,21 +4,20 @@ pkgs: pkgsUnstable: inherit (pkgs) bitcoin bitcoind - charge-lnd electrs elementsd extra-container lightning-pool - lndconnect; + lndconnect + nbxplorer; inherit (pkgsUnstable) btcpayserver - clightning + charge-lnd fulcrum hwi lightning-loop - lnd - nbxplorer; + lnd; inherit pkgs pkgsUnstable; } diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index cd2c593..3d4f84f 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -3,7 +3,7 @@ let inherit (self) callPackage; joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; }; - clightningPkg = pkg: callPackage pkg { inherit (nbPkgs.pinned) clightning; }; + clightningPkg = pkg: callPackage pkg { inherit (nbPkgs) clightning; }; unstable = (import ../nixpkgs-pinned.nix).nixpkgs-unstable; in { diff --git a/pkgs/rtl/default.nix b/pkgs/rtl/default.nix index dfa909c..b4c80bb 100644 --- a/pkgs/rtl/default.nix +++ b/pkgs/rtl/default.nix @@ -1,6 +1,6 @@ { pkgs, lib, makeWrapper }: let - inherit (pkgs) nodejs; + nodejs = pkgs.nodejs-14_x; nodePackages = import ./composition.nix { inherit pkgs nodejs; }; in nodePackages.package.overrideAttrs (old: { diff --git a/test/nixos-search/flake.lock b/test/nixos-search/flake.lock index a835a36..6f89d94 100644 --- a/test/nixos-search/flake.lock +++ b/test/nixos-search/flake.lock @@ -18,11 +18,11 @@ "nixos-org-configurations": { "flake": false, "locked": { - "lastModified": 1656929512, - "narHash": "sha256-BFNcb2ABeIhrgJJJFrDsd9UJBsj444Xjs22hJi+xmzo=", + "lastModified": 1659104385, + "narHash": "sha256-Z8tAe2w0CEDabxO4LDleRhPzz0tDpRjKGIUbH62khyo=", "owner": "NixOS", "repo": "nixos-org-configurations", - "rev": "a02a620f56cee88299d479f51676ca3f2a6c4a82", + "rev": "f467c27834fddeb1ffe156c54b637db240bc7273", "type": "github" }, "original": { @@ -38,11 +38,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1658399241, - "narHash": "sha256-pMS2rzVvkC2+kByjo17XzoDRnAc2HfcTOyR4VnSwmto=", + "lastModified": 1660820431, + "narHash": "sha256-HeyLhcWs+ItFxGZiXbUlYbJ7y7sW1gBqyYqnToxGmN0=", "owner": "nixos", "repo": "nixos-search", - "rev": "c43ed8c85f11b041db2624cc249f3f1fb68760b2", + "rev": "087925bbb24ab717a8033817be64b52fba312619", "type": "github" }, "original": { @@ -53,11 +53,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1659713809, + "narHash": "sha256-M4aHuXXVnfprM8xPH2lLkYkkR0fmaG5QmvIc0DT/d4E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "93c57a988470c1948976b1bb70abbd5855c5b810", "type": "github" }, "original": {