From f2cb5bfc107bf0d552824a3c2497ab2eab024b82 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 21 Aug 2022 10:22:32 +0200 Subject: [PATCH 1/3] update nixpkgs nbxplorer: 2.3.28 -> 2.3.33 btcpayserver: 1.6.1 -> 1.6.9 charge-lnd: 0.2.4 -> 0.2.12 lightning-loop: 0.19.1-beta -> 0.20.0-beta --- flake.lock | 18 +++++++++--------- pkgs/pinned.nix | 8 ++++---- test/nixos-search/flake.lock | 18 +++++++++--------- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/flake.lock b/flake.lock index 54b2648..a424b6d 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -17,11 +17,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1658406394, - "narHash": "sha256-hgibXbbmxucpVJy9eOXKn7HxQtVkpeZ8euSnWl6c9Mk=", + "lastModified": 1661009065, + "narHash": "sha256-i+Q2ttGp4uOL3j0wEYP3MXLcu/4L/WbChxGQogiNSZo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c93e5ab157b45adbb6165bd85a9d8f67e49ff31d", + "rev": "9a91318fffec81ad009b73fd3b640d2541d87909", "type": "github" }, "original": { @@ -33,11 +33,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1658430343, - "narHash": "sha256-cZ7dw+dyHELMnnMQvCE9HTJ4liqwpsIt2VFbnC+GNNk=", + "lastModified": 1661008273, + "narHash": "sha256-UpDqsGzUswIHG7FwzeIewjWlElF17UVLNbI2pwlbcBY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2b34f0f11ed8ad83d9ec9c14260192c3bcccb0d", + "rev": "0cc6444e74cd21e8da8d81ef4cd778492e10f843", "type": "github" }, "original": { diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index e31e69f..e61c9b4 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -4,21 +4,21 @@ pkgs: pkgsUnstable: inherit (pkgs) bitcoin bitcoind - charge-lnd electrs elementsd extra-container lightning-pool - lndconnect; + lndconnect + nbxplorer; inherit (pkgsUnstable) btcpayserver + charge-lnd clightning fulcrum hwi lightning-loop - lnd - nbxplorer; + lnd; inherit pkgs pkgsUnstable; } diff --git a/test/nixos-search/flake.lock b/test/nixos-search/flake.lock index a835a36..6f89d94 100644 --- a/test/nixos-search/flake.lock +++ b/test/nixos-search/flake.lock @@ -18,11 +18,11 @@ "nixos-org-configurations": { "flake": false, "locked": { - "lastModified": 1656929512, - "narHash": "sha256-BFNcb2ABeIhrgJJJFrDsd9UJBsj444Xjs22hJi+xmzo=", + "lastModified": 1659104385, + "narHash": "sha256-Z8tAe2w0CEDabxO4LDleRhPzz0tDpRjKGIUbH62khyo=", "owner": "NixOS", "repo": "nixos-org-configurations", - "rev": "a02a620f56cee88299d479f51676ca3f2a6c4a82", + "rev": "f467c27834fddeb1ffe156c54b637db240bc7273", "type": "github" }, "original": { @@ -38,11 +38,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1658399241, - "narHash": "sha256-pMS2rzVvkC2+kByjo17XzoDRnAc2HfcTOyR4VnSwmto=", + "lastModified": 1660820431, + "narHash": "sha256-HeyLhcWs+ItFxGZiXbUlYbJ7y7sW1gBqyYqnToxGmN0=", "owner": "nixos", "repo": "nixos-search", - "rev": "c43ed8c85f11b041db2624cc249f3f1fb68760b2", + "rev": "087925bbb24ab717a8033817be64b52fba312619", "type": "github" }, "original": { @@ -53,11 +53,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1656753965, - "narHash": "sha256-BCrB3l0qpJokOnIVc3g2lHiGhnjUi0MoXiw6t1o8H1E=", + "lastModified": 1659713809, + "narHash": "sha256-M4aHuXXVnfprM8xPH2lLkYkkR0fmaG5QmvIc0DT/d4E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb", + "rev": "93c57a988470c1948976b1bb70abbd5855c5b810", "type": "github" }, "original": { From 44561235b23bfba54719b3e536dcca83b0543069 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 21 Aug 2022 10:22:33 +0200 Subject: [PATCH 2/3] rtl: set explicit nodejs version --- pkgs/rtl/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/rtl/default.nix b/pkgs/rtl/default.nix index dfa909c..b4c80bb 100644 --- a/pkgs/rtl/default.nix +++ b/pkgs/rtl/default.nix @@ -1,6 +1,6 @@ { pkgs, lib, makeWrapper }: let - inherit (pkgs) nodejs; + nodejs = pkgs.nodejs-14_x; nodePackages = import ./composition.nix { inherit pkgs nodejs; }; in nodePackages.package.overrideAttrs (old: { From 321e8ba06efd05605ff13fe9087f099b5b4ec8dc Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 21 Aug 2022 10:22:34 +0200 Subject: [PATCH 3/3] clightning: fix build --- .../clightning-mistune-workaround/default.nix | 12 +++++++++ .../clightning-mistune-workaround/mistune.nix | 27 +++++++++++++++++++ pkgs/default.nix | 8 ++++++ pkgs/pinned.nix | 1 - pkgs/python-packages/default.nix | 2 +- 5 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 pkgs/clightning-mistune-workaround/default.nix create mode 100644 pkgs/clightning-mistune-workaround/mistune.nix diff --git a/pkgs/clightning-mistune-workaround/default.nix b/pkgs/clightning-mistune-workaround/default.nix new file mode 100644 index 0000000..5fd55d9 --- /dev/null +++ b/pkgs/clightning-mistune-workaround/default.nix @@ -0,0 +1,12 @@ +{ clightning, python3 }: + +clightning.override { + python3 = python3.override { + packageOverrides = self: super: { + mistune = self.callPackage ./mistune.nix { + version = "0.8.4"; + sha256 = "59a3429db53c50b5c6bcc8a07f8848cb00d7dc8bdb431a4ab41920d201d4756e"; + }; + }; + }; +} diff --git a/pkgs/clightning-mistune-workaround/mistune.nix b/pkgs/clightning-mistune-workaround/mistune.nix new file mode 100644 index 0000000..2450837 --- /dev/null +++ b/pkgs/clightning-mistune-workaround/mistune.nix @@ -0,0 +1,27 @@ +{ lib +, buildPythonPackage +, fetchPypi +, nose +, version +, sha256 +, format ? "setuptools" +, extraMeta ? {} +}: + +buildPythonPackage rec { + inherit version format; + pname = "mistune"; + + src = fetchPypi { + inherit pname version sha256; + }; + + buildInputs = [ nose ]; + pythonImportsCheck = [ "mistune" ]; + + meta = with lib; { + description = "The fastest markdown parser in pure Python"; + homepage = "https://github.com/lepture/mistune"; + license = licenses.bsd3; + } // extraMeta; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 3dfbc14..97d40b8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -25,6 +25,14 @@ let self = { packageOverrides = import ./python-packages self; }).pkgs; + # Fix clightning build by using python package mistune 0.8.4, which is a + # strict requirement. This version is affected by CVE-2022-34749, but this + # is irrelevant in this context. + # + # TODO-EXTERNAL: + # Remove this when the clightning build is fixed upstream. + clightning = pkgs.callPackage ./clightning-mistune-workaround { inherit (pkgs) clightning; }; + # Internal pkgs netns-exec = pkgs.callPackage ./netns-exec { }; krops = import ./krops { inherit pkgs; }; diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index e61c9b4..91629b3 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -14,7 +14,6 @@ pkgs: pkgsUnstable: inherit (pkgsUnstable) btcpayserver charge-lnd - clightning fulcrum hwi lightning-loop diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index cd2c593..3d4f84f 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -3,7 +3,7 @@ let inherit (self) callPackage; joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; }; - clightningPkg = pkg: callPackage pkg { inherit (nbPkgs.pinned) clightning; }; + clightningPkg = pkg: callPackage pkg { inherit (nbPkgs) clightning; }; unstable = (import ../nixpkgs-pinned.nix).nixpkgs-unstable; in {