From fcd81d486d533788c7137ba5395d6f061c0fbe7b Mon Sep 17 00:00:00 2001 From: nixbitcoin Date: Sun, 7 May 2023 13:55:30 +0000 Subject: [PATCH] joinmarket: 0.9.8 -> 0.9.9 --- modules/joinmarket.nix | 2 +- pkgs/joinmarket/default.nix | 12 +- pkgs/joinmarket/get-sha256.sh | 38 +++---- pkgs/python-packages/bencoderpyx/default.nix | 6 +- pkgs/python-packages/default.nix | 9 +- pkgs/python-packages/jmbitcoin/default.nix | 4 +- pkgs/python-packages/jmdaemon/default.nix | 6 + .../specific-versions/pyopenssl.nix | 106 ++++++++---------- pkgs/python-packages/urldecode/default.nix | 16 --- 9 files changed, 88 insertions(+), 111 deletions(-) delete mode 100644 pkgs/python-packages/urldecode/default.nix diff --git a/modules/joinmarket.nix b/modules/joinmarket.nix index e992f89..ac89771 100644 --- a/modules/joinmarket.nix +++ b/modules/joinmarket.nix @@ -158,7 +158,7 @@ let onion_serving_host = ${cfg.messagingAddress} onion_serving_port = ${toString cfg.messagingPort} hidden_service_dir = - directory_nodes = 3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,jmdirjmioywe2s5jad7ts6kgcqg66rj6wujj6q77n6wbdrgocqwexzid.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222 + directory_nodes = g3hv4uynnmynqqq2mchf3fcm3yd46kfzmcdogejuckgwknwyq5ya6iad.onion:5222,3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222 # irc.darkscience.net [MESSAGING:server1] diff --git a/pkgs/joinmarket/default.nix b/pkgs/joinmarket/default.nix index 5273035..ae89e63 100644 --- a/pkgs/joinmarket/default.nix +++ b/pkgs/joinmarket/default.nix @@ -1,10 +1,12 @@ -{ stdenv, lib, fetchurl, python3, nbPython3PackagesJoinmarket }: +{ stdenv, lib, fetchFromGitHub, python3, nbPython3PackagesJoinmarket }: let - version = "0.9.8"; - src = fetchurl { - url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz"; - sha256 = "1ab4smpyx966iiiip3g11bcslya37qhac1kgkbmsmlsdkpilw9di"; + version = "0.9.9"; + src = fetchFromGitHub { + owner = "joinmarket-org"; + repo = "joinmarket-clientserver"; + rev = "v${version}"; + sha256 = "sha256-dkeSgAhjNl8o/ATKYAlQxxCrur5fLdXuMDXSnWaxYP8="; }; runtimePackages = with nbPython3PackagesJoinmarket; [ diff --git a/pkgs/joinmarket/get-sha256.sh b/pkgs/joinmarket/get-sha256.sh index 1a36b12..546d0f9 100755 --- a/pkgs/joinmarket/get-sha256.sh +++ b/pkgs/joinmarket/get-sha256.sh @@ -1,25 +1,23 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p git gnupg jq + set -euo pipefail -. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@" +newVersion=$(curl -s "https://api.github.com/repos/joinmarket-org/joinmarket-clientserver/releases" | jq -r '.[0].tag_name') -TMPDIR="$(mktemp -d -p /tmp)" -trap 'rm -rf $TMPDIR' EXIT -cd "$TMPDIR" - -echo "Fetching latest release" -git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null -cd joinmarket-clientserver -latest=$(git describe --tags "$(git rev-list --tags --max-count=1)") -echo "Latest release is $latest" - -# GPG verification -export GNUPGHOME=$TMPDIR +# Fetch release and GPG-verify the content hash +tmpdir=$(mktemp -d /tmp/joinmarket-verify-gpg.XXX) +repo=$tmpdir/repo +git clone --depth 1 --branch "${newVersion}" -c advice.detachedHead=false https://github.com/joinmarket-org/joinmarket-clientserver "$repo" +export GNUPGHOME=$tmpdir echo "Fetching Adam Gibson's key" gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null -echo "Verifying latest release" -git verify-tag "$latest" +echo +echo "Verifying commit" +git -C "$repo" verify-commit HEAD +rm -rf "$repo"/.git +newHash=$(nix hash path "$repo") +rm -rf "$tmpdir" +echo -echo "tag: $latest" -# The prefix option is necessary because GitHub prefixes the archive contents in this format -echo "sha256: $(nix-hash --type sha256 --flat --base32 \ - <(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))" +echo "tag: $newVersion" +echo "hash: $newHash" diff --git a/pkgs/python-packages/bencoderpyx/default.nix b/pkgs/python-packages/bencoderpyx/default.nix index cc76623..586c419 100644 --- a/pkgs/python-packages/bencoderpyx/default.nix +++ b/pkgs/python-packages/bencoderpyx/default.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "bencoder.pyx"; - version = "2.0.1"; + version = "3.0.1"; src = fetchurl { - url = "https://github.com/whtsky/bencoder.pyx/archive/v${version}.tar.gz"; - sha256 = "f3ff92ac706a7e4692bed5e6cbe205963327f3076f55e408eb948659923eac72"; + url = "https://github.com/whtsky/bencoder.pyx/archive/9a47768f3ceba9df9e6fbaa7c445f59960889009.tar.gz"; + sha256 = "1yh565xjbbhn49xjfms80ac8psjbzn66n8dcx0x8mn7zzjv06clz"; }; nativeBuildInputs = [ cython ]; diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix index 3ea2f42..c0f0296 100644 --- a/pkgs/python-packages/default.nix +++ b/pkgs/python-packages/default.nix @@ -22,7 +22,6 @@ rec { }; runes = callPackage ./runes {}; sha256 = callPackage ./sha256 {}; - urldecode = callPackage ./urldecode {}; }; # Joinmarket requires a custom package set because it uses older versions of Python pkgs @@ -47,12 +46,10 @@ rec { # autobahn 20.12.3, required by joinmarketclient autobahn = callPackage ./specific-versions/autobahn.nix {}; - # pyopenssl 20.0.1, required by joinmarketdaemon - pyopenssl = callPackage ./specific-versions/pyopenssl.nix { - openssl = super.pkgs.openssl_1_1; - }; + # pyopenssl 21.0.0, required by joinmarketdaemon + pyopenssl = callPackage ./specific-versions/pyopenssl.nix {}; - # twisted 22.4.0, compatible with pyopenssl 20.0.1 + # twisted 22.4.0, required by joinmarketbase twisted = callPackage ./specific-versions/twisted.nix {}; }; diff --git a/pkgs/python-packages/jmbitcoin/default.nix b/pkgs/python-packages/jmbitcoin/default.nix index fcc1751..072ac85 100644 --- a/pkgs/python-packages/jmbitcoin/default.nix +++ b/pkgs/python-packages/jmbitcoin/default.nix @@ -1,4 +1,4 @@ -{ version, src, lib, buildPythonPackage, fetchurl, urldecode, pyaes, python-bitcointx, joinmarketbase }: +{ version, src, lib, buildPythonPackage, fetchurl, pyaes, python-bitcointx, joinmarketbase }: buildPythonPackage rec { pname = "joinmarketbitcoin"; @@ -6,7 +6,7 @@ buildPythonPackage rec { postUnpack = "sourceRoot=$sourceRoot/jmbitcoin"; - propagatedBuildInputs = [ urldecode pyaes python-bitcointx ]; + propagatedBuildInputs = [ pyaes python-bitcointx ]; checkInputs = [ joinmarketbase ]; diff --git a/pkgs/python-packages/jmdaemon/default.nix b/pkgs/python-packages/jmdaemon/default.nix index c643f94..dd5430f 100644 --- a/pkgs/python-packages/jmdaemon/default.nix +++ b/pkgs/python-packages/jmdaemon/default.nix @@ -8,6 +8,12 @@ buildPythonPackage rec { propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ]; + # libnacl 1.8.0 is not on github + patchPhase = '' + substituteInPlace setup.py \ + --replace "'libnacl==1.8.0'" "'libnacl==1.7.2'" + ''; + meta = with lib; { description = "Client library for Bitcoin coinjoins"; homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver"; diff --git a/pkgs/python-packages/specific-versions/pyopenssl.nix b/pkgs/python-packages/specific-versions/pyopenssl.nix index 6887310..5d7a008 100644 --- a/pkgs/python-packages/specific-versions/pyopenssl.nix +++ b/pkgs/python-packages/specific-versions/pyopenssl.nix @@ -6,17 +6,50 @@ , cryptography , pyasn1 , idna -, pytest +, pytestCheckHook , pretend , flaky , glibcLocales , six }: -let - # https://github.com/pyca/pyopenssl/issues/791 - # These tests, we disable in the case that libressl is passed in as openssl. - failingLibresslTests = [ +buildPythonPackage rec { + pname = "pyopenssl"; + version = "21.0.0"; + + src = fetchPypi { + pname = "pyOpenSSL"; + inherit version; + sha256 = "5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3"; + }; + + outputs = [ "out" "dev" ]; + + # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1 + # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail. + doCheck = !stdenv.isDarwin; + + nativeBuildInputs = [ openssl ]; + propagatedBuildInputs = [ cryptography pyasn1 idna six ]; + + checkInputs = [ pytestCheckHook pretend flaky glibcLocales ]; + + preCheck = '' + export LANG="en_US.UTF-8" + ''; + + disabledTests = [ + # https://github.com/pyca/pyopenssl/issues/692 + # These tests, we disable always. + "test_set_default_verify_paths" + "test_fallback_default_verify_paths" + # https://github.com/pyca/pyopenssl/issues/768 + "test_wantWriteError" + # https://github.com/pyca/pyopenssl/issues/1043 + "test_alpn_call_failure" + ] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [ + # https://github.com/pyca/pyopenssl/issues/791 + # These tests, we disable in the case that libressl is passed in as openssl. "test_op_no_compression" "test_npn_advertise_error" "test_npn_select_error" @@ -29,64 +62,21 @@ let "test_verify_with_revoked" "test_set_notAfter" "test_set_notBefore" - ]; - - # these tests are extremely tightly wed to the exact output of the openssl cli tool, - # including exact punctuation. - failingOpenSSL_1_1Tests = [ + ] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [ + # these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation. "test_dump_certificate" "test_dump_privatekey_text" "test_dump_certificate_request" "test_export_text" + ] ++ lib.optionals stdenv.is32bit [ + # https://github.com/pyca/pyopenssl/issues/974 + "test_verify_with_time" ]; - disabledTests = [ - # https://github.com/pyca/pyopenssl/issues/692 - # These tests, we disable always. - "test_set_default_verify_paths" - "test_fallback_default_verify_paths" - # https://github.com/pyca/pyopenssl/issues/768 - "test_wantWriteError" - ] ++ ( - lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests - ) ++ ( - lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests - ) ++ ( - # https://github.com/pyca/pyopenssl/issues/974 - lib.optionals stdenv.is32bit [ "test_verify_with_time" ] - ); - - # Compose the final string expression, including the "-k" and the single quotes. - testExpression = lib.optionalString (disabledTests != []) - "-k 'not ${lib.concatStringsSep " and not " disabledTests}'"; - -in - -buildPythonPackage rec { - pname = "pyopenssl"; - version = "20.0.1"; - - src = fetchPypi { - pname = "pyOpenSSL"; - inherit version; - sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51"; + meta = with lib; { + description = "Python wrapper around the OpenSSL library"; + homepage = "https://github.com/pyca/pyopenssl"; + license = licenses.asl20; + maintainers = with maintainers; [ SuperSandro2000 ]; }; - - outputs = [ "out" "dev" ]; - - checkPhase = '' - runHook preCheck - export LANG="en_US.UTF-8" - py.test tests ${testExpression} - runHook postCheck - ''; - - # Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1 - # for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail. - doCheck = !stdenv.isDarwin; - - nativeBuildInputs = [ openssl ]; - propagatedBuildInputs = [ cryptography pyasn1 idna six ]; - - checkInputs = [ pytest pretend flaky glibcLocales ]; } diff --git a/pkgs/python-packages/urldecode/default.nix b/pkgs/python-packages/urldecode/default.nix deleted file mode 100644 index 93f1a76..0000000 --- a/pkgs/python-packages/urldecode/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, buildPythonPackage, fetchPypi }: -buildPythonPackage rec { - pname = "urldecode"; - version = "0.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "0w8my7kdwxppsfzzi1b2cxhypm6r1fsrnb2hnd752axq4gfsddjj"; - }; - - meta = with lib; { - description = "A simple function to decode an encoded url"; - homepage = "https://github.com/jennyq/urldecode"; - maintainers = with maintainers; [ nixbitcoin ]; - }; -}