Merge pull request #112407 from tweag/nixops-no-libvirt

nixops: Fix build by disabling the libvirt backend
2021-02-08 18:16:17 +01:00 · 2021-02-08 18:16:17 +01:00 · 4e8fc135d4
parent bad9c52b5c 3d6531e94f
commit 4e8fc135d4
6 changed files with 86 additions and 94 deletions
--- a/pkgs/development/python-modules/libvirt/5.9.0.nix
+++ b/pkgs/development/python-modules/libvirt/5.9.0.nix
@ -18,6 +18,10 @@ buildPythonPackage rec {
    nosetests
  '';

+  passthru = {
+    inherit libvirt;
+  };
+
  meta = with lib; {
    homepage = "http://www.libvirt.org/";
    description = "libvirt Python bindings";
--- a/pkgs/tools/package-management/nixops/default.nix
+++ b/pkgs/tools/package-management/nixops/default.nix
@ -1,16 +1,70 @@
-{ callPackage, fetchurl, fetchpatch }:
+{ lib, python2Packages, libxslt, docbook_xsl_ns, openssh, cacert, nixopsAzurePackages ? []
+, fetchurl, fetchpatch
+}:

-callPackage ./generic.nix (rec {
+let
  version = "1.7";
+
+in python2Packages.buildPythonApplication {
+  pname = "nixops";
+  inherit version;
+
  src = fetchurl {
    url = "https://nixos.org/releases/nixops/nixops-${version}/nixops-${version}.tar.bz2";
    sha256 = "091c0b5bca57d4aa20be20e826ec161efe3aec9c788fbbcf3806a734a517f0f3";
  };
+
  patches = [
-    # follow redirect in nixos-infect. Remove with the next release.
    (fetchpatch {
      url = "https://github.com/NixOS/nixops/commit/fb6d4665e8efd858a215bbaaf079ec3f5ebc49b8.patch";
      sha256 = "1hbhykl811zsqlaj3y5m9d8lfsal6ps6n5p16ah6lqy2s18ap9d0";
    })
+    ./optional-virtd.patch
  ];
-})
+
+  buildInputs = [ libxslt ];
+
+  pythonPath = with python2Packages;
+    [ prettytable
+      boto
+      boto3
+      hetzner
+      libcloud
+      adal
+      # Go back to sqlite once Python 2.7.13 is released
+      pysqlite
+      datadog
+      digital-ocean
+      typing
+      ]
+      ++ lib.optional (!libvirt.passthru.libvirt.meta.insecure or true) libvirt
+      ++ nixopsAzurePackages;
+
+  checkPhase =
+  # Ensure, that there are no (python) import errors
+  ''
+    SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \
+    HOME=$(pwd) \
+      $out/bin/nixops --version
+  '';
+
+  postInstall = ''
+    make -C doc/manual install nixops.1 docbookxsl=${docbook_xsl_ns}/xml/xsl/docbook \
+      docdir=$out/share/doc/nixops mandir=$out/share/man
+
+    mkdir -p $out/share/nix/nixops
+    cp -av "nix/"* $out/share/nix/nixops
+
+    # Add openssh to nixops' PATH. On some platforms, e.g. CentOS and RHEL
+    # the version of openssh is causing errors when have big networks (40+)
+    wrapProgram $out/bin/nixops --prefix PATH : "${openssh}/bin"
+  '';
+
+  meta = {
+    homepage = "https://github.com/NixOS/nixops";
+    description = "NixOS cloud provisioning and deployment tool";
+    maintainers = with lib.maintainers; [ aminechikhaoui eelco rob domenkozar ];
+    platforms = lib.platforms.unix;
+    license = lib.licenses.lgpl3;
+  };
+}
--- a/pkgs/tools/package-management/nixops/generic.nix
+++ b/pkgs/tools/package-management/nixops/generic.nix
@ -1,56 +0,0 @@
-{ lib, python2Packages, libxslt, docbook_xsl_ns, openssh, cacert, nixopsAzurePackages ? []
-# version args
-, src, version
-, meta ? {}
-, patches ? null
-}:
-
-python2Packages.buildPythonApplication {
-  name = "nixops-${version}";
-  inherit version src patches;
-
-  buildInputs = [ libxslt ];
-
-  pythonPath = with python2Packages;
-    [ prettytable
-      boto
-      boto3
-      hetzner
-      libcloud
-      adal
-      # Go back to sqlite once Python 2.7.13 is released
-      pysqlite
-      datadog
-      digital-ocean
-      libvirt
-      typing
-    ] ++ nixopsAzurePackages;
-
-  checkPhase =
-  # Ensure, that there are no (python) import errors
-  ''
-    SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \
-    HOME=$(pwd) \
-      $out/bin/nixops --version
-  '';
-
-  postInstall = ''
-    make -C doc/manual install nixops.1 docbookxsl=${docbook_xsl_ns}/xml/xsl/docbook \
-      docdir=$out/share/doc/nixops mandir=$out/share/man
-
-    mkdir -p $out/share/nix/nixops
-    cp -av "nix/"* $out/share/nix/nixops
-
-    # Add openssh to nixops' PATH. On some platforms, e.g. CentOS and RHEL
-    # the version of openssh is causing errors when have big networks (40+)
-    wrapProgram $out/bin/nixops --prefix PATH : "${openssh}/bin"
-  '';
-
-  meta = {
-    homepage = "https://github.com/NixOS/nixops";
-    description = "NixOS cloud provisioning and deployment tool";
-    maintainers = with lib.maintainers; [ aminechikhaoui eelco rob domenkozar ];
-    platforms = lib.platforms.unix;
-    license = lib.licenses.lgpl3;
-  } // meta;
-}
--- a/pkgs/tools/package-management/nixops/nixops-v1_6_1.nix
+++ b/pkgs/tools/package-management/nixops/nixops-v1_6_1.nix
@ -1,32 +0,0 @@
-{ callPackage, newScope, pkgs, fetchurl }:
-
-callPackage ./generic.nix (rec {
-  version = "1.6.1";
-  src = fetchurl {
-    url = "https://nixos.org/releases/nixops/nixops-${version}/nixops-${version}.tar.bz2";
-    sha256 = "0lfx5fhyg3z6725ydsk0ibg5qqzp5s0x9nbdww02k8s307axiah3";
-  };
-  nixopsAzurePackages = with python2Packages; [
-    azure-storage
-    azure-mgmt-compute
-    azure-mgmt-network
-    azure-mgmt-resource
-    azure-mgmt-storage
-  ];
-  # nixops is incompatible with the most recent versions of listed
-  # azure-mgmt-* packages, therefore we are pinning them to
-  # package-private versions, so that they don't get trampled by
-  # updates.
-  # see
-  # https://github.com/NixOS/nixops/issues/1065
-  python2Packages = pkgs.python2Packages.override {
-    overrides = (self: super: let callPackage = newScope self; in {
-      azure-mgmt-compute = callPackage ./azure-mgmt-compute { };
-      azure-mgmt-network = callPackage ./azure-mgmt-network { };
-      azure-mgmt-nspkg = callPackage ./azure-mgmt-nspkg { };
-      azure-mgmt-resource = callPackage ./azure-mgmt-resource { };
-      azure-mgmt-storage = callPackage ./azure-mgmt-storage { };
-      azure-storage = callPackage ./azure-storage { };
-    });
-  };
-})
--- a/pkgs/tools/package-management/nixops/optional-virtd.patch
+++ b/pkgs/tools/package-management/nixops/optional-virtd.patch
@ -0,0 +1,24 @@
+diff --git a/nixops/backends/libvirtd.py b/nixops/backends/libvirtd.py
+index bc5f4af7..edd1348b 100644
+--- a/nixops/backends/libvirtd.py
+++ b/nixops/backends/libvirtd.py
+@@ -8,12 +8,18 @@ import shutil
+ import string
+ import subprocess
+ import time
+-import libvirt
+ 
+ from nixops.backends import MachineDefinition, MachineState
+ import nixops.known_hosts
+ import nixops.util
+ 
+try:
+    import libvirt
+except:
+    class libvirt(object):
+        def __getattribute__(self, name):
+            raise ValueError("The libvirt backend has been disabled because of security issues.")
+
+ # to prevent libvirt errors from appearing on screen, see
+ # https://www.redhat.com/archives/libvirt-users/2017-August/msg00011.html
+ 
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -28800,8 +28800,6 @@ in

  nixops = callPackage ../tools/package-management/nixops { };

-  nixops_1_6_1 = callPackage ../tools/package-management/nixops/nixops-v1_6_1.nix {};
-
  nixopsUnstable = lowPrio (callPackage ../applications/networking/cluster/nixops { });

  nixops-dns = callPackage ../tools/package-management/nixops/nixops-dns.nix { };