From 13b70069b757b5da7e3fb48e20e9095e8fa8bb26 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 9 Aug 2024 01:12:30 +0000 Subject: [PATCH 1/6] kanidm: 1.2.3 -> 1.3.1 https://github.com/kanidm/kanidm/releases/tag/v1.3.0 https://github.com/kanidm/kanidm/releases/tag/v1.3.1 (cherry picked from commit f03bf83b1ee1c628626523553bbee8d45f6db51a) --- pkgs/by-name/ka/kanidm/package.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/pkgs/by-name/ka/kanidm/package.nix b/pkgs/by-name/ka/kanidm/package.nix index 3db1dba1093c7..96e755f102842 100644 --- a/pkgs/by-name/ka/kanidm/package.nix +++ b/pkgs/by-name/ka/kanidm/package.nix @@ -20,16 +20,16 @@ let in rustPlatform.buildRustPackage rec { pname = "kanidm"; - version = "1.2.3"; + version = "1.3.1"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-J02IbAY5lyoMaq6wJiHizqeFBd5hB6id2YMPxlPsASM="; + hash = "sha256-vjYbj8wIrnVCrokmXv6h4V/n02nKtUQ/mh1xosXj4IE="; }; - cargoHash = "sha256-JuTKHXpEhWga2vAZhCpyPFy4w6+9UaasD70oBcrr0Rw="; + cargoHash = "sha256-ASDfIpwvgYR3vukhtpXJWles5ErytUpW2VjYIpidyWk="; KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; @@ -41,13 +41,15 @@ rustPlatform.buildRustPackage rec { cpu_flags = if stdenv.isx86_64 then "x86_64_legacy" else "none"; default_config_path = "/etc/kanidm/server.toml"; default_unix_shell_path = "${lib.getBin bashInteractive}/bin/bash"; + htmx_ui_pkg_path = "@htmx_ui_pkg_path@"; web_ui_pkg_path = "@web_ui_pkg_path@"; }; in '' cp ${format profile} libs/profiles/${KANIDM_BUILD_PROFILE}.toml substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \ - --replace '@web_ui_pkg_path@' "${placeholder "out"}/ui" + --replace '@htmx_ui_pkg_path@' "${placeholder "out"}/ui/hpkg" \ + --replace '@web_ui_pkg_path@' "${placeholder "out"}/ui/pkg" ''; nativeBuildInputs = [ @@ -67,8 +69,9 @@ rustPlatform.buildRustPackage rec { postBuild = '' # We don't compile the wasm-part form source, as there isn't a rustc for # wasm32-unknown-unknown in nixpkgs yet. - mkdir $out - cp -r server/web_ui/pkg $out/ui + mkdir -p $out/ui + cp -r server/web_ui/pkg $out/ui/pkg + cp -r server/core/static $out/ui/hpkg ''; preFixup = '' From 706940115d5312516b8ef24772f136e3c7d70ea1 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Sat, 10 Aug 2024 03:12:23 +0000 Subject: [PATCH 2/6] kanidm: 1.3.1 -> 1.3.2 https://github.com/kanidm/kanidm/releases/tag/v1.3.0 (cherry picked from commit a29f18d7a6f4c3a8c0978a4f159bfd01b40f5d85) --- pkgs/by-name/ka/kanidm/package.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/by-name/ka/kanidm/package.nix b/pkgs/by-name/ka/kanidm/package.nix index 96e755f102842..62c076967f6c3 100644 --- a/pkgs/by-name/ka/kanidm/package.nix +++ b/pkgs/by-name/ka/kanidm/package.nix @@ -20,16 +20,16 @@ let in rustPlatform.buildRustPackage rec { pname = "kanidm"; - version = "1.3.1"; + version = "1.3.2"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-vjYbj8wIrnVCrokmXv6h4V/n02nKtUQ/mh1xosXj4IE="; + hash = "sha256-YFmWZlDcsSk+7EGkoK0SkAhNsrIQa55IRIVqisX3zqE="; }; - cargoHash = "sha256-ASDfIpwvgYR3vukhtpXJWles5ErytUpW2VjYIpidyWk="; + cargoHash = "sha256-8ZENe576gqm+FkQPCgz6mScqdacHilARFWmfe+kDL2A="; KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; From 33afc30f272133683f5211a3c5910d0a304ad24f Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Wed, 21 Aug 2024 22:21:16 -0400 Subject: [PATCH 3/6] kanidm: pin updatescript to version tags (cherry picked from commit 32679fbfedf611a878c95b66d1ee8664c9615739) --- pkgs/by-name/ka/kanidm/package.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/by-name/ka/kanidm/package.nix b/pkgs/by-name/ka/kanidm/package.nix index 62c076967f6c3..55130c470834a 100644 --- a/pkgs/by-name/ka/kanidm/package.nix +++ b/pkgs/by-name/ka/kanidm/package.nix @@ -89,7 +89,13 @@ rustPlatform.buildRustPackage rec { inherit (nixosTests) kanidm; }; - updateScript = nix-update-script { }; + updateScript = nix-update-script { + # avoid spurious releases and tags such as "debs" + extraArgs = [ + "-vr" + "v(.*)" + ]; + }; }; meta = with lib; { From f10dac3c89a311343f41b42c917e562e382e68fc Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 22 Aug 2024 02:22:21 +0000 Subject: [PATCH 4/6] kanidm: 1.3.2 -> 1.3.3 (cherry picked from commit e78f80bc6bd9123a25d4eb2da33a816425d49712) --- pkgs/by-name/ka/kanidm/package.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/by-name/ka/kanidm/package.nix b/pkgs/by-name/ka/kanidm/package.nix index 55130c470834a..1f845756304fa 100644 --- a/pkgs/by-name/ka/kanidm/package.nix +++ b/pkgs/by-name/ka/kanidm/package.nix @@ -20,16 +20,16 @@ let in rustPlatform.buildRustPackage rec { pname = "kanidm"; - version = "1.3.2"; + version = "1.3.3"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-YFmWZlDcsSk+7EGkoK0SkAhNsrIQa55IRIVqisX3zqE="; + hash = "sha256-W5G7osV4du6w/BfyY9YrDzorcLNizRsoz70RMfO2AbY="; }; - cargoHash = "sha256-8ZENe576gqm+FkQPCgz6mScqdacHilARFWmfe+kDL2A="; + cargoHash = "sha256-gJrzOK6vPPBgsQFkKrbMql00XSfKGjgpZhYJLTURxoI="; KANIDM_BUILD_PROFILE = "release_nixos_${arch}"; @@ -89,7 +89,7 @@ rustPlatform.buildRustPackage rec { inherit (nixosTests) kanidm; }; - updateScript = nix-update-script { + updateScript = nix-update-script { # avoid spurious releases and tags such as "debs" extraArgs = [ "-vr" From 00abdbc62033e9717a69f453e18ece8ee8b83d3a Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 22 Aug 2024 10:08:17 -0400 Subject: [PATCH 5/6] nixos/tests/kanidm: bind certs path to fix ofborg tests provision # [ 8.223448] (kanidmd)[819]: kanidm.service: Failed to set up mount namespacing: /ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ofborg-evaluator-1/nixos/tests/common/acme/server: No such file or directory (cherry picked from commit b93f6e4acd3a1e3fdc66ebf27c4d47a2e7fa99b6) --- nixos/tests/kanidm.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/nixos/tests/kanidm.nix b/nixos/tests/kanidm.nix index 8ed9af63f1d41..58b834cb7a1fd 100644 --- a/nixos/tests/kanidm.nix +++ b/nixos/tests/kanidm.nix @@ -6,6 +6,13 @@ import ./make-test-python.nix ({ pkgs, ... }: testCredentials = { password = "Password1_cZPEwpCWvrReripJmAZdmVIZd8HHoHcl"; }; + + # copy certs to store to work around mount namespacing + certsPath = pkgs.runCommandNoCC "snakeoil-certs" { } '' + mkdir $out + cp ${certs."${serverDomain}".cert} $out/snakeoil.crt + cp ${certs."${serverDomain}".key} $out/snakeoil.key + ''; in { name = "kanidm"; @@ -19,8 +26,8 @@ import ./make-test-python.nix ({ pkgs, ... }: domain = serverDomain; bindaddress = "[::]:443"; ldapbindaddress = "[::1]:636"; - tls_chain = certs."${serverDomain}".cert; - tls_key = certs."${serverDomain}".key; + tls_chain = "${certsPath}/snakeoil.crt"; + tls_key = "${certsPath}/snakeoil.key"; }; }; From 96c742c78f5a2a47d72252eeb5634a093e7c2ab8 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Thu, 22 Aug 2024 13:10:50 -0400 Subject: [PATCH 6/6] kanidm: lower rust requrement to 1.77 --- pkgs/by-name/ka/kanidm/package.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/by-name/ka/kanidm/package.nix b/pkgs/by-name/ka/kanidm/package.nix index 1f845756304fa..405fbfffd7813 100644 --- a/pkgs/by-name/ka/kanidm/package.nix +++ b/pkgs/by-name/ka/kanidm/package.nix @@ -50,6 +50,8 @@ rustPlatform.buildRustPackage rec { substituteInPlace libs/profiles/${KANIDM_BUILD_PROFILE}.toml \ --replace '@htmx_ui_pkg_path@' "${placeholder "out"}/ui/hpkg" \ --replace '@web_ui_pkg_path@' "${placeholder "out"}/ui/pkg" + + substituteInPlace Cargo.toml --replace-fail 'rust-version = "1.79"' 'rust-version = "1.77"' ''; nativeBuildInputs = [