Compare commits

..

10 Commits

Author SHA1 Message Date
Greg Shuflin
235a87946c Patch electrs to avoid chmod 2023-06-02 01:54:53 -07:00
Greg Shuflin
4b7e09e184 Patch to prevent chmod 2023-06-02 01:54:53 -07:00
Jonas Nick
d9baa2e108
Merge fort-nix/nix-bitcoin#607: joinmarket: 0.9.8 -> 0.9.9
fcd81d486d joinmarket: 0.9.8 -> 0.9.9 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK fcd81d486d

Tree-SHA512: cb6c1b750361592a7508ee94fa811824e72e3dc5d97ff3a2b73c6141e9500b7300faa0457da2ae3ccd2c443ad8dfac360be32804374a4252161fadbae06ac896
2023-05-09 07:04:59 +00:00
nixbitcoin
fcd81d486d
joinmarket: 0.9.8 -> 0.9.9 2023-05-08 19:05:43 +00:00
Jonas Nick
946b42808b
Merge fort-nix/nix-bitcoin#609: lnd: fix non-static patch URL
1d69c9c824 lnd: fix non-static patch URL (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 1d69c9c824

Tree-SHA512: b9258b6df76200d5438a5cfc5f33122b9d7905fe1a67d80325009b770fe9afb5b2504953d8d5984b43e4680c593d8058199b3321b63a268e6460ccd3bce719e5
2023-05-08 07:04:01 +00:00
Erik Arvstedt
1d69c9c824
lnd: fix non-static patch URL 2023-05-07 22:30:31 +02:00
Jonas Nick
30c874de01
Merge fort-nix/nix-bitcoin#606: Update nixpkgs
9f3daab64f lnd: fix cert key format bug (Erik Arvstedt)
744d8fe379 update nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 9f3daab64f

Tree-SHA512: eb99133c495d9e0df6ba50efb9c693a94883467845aa30537fbb7f40c60c36acb414d1865653ad33a3a05ac2e0dbfcfdc54039754aa54e83f60b9b3f071c7640
2023-05-07 19:43:22 +00:00
Jonas Nick
490146ff34
Merge fort-nix/nix-bitcoin#608: Extend expiration date of key-jonasnick.bin
5df123f3a4 Extend expiration date of key-jonasnick.bin (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 5df123f3a4

Tree-SHA512: 1ecc324a0d0d8a5339f6936da07c04abcf89459679ada11fd95d1769413db1089953198b1e0d6737b200a044f08e317ed91c58dae658c85b245c1ab423ea9389
2023-05-07 19:34:23 +00:00
Jonas Nick
5df123f3a4
Extend expiration date of key-jonasnick.bin
Exported with
`gpg --export-options export-minimal --export 0x4861DBF262123605! > key-jonasnick.bin`.
2023-05-07 19:18:05 +00:00
Erik Arvstedt
9f3daab64f
lnd: fix cert key format bug 2023-05-07 21:11:00 +02:00
15 changed files with 116 additions and 121 deletions

Binary file not shown.

View File

@ -367,9 +367,10 @@ in {
proto.sam.enable = true;
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
];
# Commented out to avoid trying to chown the nfs-mounted directory
# systemd.tmpfiles.rules = [
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
# ];
systemd.services.bitcoind = {
# Use `wants` instead of `requires` so that bitcoind and all dependent services
@ -412,9 +413,9 @@ in {
'';
# Enable RPC access for group
postStart = ''
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
'';
# postStart = ''
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
# '';
serviceConfig = nbLib.defaultHardening // {
Type = "notify";

View File

@ -61,9 +61,10 @@ in {
listenWhitelisted = true;
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
];
# Commented out to allow nfs mounts
# systemd.tmpfiles.rules = [
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
# ];
systemd.services.electrs = {
wantedBy = [ "multi-user.target" ];

View File

@ -158,7 +158,7 @@ let
onion_serving_host = ${cfg.messagingAddress}
onion_serving_port = ${toString cfg.messagingPort}
hidden_service_dir =
directory_nodes = 3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,jmdirjmioywe2s5jad7ts6kgcqg66rj6wujj6q77n6wbdrgocqwexzid.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
directory_nodes = g3hv4uynnmynqqq2mchf3fcm3yd46kfzmcdogejuckgwknwyq5ya6iad.onion:5222,3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
# irc.darkscience.net
[MESSAGING:server1]

View File

@ -22,6 +22,11 @@ let self = {
spark-wallet = pkgs.callPackage ./spark-wallet { };
trustedcoin = pkgs.callPackage ./trustedcoin { };
# TODO-EXTERNAL:
# Remove this when https://github.com/lightningnetwork/lnd/pull/7672
# has been resolved
lnd = pkgsUnstable.callPackage ./lnd { };
pyPkgs = import ./python-packages self pkgs.python3;
inherit (self.pyPkgs)
nbPython3Packages

View File

@ -1,10 +1,12 @@
{ stdenv, lib, fetchurl, python3, nbPython3PackagesJoinmarket }:
{ stdenv, lib, fetchFromGitHub, python3, nbPython3PackagesJoinmarket }:
let
version = "0.9.8";
src = fetchurl {
url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz";
sha256 = "1ab4smpyx966iiiip3g11bcslya37qhac1kgkbmsmlsdkpilw9di";
version = "0.9.9";
src = fetchFromGitHub {
owner = "joinmarket-org";
repo = "joinmarket-clientserver";
rev = "v${version}";
sha256 = "sha256-dkeSgAhjNl8o/ATKYAlQxxCrur5fLdXuMDXSnWaxYP8=";
};
runtimePackages = with nbPython3PackagesJoinmarket; [

View File

@ -1,25 +1,23 @@
#!/usr/bin/env bash
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p git gnupg jq
set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@"
newVersion=$(curl -s "https://api.github.com/repos/joinmarket-org/joinmarket-clientserver/releases" | jq -r '.[0].tag_name')
TMPDIR="$(mktemp -d -p /tmp)"
trap 'rm -rf $TMPDIR' EXIT
cd "$TMPDIR"
echo "Fetching latest release"
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
cd joinmarket-clientserver
latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
echo "Latest release is $latest"
# GPG verification
export GNUPGHOME=$TMPDIR
# Fetch release and GPG-verify the content hash
tmpdir=$(mktemp -d /tmp/joinmarket-verify-gpg.XXX)
repo=$tmpdir/repo
git clone --depth 1 --branch "${newVersion}" -c advice.detachedHead=false https://github.com/joinmarket-org/joinmarket-clientserver "$repo"
export GNUPGHOME=$tmpdir
echo "Fetching Adam Gibson's key"
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
echo "Verifying latest release"
git verify-tag "$latest"
echo
echo "Verifying commit"
git -C "$repo" verify-commit HEAD
rm -rf "$repo"/.git
newHash=$(nix hash path "$repo")
rm -rf "$tmpdir"
echo
echo "tag: $latest"
# The prefix option is necessary because GitHub prefixes the archive contents in this format
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
echo "tag: $newVersion"
echo "hash: $newHash"

12
pkgs/lnd/default.nix Normal file
View File

@ -0,0 +1,12 @@
{ lnd, fetchpatch }:
lnd.overrideAttrs (_: {
patches = [
(fetchpatch {
# https://github.com/lightningnetwork/lnd/pull/7672
name = "fix-PKCS8-cert-key-support";
url = "https://github.com/lightningnetwork/lnd/commit/bfdd5db0d97a6d65489d980a917bbd2243dfe15c.patch";
hash = "sha256-j9EirxyNi48DGzLuHcZ36LrFlbJLXrE8L+1TYh5Yznk=";
})
];
})

View File

@ -17,7 +17,6 @@ pkgs: pkgsUnstable:
fulcrum
hwi
lightning-loop
lnd
nbxplorer;
inherit pkgs pkgsUnstable;

View File

@ -2,11 +2,11 @@
buildPythonPackage rec {
pname = "bencoder.pyx";
version = "2.0.1";
version = "3.0.1";
src = fetchurl {
url = "https://github.com/whtsky/bencoder.pyx/archive/v${version}.tar.gz";
sha256 = "f3ff92ac706a7e4692bed5e6cbe205963327f3076f55e408eb948659923eac72";
url = "https://github.com/whtsky/bencoder.pyx/archive/9a47768f3ceba9df9e6fbaa7c445f59960889009.tar.gz";
sha256 = "1yh565xjbbhn49xjfms80ac8psjbzn66n8dcx0x8mn7zzjv06clz";
};
nativeBuildInputs = [ cython ];

View File

@ -22,7 +22,6 @@ rec {
};
runes = callPackage ./runes {};
sha256 = callPackage ./sha256 {};
urldecode = callPackage ./urldecode {};
};
# Joinmarket requires a custom package set because it uses older versions of Python pkgs
@ -47,12 +46,10 @@ rec {
# autobahn 20.12.3, required by joinmarketclient
autobahn = callPackage ./specific-versions/autobahn.nix {};
# pyopenssl 20.0.1, required by joinmarketdaemon
pyopenssl = callPackage ./specific-versions/pyopenssl.nix {
openssl = super.pkgs.openssl_1_1;
};
# pyopenssl 21.0.0, required by joinmarketdaemon
pyopenssl = callPackage ./specific-versions/pyopenssl.nix {};
# twisted 22.4.0, compatible with pyopenssl 20.0.1
# twisted 22.4.0, required by joinmarketbase
twisted = callPackage ./specific-versions/twisted.nix {};
};

View File

@ -1,4 +1,4 @@
{ version, src, lib, buildPythonPackage, fetchurl, urldecode, pyaes, python-bitcointx, joinmarketbase }:
{ version, src, lib, buildPythonPackage, fetchurl, pyaes, python-bitcointx, joinmarketbase }:
buildPythonPackage rec {
pname = "joinmarketbitcoin";
@ -6,7 +6,7 @@ buildPythonPackage rec {
postUnpack = "sourceRoot=$sourceRoot/jmbitcoin";
propagatedBuildInputs = [ urldecode pyaes python-bitcointx ];
propagatedBuildInputs = [ pyaes python-bitcointx ];
checkInputs = [ joinmarketbase ];

View File

@ -8,6 +8,12 @@ buildPythonPackage rec {
propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ];
# libnacl 1.8.0 is not on github
patchPhase = ''
substituteInPlace setup.py \
--replace "'libnacl==1.8.0'" "'libnacl==1.7.2'"
'';
meta = with lib; {
description = "Client library for Bitcoin coinjoins";
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";

View File

@ -6,17 +6,50 @@
, cryptography
, pyasn1
, idna
, pytest
, pytestCheckHook
, pretend
, flaky
, glibcLocales
, six
}:
let
# https://github.com/pyca/pyopenssl/issues/791
# These tests, we disable in the case that libressl is passed in as openssl.
failingLibresslTests = [
buildPythonPackage rec {
pname = "pyopenssl";
version = "21.0.0";
src = fetchPypi {
pname = "pyOpenSSL";
inherit version;
sha256 = "5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3";
};
outputs = [ "out" "dev" ];
# Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
doCheck = !stdenv.isDarwin;
nativeBuildInputs = [ openssl ];
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
checkInputs = [ pytestCheckHook pretend flaky glibcLocales ];
preCheck = ''
export LANG="en_US.UTF-8"
'';
disabledTests = [
# https://github.com/pyca/pyopenssl/issues/692
# These tests, we disable always.
"test_set_default_verify_paths"
"test_fallback_default_verify_paths"
# https://github.com/pyca/pyopenssl/issues/768
"test_wantWriteError"
# https://github.com/pyca/pyopenssl/issues/1043
"test_alpn_call_failure"
] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [
# https://github.com/pyca/pyopenssl/issues/791
# These tests, we disable in the case that libressl is passed in as openssl.
"test_op_no_compression"
"test_npn_advertise_error"
"test_npn_select_error"
@ -29,64 +62,21 @@ let
"test_verify_with_revoked"
"test_set_notAfter"
"test_set_notBefore"
];
# these tests are extremely tightly wed to the exact output of the openssl cli tool,
# including exact punctuation.
failingOpenSSL_1_1Tests = [
] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [
# these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation.
"test_dump_certificate"
"test_dump_privatekey_text"
"test_dump_certificate_request"
"test_export_text"
] ++ lib.optionals stdenv.is32bit [
# https://github.com/pyca/pyopenssl/issues/974
"test_verify_with_time"
];
disabledTests = [
# https://github.com/pyca/pyopenssl/issues/692
# These tests, we disable always.
"test_set_default_verify_paths"
"test_fallback_default_verify_paths"
# https://github.com/pyca/pyopenssl/issues/768
"test_wantWriteError"
] ++ (
lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
) ++ (
lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
) ++ (
# https://github.com/pyca/pyopenssl/issues/974
lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
);
# Compose the final string expression, including the "-k" and the single quotes.
testExpression = lib.optionalString (disabledTests != [])
"-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
in
buildPythonPackage rec {
pname = "pyopenssl";
version = "20.0.1";
src = fetchPypi {
pname = "pyOpenSSL";
inherit version;
sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
meta = with lib; {
description = "Python wrapper around the OpenSSL library";
homepage = "https://github.com/pyca/pyopenssl";
license = licenses.asl20;
maintainers = with maintainers; [ SuperSandro2000 ];
};
outputs = [ "out" "dev" ];
checkPhase = ''
runHook preCheck
export LANG="en_US.UTF-8"
py.test tests ${testExpression}
runHook postCheck
'';
# Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
doCheck = !stdenv.isDarwin;
nativeBuildInputs = [ openssl ];
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
checkInputs = [ pytest pretend flaky glibcLocales ];
}

View File

@ -1,16 +0,0 @@
{ lib, buildPythonPackage, fetchPypi }:
buildPythonPackage rec {
pname = "urldecode";
version = "0.1";
src = fetchPypi {
inherit pname version;
sha256 = "0w8my7kdwxppsfzzi1b2cxhypm6r1fsrnb2hnd752axq4gfsddjj";
};
meta = with lib; {
description = "A simple function to decode an encoded url";
homepage = "https://github.com/jennyq/urldecode";
maintainers = with maintainers; [ nixbitcoin ];
};
}