privacyIDEA: 3.5.2 -> 3.6

ChangeLog: https://github.com/privacyidea/privacyidea/releases/tag/v3.6

Unfortunately we have to use `sqlalchemy` at 1.3 for `sqlsoup`. As
`sqlalchemy` is required by a lot of packages, I decided to move this
package out of `pythonPackages` itself and instantiate a new
`pythonPackages` inside the expression where `sqlalchemy` points to
`sqlalchemy_1_3`.

6 files changed, 27 insertions, 54 deletions

diff --git a/nixos/modules/services/security/privacyidea.nix b/nixos/modules/services/security/privacyidea.nix
index 2696dca4c76..63271848e94 100644
--- a/nixos/modules/services/security/privacyidea.nix
+++ b/nixos/modules/services/security/privacyidea.nix
@@ -7,7 +7,7 @@ let
 
   uwsgi = pkgs.uwsgi.override { plugins = [ "python3" ]; };
   python = uwsgi.python3;
-  penv = python.withPackages (ps: [ ps.privacyidea ]);
+  penv = python.withPackages (const [ pkgs.privacyidea ]);
   logCfg = pkgs.writeText "privacyidea-log.cfg" ''
     [formatters]
     keys=detail
@@ -194,7 +194,7 @@ in
 
     (mkIf cfg.enable {
 
-      environment.systemPackages = [ python.pkgs.privacyidea ];
+      environment.systemPackages = [ pkgs.privacyidea ];
 
       services.postgresql.enable = mkDefault true;
 
diff --git a/pkgs/development/python-modules/privacyidea/default.nix b/pkgs/applications/misc/privacyidea/default.nix
index 11ff6f71af6..7545253d506 100644
--- a/pkgs/development/python-modules/privacyidea/default.nix
+++ b/pkgs/applications/misc/privacyidea/default.nix
@@ -1,43 +1,43 @@
-{ lib, buildPythonPackage, fetchFromGitHub, cacert, openssl, python, nixosTests
-
-, cryptography, pyrad, pymysql, python-dateutil, flask-versioned, flask_script
-, defusedxml, croniter, flask_migrate, pyjwt1, configobj, sqlsoup, pillow
-, python-gnupg, passlib, pyopenssl, beautifulsoup4, smpplib, flask-babel
-, ldap3, huey, pyyaml, qrcode, oauth2client, requests, lxml, cbor2, psycopg2
-, pydash, ecdsa
-
-, mock, pytestCheckHook, responses, testfixtures
+{ lib, fetchFromGitHub, cacert, openssl, nixosTests
+, python3
 }:
 
-buildPythonPackage rec {
+let
+  python3' = python3.override {
+    packageOverrides = self: super: {
+      sqlalchemy = super.sqlalchemy.overridePythonAttrs (oldAttrs: rec {
+        version = "1.3.24";
+        src = oldAttrs.src.override {
+          inherit version;
+          sha256 = "ebbb777cbf9312359b897bf81ba00dae0f5cb69fba2a18265dcc18a6f5ef7519";
+        };
+      });
+    };
+  };
+in
+python3'.pkgs.buildPythonPackage rec {
   pname = "privacyIDEA";
-  version = "3.5.2";
+  version = "3.6";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-k2om2LjkFRCT53ECPAJEztCiMdz4fF5eoipVUvSoyGo=";
+    sha256 = "sha256-yywkQ3TdBzRMbJGY0Seaprztgt0JrCAbgqosMQ5fcQM=";
     fetchSubmodules = true;
   };
 
-  patches = [
-    # Subset of https://github.com/privacyidea/privacyidea/commit/359db6dd10212b8a210e0a83536e92e9e796a1f8,
-    # fixes app context errors in tests. Can be removed on the next bump.
-    ./fix-tests.patch
-  ];
-
-  propagatedBuildInputs = [
+  propagatedBuildInputs = with python3'.pkgs; [
     cryptography pyrad pymysql python-dateutil flask-versioned flask_script
     defusedxml croniter flask_migrate pyjwt1 configobj sqlsoup pillow
     python-gnupg passlib pyopenssl beautifulsoup4 smpplib flask-babel
     ldap3 huey pyyaml qrcode oauth2client requests lxml cbor2 psycopg2
-    pydash ecdsa
+    pydash ecdsa google-auth importlib-metadata
   ];
 
   passthru.tests = { inherit (nixosTests) privacyidea; };
 
-  checkInputs = [ openssl mock pytestCheckHook responses testfixtures ];
+  checkInputs = with python3'.pkgs; [ openssl mock pytestCheckHook responses testfixtures ];
   disabledTests = [
     "AESHardwareSecurityModuleTestCase"
     "test_01_cert_request"
@@ -61,7 +61,7 @@ buildPythonPackage rec {
   '';
 
   postInstall = ''
-    rm -rf $out/${python.sitePackages}/tests
+    rm -r $out/${python3'.sitePackages}/tests
   '';
 
   meta = with lib; {
diff --git a/pkgs/development/python-modules/privacyidea/fix-tests.patch b/pkgs/development/python-modules/privacyidea/fix-tests.patch
deleted file mode 100644
index 67c22d2052e..00000000000
--- a/pkgs/development/python-modules/privacyidea/fix-tests.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff --git a/privacyidea/lib/resolvers/LDAPIdResolver.py b/privacyidea/lib/resolvers/LDAPIdResolver.py
-index ae9d87764..cfc609931 100644
---- a/privacyidea/lib/resolvers/LDAPIdResolver.py
-+++ b/privacyidea/lib/resolvers/LDAPIdResolver.py
-@@ -97,11 +97,6 @@
- SERVERPOOL_ROUNDS = 2
- # The number of seconds a non-responding server is removed from the server pool
- SERVERPOOL_SKIP = 30
--# The number of seconds that ldap3 waits if no server is left in the pool, before
--# starting the next round
--pooling_loop_timeout = get_app_config_value("PI_LDAP_POOLING_LOOP_TIMEOUT", 10)
--log.info("Setting system wide POOLING_LOOP_TIMEOUT to {0!s}.".format(pooling_loop_timeout))
--ldap3.set_config_parameter("POOLING_LOOP_TIMEOUT", pooling_loop_timeout)
- 
- # 1 sec == 10^9 nano secs == 10^7 * (100 nano secs)
- MS_AD_MULTIPLYER = 10 ** 7
-@@ -314,6 +309,11 @@ def __init__(self):
-         self.serverpool_rounds = SERVERPOOL_ROUNDS
-         self.serverpool_skip = SERVERPOOL_SKIP
-         self.serverpool = None
-+        # The number of seconds that ldap3 waits if no server is left in the pool, before
-+        # starting the next round
-+        pooling_loop_timeout = get_app_config_value("PI_LDAP_POOLING_LOOP_TIMEOUT", 10)
-+        log.info("Setting system wide POOLING_LOOP_TIMEOUT to {0!s}.".format(pooling_loop_timeout))
-+        ldap3.set_config_parameter("POOLING_LOOP_TIMEOUT", pooling_loop_timeout)
- 
-     def checkPass(self, uid, password):
-         """
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 94bdde6df09..fa188087a44 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -13902,6 +13902,8 @@ in
 
   premake = premake4;
 
+  privacyidea = callPackage ../applications/misc/privacyidea { };
+
   procodile = callPackage ../tools/system/procodile { };
 
   pry = callPackage ../development/tools/pry { };
diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix
index b9c37c96090..5d9e8b1b124 100644
--- a/pkgs/top-level/python-aliases.nix
+++ b/pkgs/top-level/python-aliases.nix
@@ -43,6 +43,7 @@ mapAliases ({
   googleapis_common_protos = googleapis-common-protos; # added 2021-03-19
   HAP-python = hap-python; # added 2021-06-01
   MechanicalSoup = mechanicalsoup; # added 2021-06-01
+  privacyidea = throw "renamed to pkgs.privacyidea"; # added 2021-06-20
   pylibgen = throw "pylibgen is unmaintained upstreamed, and removed from nixpkgs"; # added 2020-06-20
   pymssql = throw "pymssql has been abandoned upstream."; # added 2020-05-04
   pytest-pep8 = pytestpep8; # added 2021-01-04
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index c192dd10979..f5686850303 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -5471,8 +5471,6 @@ in {
 
   prison = callPackage ../development/python-modules/prison { };
 
-  privacyidea = callPackage ../development/python-modules/privacyidea { };
-
   pyjwt1 = callPackage ../development/python-modules/pyjwt/1.nix { };
 
   proboscis = callPackage ../development/python-modules/proboscis { };