diff options
author | Luke Granger-Brown <git@lukegb.com> | 2021-12-21 13:47:13 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-21 13:47:13 -0800 |
commit | b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b (patch) | |
tree | 609cacbe2b8700c5f99d40fe5f015919cbe5abcc /pkgs/servers/http | |
parent | ddbdf98a33edb4ff27925e2119171bee06d27b6e (diff) | |
parent | 74560e35e5c8ada70bb170be352d8996160f7be3 (diff) | |
download | nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.tar nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.tar.gz nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.tar.bz2 nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.tar.lz nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.tar.xz nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.tar.zst nixpkgs-b4d776b26b4f4deb6151b3cd6bb5a804cb8c757b.zip |
Merge pull request #138359 from lukegb/pomerium
pomerium: 0.14.7 -> 0.15.7
Diffstat (limited to 'pkgs/servers/http')
-rw-r--r-- | pkgs/servers/http/envoy/default.nix | 14 | ||||
-rw-r--r-- | pkgs/servers/http/pomerium/default.nix | 67 |
2 files changed, 43 insertions, 38 deletions
diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix index d26782560a4..c81d79dbb24 100644 --- a/pkgs/servers/http/envoy/default.nix +++ b/pkgs/servers/http/envoy/default.nix @@ -17,8 +17,8 @@ let # However, the version string is more useful for end-users. # These are contained in a attrset of their own to make it obvious that # people should update both. - version = "1.17.3"; - commit = "46bf743b97d0d3f01ff437b2f10cc0bd9cdfe6e4"; + version = "1.19.1"; + commit = "a2a1e3eed4214a38608ec223859fcfa8fb679b14"; }; in buildBazelPackage rec { @@ -28,7 +28,7 @@ buildBazelPackage rec { owner = "envoyproxy"; repo = "envoy"; rev = srcVer.commit; - hash = "sha256:09zzr4h3zjsb2rkxrvlazpx0jy33yn9j65ilxiqbvv0ckaralqfc"; + hash = "sha256:1v1hv4blrppnhllsxd9d3k2wl6nhd59r4ydljy389na3bb41jwf9"; extraPostFetch = '' chmod -R +w $out @@ -58,7 +58,7 @@ buildBazelPackage rec { ]; fetchAttrs = { - sha256 = "sha256:1cy2b73x8jzczq9z9c1kl7zrg5iasvsakb50zxn4mswpmajkbj5h"; + sha256 = "sha256:0vnl0gq6nhvyzz39jg1bvvna0xyhxalg71bp1jbxib7ql026004r"; dontUseCmakeConfigure = true; dontUseGnConfigure = true; preInstall = '' @@ -75,12 +75,6 @@ buildBazelPackage rec { $bazelOut/external/local_config_sh/BUILD rm -r $bazelOut/external/go_sdk - # Replace some wheels which are only used for tests with empty files; - # they're nondeterministically built and packed. - >$bazelOut/external/config_validation_pip3/PyYAML-5.3.1-cp38-cp38-linux_x86_64.whl - >$bazelOut/external/protodoc_pip3/PyYAML-5.3.1-cp38-cp38-linux_x86_64.whl - >$bazelOut/external/thrift_pip3/thrift-0.13.0-cp38-cp38-linux_x86_64.whl - # Remove Unix timestamps from go cache. rm -rf $bazelOut/external/bazel_gazelle_go_repository_cache/{gocache,pkg/mod/cache,pkg/sumdb} ''; diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 7b28200b284..cbf2fe19435 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -7,19 +7,19 @@ }: let - inherit (lib) concatStringsSep mapAttrsToList; + inherit (lib) concatStringsSep concatMap id mapAttrsToList; in buildGoModule rec { pname = "pomerium"; - version = "0.14.7"; + version = "0.15.7"; src = fetchFromGitHub { owner = "pomerium"; repo = "pomerium"; rev = "v${version}"; - hash = "sha256:1jb96jk5qmary4fi1z9zwmppdyskj0qb6qii8s8mwazjjxqj1z2s"; + hash = "sha256:0adlk4ylny1z43x1dw3ny0s1932vhb61hpf5wdz4r65y8k9qyfgr"; }; - vendorSha256 = "sha256:1daabi9qc9nx8bafn26iw6rv4vx2xpd0nnk06265aqaksx26db0s"; + vendorSha256 = "sha256:1fszfbra84pcs8v1h2kf7iy603vf9v2ysg6il76aqmqrxmb1p7nv"; subPackages = [ "cmd/pomerium" "cmd/pomerium-cli" @@ -28,38 +28,49 @@ buildGoModule rec { ldflags = let # Set a variety of useful meta variables for stamping the build with. setVars = { - Version = "v${version}"; - BuildMeta = "nixpkgs"; - ProjectName = "pomerium"; - ProjectURL = "github.com/pomerium/pomerium"; + "github.com/pomerium/pomerium/internal/version" = { + Version = "v${version}"; + BuildMeta = "nixpkgs"; + ProjectName = "pomerium"; + ProjectURL = "github.com/pomerium/pomerium"; + }; + "github.com/pomerium/pomerium/internal/envoy" = { + OverrideEnvoyPath = "${envoy}/bin/envoy"; + }; }; - varFlags = concatStringsSep " " (mapAttrsToList (name: value: "-X github.com/pomerium/pomerium/internal/version.${name}=${value}") setVars); + concatStringsSpace = list: concatStringsSep " " list; + mapAttrsToFlatList = fn: list: concatMap id (mapAttrsToList fn list); + varFlags = concatStringsSpace ( + mapAttrsToFlatList (package: packageVars: + mapAttrsToList (variable: value: + "-X ${package}.${variable}=${value}" + ) packageVars + ) setVars); in [ "${varFlags}" ]; - nativeBuildInputs = [ - zip - ]; + preBuild = '' + # Replace embedded envoy with nothing. + # We set OverrideEnvoyPath above, so rawBinary should never get looked at + # but we still need to set a checksum/version. + rm internal/envoy/files/files_{darwin,linux}*.go + cat <<EOF >internal/envoy/files/files_generic.go + package files - # Pomerium expects to have envoy append to it in a zip. - # We use a store-only (-0) zip, so that the Nix scanner can find any store references we had in the envoy binary. - postBuild = '' - # Append Envoy - pushd $NIX_BUILD_TOP - mkdir -p envoy - cd envoy - cp ${envoy}/bin/envoy envoy - zip -0 envoy.zip envoy - popd + import _ "embed" // embed - mv $GOPATH/bin/pomerium $GOPATH/bin/pomerium.old - cat $GOPATH/bin/pomerium.old $NIX_BUILD_TOP/envoy/envoy.zip >$GOPATH/bin/pomerium - zip --adjust-sfx $GOPATH/bin/pomerium - ''; + var rawBinary []byte - # We also need to set dontStrip to avoid having the envoy ZIP stripped off the end. - dontStrip = true; + //go:embed envoy.sha256 + var rawChecksum string + + //go:embed envoy.version + var rawVersion string + EOF + sha256sum '${envoy}/bin/envoy' > internal/envoy/files/envoy.sha256 + echo '${envoy.version}' > internal/envoy/files/envoy.version + ''; installPhase = '' install -Dm0755 $GOPATH/bin/pomerium $out/bin/pomerium |