nixops: Fix build by disabling the libvirt backend if package marked as insecure

With this change it's possible to override the libvirt package used if you absolutely need it.

2 files changed, 27 insertions, 2 deletions

diff --git a/pkgs/tools/package-management/nixops/generic.nix b/pkgs/tools/package-management/nixops/generic.nix
index 564256de35d..57f64531a9b 100644
--- a/pkgs/tools/package-management/nixops/generic.nix
+++ b/pkgs/tools/package-management/nixops/generic.nix
@@ -22,9 +22,10 @@ python2Packages.buildPythonApplication {
       pysqlite
       datadog
       digital-ocean
-      libvirt
       typing
-    ] ++ nixopsAzurePackages;
+      ]
+      ++ lib.optional (!libvirt.passthru.libvirt.meta.insecure or true) libvirt
+      ++ nixopsAzurePackages;
 
   checkPhase =
   # Ensure, that there are no (python) import errors
diff --git a/pkgs/tools/package-management/nixops/optional-virtd.patch b/pkgs/tools/package-management/nixops/optional-virtd.patch
new file mode 100644
index 00000000000..3697fdde8f2
--- /dev/null
+++ b/pkgs/tools/package-management/nixops/optional-virtd.patch
@@ -0,0 +1,24 @@
+diff --git a/nixops/backends/libvirtd.py b/nixops/backends/libvirtd.py
+index bc5f4af7..edd1348b 100644
+--- a/nixops/backends/libvirtd.py
++++ b/nixops/backends/libvirtd.py
+@@ -8,12 +8,18 @@ import shutil
+ import string
+ import subprocess
+ import time
+-import libvirt
+ 
+ from nixops.backends import MachineDefinition, MachineState
+ import nixops.known_hosts
+ import nixops.util
+ 
++try:
++    import libvirt
++except:
++    class libvirt(object):
++        def __getattribute__(self, name):
++            raise ValueError("The libvirt backend has been disabled because of security issues.")
++
+ # to prevent libvirt errors from appearing on screen, see
+ # https://www.redhat.com/archives/libvirt-users/2017-August/msg00011.html
+