commit c17a5d70825e24cd01c3a88849b468b947a7cf41 · pyrox.dev/nixpkgs

+11 -12

pkgs/servers/http/envoy/0001-nixpkgs-use-system-Python.patch

···

       1
       1
       -
       From 329ad7cb56e66464e5570bbb51dea0fd56c4d9ae Mon Sep 17 00:00:00 2001

     

       1
       1
       +
       From 1b6ad143c0f5f96c42f603bb93a72f788b88b622 Mon Sep 17 00:00:00 2001

     

       2
       2
        
       From: Luke Granger-Brown <git@lukegb.com>

     

       3
       3
       -
       Date: Sun, 19 Feb 2023 17:40:50 +0000

     

       3
       3
       +
       Date: Fri, 12 May 2023 08:12:04 +0100

     

       4
       4
        
       Subject: [PATCH 1/2] nixpkgs: use system Python

     

       5
       5
        
       

     

       6
       6
        
       ---

     
···

       9
       9
        
        2 files changed, 1 insertion(+), 16 deletions(-)

     

       10
       10
        
       

     

       11
       11
        
       diff --git a/bazel/python_dependencies.bzl b/bazel/python_dependencies.bzl

     

       12
       12
       -
       index a5c3283d0a..1c2c31ebf2 100644

     

       12
       12
       +
       index 37c0183664..0bee5feb7e 100644

     

       13
       13
        
       --- a/bazel/python_dependencies.bzl

     

       14
       14
        
       +++ b/bazel/python_dependencies.bzl

     

       15
       15
       -
       @@ -1,10 +1,8 @@

     

       16
       16
       -
        load("@rules_python//python:pip.bzl", "pip_install", "pip_parse")

     

       15
       15
       +
       @@ -1,24 +1,20 @@

     

       16
       16
       +
        load("@rules_python//python:pip.bzl", "pip_parse")

     

       17
       17
        
       -load("@python3_10//:defs.bzl", "interpreter")

     

       18
       18
        
        

     

       19
       19
        
        def envoy_python_dependencies():

     
···

       23
       23
        
                requirements_lock = "@envoy//tools/base:requirements.txt",

     

       24
       24
        
                extra_pip_args = ["--require-hashes"],

     

       25
       25
        
            )

     

       26
       26
       -
       @@ -12,14 +10,12 @@ def envoy_python_dependencies():

     

       27
       27
       -
            # TODO(phlax): switch to `pip_parse`

     

       28
       28
       -
            pip_install(

     

       29
       29
       -
                # Note: dev requirements do *not* check hashes

     

       30
       30
       -
       -        python_interpreter_target = interpreter,

     

       26
       26
       +
        

     

       27
       27
       +
            pip_parse(

     

       31
       28
        
                name = "dev_pip3",

     

       32
       32
       -
                requirements = "@envoy//tools/dev:requirements.txt",

     

       29
       29
       +
       -        python_interpreter_target = interpreter,

     

       30
       30
       +
                requirements_lock = "@envoy//tools/dev:requirements.txt",

     

       31
       31
       +
                extra_pip_args = ["--require-hashes"],

     

       33
       32
        
            )

     

       34
       33
        
        

     

       35
       34
        
            pip_parse(

     
···

       68
       67
        
       -

     

       69
       68
        
            aspect_bazel_lib_dependencies()

     

       70
       69
        
       -- 

     

       71
       71
       -
       2.39.1

     

       70
       70
       +
       2.40.0

     

       72
       71

+12 -28

pkgs/servers/http/envoy/0002-nixpkgs-use-system-Go.patch

···

       1
       1
       -
       From 31d864a3b6a1a3455191e87ff680eb812f77dc3c Mon Sep 17 00:00:00 2001

     

       1
       1
       +
       From 30e059d652bd4e352e2c1dc3c44d03a1e42ff912 Mon Sep 17 00:00:00 2001

     

       2
       2
        
       From: Luke Granger-Brown <git@lukegb.com>

     

       3
       3
       -
       Date: Sun, 19 Feb 2023 17:43:03 +0000

     

       3
       3
       +
       Date: Fri, 12 May 2023 08:13:21 +0100

     

       4
       4
        
       Subject: [PATCH 2/2] nixpkgs: use system Go

     

       5
       5
        
       

     

       6
       6
        
       ---

     

       7
       7
       -
        bazel/dependency_imports.bzl   | 29 +----------------------------

     

       8
       8
       -
        bazel/repositories.bzl         |  3 ---

     

       9
       9
       -
        bazel/repository_locations.bzl |  4 ++--

     

       10
       10
       -
        3 files changed, 3 insertions(+), 33 deletions(-)

     

       7
       7
       +
        bazel/dependency_imports.bzl | 29 +----------------------------

     

       8
       8
       +
        bazel/repositories.bzl       |  3 ---

     

       9
       9
       +
        2 files changed, 1 insertion(+), 31 deletions(-)

     

       11
       10
        
       

     

       12
       11
        
       diff --git a/bazel/dependency_imports.bzl b/bazel/dependency_imports.bzl

     

       13
       13
       -
       index 7dbdb0174e..e73662ed79 100644

     

       12
       12
       +
       index 681617f1b8..a10c560baf 100644

     

       14
       13
        
       --- a/bazel/dependency_imports.bzl

     

       15
       14
        
       +++ b/bazel/dependency_imports.bzl

     

       16
       16
       -
       @@ -15,7 +15,7 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "register_jq_toolchains", "regis

     

       15
       15
       +
       @@ -17,7 +17,7 @@ load("@aspect_bazel_lib//lib:repositories.bzl", "register_jq_toolchains", "regis

     

       17
       16
        
        load("@com_google_cel_cpp//bazel:deps.bzl", "parser_deps")

     

       18
       17
        
        

     

       19
       18
        
        # go version for rules_go

     
···

       22
       21
        
        

     

       23
       22
        
        JQ_VERSION = "1.6"

     

       24
       23
        
        YQ_VERSION = "4.24.4"

     

       25
       25
       -
       @@ -25,7 +25,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y

     

       24
       24
       +
       @@ -27,7 +27,6 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y

     

       26
       25
        
            rules_foreign_cc_dependencies(register_default_tools = False, register_built_tools = False)

     

       27
       26
        
            go_rules_dependencies()

     

       28
       27
        
            go_register_toolchains(go_version)

     
···

       30
       29
        
            gazelle_dependencies(go_sdk = "go_sdk")

     

       31
       30
        
            apple_rules_dependencies()

     

       32
       31
        
            pip_dependencies()

     

       33
       33
       -
       @@ -134,29 +133,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y

     

       32
       32
       +
       @@ -146,29 +145,3 @@ def envoy_dependency_imports(go_version = GO_VERSION, jq_version = JQ_VERSION, y

     

       34
       33
        
                # use_category = ["api"],

     

       35
       34
        
                # source = "https://github.com/bufbuild/protoc-gen-validate/blob/v0.6.1/dependencies.bzl#L23-L28"

     

       36
       35
        
            )

     
···

       61
       60
        
       -        version = go_version,

     

       62
       61
        
       -    )

     

       63
       62
        
       diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl

     

       64
       64
       -
       index fca05b6062..a2f60014cb 100644

     

       63
       63
       +
       index 6d2cf2014c..a8375bcdef 100644

     

       65
       64
        
       --- a/bazel/repositories.bzl

     

       66
       65
        
       +++ b/bazel/repositories.bzl

     

       67
       67
       -
       @@ -115,9 +115,6 @@ def _go_deps(skip_targets):

     

       66
       66
       +
       @@ -196,9 +196,6 @@ def _go_deps(skip_targets):

     

       68
       67
        
            if "io_bazel_rules_go" not in skip_targets:

     

       69
       68
        
                external_http_archive(

     

       70
       69
        
                    name = "io_bazel_rules_go",

     
···

       74
       73
        
                )

     

       75
       74
        
                external_http_archive("bazel_gazelle")

     

       76
       75
        
        

     

       77
       77
       -
       diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl

     

       78
       78
       -
       index e4e89d281a..fb62c4f8f3 100644

     

       79
       79
       -
       --- a/bazel/repository_locations.bzl

     

       80
       80
       -
       +++ b/bazel/repository_locations.bzl

     

       81
       81
       -
       @@ -878,8 +878,8 @@ REPOSITORY_LOCATIONS_SPEC = dict(

     

       82
       82
       -
                project_name = "Go rules for Bazel",

     

       83
       83
       -
                project_desc = "Bazel rules for the Go language",

     

       84
       84
       -
                project_url = "https://github.com/bazelbuild/rules_go",

     

       85
       85
       -
       -        version = "0.36.0",

     

       86
       86
       -
       -        sha256 = "ae013bf35bd23234d1dea46b079f1e05ba74ac0321423830119d3e787ec73483",

     

       87
       87
       -
       +        version = "0.38.1",

     

       88
       88
       -
       +        sha256 = "dd926a88a564a9246713a9c00b35315f54cbd46b31a26d5d8fb264c07045f05d",

     

       89
       89
       -
                urls = ["https://github.com/bazelbuild/rules_go/releases/download/v{version}/rules_go-v{version}.zip"],

     

       90
       90
       -
                use_category = ["build", "api"],

     

       91
       91
       -
                release_date = "2022-11-23",

     

       92
       76
        
       -- 

     

       93
       93
       -
       2.39.1

     

       77
       77
       +
       2.40.0

     

       94
       78

+7 -15

pkgs/servers/http/envoy/default.nix

···

       1
       1
        
       { lib

     

       2
       2
       -
       , bazel_5

     

       2
       2
       +
       , bazel_6

     

       3
       3
        
       , bazel-gazelle

     

       4
       4
        
       , buildBazelPackage

     

       5
       5
        
       , fetchFromGitHub

     
···

       24
       24
        
           # However, the version string is more useful for end-users.

     

       25
       25
        
           # These are contained in a attrset of their own to make it obvious that

     

       26
       26
        
           # people should update both.

     

       27
       27
       -
           version = "1.25.1";

     

       28
       28
       -
           rev = "bae2e9d642a6a8ae6c5d3810f77f3e888f0d97da";

     

       27
       27
       +
           version = "1.26.1";

     

       28
       28
       +
           rev = "c7e8e7356d3a969c1b8e4e1f2687699acd91c6a1";

     

       29
       29
        
         };

     

       30
       30
        
       in

     

       31
       31
        
       buildBazelPackage rec {

     

       32
       32
        
         pname = "envoy";

     

       33
       33
        
         inherit (srcVer) version;

     

       34
       34
       -
         bazel = bazel_5;

     

       34
       34
       +
         bazel = bazel_6;

     

       35
       35
        
         src = fetchFromGitHub {

     

       36
       36
        
           owner = "envoyproxy";

     

       37
       37
        
           repo = "envoy";

     

       38
       38
        
           inherit (srcVer) rev;

     

       39
       39
       -
           sha256 = "sha256-qA3+bta2vXGtAYX3mg+CmSIEitk4576JQB/QLPsj9Vc=";

     

       39
       39
       +
           sha256 = "sha256-WHedup6z/9t/Jg6CBrwtDy9xv6IwO3gUuBqos4h+k2s=";

     

       40
       40
        
       

     

       41
       41
        
           postFetch = ''

     

       42
       42
        
             chmod -R +w $out

     
···

       80
       80
        
       

     

       81
       81
        
         fetchAttrs = {

     

       82
       82
        
           sha256 = {

     

       83
       83
       -
             x86_64-linux = "sha256-koz08NWUq5Fkca++1G7WEmg24G6FuMQOgRN3+HBtNIk=";

     

       84
       84
       -
             aarch64-linux = "sha256-oSybAw58yK0BUhS8MU2Y9hRo0mU/7xT7VKU3tDW4xN0=";

     

       83
       83
       +
             x86_64-linux = "sha256-jx8RavJKlBtZQtZf4GrUkOlhM6qI4LO5lK3HRgn1vzE=";

     

       84
       84
       +
             aarch64-linux = "sha256-toEPrGVh61sHsVbhsideMmnX8uXIN+2x8LuZpczTEdw=";

     

       85
       85
        
           }.${stdenv.system} or (throw "unsupported system ${stdenv.system}");

     

       86
       86
        
           dontUseCmakeConfigure = true;

     

       87
       87
        
           dontUseGnConfigure = true;

     
···

       176
       176
        
           license = licenses.asl20;

     

       177
       177
        
           maintainers = with maintainers; [ lukegb ];

     

       178
       178
        
           platforms = [ "x86_64-linux" "aarch64-linux" ];

     

       179
       179
       -
           knownVulnerabilities = [

     

       180
       180
       -
             "CVE-2023-27487"

     

       181
       181
       -
             "CVE-2023-27488"

     

       182
       182
       -
             "CVE-2023-27491"

     

       183
       183
       -
             "CVE-2023-27492"

     

       184
       184
       -
             "CVE-2023-27493"

     

       185
       185
       -
             "CVE-2023-27496"

     

       186
       186
       -
           ];

     

       187
       179
        
         };

     

       188
       180
        
       }