diff --git a/.circleci/config.yml b/.circleci/config.yml index 57a69a8c..32163c58 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -55,7 +55,7 @@ aliases: - nix_docker: &NIX_DOCKER # Run in a highly Nix-capable environment. - - image: "nixos/nix:2.15.0" + - image: "nixos/nix:2.18.9" - nix_environ: &NIX_ENVIRON # Let us use features marked "experimental". For example, most/all of @@ -515,6 +515,8 @@ workflows: py-version: - "39" - "310" + - "311" + - "312" tahoe-lafs: - "1_18_0" # This is usually not master@HEAD because it is still pinned to diff --git a/flake.lock b/flake.lock index c89df84f..7faa297d 100644 --- a/flake.lock +++ b/flake.lock @@ -115,16 +115,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730327045, - "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "lastModified": 1747209494, + "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "rev": "5d736263df906c5da72ab0f372427814de2f52f8", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 8971377d..fc4ed462 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "A Tahoe-LAFS storage-system plugin which authorizes storage operations based on privacy-respecting tokens."; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs?ref=nixos-24.11"; flake-utils.url = "github:numtide/flake-utils"; challenge-bypass-ristretto.url = github:LeastAuthority/python-challenge-bypass-ristretto; challenge-bypass-ristretto.inputs.nixpkgs.follows = "nixpkgs"; @@ -31,7 +31,7 @@ # The names of the nixpkgs Python derivations for which we will expose # packages. - pyVersions = [ "python310" "python39" ]; + pyVersions = [ "python312" "python311" "python310" "python39" ]; # All of the versions our Tahoe-LAFS dependency for which we will expose # packages. diff --git a/nix/collections-extended.nix b/nix/collections-extended.nix new file mode 100644 index 00000000..85dfc034 --- /dev/null +++ b/nix/collections-extended.nix @@ -0,0 +1,44 @@ +{ + lib, + buildPythonPackage, + fetchFromGitHub, + hypothesis, + poetry-core, + pytestCheckHook, + pythonOlder, + pythonAtLeast, +}: + +buildPythonPackage rec { + pname = "collections-extended"; + version = "2.0.2.post1"; + format = "pyproject"; + + # https://github.com/mlenzen/collections-extended/issues/198 + # My own running the test suggest Python 3.12 is still fine. + disabled = pythonOlder "3.6" || pythonAtLeast "3.13"; + + src = fetchFromGitHub { + owner = "mlenzen"; + repo = pname; + # This version includes our hero JP's patches for Python 3.11. + rev = "8b93390636d58d28012b8e9d22334ee64ca37d73"; + hash = "sha256-e7RCpNsqyS1d3q0E+uaE4UOEQziueYsRkKEvy3gCHt0="; + }; + + nativeBuildInputs = [ poetry-core ]; + + nativeCheckInputs = [ + hypothesis + pytestCheckHook + ]; + + pythonImportsCheck = [ "collections_extended" ]; + + meta = with lib; { + description = "Extra Python Collections - bags (multisets), setlists (unique list/indexed set), RangeMap and IndexedDict"; + homepage = "https://github.com/mlenzen/collections-extended"; + license = licenses.asl20; + maintainers = with maintainers; [ exarkun ]; + }; +} diff --git a/nix/compose.nix b/nix/compose.nix index 19facc18..6cc0bf41 100644 --- a/nix/compose.nix +++ b/nix/compose.nix @@ -2,11 +2,11 @@ buildPythonPackage rec { pname = "compose"; - version = "1.4.8"; + version = "1.6.2"; src = fetchPypi { inherit pname version; - sha256 = "sha256-mpRabfC4LE6xYlHmQbHb1yXxLDtH5idwN4GbUnCPGTo="; + sha256 = "sha256-yUP6goTByziSklOIhi4gPJiISE5M4/1RcVBnaWkNi00="; }; meta = with lib; { diff --git a/nix/flake8-black.nix b/nix/flake8-black.nix deleted file mode 100644 index a3e27ff1..00000000 --- a/nix/flake8-black.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ fetchPypi -, buildPythonPackage -, flake8 -, black -, tomli -, setuptools -}: -buildPythonPackage rec { - pname = "flake8-black"; - version = "0.3.6"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-DfvKMnR3d5KlvLKviHpMrXLHLQ6GyU4I46PeFRu0HDQ="; - }; - - format = "pyproject"; - # doCheck = false; - buildInputs = [ setuptools ]; - propagatedBuildInputs = [ flake8 black tomli ]; - pythonImportsCheck = [ "flake8_black" ]; -} diff --git a/nix/flake8-isort.nix b/nix/flake8-isort.nix deleted file mode 100644 index 45a6d3e1..00000000 --- a/nix/flake8-isort.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ fetchPypi -, buildPythonPackage -, flake8 -, isort -}: -buildPythonPackage rec { - pname = "flake8-isort"; - version = "6.0.0"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-U39FOmYNfpA/YC7Po2E2sUDeJ531jQLrG2oMhOg8Uow="; - }; - - doCheck = false; - propagatedBuildInputs = [ flake8 isort ]; - pythonImportsCheck = [ "flake8_isort" ]; -} diff --git a/nix/hypothesis.nix b/nix/hypothesis.nix deleted file mode 100644 index 7f475b82..00000000 --- a/nix/hypothesis.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ hypothesis, fetchFromGitHub }: -hypothesis.overrideAttrs (old: rec { - version = "6.74.1"; - name = "hypothesis-${version}"; - src = fetchFromGitHub { - owner = "HypothesisWorks"; - repo = "hypothesis"; - rev = "hypothesis-python-${version}"; - hash = "sha256-bzbC9TmqqvrgTkJ3aZjp3Dd9MgeGxOkj1bz03Ng2sCo="; - }; -}) diff --git a/nix/klein.nix b/nix/klein.nix deleted file mode 100644 index be442646..00000000 --- a/nix/klein.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ klein, fetchPypi }: -klein.overrideAttrs (old: rec { - pname = "klein"; - version = "23.5.0"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-kGkSt6tBDZp/NRICg5w81zoqwHe9AHHIYcMfDu92Aoc="; - }; -}) diff --git a/nix/lib.nix b/nix/lib.nix index d25f5c45..559b5856 100644 --- a/nix/lib.nix +++ b/nix/lib.nix @@ -40,8 +40,6 @@ rec { # our override recursively to the package set until the return value is # the same as the input. packageOverrides = self: super: { - pycddl = self.callPackage ./pycddl.nix {}; - # The foolscap test suite has one failing test when run against the # new version of Twisted, so disable the test suite for now. XXX # Maybe we could just disable the one failing test, @@ -51,15 +49,6 @@ rec { compose = self.callPackage ./compose.nix {}; tahoe-capabilities = self.callPackage ./tahoe-capabilities.nix {}; - pyopenssl = self.callPackage ./pyopenssl.nix { - inherit (super) pyopenssl; - }; - - # The klein test suite is a little broken so ... don't run it. - klein = dontCheck (self.callPackage ./klein.nix { - inherit (super) klein; - }); - # Disable some expensive dependencies that we don't care about. black = dontCheck (super.black.override { aiohttp = null; @@ -69,6 +58,9 @@ rec { # tokenize-rt = null; }); + # Something wants ipython - it breaks Python39 though, so we turn it off. + ipython = null; + tqdm = dontCheck super.tqdm; isort = dontCheck super.isort; @@ -79,16 +71,8 @@ rec { postPatch = tahoe-lafs.buildArgs.postPatch or null; }; - flake8-isort = self.callPackage ./flake8-isort.nix {}; - flake8-black = self.callPackage ./flake8-black.nix {}; - mypy-zope = self.callPackage ./mypy-zope.nix {}; - types-PyYAML = self.callPackage ./types-pyyaml.nix {}; - - # Hypothesis 6.54-ish has a bug that causes our test suite to fail. - # Get a newer one. - hypothesis = self.callPackage ./hypothesis.nix { - inherit (super) hypothesis; - }; + # collections-extended isn't maintained anymore. + collections-extended = self.callPackage ./collections-extended.nix {}; }; }); in with python.pkgs; buildPythonPackage rec { @@ -96,8 +80,8 @@ rec { pname = "ZKAPAuthorizer"; # Don't forget to bump the version number in # src/_zkapauthorizer/__init__.py too. - version = "2022.8.21"; - format = "setuptools"; + version = "2025.5.15"; + # format = "setuptools"; # Should this be nativeCheckInputs? It might matter for # cross-compilation. It's not clear cross-compilation works for Python diff --git a/nix/mypy-zope.nix b/nix/mypy-zope.nix deleted file mode 100644 index ff0114f5..00000000 --- a/nix/mypy-zope.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ fetchPypi -, buildPythonPackage -, pythonPackages -, zope_interface -, zope_schema -}: -buildPythonPackage rec { - pname = "mypy-zope"; - version = "0.3.11"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-1CVfnwTUjHkIO71OL+oGUTpqx7jeBvjEzlY/2FFCygU="; - }; - - # doCheck = false; - propagatedBuildInputs = [ pythonPackages.mypy zope_interface zope_schema ]; - pythonImportsCheck = [ "mypy_zope" ]; -} diff --git a/nix/pycddl.nix b/nix/pycddl.nix deleted file mode 100644 index 0f6a0329..00000000 --- a/nix/pycddl.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, fetchPypi, buildPythonPackage, rustPlatform }: -buildPythonPackage rec { - pname = "pycddl"; - version = "0.4.0"; - format = "pyproject"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-w0CGbPeiXyS74HqZXyiXhvaAMUaIj5onwjl9gWKAjqY="; - }; - - nativeBuildInputs = with rustPlatform; [ - maturinBuildHook - cargoSetupHook - ]; - - cargoDeps = rustPlatform.fetchCargoTarball { - inherit src; - name = "${pname}-${version}"; - hash = "sha256-g96eeaqN9taPED4u+UKUcoitf5aTGFrW2/TOHoHEVHs="; - }; -} diff --git a/nix/pyopenssl.nix b/nix/pyopenssl.nix deleted file mode 100644 index b8966fad..00000000 --- a/nix/pyopenssl.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pyopenssl, fetchPypi, isPyPy }: -pyopenssl.overrideAttrs (old: rec { - pname = "pyOpenSSL"; - version = "23.2.0"; - name = "${pname}-${version}"; - src = fetchPypi { - inherit pname version; - sha256 = "J2+TH1WkUufeppxxc+mE6ypEB85BPJGKo0tV+C+bi6w="; - }; -}) diff --git a/nix/tahoe-lafs.nix b/nix/tahoe-lafs.nix index f2ae1a1d..876f555b 100644 --- a/nix/tahoe-lafs.nix +++ b/nix/tahoe-lafs.nix @@ -3,16 +3,17 @@ buildPythonPackage { pname = "tahoe-lafs"; version = tahoe-lafs-version; src = tahoe-lafs-src; + pyproject = true; - postPatch = - (if postPatch == null then "" else postPatch) + - # This < is really trying to be a !=. We provide a new-enough Autobahn - # that it actually works, so remove the constraint from the Python metadata. - '' - sed -i -e "s/autobahn < 22.4.1/autobahn/" setup.py - ''; + # postPatch = + # (if postPatch == null then "" else postPatch) + + # # This < is really trying to be a !=. We provide a new-enough Autobahn + # # that it actually works, so remove the constraint from the Python metadata. + # '' + # sed -i -e "s/autobahn < 22.4.1/autobahn/" setup.py + # ''; - dontUseSetuptoolsCheck = true; + # dontUseSetuptoolsCheck = true; propagatedBuildInputs = with pythonPackages; [ zfec zope_interface @@ -30,6 +31,8 @@ buildPythonPackage { netifaces pyutil collections-extended + hatchling + hatch-vcs klein werkzeug treq @@ -42,5 +45,7 @@ buildPythonPackage { appdirs bcrypt aniso8601 + pip + orjson ]; } diff --git a/nix/tahoe-versions.nix b/nix/tahoe-versions.nix index 2b114520..d6006295 100644 --- a/nix/tahoe-versions.nix +++ b/nix/tahoe-versions.nix @@ -7,6 +7,11 @@ let version = "1.18.0"; sha256 = "sha256-cXpHDfNO3TGta5RGfauqHK7dfy9SM7BLidjP6TbjF/4="; }; + v1_20_0 = fetchPypi { + pname = "tahoe_lafs"; + version = "1.20.0"; + sha256 = "sha256-0SH6t4TIraiV10Y++A5laX4pWqbET1CaPc5AE8pvV2g="; + }; in [ { @@ -21,6 +26,18 @@ in }; } + { + # The version ends up in the output name and dots conflict with their use + # by Nix to select set attributes and end up require annoying quoting in + # command line usage. Avoid that by using a different component separator + # (`_`). + version = "1_20_0"; + buildArgs = { + version = "1.20.0"; + src = v1_20_0; + }; + } + # Some other version. Often probably a recent master revision, but who # knows. { @@ -31,24 +48,24 @@ in # we'll call it something close to another version we know about. If we # really need to know what version it was then the Nix derivation has # this information and we can dig it out. - version = "1.18.0.post1"; - postPatch = - let - versionFileContents = version: '' - # This _version.py is generated by ZKAPAuthorizer's tahoe-lafs.nix. - # TODO: We can have more metadata after we switch to flakes. - # Then the `self` input will have a `sourceInfo` attribute telling - __pkgname__ = "tahoe-lafs" - real_version = "${version}" - full_version = "${version}" - branch = "" - verstr = "${version}" - __version__ = verstr - ''; - in - '' - cp ${builtins.toFile "_version.py" (versionFileContents version)} src/allmydata/_version.py - ''; + version = "1.20.0.post1"; + # postPatch = + # let + # versionFileContents = version: '' + # # This _version.py is generated by ZKAPAuthorizer's tahoe-lafs.nix. + # # TODO: We can have more metadata after we switch to flakes. + # # Then the `self` input will have a `sourceInfo` attribute telling + # __pkgname__ = "tahoe-lafs" + # real_version = "${version}" + # full_version = "${version}" + # branch = "" + # verstr = "${version}" + # __version__ = verstr + # ''; + # in + # '' + # cp ${builtins.toFile "_version.py" (versionFileContents version)} src/allmydata/_version.py + # ''; }; } ] diff --git a/nix/types-pyyaml.nix b/nix/types-pyyaml.nix deleted file mode 100644 index 98cec85d..00000000 --- a/nix/types-pyyaml.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ fetchPypi -, buildPythonPackage -}: -buildPythonPackage rec { - pname = "types-PyYAML"; - version = "6.0.12.9"; - - src = fetchPypi { - inherit pname version; - hash = "sha256-xRsb1tmd3wqiiEp6MogQ6/cKQmLCkhldP0+aAAX57rY="; - }; -} diff --git a/src/_zkapauthorizer/__init__.py b/src/_zkapauthorizer/__init__.py index 85d5fbc5..7d6daaf0 100644 --- a/src/_zkapauthorizer/__init__.py +++ b/src/_zkapauthorizer/__init__.py @@ -28,4 +28,4 @@ NAME = "privatestorageio-zkapauthz-v2" # Don't forget to bump the version number in nix/lib.nix too. -__version__ = "2022.8.21" +__version__ = "2025.5.15"