nixops: Fix build by disabling the libvirt backend if package marked as insecure

With this change it's possible to override the libvirt package used if you absolutely need it.

pkgs/development/python-modules/libvirt/5.9.0.nix

@@ -18,6 +18,10 @@ buildPythonPackage rec {
     nosetests
   '';
 
+  passthru = {
+    inherit libvirt;
+  };
+
   meta = with lib; {
     homepage = "http://www.libvirt.org/";
     description = "libvirt Python bindings";

pkgs/tools/package-management/nixops/generic.nix

@@ -22,9 +22,10 @@ python2Packages.buildPythonApplication {
       pysqlite
       datadog
       digital-ocean
-      libvirt
       typing
-    ] ++ nixopsAzurePackages;
+      ]
+      ++ lib.optional (!libvirt.passthru.libvirt.meta.insecure or true) libvirt
+      ++ nixopsAzurePackages;
 
   checkPhase =
   # Ensure, that there are no (python) import errors

pkgs/tools/package-management/nixops/optional-virtd.patch

@@ -0,0 +1,24 @@
+diff --git a/nixops/backends/libvirtd.py b/nixops/backends/libvirtd.py
+index bc5f4af7..edd1348b 100644
+--- a/nixops/backends/libvirtd.py
++++ b/nixops/backends/libvirtd.py
+@@ -8,12 +8,18 @@ import shutil
+ import string
+ import subprocess
+ import time
+-import libvirt
+ 
+ from nixops.backends import MachineDefinition, MachineState
+ import nixops.known_hosts
+ import nixops.util
+ 
++try:
++    import libvirt
++except:
++    class libvirt(object):
++        def __getattribute__(self, name):
++            raise ValueError("The libvirt backend has been disabled because of security issues.")
++
+ # to prevent libvirt errors from appearing on screen, see
+ # https://www.redhat.com/archives/libvirt-users/2017-August/msg00011.html
+