From 418af7d7aae6ad5c15b8c31d0fc7052d7c5625ed Mon Sep 17 00:00:00 2001 From: adisbladis Date: Mon, 8 Feb 2021 16:00:53 +0100 Subject: [PATCH] nixops: Fix build by disabling the libvirt backend if package marked as insecure With this change it's possible to override the libvirt package used if you absolutely need it. --- .../python-modules/libvirt/5.9.0.nix | 4 ++++ .../package-management/nixops/generic.nix | 5 ++-- .../nixops/optional-virtd.patch | 24 +++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 pkgs/tools/package-management/nixops/optional-virtd.patch diff --git a/pkgs/development/python-modules/libvirt/5.9.0.nix b/pkgs/development/python-modules/libvirt/5.9.0.nix index bfc6b711ab20..9cbd042c55ae 100644 --- a/pkgs/development/python-modules/libvirt/5.9.0.nix +++ b/pkgs/development/python-modules/libvirt/5.9.0.nix @@ -18,6 +18,10 @@ buildPythonPackage rec { nosetests ''; + passthru = { + inherit libvirt; + }; + meta = with lib; { homepage = "http://www.libvirt.org/"; description = "libvirt Python bindings"; diff --git a/pkgs/tools/package-management/nixops/generic.nix b/pkgs/tools/package-management/nixops/generic.nix index 564256de35d1..57f64531a9b0 100644 --- a/pkgs/tools/package-management/nixops/generic.nix +++ b/pkgs/tools/package-management/nixops/generic.nix @@ -22,9 +22,10 @@ python2Packages.buildPythonApplication { pysqlite datadog digital-ocean - libvirt typing - ] ++ nixopsAzurePackages; + ] + ++ lib.optional (!libvirt.passthru.libvirt.meta.insecure or true) libvirt + ++ nixopsAzurePackages; checkPhase = # Ensure, that there are no (python) import errors diff --git a/pkgs/tools/package-management/nixops/optional-virtd.patch b/pkgs/tools/package-management/nixops/optional-virtd.patch new file mode 100644 index 000000000000..3697fdde8f26 --- /dev/null +++ b/pkgs/tools/package-management/nixops/optional-virtd.patch @@ -0,0 +1,24 @@ +diff --git a/nixops/backends/libvirtd.py b/nixops/backends/libvirtd.py +index bc5f4af7..edd1348b 100644 +--- a/nixops/backends/libvirtd.py ++++ b/nixops/backends/libvirtd.py +@@ -8,12 +8,18 @@ import shutil + import string + import subprocess + import time +-import libvirt + + from nixops.backends import MachineDefinition, MachineState + import nixops.known_hosts + import nixops.util + ++try: ++ import libvirt ++except: ++ class libvirt(object): ++ def __getattribute__(self, name): ++ raise ValueError("The libvirt backend has been disabled because of security issues.") ++ + # to prevent libvirt errors from appearing on screen, see + # https://www.redhat.com/archives/libvirt-users/2017-August/msg00011.html +