update nixpkgs

btcpayserver: 1.11.2 -> 1.11.4
clightning: 23.05.2 -> 23.08.1
hwi: 2.2.1 -> 2.3.1

Remove custom coincurve, since nixos-23.05 includes the latest version
of coincurve (18) that's required by pyln-proto.

Co-authored-by: Erik Arvstedt <erik.arvstedt@gmail.com>

flake.lock

@@ -28,11 +28,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1689068808,
-        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1692207601,
-        "narHash": "sha256-tfPGNKQcJT1cvT6ufqO/7ydYNL6mcJClvzbrzhKjB80=",
+        "lastModified": 1694753796,
+        "narHash": "sha256-QPE7dqcicQH/nq9aywVXJWWtci4FvxHaM+BSIEbGBvA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b30c68669df77d981ce4aefd6b9d378563f6fc4e",
+        "rev": "360a7d31c30abefdc490d203f80e3221b7a24af2",
         "type": "github"
       },
       "original": {
@@ -59,11 +59,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1692279307,
-        "narHash": "sha256-7BMWvpLpGs3zvAm0c1HVYVoVIe0m0Cfp2GPpqxDte3U=",
+        "lastModified": 1694760568,
+        "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "02bba6c619c91e8c8eef9ba1129d0eff31741445",
+        "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e",
         "type": "github"
       },
       "original": {

pkgs/pinned.nix

@@ -7,12 +7,12 @@ pkgs: pkgsUnstable:
     elementsd
     extra-container
     fulcrum
-    hwi
     lndconnect;
 
   inherit (pkgsUnstable)
     btcpayserver
     clightning
+    hwi
     lightning-loop
     lightning-pool
     nbxplorer;

pkgs/python-packages/coincurve/default.nix

@@ -1,23 +0,0 @@
-{ lib, stdenv, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config,
-autoconf, automake, libtool, libffi, requests }:
-
-buildPythonPackage rec {
-  pname = "coincurve";
-  version = "17.0.0";
-
-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-aNpVr/iYcClS/aPuBP1u1gu2uR+RnGknB4btdmtUi5M";
-  };
-
-  doCheck = false;
-  nativeBuildInputs = [ autoconf automake libtool pkg-config ];
-  propagatedBuildInputs = [ asn1crypto cffi libffi requests ];
-
-  meta = with lib; {
-    description = "Cross-platform Python CFFI bindings for libsecp256k1";
-    homepage = "https://github.com/ofek/coincurve";
-    maintainers = with maintainers; [ nixbitcoin ];
-    license = licenses.asl20;
-  };
-}

pkgs/python-packages/default.nix

@@ -16,7 +16,6 @@ rec {
     clightningPkg = pkg: callPackage pkg { inherit (nbPkgs.pinned) clightning; };
   in
     {
-      coincurve = callPackage ./coincurve {};
       txzmq = callPackage ./txzmq {};
 
       pyln-client = clightningPkg ./pyln-client;
@@ -24,6 +23,26 @@ rec {
       pyln-bolt7 = clightningPkg ./pyln-bolt7;
       pylightning = clightningPkg ./pylightning;
 
+      # cryptography 41, required by pyln-proto
+      cryptography = callPackage ./specific-versions/cryptography_41 {
+        Security = super.darwin.apple_sdk.frameworks.Security;
+      };
+
+      # The versions of these packages that ship with nixos-23.05 are incompatible
+      # with cryptography 41
+      pyopenssl = callPackage ./specific-versions/pyopenssl_23_2 {};
+      service-identity = callPackage ./specific-versions/service-identity_23_1 {};
+
+      # The twisted package in nixos-23.05 runs a test that fails with
+      # service-identity 23.1. This package is backported from nixos-unstable
+      # and disables the test. (see
+      # https://github.com/twisted/twisted/issues/11877,
+      # https://github.com/NixOS/nixpkgs/commit/1ee622b10fcafcf2343960e3ffae0169afc59804)
+      twisted = callPackage ./specific-versions/twisted_22_10 {};
+
+      # Used by cryptography 41, backported from nixpkgs-unstable
+      setuptoolsRustBuildHook = callPackage ./setuptools-rust-hook {};
+
       # bitstring 3.1.9, required by pyln-proto
       bitstring = callPackage ./specific-versions/bitstring.nix {};
 

pkgs/python-packages/jmbase/default.nix

@@ -8,6 +8,7 @@ buildPythonPackage rec {
 
   patchPhase = ''
     sed -i 's|twisted==22.4.0|twisted==22.10.0|' setup.py
+    sed -i 's|service-identity==21.1.0|service-identity==23.1.0|' setup.py
   '';
 
   propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon ];

pkgs/python-packages/pyln-proto/default.nix

@@ -6,6 +6,7 @@
 , cryptography
 , coincurve
 , base58
+, pysocks
 }:
 
 buildPythonPackage rec {
@@ -22,13 +23,10 @@ buildPythonPackage rec {
     cryptography
     coincurve
     base58
+    pysocks
   ];
 
   checkInputs = [ pytestCheckHook ];
 
   postUnpack = "sourceRoot=$sourceRoot/contrib/pyln-proto";
-
-  postPatch = ''
-    sed -i 's|cryptography = "^36.0.1"|cryptography = "^40.0"|' pyproject.toml
-  '';
 }

pkgs/python-packages/setuptools-rust-hook/default.nix

@@ -0,0 +1,13 @@
+{ lib, stdenv, python, makePythonHook, setuptools-rust, rust }:
+makePythonHook {
+  name = "setuptools-rust-setup-hook";
+  propagatedBuildInputs = [ setuptools-rust ];
+  substitutions = {
+    pyLibDir = "${python}/lib/${python.libPrefix}";
+    cargoBuildTarget = rust.toRustTargetSpec stdenv.hostPlatform;
+    cargoLinkerVar = lib.toUpper (
+      builtins.replaceStrings ["-"] ["_"] (
+        rust.toRustTarget stdenv.hostPlatform));
+    targetLinker = "${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc";
+  };
+} ./setuptools-rust-hook.sh

pkgs/python-packages/setuptools-rust-hook/setuptools-rust-hook.sh

@@ -0,0 +1,18 @@
+echo "Sourcing setuptools-rust-hook"
+
+setuptoolsRustSetup() {
+    # This can work only if rustPlatform.cargoSetupHook is also included
+    if ! command -v cargoSetupPostPatchHook >/dev/null; then
+        echo "ERROR: setuptools-rust has to be used alongside with rustPlatform.cargoSetupHook!"
+        exit 1
+    fi
+
+    export PYO3_CROSS_LIB_DIR="@pyLibDir@"
+    export CARGO_BUILD_TARGET=@cargoBuildTarget@
+    # TODO theoretically setting linker should not be required because it is
+    # already set in pkgs/build-support/rust/hooks/default.nix but build fails
+    # on missing linker without this.
+    export CARGO_TARGET_@cargoLinkerVar@_LINKER=@targetLinker@
+}
+
+preConfigureHooks+=(setuptoolsRustSetup)

pkgs/python-packages/specific-versions/cryptography_41/default.nix

@@ -0,0 +1,116 @@
+{ lib
+, stdenv
+, buildPythonPackage
+, callPackage
+, cargo
+, cffi
+, fetchPypi
+, hypothesis
+, iso8601
+, isPyPy
+, libiconv
+, libxcrypt
+, openssl
+, pkg-config
+, pretend
+, py
+, pytest-subtests
+, pytestCheckHook
+, pythonOlder
+, pytz
+, rustc
+, rustPlatform
+, Security
+, setuptoolsRustBuildHook
+}:
+
+let
+  cryptography-vectors = callPackage ./vectors.nix { };
+in
+buildPythonPackage rec {
+  pname = "cryptography";
+  version = "41.0.3"; # Also update the hash in vectors.nix
+  format = "pyproject";
+  disabled = pythonOlder "3.7";
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-bRknQRE+9eMNidy1uVbvThV48wRwhwG4tz044+FGHzQ=";
+  };
+
+  cargoDeps = rustPlatform.fetchCargoTarball {
+    inherit src;
+    sourceRoot = "${pname}-${version}/${cargoRoot}";
+    name = "${pname}-${version}";
+    hash = "sha256-LQu7waympGUs+CZun2yDQd2gUUAgyisKBG5mddrfSo0=";
+  };
+
+  postPatch = ''
+    substituteInPlace pyproject.toml \
+      --replace "--benchmark-disable" ""
+  '';
+
+  cargoRoot = "src/rust";
+
+  nativeBuildInputs = [
+    rustPlatform.cargoSetupHook
+    setuptoolsRustBuildHook
+    cargo
+    rustc
+    pkg-config
+  ] ++ lib.optionals (!isPyPy) [
+    cffi
+  ];
+
+  buildInputs = [
+    openssl
+  ] ++ lib.optionals stdenv.isDarwin [
+    Security
+    libiconv
+  ] ++ lib.optionals (pythonOlder "3.9") [
+    libxcrypt
+  ];
+
+  propagatedBuildInputs = lib.optionals (!isPyPy) [
+    cffi
+  ];
+
+  nativeCheckInputs = [
+    cryptography-vectors
+    # Work around `error: infinite recursion encountered`
+    (hypothesis.override { enableDocumentation = false; })
+    iso8601
+    pretend
+    py
+    pytestCheckHook
+    pytest-subtests
+    pytz
+  ];
+
+  pytestFlagsArray = [
+    "--disable-pytest-warnings"
+  ];
+
+  disabledTestPaths = [
+    # save compute time by not running benchmarks
+    "tests/bench"
+  ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
+    # aarch64-darwin forbids W+X memory, but this tests depends on it:
+    # * https://cffi.readthedocs.io/en/latest/using.html#callbacks
+    "tests/hazmat/backends/test_openssl_memleak.py"
+  ];
+
+  meta = with lib; {
+    description = "A package which provides cryptographic recipes and primitives";
+    longDescription = ''
+      Cryptography includes both high level recipes and low level interfaces to
+      common cryptographic algorithms such as symmetric ciphers, message
+      digests, and key derivation functions.
+    '';
+    homepage = "https://github.com/pyca/cryptography";
+    changelog = "https://cryptography.io/en/latest/changelog/#v"
+      + replaceStrings [ "." ] [ "-" ] version;
+    license = with licenses; [ asl20 bsd3 psfl ];
+    maintainers = with maintainers; [ SuperSandro2000 ];
+  };
+}

pkgs/python-packages/specific-versions/cryptography_41/vectors.nix

@@ -0,0 +1,38 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, cryptography
+, setuptools
+}:
+
+buildPythonPackage rec {
+  pname = "cryptography-vectors";
+  # The test vectors must have the same version as the cryptography package
+  inherit (cryptography) version;
+  format = "pyproject";
+
+  src = fetchPypi {
+    pname = "cryptography_vectors";
+    inherit version;
+    hash = "sha256-gN4EUsSzT1b1UY6B69dba5BfVyiq7VIdQuQfTryKQ/s=";
+  };
+
+  nativeBuildInputs = [
+    setuptools
+  ];
+
+  # No tests included
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "cryptography_vectors"
+  ];
+
+  meta = with lib; {
+    description = "Test vectors for the cryptography package";
+    homepage = "https://cryptography.io/en/latest/development/test-vectors/";
+    downloadPage = "https://github.com/pyca/cryptography/tree/master/vectors";
+    license = with licenses; [ asl20 bsd3 ];
+    maintainers = with maintainers; [ SuperSandro2000 ];
+  };
+}

pkgs/python-packages/specific-versions/pyopenssl_23_2/default.nix

@@ -0,0 +1,100 @@
+{ lib
+, stdenv
+, buildPythonPackage
+, fetchPypi
+, openssl
+, cryptography
+, pytestCheckHook
+, pretend
+, sphinxHook
+, sphinx-rtd-theme
+, flaky
+}:
+
+buildPythonPackage rec {
+  pname = "pyopenssl";
+  version = "23.2.0";
+  format = "setuptools";
+
+  src = fetchPypi {
+    pname = "pyOpenSSL";
+    inherit version;
+    hash = "sha256-J2+TH1WkUufeppxxc+mE6ypEB85BPJGKo0tV+C+bi6w=";
+  };
+
+  outputs = [
+    "out"
+    "dev"
+    "doc"
+  ];
+
+  nativeBuildInputs = [
+    openssl
+    sphinxHook
+    sphinx-rtd-theme
+  ];
+
+  postPatch = ''
+    # remove cryptography pin
+    sed "/cryptography/ s/,<[0-9]*//g" setup.py
+  '';
+
+  propagatedBuildInputs = [
+    cryptography
+  ];
+
+  nativeCheckInputs = [
+    flaky
+    pretend
+    pytestCheckHook
+  ];
+
+  __darwinAllowLocalNetworking = true;
+
+  preCheck = ''
+    export LANG="en_US.UTF-8"
+  '';
+
+  disabledTests = [
+    # https://github.com/pyca/pyopenssl/issues/692
+    # These tests, we disable always.
+    "test_set_default_verify_paths"
+    "test_fallback_default_verify_paths"
+    # https://github.com/pyca/pyopenssl/issues/768
+    "test_wantWriteError"
+    # https://github.com/pyca/pyopenssl/issues/1043
+    "test_alpn_call_failure"
+  ] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [
+    # https://github.com/pyca/pyopenssl/issues/791
+    # These tests, we disable in the case that libressl is passed in as openssl.
+    "test_op_no_compression"
+    "test_npn_advertise_error"
+    "test_npn_select_error"
+    "test_npn_client_fail"
+    "test_npn_success"
+    "test_use_certificate_chain_file_unicode"
+    "test_use_certificate_chain_file_bytes"
+    "test_add_extra_chain_cert"
+    "test_set_session_id_fail"
+    "test_verify_with_revoked"
+    "test_set_notAfter"
+    "test_set_notBefore"
+  ] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [
+    # these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation.
+    "test_dump_certificate"
+    "test_dump_privatekey_text"
+    "test_dump_certificate_request"
+    "test_export_text"
+  ] ++ lib.optionals stdenv.is32bit [
+    # https://github.com/pyca/pyopenssl/issues/974
+    "test_verify_with_time"
+  ];
+
+  meta = with lib; {
+    description = "Python wrapper around the OpenSSL library";
+    homepage = "https://github.com/pyca/pyopenssl";
+    changelog = "https://github.com/pyca/pyopenssl/blob/${version}/CHANGELOG.rst";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ ];
+  };
+}

pkgs/python-packages/specific-versions/service-identity_23_1/default.nix

@@ -0,0 +1,59 @@
+{ lib
+, attrs
+, buildPythonPackage
+, cryptography
+, fetchFromGitHub
+, hatch-fancy-pypi-readme
+, hatch-vcs
+, hatchling
+, idna
+, pyasn1
+, pyasn1-modules
+, pytestCheckHook
+, pythonOlder
+}:
+
+buildPythonPackage rec {
+  pname = "service-identity";
+  version = "23.1.0";
+  format = "pyproject";
+
+  disabled = pythonOlder "3.8";
+
+  src = fetchFromGitHub {
+    owner = "pyca";
+    repo = pname;
+    rev = "refs/tags/${version}";
+    hash = "sha256-PGDtsDgRwh7GuuM4OuExiy8L4i3Foo+OD0wMrndPkvo=";
+  };
+
+  nativeBuildInputs = [
+    hatch-fancy-pypi-readme
+    hatch-vcs
+    hatchling
+  ];
+
+  propagatedBuildInputs = [
+    attrs
+    cryptography
+    idna
+    pyasn1
+    pyasn1-modules
+  ];
+
+  nativeCheckInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "service_identity"
+  ];
+
+  meta = with lib; {
+    description = "Service identity verification for pyOpenSSL";
+    homepage = "https://service-identity.readthedocs.io";
+    changelog = "https://github.com/pyca/service-identity/releases/tag/${version}";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/python-packages/specific-versions/twisted_22_10/default.nix

@@ -0,0 +1,208 @@
+{ lib
+, stdenv
+, buildPythonPackage
+, pythonAtLeast
+, pythonOlder
+, fetchPypi
+, fetchpatch
+, python
+, appdirs
+, attrs
+, automat
+, bcrypt
+, constantly
+, cryptography
+, git
+, glibcLocales
+, h2
+, hyperlink
+, hypothesis
+, idna
+, incremental
+, priority
+, pyasn1
+, pyhamcrest
+, pynacl
+, pyopenssl
+, pyserial
+, service-identity
+, setuptools
+, typing-extensions
+, zope_interface
+
+  # for passthru.tests
+, cassandra-driver
+, klein
+, magic-wormhole
+, scrapy
+, treq
+, txaio
+, txamqp
+, txrequests
+, txtorcon
+, thrift
+, nixosTests
+}:
+
+buildPythonPackage rec {
+  pname = "twisted";
+  version = "22.10.0";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.6";
+
+  src = fetchPypi {
+    pname = "Twisted";
+    inherit version;
+    extension = "tar.gz";
+    hash = "sha256-Mqy9QKlPX0bntCwQm/riswIlCUVWF4Oot6BZBI8tTTE=";
+  };
+
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/twisted/twisted/pull/11787.diff";
+      hash = "sha256-bQgUmbvDa61Vg8p/o/ivfkOAHyj1lTgHkrRVEGLM9aU=";
+    })
+    (fetchpatch {
+      # Conditionally skip tests that require METHOD_CRYPT
+      # https://github.com/twisted/twisted/pull/11827
+      url = "https://github.com/mweinelt/twisted/commit/e69e652de671aac0abf5c7e6c662fc5172758c5a.patch";
+      hash = "sha256-LmvKUTViZoY/TPBmSlx4S9FbJNZfB5cxzn/YcciDmoI=";
+    })
+    # remove half broken pyasn1 integration that blow up with pyasn 0.5.0
+    # https://github.com/twisted/twisted/pull/11843
+    (fetchpatch {
+      url = "https://github.com/twisted/twisted/commit/bdee0eb835a76b2982beaf10c85269ff25ea09fa.patch";
+      excludes = [ "pyproject.toml" "tox.ini" ];
+      hash = "sha256-oGAHmZMpMWfK+2zEDjHD115sW7exCYqfORVOLw+Wa6M=";
+    })
+  ] ++ lib.optionals (pythonAtLeast "3.11") [
+    (fetchpatch {
+      url = "https://github.com/twisted/twisted/pull/11734.diff";
+      excludes = [ ".github/workflows/*" ];
+      hash = "sha256-Td08pDxHwl7fPLCA6rUySuXpy8YmZfvXPHGsBpdcmSo=";
+    })
+    (fetchpatch {
+      url = "https://github.com/twisted/twisted/commit/00bf5be704bee022ba4d9b24eb6c2c768b4a1921.patch";
+      hash = "sha256-fnBzczm3OlhbjRcePIQ7dSX6uldlCZ9DJTS+UFO2nAQ=";
+    })
+  ];
+
+  __darwinAllowLocalNetworking = true;
+
+  propagatedBuildInputs = [
+    attrs
+    automat
+    constantly
+    hyperlink
+    incremental
+    setuptools
+    typing-extensions
+    zope_interface
+  ];
+
+  postPatch = ''
+    substituteInPlace pyproject.toml \
+      --replace '"pyasn1 >= 0.4",' ""
+
+    echo 'ListingTests.test_localeIndependent.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
+    echo 'ListingTests.test_newFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
+    echo 'ListingTests.test_newSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
+    echo 'ListingTests.test_oldFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
+    echo 'ListingTests.test_oldSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
+
+    echo 'WrapClientTLSParserTests.test_tls.skip = "pyopenssl update"' >> src/twisted/internet/test/test_endpoints.py
+    echo 'UNIXTestsBuilder_AsyncioSelectorReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
+    echo 'UNIXTestsBuilder_SelectReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
+
+    echo 'FileObserverTests.test_getTimezoneOffsetEastOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py
+    echo 'FileObserverTests.test_getTimezoneOffsetWestOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py
+    echo 'FileObserverTests.test_getTimezoneOffsetWithoutDaylightSavingTime.skip = "tuple differs, values not"'>> src/twisted/test/test_log.py
+
+    echo 'MulticastTests.test_joinLeave.skip = "No such device"'>> src/twisted/test/test_udp.py
+    echo 'MulticastTests.test_loopback.skip = "No such device"'>> src/twisted/test/test_udp.py
+    echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py
+    echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py
+
+    # fails since migrating to libxcrypt
+    echo 'HelperTests.test_refuteCryptedPassword.skip = "OSError: Invalid argument"' >> src/twisted/conch/test/test_checkers.py
+
+    # not packaged
+    substituteInPlace src/twisted/test/test_failure.py \
+      --replace "from cython_test_exception_raiser import raiser  # type: ignore[import]" "raiser = None"
+  '' + lib.optionalString stdenv.isLinux ''
+    echo 'PTYProcessTestsBuilder_EPollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
+    echo 'PTYProcessTestsBuilder_PollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
+    echo 'UNIXTestsBuilder_EPollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
+    echo 'UNIXTestsBuilder_PollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
+
+    # Patch t.p._inotify to point to libc. Without this,
+    # twisted.python.runtime.platform.supportsINotify() == False
+    substituteInPlace src/twisted/python/_inotify.py --replace \
+      "ctypes.util.find_library(\"c\")" "'${stdenv.cc.libc}/lib/libc.so.6'"
+  '' + lib.optionalString (stdenv.isAarch64 && stdenv.isDarwin) ''
+    echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_fullWriteBufferAfterByteExchange.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py
+    echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbort.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py
+
+    echo 'PosixReactorBaseTests.test_removeAllSkipsInternalReaders.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py
+    echo 'PosixReactorBaseTests.test_wakerIsInternalReader.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py
+
+    echo 'TCPPortTests.test_connectionLostFailed.skip = "Fails due to unclosed event loop"' >> src/twisted/internet/test/test_posixbase.py
+  '';
+
+  # Generate Twisted's plug-in cache. Twisted users must do it as well. See
+  # http://twistedmatrix.com/documents/current/core/howto/plugin.html#auto3
+  # and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477103 for details.
+  postFixup = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
+    $out/bin/twistd --help > /dev/null
+  '';
+
+  nativeCheckInputs = [
+    git
+    glibcLocales
+    hypothesis
+    pyhamcrest
+  ]
+  ++ passthru.optional-dependencies.conch
+  # not supported on aarch64-darwin: https://github.com/pyca/pyopenssl/issues/873
+  ++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) passthru.optional-dependencies.tls;
+
+  checkPhase = ''
+    export SOURCE_DATE_EPOCH=315532800
+    export PATH=$out/bin:$PATH
+    # race conditions when running in paralell
+    ${python.interpreter} -m twisted.trial twisted
+  '';
+
+  passthru = {
+    optional-dependencies = rec {
+      conch = [ appdirs bcrypt cryptography pyasn1 ];
+      conch_nacl = conch ++ [ pynacl ];
+      http2 = [ h2 priority ];
+      serial = [ pyserial ];
+      tls = [ idna pyopenssl service-identity ];
+    };
+
+    tests = {
+      inherit
+        cassandra-driver
+        klein
+        magic-wormhole
+        scrapy
+        treq
+        txaio
+        txamqp
+        txrequests
+        txtorcon
+        thrift;
+      inherit (nixosTests) buildbot matrix-synapse;
+    };
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/twisted/twisted";
+    description = "Asynchronous networking framework written in Python";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ];
+  };
+}

test/clightning-replication.nix

@@ -117,7 +117,7 @@ makeTestVM {
 
       with subtest("local replication"):
           client.wait_for_unit("clightning.service")
-          client.succeed("runuser -u clightning -- ls /var/backup/clightning/lightningd.sqlite3")
+          client.wait_until_succeeds("runuser -u clightning -- ls /var/backup/clightning/lightningd.sqlite3")
           # No other user should be able to read the backup directory
           client.fail("runuser -u bitcoin -- ls /var/backup/clightning")
 
@@ -126,7 +126,7 @@ makeTestVM {
       switch_to_system("replicationLocalEncrypted")
       with subtest("local replication encrypted"):
           replica_db = "/var/cache/clightning-replication/plaintext/lightningd.sqlite3"
-          client.succeed(f"runuser -u clightning -- ls {replica_db}")
+          client.wait_until_succeeds(f"runuser -u clightning -- ls {replica_db}")
           # No other user should be able to read the unencrypted files
           client.fail(f"runuser -u bitcoin -- ls {replica_db}")
           # A gocryptfs has been created
@@ -136,7 +136,7 @@ makeTestVM {
       server.wait_for_unit("sshd.service")
       with subtest("remote replication"):
           replica_db = "/var/cache/clightning-replication/sshfs/lightningd.sqlite3"
-          client.succeed(f"runuser -u clightning -- ls {replica_db}")
+          client.wait_until_succeeds(f"runuser -u clightning -- ls {replica_db}")
           # No other user should be able to read the unencrypted files
           client.fail(f"runuser -u bitcoin -- ls {replica_db}")
           # A clighting db exists on the server
@@ -145,7 +145,7 @@ makeTestVM {
       switch_to_system("replicationRemoteEncrypted")
       with subtest("remote replication encrypted"):
           replica_db = "/var/cache/clightning-replication/plaintext/lightningd.sqlite3"
-          client.succeed(f"runuser -u clightning -- ls {replica_db}")
+          client.wait_until_succeeds(f"runuser -u clightning -- ls {replica_db}")
           # No other user should be able to read the unencrypted files
           client.fail(f"runuser -u bitcoin -- ls {replica_db}")
           # A gocryptfs has been created on the server

test/nixos-search/flake.lock

@@ -39,11 +39,11 @@
         "npmlock2nix": "npmlock2nix"
       },
       "locked": {
-        "lastModified": 1688414580,
-        "narHash": "sha256-U7ngzJ0ErKTxrjG5Okym9PLxnmjoeDIZZe0dfhv8ER4=",
+        "lastModified": 1693902773,
+        "narHash": "sha256-JFsiBAixnnkkPBl1RvnSvRKUiOZxwF6lXnm70LUIW4w=",
         "owner": "nixos",
         "repo": "nixos-search",
-        "rev": "1128c8fb69d4a8557baeee13053e7792339554f9",
+        "rev": "00f61f52aefe60b18059ec13201d9c94bdc04045",
         "type": "github"
       },
       "original": {