nixpkgs/pkgs/tools/admin/salt/default.nix

{ lib
, python3
, openssl
  # Many Salt modules require various Python modules to be installed,
  # passing them in this array enables Salt to find them.
, extraInputs ? []
}:

let
  py = python3.override {
    packageOverrides = self: super: {
      # Incompatible with pyzmq 22
      pyzmq = super.pyzmq.overridePythonAttrs (oldAttrs: rec {
        version = "21.0.2";
        src = oldAttrs.src.override {
          inherit version;
          sha256 = "CYwTxhmJE8KgaQI1+nTS5JFhdV9mtmO+rsiWUVVMx5w=";
        };
      });
   };
  };
in
py.pkgs.buildPythonApplication rec {
  pname = "salt";
  version = "3004.1";

  src = py.pkgs.fetchPypi {
    inherit pname version;
    hash = "sha256-fzRKJDJkik8HjapazMaNzf/hCVzqE+wh5QQTVg8Ewpg=";
  };

  propagatedBuildInputs = with py.pkgs; [
    distro
    jinja2
    markupsafe
    msgpack
    psutil
    pycryptodomex
    pyyaml
    pyzmq
    requests
    tornado
  ] ++ extraInputs;

  patches = [ ./fix-libcrypto-loading.patch ];

  postPatch = ''
    substituteInPlace "salt/utils/rsax931.py" \
      --subst-var-by "libcrypto" "${lib.getLib openssl}/lib/libcrypto.so"
    substituteInPlace requirements/base.txt \
      --replace contextvars ""
  '';

  # The tests fail due to socket path length limits at the very least;
  # possibly there are more issues but I didn't leave the test suite running
  # as is it rather long.
  doCheck = false;

  meta = with lib; {
    homepage = "https://saltproject.io/";
    changelog = "https://docs.saltproject.io/en/latest/topics/releases/${version}.html";
    description = "Portable, distributed, remote execution and configuration management system";
    maintainers = with maintainers; [ Flakebi ];
    license = licenses.asl20;
  };
}
salt: 2019.2.0 -> 3000.2 2020-04-19 16:19:26 +03:00			`{ lib`
			`, python3`
			`, openssl`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`# Many Salt modules require various Python modules to be installed,`
			`# passing them in this array enables Salt to find them.`
salt: 2019.2.0 -> 3000.2 2020-04-19 16:19:26 +03:00			`, extraInputs ? []`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`}:`
salt: 3003.3 -> 3004 2021-10-23 12:08:19 +03:00
			`let`
			`py = python3.override {`
			`packageOverrides = self: super: {`
			`# Incompatible with pyzmq 22`
			`pyzmq = super.pyzmq.overridePythonAttrs (oldAttrs: rec {`
			`version = "21.0.2";`
			`src = oldAttrs.src.override {`
			`inherit version;`
			`sha256 = "CYwTxhmJE8KgaQI1+nTS5JFhdV9mtmO+rsiWUVVMx5w=";`
			`};`
			`});`
			`};`
			`};`
			`in`
			`py.pkgs.buildPythonApplication rec {`
salt: 2016.11.4 -> 2016.11.5 2017-05-19 10:33:32 +03:00			`pname = "salt";`
salt: 3004 -> 3004.1 2022-03-28 23:03:28 +03:00			`version = "3004.1";`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00
salt: 3003.3 -> 3004 2021-10-23 12:08:19 +03:00			`src = py.pkgs.fetchPypi {`
salt: 2016.11.4 -> 2016.11.5 2017-05-19 10:33:32 +03:00			`inherit pname version;`
salt: 3004 -> 3004.1 2022-03-28 23:03:28 +03:00			`hash = "sha256-fzRKJDJkik8HjapazMaNzf/hCVzqE+wh5QQTVg8Ewpg=";`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`};`

salt: 3003.3 -> 3004 2021-10-23 12:08:19 +03:00			`propagatedBuildInputs = with py.pkgs; [`
salt: 3000.3 -> 3001 2020-06-18 22:38:54 +03:00			`distro`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`jinja2`
			`markupsafe`
salt: 2018.3.0 -> 2018.3.2 2018-07-08 17:34:10 +03:00			`msgpack`
salt: 3003.3 -> 3004 2021-10-23 12:08:19 +03:00			`psutil`
salt: 3000.3 -> 3001 2020-06-18 22:38:54 +03:00			`pycryptodomex`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`pyyaml`
			`pyzmq`
			`requests`
salt: use latest tornado 2020-08-29 15:04:05 +03:00			`tornado`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`] ++ extraInputs;`

			`patches = [ ./fix-libcrypto-loading.patch ];`

			`postPatch = ''`
			`substituteInPlace "salt/utils/rsax931.py" \`
treewide: use lib.getLib for OpenSSL libraries At some point, I'd like to make another attempt at 71f1f4884b5 ("openssl: stop static binaries referencing libs"), which was reverted in 195c7da07df. One problem with my previous attempt is that I moved OpenSSL's libraries to a lib output, but many dependent packages were hardcoding the out output as the location of the libraries. This patch fixes every such case I could find in the tree. It won't have any effect immediately, but will mean these packages will automatically use an OpenSSL lib output if it is reintroduced in future. This patch should cause very few rebuilds, because it shouldn't make any change at all to most packages I'm touching. The few rebuilds that are introduced come from when I've changed a package builder not to use variable names like openssl.out in scripts / substitution patterns, which would be confusing since they don't hardcode the output any more. I started by making the following global replacements: ${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib ${openssl.out}/lib -> ${lib.getLib openssl}/lib Then I removed the ".out" suffix when part of the argument to lib.makeLibraryPath, since that function uses lib.getLib internally. Then I fixed up cases where openssl was part of the -L flag to the compiler/linker, since that unambigously is referring to libraries. Then I manually investigated and fixed the following packages: - pycurl - citrix-workspace - ppp - wraith - unbound - gambit - acl2 I'm reasonably confindent in my fixes for all of them. For acl2, since the openssl library paths are manually provided above anyway, I don't think openssl is required separately as a build input at all. Removing it doesn't make a difference to the output size, the file list, or the closure. I've tested evaluation with the OfBorg meta checks, to protect against introducing evaluation failures. 2022-03-25 18:33:21 +03:00			`--subst-var-by "libcrypto" "${lib.getLib openssl}/lib/libcrypto.so"`
salt: 3003 -> 3003.1 Need to patch out the contextvars dependency (which is included in python 3.7+). The same patch is discussed in arch: https://bugs.archlinux.org/task/71344 2021-06-25 00:54:59 +03:00			`substituteInPlace requirements/base.txt \`
			`--replace contextvars ""`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`'';`

			`# The tests fail due to socket path length limits at the very least;`
			`# possibly there are more issues but I didn't leave the test suite running`
			`# as is it rather long.`
			`doCheck = false;`

salt: 2019.2.0 -> 3000.2 2020-04-19 16:19:26 +03:00			`meta = with lib; {`
salt: update meta (#116557) Salt rebranded itself from https://saltstack.com to https://saltproject.io - reflect the changes in the URLs 2021-03-17 22:38:16 +03:00			`homepage = "https://saltproject.io/";`
			`changelog = "https://docs.saltproject.io/en/latest/topics/releases/${version}.html";`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`description = "Portable, distributed, remote execution and configuration management system";`
salt: remove aneeshusa and add Flakebi as maintainer 2020-10-23 19:28:35 +03:00			`maintainers = with maintainers; [ Flakebi ];`
salt: init at 2015.8.8 Also init salttesting at 2015.7.10 as a build dependency. 2016-04-03 02:37:38 +03:00			`license = licenses.asl20;`
			`};`
			`}`