nixops (stable): drop

{ lib, python2, poetry2nix, docbook_xsl_ns, openssh, cacert, nixopsAzurePackages ? []

, fetchurl, fetchpatch

}:

let

  inherit (poetry2nix.mkPoetryPackages {

    projectDir = ./python-env;

    python = python2;

    overrides = [

      poetry2nix.defaultPoetryOverrides

      (self: super: {

        certifi = super.certifi.overridePythonAttrs (old: {

          meta = old.meta // {

            knownVulnerabilities = [ "CVE-2022-23491" ];

          };

        });

        pyjwt = super.pyjwt.overridePythonAttrs (old: {

          meta = old.meta // {

            knownVulnerabilities = lib.optionals (lib.versionOlder old.version "2.4.0") [

              "CVE-2022-29217"

            ];

          };

        });

      })

    ];

  }) python;

  pythonPackages = python.pkgs;

in pythonPackages.buildPythonApplication rec {

  pname = "nixops";

  version = "1.7";

  src = fetchurl {

    url = "https://nixos.org/releases/nixops/nixops-${version}/nixops-${version}.tar.bz2";

    sha256 = "091c0b5bca57d4aa20be20e826ec161efe3aec9c788fbbcf3806a734a517f0f3";

  };

  patches = [

    (fetchpatch {

      url = "https://github.com/NixOS/nixops/commit/fb6d4665e8efd858a215bbaaf079ec3f5ebc49b8.patch";

      sha256 = "1hbhykl811zsqlaj3y5m9d8lfsal6ps6n5p16ah6lqy2s18ap9d0";

    })

    ./optional-virtd.patch

  ];

  buildInputs = [ pythonPackages.libxslt ];

  pythonPath = (with pythonPackages;

    [ prettytable

      boto

      boto3

      hetzner

      apache-libcloud

      adal

      # Go back to sqlite once Python 2.7.13 is released

      pysqlite

      datadog

      python-digitalocean

      ]

      ++ lib.optional (!libvirt.passthru.libvirt.meta.insecure or true) libvirt

      ++ nixopsAzurePackages);

  checkPhase =

  # Ensure, that there are no (python) import errors

  ''

    SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \

    HOME=$(pwd) \

      $out/bin/nixops --version

  '';

  postInstall = ''

    make -C doc/manual install nixops.1 docbookxsl=${docbook_xsl_ns}/xml/xsl/docbook \

      docdir=$out/share/doc/nixops mandir=$out/share/man

    mkdir -p $out/share/nix/nixops

    cp -av "nix/"* $out/share/nix/nixops

    # Add openssh to nixops' PATH. On some platforms, e.g. CentOS and RHEL

    # the version of openssh is causing errors when have big networks (40+)

    wrapProgram $out/bin/nixops --prefix PATH : "${openssh}/bin"

  '';

  meta = {

    homepage = "https://github.com/NixOS/nixops";

    description = "NixOS cloud provisioning and deployment tool";

    maintainers = with lib.maintainers; [ aminechikhaoui eelco rob ];

    platforms = lib.platforms.unix;

    license = lib.licenses.lgpl3;

  };

}

diff --git a/nixops/backends/libvirtd.py b/nixops/backends/libvirtd.py

index bc5f4af7..edd1348b 100644

--- a/nixops/backends/libvirtd.py

+++ b/nixops/backends/libvirtd.py

@@ -8,12 +8,18 @@ import shutil

 import string

 import subprocess

 import time

-import libvirt

 from nixops.backends import MachineDefinition, MachineState

 import nixops.known_hosts

 import nixops.util

+try:

+    import libvirt

+except:

+    class libvirt(object):

+        def __getattribute__(self, name):

+            raise ValueError("The libvirt backend has been disabled because of security issues.")

+

 # to prevent libvirt errors from appearing on screen, see

 # https://www.redhat.com/archives/libvirt-users/2017-August/msg00011.html

[tool.poetry]

name = "nixops-python-env"

version = "0.1.0"

description = ""

authors = ["Your Name <you@example.com>"]

license = "MIT"

[tool.poetry.dependencies]

python = "^2.7"

prettytable = "^1.0.1"

boto = "^2.49.0"

boto3 = "^1.17.97"

hetzner = "^0.8.3"

apache-libcloud = "^2.8.3"

adal = "^1.2.7"

pysqlite = "^2.8.3"

datadog = "^0.42.0"

python-digitalocean = "^1.17.0"

[tool.poetry.dev-dependencies]

[build-system]

requires = ["poetry-core>=1.0.0"]

build-backend = "poetry.core.masonry.api"

let

  pkgs = import ../../../../../. { };

in pkgs.mkShell {

  packages = [

    pkgs.python2

    pkgs.poetry

  ];

}