Add 'pkgs/anastasis/' from commit 'bce0fa145c30e534385392e65453426faa…

…297c96'

git-subtree-dir: pkgs/anastasis
git-subtree-mainline: 2b2917b
git-subtree-split: bce0fa1

pkgs/anastasis/README.md

@@ -0,0 +1,130 @@
+# Anastasis
+
+This flake packages [GNU Anastasis](https://anastasis.lu), a key backup and recovery tool from the GNU project.
+This package includes the backend run by the Anastasis providers as well as libraries for clients and a command-line interface.
+
+The main documentation can be found at [https://docs.taler.net/anastasis.html](https://docs.taler.net/anastasis.html).
+
+## Server/backend
+
+### HTTP server
+
+```
+anastasis-httpd
+Anastasis HTTP interface
+Arguments mandatory for long options are also mandatory for short options.
+  -A, --auth=USERNAME:PASSWORD
+                             use the given USERNAME and PASSWORD for client
+                               authentication
+  -C, --connection-close     force HTTP connections to be closed after each
+                               request
+  -c, --config=FILENAME      use configuration file FILENAME
+  -h, --help                 print this help
+  -K, --apikey=APIKEY        API key to use in the HTTP request to the
+                               merchant backend
+  -k, --key=KEYFILE          file with the private TLS key for TLS client
+                               authentication
+  -L, --log=LOGLEVEL         configure logging to use LOGLEVEL
+  -l, --logfile=FILENAME     configure logging to write logs to FILENAME
+  -p, --pass=KEYFILEPASSPHRASE
+                             passphrase needed to decrypt the TLS client
+                               private key file
+  -t, --type=CERTTYPE        type of the TLS client certificate, defaults to
+                               PEM if not specified
+  -v, --version              print the version number
+Report bugs to [email protected].
+Home page: https://anastasis.lu/
+General help using GNU software: http://www.gnu.org/gethelp/
+```
+
+### DB initialisation
+
+```
+anastasis-dbinit
+Initialize anastasis database
+Arguments mandatory for long options are also mandatory for short options.
+  -c, --config=FILENAME      use configuration file FILENAME
+  -h, --help                 print this help
+  -L, --log=LOGLEVEL         configure logging to use LOGLEVEL
+  -l, --logfile=FILENAME     configure logging to write logs to FILENAME
+  -r, --reset                reset database (DANGEROUS: all existing data is
+                               lost!)
+  -v, --version              print the version number
+Report bugs to [email protected].
+Home page: https://anastasis.lu/
+General help using GNU software: http://www.gnu.org/gethelp/
+```
+
+## Client CLI
+
+Anastasis Reducer API is used by client applications to initialise, store or load the different states the client application can have.
+
+```
+anastasis-reducer
+This is an application for using Anastasis to handle the states.
+
+Arguments mandatory for long options are also mandatory for short options.
+  -a, --arguments=JSON       pass a JSON string containing arguments to
+                               reducer
+  -b, --backup               use reducer to handle states for backup process
+  -c, --config=FILENAME      use configuration file FILENAME
+  -h, --help                 print this help
+  -L, --log=LOGLEVEL         configure logging to use LOGLEVEL
+  -l, --logfile=FILENAME     configure logging to write logs to FILENAME
+  -r, --restore              use reducer to handle states for restore process
+  -v, --version              print the version number
+Report bugs to [email protected].
+Home page: https://anastasis.lu/
+General help using GNU software: http://www.gnu.org/gethelp/
+```
+
+Examples:
+
+Initialise a backup state
+```
+BFILE=$(mktemp /tmp/anastasis-state-XXX)
+anastasis-reducer -b "$BFILE"
+```
+
+Initialise a recovery state
+```
+RFILE=$(mktemp /tmp/anastasis-state-XXX)
+anastasis-reducer -r "$RFILE"
+```
+
+The state files are json formated and can be inspected this way
+```
+jq -r -e .recovery_state < $RFILE
+```
+
+## Gnunet configuration file manager (either client or server)
+
+anastasis-config, a.k.a. gnunet-config
+
+```
+gnunet-config [OPTIONS]
+Manipulate GNUnet configuration files
+Arguments mandatory for long options are also mandatory for short options.
+  -b, --supported-backend=BACKEND
+                             test if the current installation supports the
+                               specified BACKEND
+  -c, --config=FILENAME      use configuration file FILENAME
+  -d, --diagnostics          output extra diagnostics
+  -F, --full                 write the full configuration file, including
+                               default values
+  -f, --filename             interpret option value as a filename (with
+                               $-expansion)
+  -h, --help                 print this help
+  -L, --log=LOGLEVEL         configure logging to use LOGLEVEL
+  -l, --logfile=FILENAME     configure logging to write logs to FILENAME
+  -o, --option=OPTION        name of the option to access
+  -r, --rewrite              rewrite the configuration file, even if nothing
+                               changed
+  -S, --list-sections        print available configuration sections
+  -s, --section=SECTION      name of the section to access
+  -V, --value=VALUE          value to set
+  -v, --version              print the version number
+Report bugs to [email protected].
+Home page: https://anastasis.lu/
+General help using GNU software: http://www.gnu.org/gethelp/
+```

pkgs/anastasis/default.nix

@@ -0,0 +1,69 @@
+{src, stdenv, fetchzip, pkg-config, autoreconfHook, taler-exchange, taler-merchant, libgcrypt, libmicrohttpd, jansson, libsodium, postgresql, curl, recutils, libuuid, lib, gnunet, makeWrapper, which, jq}:
+let
+  gnunet' = (gnunet.override { postgresqlSupport = true; });
+in
+stdenv.mkDerivation rec {
+  pname = "anastasis";
+  version = "0.2.0";
+  src = fetchzip {
+    url = "mirror://gnu/anastasis/${pname}-${version}.tar.gz";
+    sha256 = "sha256-/13AqJUf8dwXhY554ZaXD8EuMPvrr3SoSe05Hc8Q+Io=";
+  };
+  postPatch = ''
+    patchShebangs src/cli
+  '';
+  outputs = [ "out" "configured" ];
+  nativeBuildInputs = [
+    pkg-config # hook that adds pkg-config files of buildInputs
+    autoreconfHook # hook that triggers autoreconf to get the configure script
+    makeWrapper # for wrapProgram
+  ];
+  buildInputs = [
+    taler-exchange
+    taler-merchant
+    libgcrypt
+    libmicrohttpd
+    libsodium
+    postgresql
+    curl
+    jansson
+    recutils
+    libuuid
+  ];
+  configureFlags = [
+    "--with-gnunet=${gnunet'}"
+    "--with-exchange=${taler-exchange}"
+    "--with-merchant=${taler-merchant}"
+  ];
+  postConfigure = ''
+    mkdir -p $configured
+    cp -r ./* $configured/
+    '';
+  postInstall = ''
+    wrapProgram $out/bin/anastasis-config --prefix PATH : ${lib.makeBinPath [
+      # Fix "anastasis-config-wrapped needs gnunet-config to be installed"
+      #   in src/cli/test_anastasis_reducer_backup_enter_user_attributes.sh
+      # (NB: --with-gnunet was not enough)
+      gnunet'
+      # needed by $out/bin/anastasis-config during postInstallCheck
+      which
+    ]}
+    '';
+  doInstallCheck = true;
+  postInstallCheck = ''
+    # The author said `make check` is meant to be executed after installation
+    # FIXME: many tests are skipped
+    make check
+    # Check that anastasis-config can find gnunet at runtime
+    $out/bin/anastasis-config --help > /dev/null
+    '';
+  meta = {
+    description = ''
+      GNU Anastasis is a key backup and recovery tool from the GNU project.
+      This package includes the backend run by the Anastasis providers as
+      well as libraries for clients and a command-line interface.
+    '';
+    license = lib.licenses.agpl3Plus; # from the README
+    homepage = "https://anastasis.lu";
+  };
+}

pkgs/anastasis/flake.nix

@@ -0,0 +1,112 @@
+{
+  description = "GNU Anastasis is a key backup and recovery tool from the GNU project.";
+  inputs.nixpkgs.url = "github:JosephLucas/nixpkgs/anastasis";
+
+  outputs = { self, nixpkgs}:
+    let
+      supportedSystems = [ "x86_64-linux" ];
+      forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system);
+      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlay ]; });
+    in
+    {
+      overlay = final: prev: { anastasis = (final.callPackage ./default.nix {}); };
+      packages = forAllSystems (system: { inherit (nixpkgsFor.${system}) anastasis; });
+      defaultPackage = forAllSystems (system: self.packages.${system}.anastasis);
+      devShell = self.defaultPackage;
+      checks.x86_64-linux.anastasis-build = self.packages.x86_64-linux.anastasis;
+
+      ###
+      # Integration test:
+      #   anstasis + gnunet + postgres + taler-exchange + taler-merchant
+      ###
+      nixosModules = {
+        anastasis-httpd = { pkgs, ... }: {
+          nixpkgs.overlays = [ self.overlay ];
+          systemd.services.anastasis-httpd = {
+            wantedBy = [ "multi-user.target" ];
+            serviceConfig.ExecStart = ''
+              ${pkgs.anastasis}/bin/anastasis-httpd
+              '';
+          };
+          environment.systemPackages = with pkgs; [
+            anastasis
+            postgresql
+            taler-exchange
+            taler-merchant
+
+            # needed by src/cli/test_*
+            jq
+            wget
+
+            # needed by make check
+            gnumake automake autoconf autoconf-archive autoconf-archive
+            pkg-config
+            libgcrypt.dev
+            gcc
+          ];
+        };
+        db = { pkgs, ...}: {
+          services.postgresql = {
+            enable = true;
+            initialScript = pkgs.writeText "initialScript.sql" (''
+              create role root login createdb;
+              ''
+            ) ;
+          };
+        };
+      };
+      checks.x86_64-linux.vmTest = with import (nixpkgs + "/nixos/lib/testing-python.nix") {system = "x86_64-linux";};
+          makeTest {
+            name = "anastasis-httpd";
+            nodes = {
+              client = { ... }: {
+                imports = with self.nixosModules; [ db anastasis-httpd ];
+              };
+            };
+            testScript = let
+              check-anastasis = pkgs.writeScript "check-anastasis" ''
+                # Load test fixture data into the vm $HOME (/root)
+                cd ${self.packages.x86_64-linux.anastasis.configured} && find . -type f -exec install -Dm 755 "{}" "$HOME/{}" \;
+                cd $HOME
+                # Patch some paths
+                sed=${pkgs.gnused}/bin/sed
+                find . -type f -exec $sed -i "s^/build/source^$HOME^g" "{}" \;
+                find . -type f -exec $sed -i "s^/usr/bin/file^${pkgs.file}/bin/file^g" "{}" \;
+                
+                # ./missing is executed at the beginning of `make check` and re-triggers autoreconf
+                #   -> Fix that by making missing a no-op
+                echo ":" > missing
+
+                for i in "" $(seq 1 4); do createdb anastasischeck$i; done
+                
+                # Start checking anastasis
+                # FIXME: recursvely adds paths to dependencies
+                # Provide all the paths toward header files and libraries, as well as pkg-config files
+                # This can be debugged by prefixing with "NIX_DEBUG=1 "
+                # FIXME: the build is triggered !!! making the check *very* long :(
+                #  a solution would be to copy the state of the package after build has finished
+                # FIXME: The log of `make check` is only shown at the end
+                NIX_CFLAGS_COMPILE_BEFORE_x86_64_unknown_linux_gnu="-I${pkgs.libsodium.dev}/include -I${pkgs.jansson}/include -I${pkgs.libgcrypt.dev}/include -I${pkgs.curl.dev}/include -I${pkgs.libgnurl}/include -I${pkgs.libmicrohttpd.dev}/include -I${pkgs.libtool}/include -I${pkgs.zlib.dev}/include" NIX_LDFLAGS_BEFORE_x86_64_unknown_linux_gnu="-L${pkgs.libsodium}/lib -L${pkgs.jansson}/lib -L${pkgs.libgcrypt}/lib -L${pkgs.curl}/lib -L${pkgs.libgnurl}/lib -L${pkgs.libmicrohttpd}/lib -L${pkgs.libtool.lib}/lib -L${pkgs.postgresql.lib}/lib -L${pkgs.libossp_uuid}/lib -L${pkgs.zlib}/lib" PKG_CONFIG_PATH="${pkgs.libmicrohttpd.dev}/lib/pkgconfig:${pkgs.jansson}/lib/pkgconfig" make check
+                '';
+                in
+              ''
+              start_all()
+              client.wait_for_unit("multi-user.target")
+
+              print('Copying the fixture and running `make check`')
+              print('The log of `make check` will be shown at the end')
+              print('Wait some long seconds (some postgres ERROR are expected but should probably be fixed) ...')
+              # FIXME: follow the log
+              client.log(client.execute("cd $HOME && set -x && ${check-anastasis}")[1])
+
+              # The interesting part of the log is after "make check_TESTS"
+              # i.e. lines containing "*test_anstasis_*"
+
+              # FIXME:
+              # src/cli/test_anastasis_reducer_enter_secret.sh
+              # and src/cli/recovery_enter_user_attributes.sh
+              # are skipped due to `line {65,64}: taler-bank-manage: command not found`
+            '';
+        };
+  };
+}

pkgs/anastasis/remove_anastasis-authorization-email.sh.patch

@@ -0,0 +1,25 @@
+diff --git a/src/authorization/Makefile.am b/src/authorization/Makefile.am
+index cfcd89e..180913c 100644
+--- a/src/authorization/Makefile.am
++++ b/src/authorization/Makefile.am
+@@ -3,10 +3,6 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+ cfgdir = $(prefix)/share/anastasis/config.d/
+
+-cfg_DATA = \
+-  authorization-email.conf
+-
+-
+ SUBDIRS = libanastasiseufin .
+
+ pkgcfgdir = $(prefix)/share/anastasis/config.d/
+@@ -32,9 +28,6 @@ endif
+ bin_PROGRAMS = \
+   anastasis-helper-authorization-iban
+
+-bin_SCRIPTS = \
+-  anastasis-authorization-email.sh
+-
+ anastasis_helper_authorization_iban_SOURCES = \
+   anastasis-helper-authorization-iban.c
+ anastasis_helper_authorization_iban_LDADD = \