diff --git a/pkgs/anastasis/README.md b/pkgs/anastasis/README.md new file mode 100644 index 00000000..9f374667 --- /dev/null +++ b/pkgs/anastasis/README.md @@ -0,0 +1,130 @@ +# Anastasis + +This flake packages [GNU Anastasis](https://anastasis.lu), a key backup and recovery tool from the GNU project. +This package includes the backend run by the Anastasis providers as well as libraries for clients and a command-line interface. + +The main documentation can be found at [https://docs.taler.net/anastasis.html](https://docs.taler.net/anastasis.html). + +## Server/backend + +### HTTP server + +``` +anastasis-httpd +Anastasis HTTP interface +Arguments mandatory for long options are also mandatory for short options. + -A, --auth=USERNAME:PASSWORD + use the given USERNAME and PASSWORD for client + authentication + -C, --connection-close force HTTP connections to be closed after each + request + -c, --config=FILENAME use configuration file FILENAME + -h, --help print this help + -K, --apikey=APIKEY API key to use in the HTTP request to the + merchant backend + -k, --key=KEYFILE file with the private TLS key for TLS client + authentication + -L, --log=LOGLEVEL configure logging to use LOGLEVEL + -l, --logfile=FILENAME configure logging to write logs to FILENAME + -p, --pass=KEYFILEPASSPHRASE + passphrase needed to decrypt the TLS client + private key file + -t, --type=CERTTYPE type of the TLS client certificate, defaults to + PEM if not specified + -v, --version print the version number +Report bugs to contact@anastasis.lu. +Home page: https://anastasis.lu/ +General help using GNU software: http://www.gnu.org/gethelp/ +``` + +### DB initialisation + +``` +anastasis-dbinit +Initialize anastasis database +Arguments mandatory for long options are also mandatory for short options. + -c, --config=FILENAME use configuration file FILENAME + -h, --help print this help + -L, --log=LOGLEVEL configure logging to use LOGLEVEL + -l, --logfile=FILENAME configure logging to write logs to FILENAME + -r, --reset reset database (DANGEROUS: all existing data is + lost!) + -v, --version print the version number +Report bugs to contact@anastasis.lu. +Home page: https://anastasis.lu/ +General help using GNU software: http://www.gnu.org/gethelp/ +``` + +## Client CLI + +Anastasis Reducer API is used by client applications to initialise, store or load the different states the client application can have. + +``` +anastasis-reducer +This is an application for using Anastasis to handle the states. + +Arguments mandatory for long options are also mandatory for short options. + -a, --arguments=JSON pass a JSON string containing arguments to + reducer + -b, --backup use reducer to handle states for backup process + -c, --config=FILENAME use configuration file FILENAME + -h, --help print this help + -L, --log=LOGLEVEL configure logging to use LOGLEVEL + -l, --logfile=FILENAME configure logging to write logs to FILENAME + -r, --restore use reducer to handle states for restore process + -v, --version print the version number +Report bugs to contact@anastasis.lu. +Home page: https://anastasis.lu/ +General help using GNU software: http://www.gnu.org/gethelp/ +``` + +Examples: + +Initialise a backup state +``` +BFILE=$(mktemp /tmp/anastasis-state-XXX) +anastasis-reducer -b "$BFILE" +``` + +Initialise a recovery state +``` +RFILE=$(mktemp /tmp/anastasis-state-XXX) +anastasis-reducer -r "$RFILE" +``` + +The state files are json formated and can be inspected this way +``` +jq -r -e .recovery_state < $RFILE +``` + +## Gnunet configuration file manager (either client or server) + +anastasis-config, a.k.a. gnunet-config + +``` +gnunet-config [OPTIONS] +Manipulate GNUnet configuration files +Arguments mandatory for long options are also mandatory for short options. + -b, --supported-backend=BACKEND + test if the current installation supports the + specified BACKEND + -c, --config=FILENAME use configuration file FILENAME + -d, --diagnostics output extra diagnostics + -F, --full write the full configuration file, including + default values + -f, --filename interpret option value as a filename (with + $-expansion) + -h, --help print this help + -L, --log=LOGLEVEL configure logging to use LOGLEVEL + -l, --logfile=FILENAME configure logging to write logs to FILENAME + -o, --option=OPTION name of the option to access + -r, --rewrite rewrite the configuration file, even if nothing + changed + -S, --list-sections print available configuration sections + -s, --section=SECTION name of the section to access + -V, --value=VALUE value to set + -v, --version print the version number +Report bugs to contact@anastasis.lu. +Home page: https://anastasis.lu/ +General help using GNU software: http://www.gnu.org/gethelp/ +``` diff --git a/pkgs/anastasis/default.nix b/pkgs/anastasis/default.nix new file mode 100644 index 00000000..0a671e0c --- /dev/null +++ b/pkgs/anastasis/default.nix @@ -0,0 +1,69 @@ +{src, stdenv, fetchzip, pkg-config, autoreconfHook, taler-exchange, taler-merchant, libgcrypt, libmicrohttpd, jansson, libsodium, postgresql, curl, recutils, libuuid, lib, gnunet, makeWrapper, which, jq}: +let + gnunet' = (gnunet.override { postgresqlSupport = true; }); +in +stdenv.mkDerivation rec { + pname = "anastasis"; + version = "0.2.0"; + src = fetchzip { + url = "mirror://gnu/anastasis/${pname}-${version}.tar.gz"; + sha256 = "sha256-/13AqJUf8dwXhY554ZaXD8EuMPvrr3SoSe05Hc8Q+Io="; + }; + postPatch = '' + patchShebangs src/cli + ''; + outputs = [ "out" "configured" ]; + nativeBuildInputs = [ + pkg-config # hook that adds pkg-config files of buildInputs + autoreconfHook # hook that triggers autoreconf to get the configure script + makeWrapper # for wrapProgram + ]; + buildInputs = [ + taler-exchange + taler-merchant + libgcrypt + libmicrohttpd + libsodium + postgresql + curl + jansson + recutils + libuuid + ]; + configureFlags = [ + "--with-gnunet=${gnunet'}" + "--with-exchange=${taler-exchange}" + "--with-merchant=${taler-merchant}" + ]; + postConfigure = '' + mkdir -p $configured + cp -r ./* $configured/ + ''; + postInstall = '' + wrapProgram $out/bin/anastasis-config --prefix PATH : ${lib.makeBinPath [ + # Fix "anastasis-config-wrapped needs gnunet-config to be installed" + # in src/cli/test_anastasis_reducer_backup_enter_user_attributes.sh + # (NB: --with-gnunet was not enough) + gnunet' + # needed by $out/bin/anastasis-config during postInstallCheck + which + ]} + ''; + doInstallCheck = true; + postInstallCheck = '' + # The author said `make check` is meant to be executed after installation + # FIXME: many tests are skipped + make check + # Check that anastasis-config can find gnunet at runtime + $out/bin/anastasis-config --help > /dev/null + ''; + meta = { + description = '' + GNU Anastasis is a key backup and recovery tool from the GNU project. + This package includes the backend run by the Anastasis providers as + well as libraries for clients and a command-line interface. + ''; + license = lib.licenses.agpl3Plus; # from the README + homepage = "https://anastasis.lu"; + }; +} diff --git a/pkgs/anastasis/flake.lock b/pkgs/anastasis/flake.lock new file mode 100644 index 00000000..811acad4 --- /dev/null +++ b/pkgs/anastasis/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1633505261, + "narHash": "sha256-Vv2kJzyD8rYYwJBHbxGJTZTbqG1sv3t/jmxOt6UrpbA=", + "owner": "JosephLucas", + "repo": "nixpkgs", + "rev": "e2d8fe9a4803c0d5bc0bd359ebf15106911b208f", + "type": "github" + }, + "original": { + "owner": "JosephLucas", + "ref": "anastasis", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/pkgs/anastasis/flake.nix b/pkgs/anastasis/flake.nix new file mode 100644 index 00000000..70c15970 --- /dev/null +++ b/pkgs/anastasis/flake.nix @@ -0,0 +1,112 @@ +{ + description = "GNU Anastasis is a key backup and recovery tool from the GNU project."; + inputs.nixpkgs.url = "github:JosephLucas/nixpkgs/anastasis"; + + outputs = { self, nixpkgs}: + let + supportedSystems = [ "x86_64-linux" ]; + forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system); + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlay ]; }); + in + { + overlay = final: prev: { anastasis = (final.callPackage ./default.nix {}); }; + packages = forAllSystems (system: { inherit (nixpkgsFor.${system}) anastasis; }); + defaultPackage = forAllSystems (system: self.packages.${system}.anastasis); + devShell = self.defaultPackage; + checks.x86_64-linux.anastasis-build = self.packages.x86_64-linux.anastasis; + + ### + # Integration test: + # anstasis + gnunet + postgres + taler-exchange + taler-merchant + ### + nixosModules = { + anastasis-httpd = { pkgs, ... }: { + nixpkgs.overlays = [ self.overlay ]; + systemd.services.anastasis-httpd = { + wantedBy = [ "multi-user.target" ]; + serviceConfig.ExecStart = '' + ${pkgs.anastasis}/bin/anastasis-httpd + ''; + }; + environment.systemPackages = with pkgs; [ + anastasis + postgresql + taler-exchange + taler-merchant + + # needed by src/cli/test_* + jq + wget + + # needed by make check + gnumake automake autoconf autoconf-archive autoconf-archive + pkg-config + libgcrypt.dev + gcc + ]; + }; + db = { pkgs, ...}: { + services.postgresql = { + enable = true; + initialScript = pkgs.writeText "initialScript.sql" ('' + create role root login createdb; + '' + ) ; + }; + }; + }; + checks.x86_64-linux.vmTest = with import (nixpkgs + "/nixos/lib/testing-python.nix") {system = "x86_64-linux";}; + makeTest { + name = "anastasis-httpd"; + nodes = { + client = { ... }: { + imports = with self.nixosModules; [ db anastasis-httpd ]; + }; + }; + testScript = let + check-anastasis = pkgs.writeScript "check-anastasis" '' + # Load test fixture data into the vm $HOME (/root) + cd ${self.packages.x86_64-linux.anastasis.configured} && find . -type f -exec install -Dm 755 "{}" "$HOME/{}" \; + cd $HOME + # Patch some paths + sed=${pkgs.gnused}/bin/sed + find . -type f -exec $sed -i "s^/build/source^$HOME^g" "{}" \; + find . -type f -exec $sed -i "s^/usr/bin/file^${pkgs.file}/bin/file^g" "{}" \; + + # ./missing is executed at the beginning of `make check` and re-triggers autoreconf + # -> Fix that by making missing a no-op + echo ":" > missing + + for i in "" $(seq 1 4); do createdb anastasischeck$i; done + + # Start checking anastasis + # FIXME: recursvely adds paths to dependencies + # Provide all the paths toward header files and libraries, as well as pkg-config files + # This can be debugged by prefixing with "NIX_DEBUG=1 " + # FIXME: the build is triggered !!! making the check *very* long :( + # a solution would be to copy the state of the package after build has finished + # FIXME: The log of `make check` is only shown at the end + NIX_CFLAGS_COMPILE_BEFORE_x86_64_unknown_linux_gnu="-I${pkgs.libsodium.dev}/include -I${pkgs.jansson}/include -I${pkgs.libgcrypt.dev}/include -I${pkgs.curl.dev}/include -I${pkgs.libgnurl}/include -I${pkgs.libmicrohttpd.dev}/include -I${pkgs.libtool}/include -I${pkgs.zlib.dev}/include" NIX_LDFLAGS_BEFORE_x86_64_unknown_linux_gnu="-L${pkgs.libsodium}/lib -L${pkgs.jansson}/lib -L${pkgs.libgcrypt}/lib -L${pkgs.curl}/lib -L${pkgs.libgnurl}/lib -L${pkgs.libmicrohttpd}/lib -L${pkgs.libtool.lib}/lib -L${pkgs.postgresql.lib}/lib -L${pkgs.libossp_uuid}/lib -L${pkgs.zlib}/lib" PKG_CONFIG_PATH="${pkgs.libmicrohttpd.dev}/lib/pkgconfig:${pkgs.jansson}/lib/pkgconfig" make check + ''; + in + '' + start_all() + client.wait_for_unit("multi-user.target") + + print('Copying the fixture and running `make check`') + print('The log of `make check` will be shown at the end') + print('Wait some long seconds (some postgres ERROR are expected but should probably be fixed) ...') + # FIXME: follow the log + client.log(client.execute("cd $HOME && set -x && ${check-anastasis}")[1]) + + # The interesting part of the log is after "make check_TESTS" + # i.e. lines containing "*test_anstasis_*" + + # FIXME: + # src/cli/test_anastasis_reducer_enter_secret.sh + # and src/cli/recovery_enter_user_attributes.sh + # are skipped due to `line {65,64}: taler-bank-manage: command not found` + ''; + }; + }; +} diff --git a/pkgs/anastasis/remove_anastasis-authorization-email.sh.patch b/pkgs/anastasis/remove_anastasis-authorization-email.sh.patch new file mode 100644 index 00000000..d496e69a --- /dev/null +++ b/pkgs/anastasis/remove_anastasis-authorization-email.sh.patch @@ -0,0 +1,25 @@ +diff --git a/src/authorization/Makefile.am b/src/authorization/Makefile.am +index cfcd89e..180913c 100644 +--- a/src/authorization/Makefile.am ++++ b/src/authorization/Makefile.am +@@ -3,10 +3,6 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/include + + cfgdir = $(prefix)/share/anastasis/config.d/ + +-cfg_DATA = \ +- authorization-email.conf +- +- + SUBDIRS = libanastasiseufin . + + pkgcfgdir = $(prefix)/share/anastasis/config.d/ +@@ -32,9 +28,6 @@ endif + bin_PROGRAMS = \ + anastasis-helper-authorization-iban + +-bin_SCRIPTS = \ +- anastasis-authorization-email.sh +- + anastasis_helper_authorization_iban_SOURCES = \ + anastasis-helper-authorization-iban.c + anastasis_helper_authorization_iban_LDADD = \