Merge fort-nix/nix-bitcoin#819: Update nixpkgs
e6e3a13dbbwork around CVE-2024-23342 for pkgs `hwi`, `trezor` (Erik Arvstedt)c4cd252753update nixpkgs (Erik Arvstedt) Pull request description: ACKs for top commit: jonasnick: ACKe6e3a13dbbTree-SHA512: f0f5bcbe0ea28f5870aed7bd983904fe3d57aedad45955835ace1fb151f48f169977f453d41a071b60e0e27af6fc92572c629627dfc8d81012c0bb4241a7f459
This commit is contained in:
Jonas Nick
commit
f1ebb5d2cd
6 changed files with 27 additions and 9 deletions
12
flake.lock
generated
12
flake.lock
generated
|
|
@ -44,11 +44,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1761016216,
|
||||
"narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=",
|
||||
"lastModified": 1763622513,
|
||||
"narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "481cf557888e05d3128a76f14c76397b7d7cc869",
|
||||
"rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -60,11 +60,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1760965567,
|
||||
"narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=",
|
||||
"lastModified": 1763618868,
|
||||
"narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93",
|
||||
"rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ in {
|
|||
});
|
||||
})
|
||||
(mkIf cfg.trezor {
|
||||
environment.systemPackages = [ pkgs.python3.pkgs.trezor ];
|
||||
environment.systemPackages = [ config.nix-bitcoin.pkgs.pyPkgs.nbPython3PackagesWithUnlockedEcdsa.trezor ];
|
||||
# Don't use rules from nixpkgs because we want to use our own group.
|
||||
services.udev.packages = lib.singleton (pkgs.writeTextFile {
|
||||
name = "trezord-udev-rules";
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ rustPlatform.buildRustPackage rec {
|
|||
|
||||
inherit (clightning) src;
|
||||
|
||||
cargoHash = "sha256-UxMXBO/rpanNU8vz8y4V5wSbCNHKYmVXtoGRpOqI+A0=";
|
||||
cargoHash = "sha256-2xOLwj42Ua85+kn73y+5q3YmzKYMCjxLlq/UrYjiZv0=";
|
||||
|
||||
depsExtraArgs = {
|
||||
nativeBuildInputs = [ unzip ];
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ let self = {
|
|||
trustedcoin = pkgs.callPackage ./trustedcoin { };
|
||||
|
||||
bitcoind_29 = pkgs.callPackage ./bitcoind_29 {};
|
||||
inherit (self.pyPkgs.nbPython3PackagesWithUnlockedEcdsa) hwi;
|
||||
|
||||
pyPkgs = import ./python-packages self pkgs.python3;
|
||||
inherit (self.pyPkgs)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ pkgs: pkgsUnstable:
|
|||
elementsd
|
||||
extra-container
|
||||
fulcrum
|
||||
hwi
|
||||
lightning-pool
|
||||
lndconnect;
|
||||
|
||||
|
|
|
|||
|
|
@ -33,4 +33,22 @@ rec {
|
|||
}).pkgs;
|
||||
|
||||
nbPython3PackagesJoinmarket = nbPython3Packages;
|
||||
|
||||
# Re-enable pkgs `hwi`, `trezor` that are unaffected by `CVE-2024-23342` because
|
||||
# they don't use python pkg `ecdsa` for signing.
|
||||
# These packages no longer evaluate in nixpkgs after `ecdsa` was tagged with this CVE.
|
||||
nbPython3PackagesWithUnlockedEcdsa = let
|
||||
python3PackagesWithUnlockedEcdsa = (python3.override {
|
||||
packageOverrides = self: super: {
|
||||
ecdsa = super.ecdsa.overrideAttrs (old: {
|
||||
meta = old.meta // {
|
||||
knownVulnerabilities = builtins.filter (x: x != "CVE-2024-23342") old.meta.knownVulnerabilities;
|
||||
};
|
||||
});
|
||||
};
|
||||
}).pkgs;
|
||||
in {
|
||||
hwi = with python3PackagesWithUnlockedEcdsa; toPythonApplication hwi;
|
||||
inherit (python3PackagesWithUnlockedEcdsa) trezor;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue