feat: update pyload

2025-12-04 11:39:08 +01:00
parent 18a8fde66e
commit dd456eab69
4 changed files with 44 additions and 9 deletions
--- a/utils/pkgs/aia-chaser/default.nix
+++ b/utils/pkgs/aia-chaser/default.nix
@@ -0,0 +1,32 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, cryptography
+}:
+
+buildPythonPackage rec {
+  pname = "aia-chaser";
+  version = "3.3.0";
+  format = "wheel";
+
+  src = fetchPypi {
+    pname = "aia_chaser";
+    inherit version format;
+    dist = "py3";
+    python = "py3";
+    hash = "sha256-L0aBV3kfAVI1aJH7VgiiEXzGBSP/HU2zAlahkHeT8hk=";
+  };
+
+  dependencies = [
+    cryptography
+  ];
+
+  pythonImportsCheck = [ "aia_chaser" ];
+
+  meta = with lib; {
+    description = "Retrieve missing certificates to complete SSL certificate chains";
+    homepage = "https://github.com/dirkjanm/aia-chaser";
+    license = licenses.mit;
+    maintainers = [ ];
+  };
+}
--- a/utils/pkgs/pyload-ng/default.nix
+++ b/utils/pkgs/pyload-ng/default.nix
@@ -6,8 +6,8 @@ pyload-ng.overridePythonAttrs (oldAttrs: rec {
  src = fetchFromGitHub {
    owner = "pyload";
    repo = "pyload";
-    rev = "3115740a2210fd57b5d050cd0850a0e61ec493ed"; # [DdownloadCom] fix #4537
-    hash = "sha256-g1eEeNnr3Axtr+0BJzMcNQomTEX4EsUG1Jxt+huPyoc=";
+    rev = "71f2700184ee9344dc313d9833ca7a6bb36007db"; # [DdownloadCom] fix #4537
+    hash = "sha256-XAa+XbC3kko+zvEMZkPXRoaHAmEFGsNBDxysX+X06Jc=";
  };

  patches = [
@@ -16,6 +16,7 @@ pyload-ng.overridePythonAttrs (oldAttrs: rec {

  # Add new dependencies required in newer versions
  propagatedBuildInputs = (oldAttrs.propagatedBuildInputs or []) ++ (with python3Packages; [
+    aia-chaser
    mini-racer
    packaging
    pydantic
--- a/utils/pkgs/pyload-ng/update.sh
+++ b/utils/pkgs/pyload-ng/update.sh
@@ -0,0 +1,107 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Script and repo directories
+cd "$(dirname "${BASH_SOURCE[0]}")"
+PKG_DIR="$(pwd)"
+REPO_ROOT="$(cd ../../.. && pwd)"
+
+# Check if commit SHA is provided
+if [ $# -ne 1 ]; then
+    echo -e "${RED}Error: Git commit SHA required${NC}"
+    echo "Usage: $0 <commit-sha>"
+    echo "Example: $0 e5fe7038f3e116d878c58059323b682e426f9c84"
+    echo ""
+    echo "To find the latest commit:"
+    echo "  Visit: https://github.com/pyload/pyload/commits/main"
+    exit 1
+fi
+
+COMMIT_SHA="$1"
+
+# Validate commit SHA format (40 character hex string)
+if ! [[ "$COMMIT_SHA" =~ ^[0-9a-f]{40}$ ]]; then
+    echo -e "${RED}Error: Invalid commit SHA format${NC}"
+    echo "Commit SHA must be a 40-character hexadecimal string"
+    exit 1
+fi
+
+echo -e "${GREEN}==> Updating pyload-ng to commit: ${COMMIT_SHA}${NC}"
+
+# File to update
+PKG_FILE="$PKG_DIR/default.nix"
+
+if [ ! -f "$PKG_FILE" ]; then
+    echo -e "${RED}Error: Package file not found: $PKG_FILE${NC}"
+    exit 1
+fi
+
+# Step 1: Update commit SHA in package file
+echo -e "${YELLOW}Step 1: Updating commit SHA in package file...${NC}"
+sed -i "s/rev = \"[0-9a-f]*\";/rev = \"$COMMIT_SHA\";/" "$PKG_FILE"
+echo "  ✓ Updated commit SHA in $PKG_FILE"
+
+# Step 2: Set hash to a fake value to trigger hash discovery
+echo -e "${YELLOW}Step 2: Setting hash to fake value...${NC}"
+sed -i 's/hash = "sha256-[^"]*";/hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";/' "$PKG_FILE"
+echo "  ✓ Updated hash in $PKG_FILE"
+
+# Step 3: Build package to discover the correct hash
+echo -e "${YELLOW}Step 3: Building package to discover hash...${NC}"
+cd "$REPO_ROOT"
+BUILD_OUTPUT=$(nix-build --impure -E "with import <nixpkgs> { overlays = [ (import ./utils/overlays/packages.nix) ]; }; callPackage ./utils/pkgs/pyload-ng { }" 2>&1 || true)
+
+# Extract hash from error message
+HASH=$(echo "$BUILD_OUTPUT" | grep -oP '\s+got:\s+\Ksha256-[A-Za-z0-9+/=]+' | head -1)
+
+if [ -z "$HASH" ]; then
+    echo -e "${RED}Error: Failed to extract hash from build output${NC}"
+    echo "Build output:"
+    echo "$BUILD_OUTPUT"
+    exit 1
+fi
+
+echo "  ✓ Discovered hash: $HASH"
+
+# Step 4: Update package file with the correct hash
+echo -e "${YELLOW}Step 4: Updating hash in package file...${NC}"
+sed -i "s|hash = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\";|hash = \"$HASH\";|" "$PKG_FILE"
+echo "  ✓ Updated hash in $PKG_FILE"
+
+# Step 5: Verify the build succeeds
+echo -e "${YELLOW}Step 5: Verifying build with correct hash...${NC}"
+if nix-build --impure -E "with import <nixpkgs> { overlays = [ (import ./utils/overlays/packages.nix) ]; }; callPackage ./utils/pkgs/pyload-ng { }" > /dev/null 2>&1; then
+    echo "  ✓ Build verification successful"
+else
+    echo -e "${RED}Error: Build verification failed${NC}"
+    exit 1
+fi
+
+# Step 6: Test configuration for fw host (which uses pyload)
+echo -e "${YELLOW}Step 6: Testing fw configuration...${NC}"
+if ./scripts/test-configuration fw > /dev/null 2>&1; then
+    echo "  ✓ Configuration test passed"
+else
+    echo -e "${RED}Warning: Configuration test failed${NC}"
+    echo "This may be due to missing secrets or other issues unrelated to the hash update."
+fi
+
+# Success summary
+echo -e "${GREEN}"
+echo "======================================"
+echo "✓ pyload-ng updated successfully!"
+echo "======================================"
+echo "Commit:  $COMMIT_SHA"
+echo "Hash:    $HASH"
+echo -e "${NC}"
+echo "Next steps:"
+echo "  1. Review changes: git diff $PKG_FILE"
+echo "  2. Test locally if needed"
+echo "  3. Commit changes: git add $PKG_FILE && git commit -m 'update: pyload-ng to commit ${COMMIT_SHA:0:8}'"
+echo "  4. Push to trigger automatic deployment"