update: 2025.2.4 -> 2025.4.0

See https://docs.goauthentik.io/docs/releases/2025.4
2025-05-03 16:22:32 +02:00 · 2025-05-03 16:22:32 +02:00 · 893670fa74
commit 893670fa74
parent 618330bee6
8 changed files with 194 additions and 369 deletions
--- a/components/default.nix
+++ b/components/default.nix
@ -1,45 +0,0 @@
-{
-  authentik-src,
-  authentik-version,
-  authentikPoetryOverrides,
-  buildNapalmPackage,
-  defaultPoetryOverrides,
-  mkPoetryEnv,
-  pkgs,
-}:
-
-pkgs.lib.makeScope pkgs.newScope (
-  final:
-  let
-    docs = final.callPackage ./docs.nix { };
-    frontend = final.callPackage ./frontend.nix { };
-    pythonEnv = final.callPackage ./pythonEnv.nix { };
-    # server + outposts
-    gopkgs = final.callPackage ./gopkgs.nix { };
-    staticWorkdirDeps = final.callPackage ./staticWorkdirDeps.nix { };
-    migrate = final.callPackage ./migrate.nix { };
-    # worker
-    manage = final.callPackage ./manage.nix { };
-  in
-  {
-    authentikComponents = {
-      inherit
-        docs
-        frontend
-        pythonEnv
-        gopkgs
-        staticWorkdirDeps
-        migrate
-        manage
-        ;
-    };
-    inherit
-      authentik-src
-      authentik-version
-      buildNapalmPackage
-      mkPoetryEnv
-      defaultPoetryOverrides
-      authentikPoetryOverrides
-      ;
-  }
-)
--- a/components/docs.nix
+++ b/components/docs.nix
@ -17,7 +17,6 @@ buildNapalmPackage "${authentik-src}/website" {
    "npm run build-bundled"
  ];
  installPhase = ''
-    rm -r ../website/node_modules/.cache
    rm -f ../website/static/blueprints
    mv -v ../website $out
    cp -vr ../blueprints $out/static/blueprints
--- a/components/gopkgs.nix
+++ b/components/gopkgs.nix
@ -2,12 +2,12 @@
  authentik-src,
  authentik-version,
  authentikComponents,
-  buildGo123Module,
+  buildGo124Module,
  lib,
  makeWrapper,
 }:

-buildGo123Module {
+buildGo124Module {
  pname = "authentik-gopkgs";
  version = authentik-version;
  prePatch = ''
@ -42,7 +42,7 @@ buildGo123Module {
    "cmd/proxy"
    "cmd/radius"
  ];
-  vendorHash = "sha256-aG/VqpmHJeGyF98aS0jgwEAq1R5c8VggeJxLWS9W8HY=";
+  vendorHash = "sha256-cEB22KFDONcJBq/FvLpYKN7Zd06mh8SACvCSuj5i4fI=";
  nativeBuildInputs = [ makeWrapper ];
  doCheck = false;
  postInstall = ''
--- a/components/python-overrides.nix
+++ b/components/python-overrides.nix
@ -0,0 +1,68 @@
+{
+  lib,
+  krb5,
+  libpq,
+}:
+
+let
+  # Specify build system for dependencies where metadata is incomplete.
+  buildSystemOverrides =
+    final: prev:
+    let
+      buildSystemOverrides = {
+        gssapi = {
+          setuptools = [ ];
+          cython = [ ];
+        };
+        django-tenants.setuptools = [ ];
+        opencontainers.setuptools = [ ];
+        djangorestframework.setuptools = [ ];
+        psycopg-c = {
+          setuptools = [ ];
+          cython = [ ];
+        };
+      };
+      inherit (final) resolveBuildSystem;
+    in
+    lib.mapAttrs (
+      name: spec:
+      prev.${name}.overrideAttrs (old: {
+        nativeBuildInputs = old.nativeBuildInputs ++ resolveBuildSystem spec;
+      })
+    ) buildSystemOverrides;
+
+  # Fixes for dependencies with C libraries.
+  buildFixes = final: prev: {
+    gssapi = prev.gssapi.overrideAttrs (
+      {
+        buildInputs ? [ ],
+        ...
+      }:
+      {
+        postPatch = ''
+          substituteInPlace setup.py \
+            --replace-fail 'get_output(f"{kc} gssapi --prefix")' '"${krb5.dev}"'
+        '';
+        buildInputs = buildInputs ++ [
+          krb5
+        ];
+      }
+    );
+    psycopg-c = prev.psycopg-c.overrideAttrs (
+      {
+        nativeBuildInputs ? [ ],
+        buildInputs ? [ ],
+        ...
+      }:
+      {
+        buildInputs = buildInputs ++ [
+          libpq
+        ];
+        nativeBuildInputs = nativeBuildInputs ++ [
+          libpq.pg_config
+        ];
+      }
+    );
+  };
+in
+lib.composeExtensions buildSystemOverrides buildFixes
--- a/components/pythonEnv.nix
+++ b/components/pythonEnv.nix
@ -1,25 +1,30 @@
 {
-  authentik-src,
-  authentikPoetryOverrides,
-  defaultPoetryOverrides,
  lib,
-  mkPoetryEnv,
-  python312,
+  callPackage,
+  authentik-src,
+  uv2nix,
+  pythonOverlay,
+  python,
+  pyproject-nix,
+  pyproject-build-systems,
 }:

-mkPoetryEnv {
-  projectDir = authentik-src;
-  python = python312;
-  overrides = [
-    defaultPoetryOverrides
-  ] ++ authentikPoetryOverrides;
-  groups = [ "main" ];
-  checkGroups = [ ];
-  # workaround to remove dev-dependencies for the current combination of legacy
-  # used by authentik and poetry2nix's behavior
-  pyproject = builtins.toFile "patched-pyproject.toml" (
-    lib.replaceStrings [ "tool.poetry.dev-dependencies" ] [ "tool.poetry.group.dev.dependencies" ] (
-      builtins.readFile "${authentik-src}/pyproject.toml"
-    )
-  );
-}
+let
+  workspace = uv2nix.lib.workspace.loadWorkspace { workspaceRoot = authentik-src; };
+  projectOverlay = workspace.mkPyprojectOverlay {
+    sourcePreference = "wheel";
+  };
+
+  pythonSet =
+    (callPackage pyproject-nix.build.packages {
+      inherit python;
+    }).overrideScope
+      (
+        lib.composeManyExtensions [
+          pyproject-build-systems.overlays.default
+          projectOverlay
+          pythonOverlay
+        ]
+      );
+in
+pythonSet.mkVirtualEnv "authentik-env" (workspace.deps.default)