update: 2025.12.1 -> 2025.12.3

Closes #90 ChangeLogs: * https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.2 * https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.3 Using the `client-go` library that is vendored in this release's `go.mod` breaks all outposts for me, so we're now doing what upstream is also doing, i.e. generating the Go client code ourselves.
2026-02-07 16:31:47 +01:00 · 2026-02-07 16:31:47 +01:00 · 9eed4f7e7e
commit 9eed4f7e7e
parent eee255ff2f
5 changed files with 68 additions and 18 deletions
--- a/components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch
+++ b/components/0002-admin-file-dir-doesn-t-have-to-be-a-mountpoint.patch
@ -1,20 +1,20 @@
-From 2f51711b64204d090ad8cd6b2ef19fd11a1a6469 Mon Sep 17 00:00:00 2001
+From 18b41fcb663a11fcd8ccc27bd951cc150456291b Mon Sep 17 00:00:00 2001
 From: Maximilian Bosch <maximilian@mbosch.me>
 Date: Fri, 16 Jan 2026 21:50:11 +0100
-Subject: [PATCH 2/2] admin: file dir doesn't have to be a mountpoint
+Subject: [PATCH] admin: file dir doesn't have to be a mountpoint

 ---
 authentik/admin/files/backends/file.py | 1 -
 1 file changed, 1 deletion(-)

 diff --git a/authentik/admin/files/backends/file.py b/authentik/admin/files/backends/file.py
-index 7858ed5e9b..8a6d55ce64 100644
+index 6d60d5f236..720223231f 100644
 --- a/authentik/admin/files/backends/file.py
 +++ b/authentik/admin/files/backends/file.py
-@@ -47,7 +47,6 @@ class FileBackend(ManageableBackend):
-     def manageable(self) -> bool:
+@@ -52,7 +52,6 @@ class FileBackend(ManageableBackend):
+         # file creation on fresh installs.
         return (
-             self.base_path.exists()
+             self._base_dir.exists()
 -            and (self._base_dir.is_mount() or (self._base_dir / self.usage.value).is_mount())
             or (settings.DEBUG or settings.TEST)
         )
--- a/components/client-go.nix
+++ b/components/client-go.nix
@ -0,0 +1,20 @@
+{
+  authentik-src,
+  authentik-go,
+  openapi-generator-cli,
+  runCommand,
+}:
+
+runCommand "go-client-code" {
+  nativeBuildInputs = [
+    openapi-generator-cli
+  ];
+} ''
+  cp --no-preserve=mode -vr ${authentik-go}/ $out/
+  cp -vr ${authentik-src}/schema.yml $out/
+  pushd $out &>/dev/null
+    substituteInPlace config.yaml \
+      --replace-fail "templateDir: /local/templates/" "templateDir: ./templates/"
+    openapi-generator-cli generate -i schema.yml -g go -o . -c config.yaml
+  popd &>/dev/null
+''
--- a/components/gopkgs.nix
+++ b/components/gopkgs.nix
@ -8,10 +8,12 @@
  guacamole-server,
  stdenv,
  patches,
+  generatedGoClient,
 }:

 let
  guacamoleAvailable = lib.meta.availableOn stdenv.hostPlatform guacamole-server;
+
 in
 buildGo125Module {
  pname = "authentik-gopkgs";
@ -21,6 +23,9 @@ buildGo125Module {
    sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' web/static.go
    sed -i"" -e 's,./web/dist/,${authentikComponents.frontend}/dist/,' internal/web/static.go
    sed -i"" -e 's,./lifecycle/gunicorn.conf.py,${authentikComponents.staticWorkdirDeps}/lifecycle/gunicorn.conf.py,' internal/gounicorn/gounicorn.go
+    cp --no-preserve=mode -vr ${generatedGoClient} gen-go-api
+    echo "replace goauthentik.io/api/v3 => ./gen-go-api" >>go.mod
+    go mod edit -require=goauthentik.io/api/v3@v3.0.0
  '' + lib.optionalString guacamoleAvailable ''
    substituteInPlace internal/outpost/rac/guacd.go \
      --replace-fail '/opt/guacamole/sbin/guacd' \
@ -43,6 +48,7 @@ buildGo125Module {
          "/web/security.txt"
          "go.mod"
          "go.sum"
+          "schema.yml"
        ])
      ))
    );
@ -63,7 +69,7 @@ buildGo125Module {
  ] ++ lib.optionals guacamoleAvailable [
    "cmd/rac"
  ];
-  vendorHash = "sha256-u/kAqDCeWHPaw/0+lQ9U6/pHSgdANOeflQLVgUV64Vs=";
+  vendorHash = "sha256-meqQHr5U0/6nc8fv1b4SFo2ohFcwSeAmSB1eLKsO9nc=";
  nativeBuildInputs = [ makeWrapper ];
  doCheck = false;
  postInstall = ''