nios: Add sentinel module

13 files changed, 179 insertions, 13 deletions

diff --git a/pkgs/default.nix b/pkgs/default.nix
index 0bdc99f..13d0fc6 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,9 +1,15 @@
-{ nixlib, nixpkgs }:
+{ nixpkgs ? <nixpkgs>, nixlib ? nixpkgs.lib }:
 
 let
   pkgs = nixpkgs // turrispkgs;
   callPackage = nixlib.callPackageWith pkgs;
 
+  armv7lDisableCheck = pkg: if nixpkgs.system != "armv7l-linux" then pkg
+    else pkg.overrideAttrs (oldAttrs: {
+      doCheck = false;
+      doInstallCheck = false;
+    }); 
+
   turrispkgs = with pkgs; {
     bootstrapHook = callPackage (
       { makeSetupHook, autoconf, autoconf-archive, automake, gettext, libtool }:
@@ -20,16 +26,32 @@ let
         rev = "v" + version;
         sha256 = "1swjzs2249wvnqx2zvxwd7d1z22kd3512xxfvq002cvgbq78ka9a";
       };
+      patches = [];
     });
     logc-libs = callPackage ./libraries/logc-libs { };
     base64c = callPackage ./libraries/base64c { };
     paho-mqtt-c = callPackage ./libraries/paho-mqtt-c { };
 
+    sentinel-certgen = python3Packages.callPackage ./sentinel/certgen { };
+    #sentinel-dynfw-client = python3Packages.callPackage ./sentinel/dynfw-client { };
     sentinel-proxy = callPackage ./sentinel/proxy { };
     sentinel-minipot = callPackage ./sentinel/minipot { };
     sentinel-fwlogs = callPackage ./sentinel/fwlogs { };
     sentinel-faillogs = callPackage ./sentinel/faillogs { };
 
+    # Overrides to get armv7 to work
+    bison = armv7lDisableCheck nixpkgs.bison;
+    findutils = armv7lDisableCheck nixpkgs.findutils;
+    libuv = armv7lDisableCheck nixpkgs.libuv;
+    p11-kit = armv7lDisableCheck nixpkgs.p11-kit;
+    elfutils = armv7lDisableCheck nixpkgs.elfutils;
+    glib = armv7lDisableCheck nixpkgs.glib;
+    rustc = armv7lDisableCheck nixpkgs.rustc;
+    mdbook = armv7lDisableCheck nixpkgs.mdbook;
+    ell = armv7lDisableCheck nixpkgs.ell;
+    polkit = armv7lDisableCheck nixpkgs.polkit;
+    udisks2 = armv7lDisableCheck nixpkgs.udisks2;
+    udisks = udisks2;
   };
 
 in turrispkgs
diff --git a/pkgs/libraries/base64c/default.nix b/pkgs/libraries/base64c/default.nix
index ec89a4b..9cb6def 100644
--- a/pkgs/libraries/base64c/default.nix
+++ b/pkgs/libraries/base64c/default.nix
@@ -1,5 +1,6 @@
 { stdenv, lib, fetchgit
 , bootstrapHook, pkg-config
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -8,7 +9,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/base64c";
     description = "Base64 encoding/decoding library for C";
-    platforms = with platforms; linux;
     license = licenses.mit;
   };
 
@@ -19,4 +19,9 @@ stdenv.mkDerivation rec {
   };
 
   nativeBuildInputs = [bootstrapHook pkg-config];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }
diff --git a/pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch b/pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch
new file mode 100644
index 0000000..349bf91
--- /dev/null
+++ b/pkgs/libraries/logc-libs/0001-tests-cmzq-try-to-fix-test-failure.patch
@@ -0,0 +1,31 @@
+From ecd66fc7d0079093fc56c16233c1fb2e88879df3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
+Date: Thu, 24 Feb 2022 17:52:59 +0100
+Subject: [PATCH] tests/cmzq: try to fix test failure
+
+The errno seems to be possibly set by logc_czmq_init and thus we have to
+reset errno after that.
+---
+ tests/czmq.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/czmq.c b/tests/czmq.c
+index b6244d1..f25ab07 100644
+--- a/tests/czmq.c
++++ b/tests/czmq.c
+@@ -10,11 +10,11 @@ char *stderr_data;
+ size_t stderr_len;
+ 
+ void f_setup() {
+-	errno = 0;
+ 	orig_stderr = stderr;
+ 	stderr = open_memstream(&stderr_data, &stderr_len);
+ 	logc_czmq_init();
+ 	log_set_level(log_czmq, LL_DEBUG);
++	errno = 0;
+ }
+ void f_teardown() {
+ 	ck_assert_int_eq(errno, 0);
+-- 
+2.35.1
+
diff --git a/pkgs/libraries/logc-libs/default.nix b/pkgs/libraries/logc-libs/default.nix
index 1fe7a18..f8e4a57 100644
--- a/pkgs/libraries/logc-libs/default.nix
+++ b/pkgs/libraries/logc-libs/default.nix
@@ -1,6 +1,7 @@
 { stdenv, lib, fetchgit
 , bootstrapHook, pkg-config
 , logc, czmq, libevent
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -9,7 +10,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/logc-libs";
     description = "Logging for C";
-    platforms = with platforms; linux;
     license = licenses.mit;
   };
 
@@ -21,4 +21,9 @@ stdenv.mkDerivation rec {
 
   buildInputs = [logc czmq libevent];
   nativeBuildInputs = [bootstrapHook pkg-config];
+  depsBuildBuild = [check];
+
+  doCheck = false; #  TODO the test fails due to errno being set by czmq for some reason
+  doInstallCheck = false;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }
diff --git a/pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch b/pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch
new file mode 100644
index 0000000..3c0fafe
--- /dev/null
+++ b/pkgs/libraries/logc/0001-configure.ac-fix-cross-compilation.patch
@@ -0,0 +1,28 @@
+From 7105fb9859f4d3264dbaaee5dc7596c561dc3e1a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
+Date: Tue, 4 Jan 2022 18:38:38 +0100
+Subject: [PATCH] configure.ac: fix cross compilation
+
+The AC_CHECK_FILE is not supported when cross compiling. We can just use
+plain AS_IF with test for the same effect.
+---
+ CHANGELOG.md | 1 +
+ configure.ac | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5946a53..b6d42ea 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -18,7 +18,7 @@ PKG_INSTALLDIR
+ AX_CHECK_COMPILE_FLAG([-std=c11], , AC_MSG_ERROR([Compiler with C11 standard support is required]))
+ AX_APPEND_FLAG([-std=c11])
+ 
+-AC_CHECK_FILE([${0%/*}/bootstrap],[
++AS_IF([test -x "${0%/*}/bootstrap" ],[
+   AC_PATH_PROG([GPERF], [gperf])
+   AS_IF([test -z "$GPERF"], [AC_MSG_ERROR([Missing gperf generator])])
+ ])
+-- 
+2.35.1
+
diff --git a/pkgs/libraries/logc/default.nix b/pkgs/libraries/logc/default.nix
index 784efd7..6ffd8f4 100644
--- a/pkgs/libraries/logc/default.nix
+++ b/pkgs/libraries/logc/default.nix
@@ -1,6 +1,7 @@
 { stdenv, lib, fetchgit
 , bootstrapHook, pkg-config, gperf
 , libconfig
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -9,7 +10,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/logc";
     description = "Logging for C";
-    platforms = with platforms; linux;
     license = licenses.mit;
   };
 
@@ -18,7 +18,15 @@ stdenv.mkDerivation rec {
     rev = "v" + version;
     sha256 = "15nplgjgg6dxryy4yzbj4524y77ci0syi970rmbr955m9vxvhrib";
   };
+  patches = [
+    ./0001-configure.ac-fix-cross-compilation.patch
+  ];
 
   buildInputs = [libconfig];
   nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }
diff --git a/pkgs/libraries/paho-mqtt-c/default.nix b/pkgs/libraries/paho-mqtt-c/default.nix
index 07db14d..545af96 100644
--- a/pkgs/libraries/paho-mqtt-c/default.nix
+++ b/pkgs/libraries/paho-mqtt-c/default.nix
@@ -9,7 +9,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://eclipse.org/paho";
     description = "An Eclipse Paho C client library for MQTT";
-    platforms = with platforms; linux;
     license = licenses.epl20;
   };
 
diff --git a/pkgs/sentinel/certgen/default.nix b/pkgs/sentinel/certgen/default.nix
new file mode 100644
index 0000000..bc0b35c
--- /dev/null
+++ b/pkgs/sentinel/certgen/default.nix
@@ -0,0 +1,23 @@
+{ buildPythonApplication, lib, fetchgit
+, python3
+, ipset
+}:
+
+buildPythonApplication rec {
+  pname = "sentinel-dynfw-client";
+  version = "6.2";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/certgen";
+    description = "Sentinel automated passwords and certificates retrieval";
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/certgen.git";
+    rev = "v" + version;
+    sha256 = "10ii3j3wqdib7m2fc0w599981mv9q3ahj96q4kyrn5sh18v2c7nb";
+  };
+
+  # TODO we are missing crypto-wrapper
+  buildInputs = with python3.pkgs; [six requests cryptography];
+}
diff --git a/pkgs/sentinel/dynfw-client/default.nix b/pkgs/sentinel/dynfw-client/default.nix
new file mode 100644
index 0000000..b059b6d
--- /dev/null
+++ b/pkgs/sentinel/dynfw-client/default.nix
@@ -0,0 +1,26 @@
+{ buildPythonApplication, lib, fetchgit
+, ipset
+}:
+
+buildPythonApplication rec {
+  pname = "sentinel-dynfw-client";
+  version = "1.4.0";
+  meta = with lib; {
+    homepage = "https://gitlab.nic.cz/turris/sentinel/dynfw-client";
+    description = "Dynamic firewall client";
+    platforms = platforms.linux;
+    license = licenses.gpl3;
+  };
+
+  src = fetchgit {
+    url = "https://gitlab.nic.cz/turris/sentinel/dynfw-client.git";
+    rev = "v" + version;
+    sha256 = "1g0wbhsjzifvdfvig6922cl3yfj1f96yvg11s4vgiaxca9yspcmp";
+  };
+
+  buildInputs = [ipset];
+  preConfigure = ''
+    ls
+    find -type f | xargs sed -i 's#/usr/sbin/ipset#${ipset}#g' 
+    '';
+}
diff --git a/pkgs/sentinel/faillogs/default.nix b/pkgs/sentinel/faillogs/default.nix
index d4bfa6b..4b3a2d3 100644
--- a/pkgs/sentinel/faillogs/default.nix
+++ b/pkgs/sentinel/faillogs/default.nix
@@ -1,6 +1,7 @@
 { stdenv, lib, fetchgit
 , bootstrapHook, pkg-config, gperf
 , logc, logc-libs, libevent, czmq, msgpack, libconfig
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -9,7 +10,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/sentinel/faillogs";
     description = "Failed login attempt logs collector";
-    platforms = with platforms; linux;
     license = licenses.gpl3;
   };
 
@@ -21,4 +21,9 @@ stdenv.mkDerivation rec {
 
   buildInputs = [logc logc-libs libevent czmq msgpack libconfig];
   nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }
diff --git a/pkgs/sentinel/fwlogs/default.nix b/pkgs/sentinel/fwlogs/default.nix
index c388a76..6c9d529 100644
--- a/pkgs/sentinel/fwlogs/default.nix
+++ b/pkgs/sentinel/fwlogs/default.nix
@@ -1,6 +1,7 @@
 { stdenv, lib, fetchgit
 , bootstrapHook, pkg-config
 , czmq, msgpack, logc-0_1, logc-libs, libconfig, libnetfilter_log
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -9,7 +10,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/sentinel/fwlogs";
     description = "Firewall logs collector";
-    platforms = with platforms; linux;
+    platforms = platforms.linux;
     license = licenses.gpl3;
   };
 
@@ -21,4 +22,9 @@ stdenv.mkDerivation rec {
 
   buildInputs = [czmq msgpack logc-0_1 logc-libs libconfig libnetfilter_log];
   nativeBuildInputs = [bootstrapHook pkg-config];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }
diff --git a/pkgs/sentinel/minipot/default.nix b/pkgs/sentinel/minipot/default.nix
index 89b93f6..1f26074 100644
--- a/pkgs/sentinel/minipot/default.nix
+++ b/pkgs/sentinel/minipot/default.nix
@@ -1,6 +1,7 @@
 { stdenv, lib, fetchgit
 , bootstrapHook, pkg-config, gperf
 , czmq, msgpack, libevent, base64c, logc-0_1, logc-libs
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -9,7 +10,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/sentinel/minipot";
     description = "Firewall logs collector";
-    platforms = with platforms; linux;
     license = licenses.gpl3;
   };
 
@@ -21,4 +21,9 @@ stdenv.mkDerivation rec {
 
   buildInputs = [czmq msgpack libevent base64c logc-0_1 logc-libs];
   nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }
diff --git a/pkgs/sentinel/proxy/default.nix b/pkgs/sentinel/proxy/default.nix
index 5de2836..a3b6bf2 100644
--- a/pkgs/sentinel/proxy/default.nix
+++ b/pkgs/sentinel/proxy/default.nix
@@ -1,6 +1,7 @@
 { stdenv, lib, fetchgit
-, autoconf, autoconf-archive, automake, libtool, pkgconfig, gperf
+, bootstrapHook, pkg-config, gperf
 , openssl, zlib, czmq, libconfig, msgpack, paho-mqtt-c
+, check
 }:
 
 stdenv.mkDerivation rec {
@@ -9,7 +10,6 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     homepage = "https://gitlab.nic.cz/turris/sentinel/proxy";
     description = "Main MQTT Sentinel client. Proxy that lives on the router and relays messages received from ZMQ to uplink server over MQTT channel.";
-    platforms = with platforms; linux;
     license = licenses.gpl3;
   };
 
@@ -20,9 +20,12 @@ stdenv.mkDerivation rec {
   };
 
   buildInputs = [openssl zlib czmq libconfig msgpack paho-mqtt-c];
-  nativeBuildInputs = [
-    autoconf autoconf-archive automake libtool pkgconfig gperf
-  ];
+  nativeBuildInputs = [bootstrapHook pkg-config gperf];
+  depsBuildBuild = [check];
 
   preConfigure = "./bootstrap";
+
+  doCheck = true;
+  doInstallCheck = true;
+  configureFlags = lib.optional (stdenv.hostPlatform == stdenv.buildPlatform) "--enable-tests";
 }