Merge pull request #155039 from andir/prosody-security

2022-01-15 10:13:33 +01:00 · 2022-01-15 10:13:33 +01:00 · b47203b28f
parent df74acf90e 4369bebd9a
commit b47203b28f
3 changed files with 4 additions and 97 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -397,7 +397,6 @@ in
  prometheus = handleTest ./prometheus.nix {};
  prometheus-exporters = handleTest ./prometheus-exporters.nix {};
  prosody = handleTest ./xmpp/prosody.nix {};
-  prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {};
  proxy = handleTest ./proxy.nix {};
  prowlarr = handleTest ./prowlarr.nix {};
  pt2-clone = handleTest ./pt2-clone.nix {};
--- a/nixos/tests/xmpp/prosody-mysql.nix
+++ b/nixos/tests/xmpp/prosody-mysql.nix
@ -1,92 +0,0 @@
-import ../make-test-python.nix {
-  name = "prosody-mysql";
-
-  nodes = {
-    client = { nodes, pkgs, ... }: {
-      environment.systemPackages = [
-        (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; })
-      ];
-      networking.extraHosts = ''
-        ${nodes.server.config.networking.primaryIPAddress} example.com
-        ${nodes.server.config.networking.primaryIPAddress} conference.example.com
-        ${nodes.server.config.networking.primaryIPAddress} uploads.example.com
-      '';
-    };
-    server = { config, pkgs, ... }: {
-      nixpkgs.overlays = [
-        (self: super: {
-          prosody = super.prosody.override {
-            withDBI = true;
-            withExtraLibs = [ pkgs.luaPackages.luadbi-mysql ];
-          };
-        })
-      ];
-      networking.extraHosts = ''
-        ${config.networking.primaryIPAddress} example.com
-        ${config.networking.primaryIPAddress} conference.example.com
-        ${config.networking.primaryIPAddress} uploads.example.com
-      '';
-      networking.firewall.enable = false;
-      services.prosody = {
-        enable = true;
-        # TODO: use a self-signed certificate
-        c2sRequireEncryption = false;
-        extraConfig = ''
-          storage = "sql"
-          sql = {
-            driver = "MySQL";
-            database = "prosody";
-            host = "mysql";
-            port = 3306;
-            username = "prosody";
-            password = "password123";
-          };
-        '';
-        virtualHosts.test = {
-          domain = "example.com";
-          enabled = true;
-        };
-        muc = [
-          {
-            domain = "conference.example.com";
-          }
-        ];
-        uploadHttp = {
-          domain = "uploads.example.com";
-        };
-      };
-    };
-    mysql = { config, pkgs, ... }: {
-      networking.firewall.enable = false;
-      services.mysql = {
-        enable = true;
-        initialScript = pkgs.writeText "mysql_init.sql" ''
-          CREATE DATABASE prosody;
-          CREATE USER 'prosody'@'server' IDENTIFIED BY 'password123';
-          GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'server';
-          FLUSH PRIVILEGES;
-        '';
-        package = pkgs.mariadb;
-      };
-    };
-  };
-
-  testScript = { nodes, ... }: ''
-    mysql.wait_for_unit("mysql.service")
-    server.wait_for_unit("prosody.service")
-    server.succeed('prosodyctl status | grep "Prosody is running"')
-
-    # set password to 'nothunter2' (it's asked twice)
-    server.succeed("yes nothunter2 | prosodyctl adduser cthon98@example.com")
-    # set password to 'y'
-    server.succeed("yes | prosodyctl adduser azurediamond@example.com")
-    # correct password to 'hunter2'
-    server.succeed("yes hunter2 | prosodyctl passwd azurediamond@example.com")
-
-    client.succeed("send-message")
-
-    server.succeed("prosodyctl deluser cthon98@example.com")
-    server.succeed("prosodyctl deluser azurediamond@example.com")
-  '';
-}
-
--- a/pkgs/servers/xmpp/prosody/default.nix
+++ b/pkgs/servers/xmpp/prosody/default.nix
@ -20,7 +20,7 @@ let
  );
 in
 stdenv.mkDerivation rec {
-  version = "0.11.10"; # also update communityModules
+  version = "0.11.12"; # also update communityModules
  pname = "prosody";
  # The following community modules are necessary for the nixos module
  # prosody module to comply with XEP-0423 and provide a working
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
  ];
  src = fetchurl {
    url = "https://prosody.im/downloads/source/${pname}-${version}.tar.gz";
-    sha256 = "1q84s9cq7cgzd295qxa2iy0r3vd3v3chbck62bdx3pd6skk19my6";
+    sha256 = "03an206bl3h2lqcgv1wfvc2bqjq6m9vjb2idw0vyvczm43c55kan";
  };

  # A note to all those merging automated updates: Please also update this
@ -42,8 +42,8 @@ stdenv.mkDerivation rec {
  # version.
  communityModules = fetchhg {
    url = "https://hg.prosody.im/prosody-modules";
-    rev = "64fafbeba14d";
-    sha256 = "02gj1b8sdmdvymsdmjpq47zrl7sg578jcdxbbq18s44f3njmc9q1";
+    rev = "bd0a1f917d98";
+    sha256 = "0figx0b0y5zfk5anf16h20y4crjmpb6bkg30vl7p0m594qnyqjcx";
  };

  nativeBuildInputs = [ makeWrapper ];