diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2024-03-01 13:51:19 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-01 13:51:19 +0100 |
commit | b84bc4ea3aace98ce0084d8cfc0a1b0622eba845 (patch) | |
tree | 1919bf63b43e9f9ec5ed22e2bac87957d85c72e3 /pkgs | |
parent | c25cdf9c485c7228f1090a0991bb5ba377ac1fff (diff) | |
parent | c0846f900a71e9bde3bf292882506cbb7cc97528 (diff) | |
download | nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.tar nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.tar.gz nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.tar.bz2 nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.tar.lz nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.tar.xz nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.tar.zst nixlib-b84bc4ea3aace98ce0084d8cfc0a1b0622eba845.zip |
Merge pull request #264087 from leonm1/matter-server-module
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/development/python-modules/python-matter-server/default.nix | 32 | ||||
-rw-r--r-- | pkgs/development/python-modules/python-matter-server/link-paa-root-certs.patch | 126 |
2 files changed, 158 insertions, 0 deletions
diff --git a/pkgs/development/python-modules/python-matter-server/default.nix b/pkgs/development/python-modules/python-matter-server/default.nix index 588f2042bd9b..31064f369379 100644 --- a/pkgs/development/python-modules/python-matter-server/default.nix +++ b/pkgs/development/python-modules/python-matter-server/default.nix @@ -2,6 +2,8 @@ , buildPythonPackage , fetchFromGitHub , pythonOlder +, stdenvNoCC +, substituteAll # build , setuptools @@ -28,6 +30,29 @@ , pytestCheckHook }: +let + paaCerts = stdenvNoCC.mkDerivation rec { + pname = "matter-server-paa-certificates"; + version = "1.2.0.1"; + + src = fetchFromGitHub { + owner = "project-chip"; + repo = "connectedhomeip"; + rev = "refs/tags/v${version}"; + hash = "sha256-p3P0n5oKRasYz386K2bhN3QVfN6oFndFIUWLEUWB0ss="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out + cp $src/credentials/development/paa-root-certs/* $out/ + + runHook postInstall + ''; + }; +in + buildPythonPackage rec { pname = "python-matter-server"; version = "5.7.0b2"; @@ -42,6 +67,13 @@ buildPythonPackage rec { hash = "sha256-fMtvVizHeAzLdou0U1tqbmQATIBLK4w9I7EwMlzB8QA="; }; + patches = [ + (substituteAll { + src = ./link-paa-root-certs.patch; + paacerts = paaCerts; + }) + ]; + postPatch = '' substituteInPlace pyproject.toml \ --replace 'version = "0.0.0"' 'version = "${version}"' \ diff --git a/pkgs/development/python-modules/python-matter-server/link-paa-root-certs.patch b/pkgs/development/python-modules/python-matter-server/link-paa-root-certs.patch new file mode 100644 index 000000000000..a788f69144b8 --- /dev/null +++ b/pkgs/development/python-modules/python-matter-server/link-paa-root-certs.patch @@ -0,0 +1,126 @@ +diff --git a/matter_server/server/const.py b/matter_server/server/const.py +index b6cd839..f9f798f 100644 +--- a/matter_server/server/const.py ++++ b/matter_server/server/const.py +@@ -5,14 +5,4 @@ from typing import Final + # The minimum schema version (of a client) the server can support + MIN_SCHEMA_VERSION = 5 + +-# the paa-root-certs path is hardcoded in the sdk at this time +-# and always uses the development subfolder +-# regardless of anything you pass into instantiating the controller +-# revisit this once matter 1.1 is released +-PAA_ROOT_CERTS_DIR: Final[pathlib.Path] = ( +- pathlib.Path(__file__) +- .parent.resolve() +- .parent.resolve() +- .parent.resolve() +- .joinpath("credentials/development/paa-root-certs") +-) ++PAA_ROOT_CERTS_DIR: Final[pathlib.Path] = pathlib.Path("@paacerts@") +diff --git a/matter_server/server/helpers/paa_certificates.py b/matter_server/server/helpers/paa_certificates.py +index 9ac5a10..25230c1 100644 +--- a/matter_server/server/helpers/paa_certificates.py ++++ b/matter_server/server/helpers/paa_certificates.py +@@ -58,84 +58,14 @@ async def fetch_dcl_certificates( + fetch_production_certificates: bool = True, + ) -> int: + """Fetch DCL PAA Certificates.""" +- LOGGER.info("Fetching the latest PAA root certificates from DCL.") +- if not PAA_ROOT_CERTS_DIR.is_dir(): +- loop = asyncio.get_running_loop() +- await loop.run_in_executor(None, makedirs, PAA_ROOT_CERTS_DIR) +- fetch_count: int = 0 +- base_urls = set() +- # determine which url's need to be queried. +- # if we're going to fetch both prod and test, do test first +- # so any duplicates will be overwritten/preferred by the production version +- # NOTE: While Matter is in BETA we fetch the test certificates by default +- if fetch_test_certificates: +- base_urls.add(TEST_URL) +- if fetch_production_certificates: +- base_urls.add(PRODUCTION_URL) + +- try: +- async with ClientSession(raise_for_status=True) as http_session: +- for url_base in base_urls: +- # fetch the paa certificates list +- async with http_session.get( +- f"{url_base}/dcl/pki/root-certificates" +- ) as response: +- result = await response.json() +- paa_list = result["approvedRootCertificates"]["certs"] +- # grab each certificate +- for paa in paa_list: +- # do not fetch a certificate if we already fetched it +- if paa["subjectKeyId"] in LAST_CERT_IDS: +- continue +- async with http_session.get( +- f"{url_base}/dcl/pki/certificates/{paa['subject']}/{paa['subjectKeyId']}" +- ) as response: +- result = await response.json() +- +- certificate_data: dict = result["approvedCertificates"]["certs"][0] +- certificate: str = certificate_data["pemCert"] +- subject = certificate_data["subjectAsText"] +- certificate = certificate.rstrip("\n") +- +- await write_paa_root_cert( +- certificate, +- subject, +- ) +- LAST_CERT_IDS.add(paa["subjectKeyId"]) +- fetch_count += 1 +- except ClientError as err: +- LOGGER.warning( +- "Fetching latest certificates failed: error %s", err, exc_info=err +- ) +- else: +- LOGGER.info("Fetched %s PAA root certificates from DCL.", fetch_count) +- +- return fetch_count ++ return 0 + + + async def fetch_git_certificates() -> int: + """Fetch Git PAA Certificates.""" +- fetch_count = 0 +- LOGGER.info("Fetching the latest PAA root certificates from Git.") +- try: +- async with ClientSession(raise_for_status=True) as http_session: +- for cert in GIT_CERTS: +- if cert in LAST_CERT_IDS: +- continue + +- async with http_session.get(f"{GIT_URL}/{cert}.pem") as response: +- certificate = await response.text() +- await write_paa_root_cert(certificate, cert) +- LAST_CERT_IDS.add(cert) +- fetch_count += 1 +- except ClientError as err: +- LOGGER.warning( +- "Fetching latest certificates failed: error %s", err, exc_info=err +- ) +- +- LOGGER.info("Fetched %s PAA root certificates from Git.", fetch_count) +- +- return fetch_count ++ return 0 + + + async def fetch_certificates( +@@ -144,12 +74,4 @@ async def fetch_certificates( + ) -> int: + """Fetch PAA Certificates.""" + +- fetch_count = await fetch_dcl_certificates( +- fetch_test_certificates=fetch_test_certificates, +- fetch_production_certificates=fetch_production_certificates, +- ) +- +- if fetch_test_certificates: +- fetch_count += await fetch_git_certificates() +- +- return fetch_count ++ return 0 + |