Merge pull request #314921 from devusb/pomerium

pomerium: 0.25.2 -> 0.26.0

pkgs/servers/http/pomerium/0001-envoy-allow-specification-of-external-binary.patch

@@ -1,5 +1,14 @@
+From fa51c56049a99ef17d86b0327bcf66f47338da45 Mon Sep 17 00:00:00 2001
+From: Morgan Helton <mhelton@gmail.com>
+Date: Sun, 26 May 2024 12:17:01 -0500
+Subject: [PATCH] envoy: allow specification of external binary
+
+---
+ pkg/envoy/envoy.go | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
 diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go
-index e32cfc29..9d32c057 100644
+index 62f2d34c..879001cd 100644
 --- a/pkg/envoy/envoy.go
 +++ b/pkg/envoy/envoy.go
 @@ -8,9 +8,9 @@ import (
@@ -13,7 +22,7 @@ index e32cfc29..9d32c057 100644
  	"path/filepath"
  	"regexp"
  	"strconv"
-@@ -36,8 +36,12 @@ import (
+@@ -34,8 +34,12 @@ import (
  
  const (
  	configFileName = "envoy-config.yaml"
@@ -25,15 +34,18 @@ index e32cfc29..9d32c057 100644
 +
  type serverOptions struct {
  	services string
- 	logLevel string
-@@ -60,13 +64,16 @@ type Server struct {
+ 	logLevel config.LogLevel
+@@ -58,17 +62,16 @@ type Server struct {
  
  // NewServer creates a new server with traffic routed by envoy.
  func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) {
--	envoyPath, err := Extract()
+-	if err := preserveRlimitNofile(); err != nil {
+-		log.Debug(ctx).Err(err).Msg("couldn't preserve RLIMIT_NOFILE before starting Envoy")
+-	}
 +	envoyPath := OverrideEnvoyPath
 +	wd := filepath.Join(os.TempDir(), workingDirectoryName)
-+
+ 
+-	envoyPath, err := Extract()
 +	err := os.MkdirAll(wd, embeddedEnvoyPermissions)
  	if err != nil {
 -		return nil, fmt.Errorf("extracting envoy: %w", err)
@@ -46,3 +58,6 @@ index e32cfc29..9d32c057 100644
  		builder:   builder,
  		grpcPort:  src.GetConfig().GRPCPort,
  		httpPort:  src.GetConfig().HTTPPort,
+-- 
+2.44.1
+

pkgs/servers/http/pomerium/default.nix

@@ -1,6 +1,5 @@
 { buildGoModule
 , fetchFromGitHub
-, callPackage
 , lib
 , envoy
 , mkYarnPackage
@@ -14,15 +13,15 @@ let
 in
 buildGoModule rec {
   pname = "pomerium";
-  version = "0.25.2";
+  version = "0.26.0";
   src = fetchFromGitHub {
     owner = "pomerium";
     repo = "pomerium";
     rev = "v${version}";
-    hash = "sha256-JateIiVao5IiPXmphA5+PlzB2XtP6zRR4rURqXSqJ6Q=";
+    hash = "sha256-AkpfLKPirl8fz4s0hQI15aSgI2PZFPakAzC+j66MVY0=";
   };
 
-  vendorHash = "sha256-GdeZkKkENacc11FmEAFUfX9efInfhpv2Lz0/3CtixFQ=";
+  vendorHash = "sha256-kabWL7yqNkI2JRPmVv0tp0nIfVDwT9QbbDIbdM8sL5s=";
 
   ui = mkYarnPackage {
     inherit version;
@@ -54,7 +53,9 @@ buildGoModule rec {
   ];
 
   # patch pomerium to allow use of external envoy
-  patches = [ ./external-envoy.diff ];
+  patches = [
+    ./0001-envoy-allow-specification-of-external-binary.patch
+  ];
 
   ldflags = let
     # Set a variety of useful meta variables for stamping the build with.

pkgs/servers/http/pomerium/package.json

@@ -29,21 +29,21 @@
     "@fontsource/dm-sans": "^5.0.13",
     "@mui/icons-material": "^5.14.9",
     "@mui/material": "^5.4.0",
-    "luxon": "^2.5.2",
+    "lodash": "^4.17.21",
     "markdown-to-jsx": "^7.2.1",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
     "react-feather": "^2.0.10"
   },
   "devDependencies": {
-    "@trivago/prettier-plugin-sort-imports": "2.0.4",
-    "@types/luxon": "^2.0.9",
-    "@types/node": "^17.0.14",
+    "@trivago/prettier-plugin-sort-imports": "^4.2.1",
+    "@types/lodash": "^4.17.1",
+    "@types/node": "^20.12.11",
     "@types/react": "^17.0.34",
     "@types/react-dom": "^17.0.11",
     "@typescript-eslint/eslint-plugin": "^5.10.2",
     "@typescript-eslint/parser": "^5.59.11",
-    "esbuild": "^0.13.12",
+    "esbuild": "^0.21.1",
     "eslint": "7.32.0",
     "eslint-config-prettier": "^8.3.0",
     "eslint-plugin-react": "^7.28.0",

pkgs/servers/http/pomerium/yarn-hash

@@ -1 +1 @@
-1cjwkdvg9rfp55674gns44xwi32ws8z57sa4ffb0zzgdgy2yx2zm
+1xkn1zbhg4q35azlhcgc1bk1sykrawngq1fcb5r5ghgh3m2kmz76