diff --git a/pkgs/servers/http/pomerium/external-envoy.diff b/pkgs/servers/http/pomerium/0001-envoy-allow-specification-of-external-binary.patch similarity index 65% rename from pkgs/servers/http/pomerium/external-envoy.diff rename to pkgs/servers/http/pomerium/0001-envoy-allow-specification-of-external-binary.patch index 49f4985ad77c..d595dc6ccae2 100644 --- a/pkgs/servers/http/pomerium/external-envoy.diff +++ b/pkgs/servers/http/pomerium/0001-envoy-allow-specification-of-external-binary.patch @@ -1,5 +1,14 @@ +From fa51c56049a99ef17d86b0327bcf66f47338da45 Mon Sep 17 00:00:00 2001 +From: Morgan Helton +Date: Sun, 26 May 2024 12:17:01 -0500 +Subject: [PATCH] envoy: allow specification of external binary + +--- + pkg/envoy/envoy.go | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go -index e32cfc29..9d32c057 100644 +index 62f2d34c..879001cd 100644 --- a/pkg/envoy/envoy.go +++ b/pkg/envoy/envoy.go @@ -8,9 +8,9 @@ import ( @@ -13,7 +22,7 @@ index e32cfc29..9d32c057 100644 "path/filepath" "regexp" "strconv" -@@ -36,8 +36,12 @@ import ( +@@ -34,8 +34,12 @@ import ( const ( configFileName = "envoy-config.yaml" @@ -25,15 +34,18 @@ index e32cfc29..9d32c057 100644 + type serverOptions struct { services string - logLevel string -@@ -60,13 +64,16 @@ type Server struct { + logLevel config.LogLevel +@@ -58,17 +62,16 @@ type Server struct { // NewServer creates a new server with traffic routed by envoy. func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) { -- envoyPath, err := Extract() +- if err := preserveRlimitNofile(); err != nil { +- log.Debug(ctx).Err(err).Msg("couldn't preserve RLIMIT_NOFILE before starting Envoy") +- } + envoyPath := OverrideEnvoyPath + wd := filepath.Join(os.TempDir(), workingDirectoryName) -+ + +- envoyPath, err := Extract() + err := os.MkdirAll(wd, embeddedEnvoyPermissions) if err != nil { - return nil, fmt.Errorf("extracting envoy: %w", err) @@ -46,3 +58,6 @@ index e32cfc29..9d32c057 100644 builder: builder, grpcPort: src.GetConfig().GRPCPort, httpPort: src.GetConfig().HTTPPort, +-- +2.44.1 + diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix index 6fe47f985392..bd8873ce100e 100644 --- a/pkgs/servers/http/pomerium/default.nix +++ b/pkgs/servers/http/pomerium/default.nix @@ -1,6 +1,5 @@ { buildGoModule , fetchFromGitHub -, callPackage , lib , envoy , mkYarnPackage @@ -14,15 +13,15 @@ let in buildGoModule rec { pname = "pomerium"; - version = "0.25.2"; + version = "0.26.0"; src = fetchFromGitHub { owner = "pomerium"; repo = "pomerium"; rev = "v${version}"; - hash = "sha256-JateIiVao5IiPXmphA5+PlzB2XtP6zRR4rURqXSqJ6Q="; + hash = "sha256-AkpfLKPirl8fz4s0hQI15aSgI2PZFPakAzC+j66MVY0="; }; - vendorHash = "sha256-GdeZkKkENacc11FmEAFUfX9efInfhpv2Lz0/3CtixFQ="; + vendorHash = "sha256-kabWL7yqNkI2JRPmVv0tp0nIfVDwT9QbbDIbdM8sL5s="; ui = mkYarnPackage { inherit version; @@ -54,7 +53,9 @@ buildGoModule rec { ]; # patch pomerium to allow use of external envoy - patches = [ ./external-envoy.diff ]; + patches = [ + ./0001-envoy-allow-specification-of-external-binary.patch + ]; ldflags = let # Set a variety of useful meta variables for stamping the build with. diff --git a/pkgs/servers/http/pomerium/package.json b/pkgs/servers/http/pomerium/package.json index 4f81e118d85a..59e65c4fcbaa 100644 --- a/pkgs/servers/http/pomerium/package.json +++ b/pkgs/servers/http/pomerium/package.json @@ -29,21 +29,21 @@ "@fontsource/dm-sans": "^5.0.13", "@mui/icons-material": "^5.14.9", "@mui/material": "^5.4.0", - "luxon": "^2.5.2", + "lodash": "^4.17.21", "markdown-to-jsx": "^7.2.1", "react": "^17.0.2", "react-dom": "^17.0.2", "react-feather": "^2.0.10" }, "devDependencies": { - "@trivago/prettier-plugin-sort-imports": "2.0.4", - "@types/luxon": "^2.0.9", - "@types/node": "^17.0.14", + "@trivago/prettier-plugin-sort-imports": "^4.2.1", + "@types/lodash": "^4.17.1", + "@types/node": "^20.12.11", "@types/react": "^17.0.34", "@types/react-dom": "^17.0.11", "@typescript-eslint/eslint-plugin": "^5.10.2", "@typescript-eslint/parser": "^5.59.11", - "esbuild": "^0.13.12", + "esbuild": "^0.21.1", "eslint": "7.32.0", "eslint-config-prettier": "^8.3.0", "eslint-plugin-react": "^7.28.0", diff --git a/pkgs/servers/http/pomerium/yarn-hash b/pkgs/servers/http/pomerium/yarn-hash index 71760c6384c7..a631334cc391 100644 --- a/pkgs/servers/http/pomerium/yarn-hash +++ b/pkgs/servers/http/pomerium/yarn-hash @@ -1 +1 @@ -1cjwkdvg9rfp55674gns44xwi32ws8z57sa4ffb0zzgdgy2yx2zm +1xkn1zbhg4q35azlhcgc1bk1sykrawngq1fcb5r5ghgh3m2kmz76