about summary refs log tree commit diff
path: root/pkgs/servers/http
diff options
context:
space:
mode:
authorMorgan Helton <mhelton@gmail.com>2022-08-23 20:08:34 -0500
committerMorgan Helton <mhelton@gmail.com>2022-08-23 20:51:43 -0500
commit4dfa0d23241afc02fe30caef4d6bd26075b48c61 (patch)
tree9f88ffe36a9010bd0942d2782da9fae87b1c01b0 /pkgs/servers/http
parent9677d8a7a5330f10bea4bf5d7866d957adb374b3 (diff)
pomerium: 0.17.1 -> 0.18.0
Diffstat (limited to 'pkgs/servers/http')
-rw-r--r--pkgs/servers/http/pomerium/common.nix10


-rw-r--r--pkgs/servers/http/pomerium/default.nix13


-rw-r--r--pkgs/servers/http/pomerium/external-envoy.diff48


3 files changed, 61 insertions, 10 deletions
diff --git a/pkgs/servers/http/pomerium/common.nix b/pkgs/servers/http/pomerium/common.nix
index 87b9b98a72e8a..d7a0814f13157 100644
--- a/pkgs/servers/http/pomerium/common.nix
+++ b/pkgs/servers/http/pomerium/common.nix
@@ -2,10 +2,10 @@
 , lib
 }:
 let
-  version = "0.17.1";
-  srcHash = "sha256:0b9mdzyfn7c6gwgslqk787yyrrcmdjf3282vx2zvhcr3psz0xqwx";
-  vendorSha256 = "sha256:1cq4m5a7z64yg3v1c68d15ilw78il6p53vaqzxgn338zjggr3kig";
-  yarnSha256 = "sha256-dLkn9xvQ3gixU63g1xvzbY+YI+9YnaGa3D0uGrrpGvI=";
+  version = "0.18.0";
+  srcSha256 = "sha256-sM4kM8CqbZjl+RIsezWYVCmjoDKfGl+EQcdEaPKvVHs=";
+  vendorSha256 = "sha256-1EWcjfrO3FEypUUKwNwDisogERCuKOvtC7z0mC2JZn4=";
+  yarnSha256 = "sha256-Uh0y2Zmy6bSoyL5WMTce01hoH7EvSIniHyIBMxfMvhg=";
 in
 {
   inherit version vendorSha256 yarnSha256;
@@ -14,7 +14,7 @@ in
     owner = "pomerium";
     repo = "pomerium";
     rev = "v${version}";
-    hash = srcHash;
+    sha256 = srcSha256;
   };
 
   meta = with lib; {
diff --git a/pkgs/servers/http/pomerium/default.nix b/pkgs/servers/http/pomerium/default.nix
index 7b115d6d694ad..31f9a7e59e0ce 100644
--- a/pkgs/servers/http/pomerium/default.nix
+++ b/pkgs/servers/http/pomerium/default.nix
@@ -20,6 +20,9 @@ buildGoModule rec {
     "cmd/pomerium"
   ];
 
+  # patch pomerium to allow use of external envoy
+  patches = [ ./external-envoy.diff ];
+
   ldflags = let
     # Set a variety of useful meta variables for stamping the build with.
     setVars = {
@@ -29,7 +32,7 @@ buildGoModule rec {
         ProjectName = "pomerium";
         ProjectURL = "github.com/pomerium/pomerium";
       };
-      "github.com/pomerium/pomerium/internal/envoy" = {
+      "github.com/pomerium/pomerium/pkg/envoy" = {
         OverrideEnvoyPath = "${envoy}/bin/envoy";
       };
     };
@@ -49,8 +52,8 @@ buildGoModule rec {
     # Replace embedded envoy with nothing.
     # We set OverrideEnvoyPath above, so rawBinary should never get looked at
     # but we still need to set a checksum/version.
-    rm internal/envoy/files/files_{darwin,linux}*.go
-    cat <<EOF >internal/envoy/files/files_generic.go
+    rm pkg/envoy/files/files_{darwin,linux}*.go
+    cat <<EOF >pkg/envoy/files/files_external.go
     package files
 
     import _ "embed" // embed
@@ -63,8 +66,8 @@ buildGoModule rec {
     //go:embed envoy.version
     var rawVersion string
     EOF
-    sha256sum '${envoy}/bin/envoy' > internal/envoy/files/envoy.sha256
-    echo '${envoy.version}' > internal/envoy/files/envoy.version
+    sha256sum '${envoy}/bin/envoy' > pkg/envoy/files/envoy.sha256
+    echo '${envoy.version}' > pkg/envoy/files/envoy.version
 
     # put the built UI files where they will be picked up as part of binary build
     cp -r ${pomerium-ui} ui
diff --git a/pkgs/servers/http/pomerium/external-envoy.diff b/pkgs/servers/http/pomerium/external-envoy.diff
new file mode 100644
index 0000000000000..49f4985ad77c3
--- /dev/null
+++ b/pkgs/servers/http/pomerium/external-envoy.diff
@@ -0,0 +1,48 @@
+diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go
+index e32cfc29..9d32c057 100644
+--- a/pkg/envoy/envoy.go
++++ b/pkg/envoy/envoy.go
+@@ -8,9 +8,9 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"io"
++	"io/fs"
+ 	"os"
+ 	"os/exec"
+-	"path"
+ 	"path/filepath"
+ 	"regexp"
+ 	"strconv"
+@@ -36,8 +36,12 @@ import (
+ 
+ const (
+ 	configFileName = "envoy-config.yaml"
++	workingDirectoryName = ".pomerium-envoy"
++	embeddedEnvoyPermissions     fs.FileMode = 0o700
+ )
+ 
++var OverrideEnvoyPath = ""
++
+ type serverOptions struct {
+ 	services string
+ 	logLevel string
+@@ -60,13 +64,16 @@ type Server struct {
+ 
+ // NewServer creates a new server with traffic routed by envoy.
+ func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) {
+-	envoyPath, err := Extract()
++	envoyPath := OverrideEnvoyPath
++	wd := filepath.Join(os.TempDir(), workingDirectoryName)
++
++	err := os.MkdirAll(wd, embeddedEnvoyPermissions)
+ 	if err != nil {
+-		return nil, fmt.Errorf("extracting envoy: %w", err)
++		return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err)
+ 	}
+ 
+ 	srv := &Server{
+-		wd:        path.Dir(envoyPath),
++		wd:        wd,
+ 		builder:   builder,
+ 		grpcPort:  src.GetConfig().GRPCPort,
+ 		httpPort:  src.GetConfig().HTTPPort,

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-23 06:28:40 +0000