profpatsch/searx: Rebase searx-secret-key.patch

Get rid of the annoying build error again (see 8be3704c3fbe08308132d92a6
for the last time), but this time for searx 0.13.1.

The main thing that has changed is that instead of hmac.new() there is
now a helper function called new_hmac(), which the patch now uses.

I've also cleaned up some tiny bits reported by flake8 and fixed the
description of SecretAppKeyError to refer to XDG_CACHE_HOME instead of
XDG_CACHE_DIR.

In addition to the updated patch, we now need to add XDG_CACHE_HOME to a
writable directory (in this case $TMPDIR), because otherwise the
test_webapp fails with an SecretAppKeyError, as it will try to create
leading directories to XDG_CACHE_HOME.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Profpatsch

2 files changed, 30 insertions, 26 deletions

diff --git a/machines/profpatsch/patches/searx-secret-key.patch b/machines/profpatsch/patches/searx-secret-key.patch
index ac26be7f..448ef510 100644
--- a/machines/profpatsch/patches/searx-secret-key.patch
+++ b/machines/profpatsch/patches/searx-secret-key.patch
@@ -1,8 +1,8 @@
 diff --git a/README.rst b/README.rst
-index a0bb12f..9e32b53 100644
+index 86334c3c..0f039cd5 100644
 --- a/README.rst
 +++ b/README.rst
-@@ -18,8 +18,7 @@ Installation
+@@ -19,8 +19,7 @@ Installation
     ``git clone https://github.com/asciimoo/searx.git && cd searx``
  -  install dependencies: ``./manage.sh update_packages``
  -  edit your
@@ -13,7 +13,7 @@ index a0bb12f..9e32b53 100644
  
  For all the details, follow this `step by step
 diff --git a/searx/settings.yml b/searx/settings.yml
-index 17b0bd5..ce19764 100644
+index 00cac5fe..477b1da1 100644
 --- a/searx/settings.yml
 +++ b/searx/settings.yml
 @@ -10,7 +10,6 @@ search:
@@ -25,7 +25,7 @@ index 17b0bd5..ce19764 100644
      image_proxy : False # Proxying image results through searx
      http_protocol_version : "1.0"  # 1.0 and 1.1 are supported
 diff --git a/searx/settings_robot.yml b/searx/settings_robot.yml
-index 070a0ed..27227f3 100644
+index 070a0edb..27227f3a 100644
 --- a/searx/settings_robot.yml
 +++ b/searx/settings_robot.yml
 @@ -10,7 +10,6 @@ search:
@@ -37,11 +37,11 @@ index 070a0ed..27227f3 100644
      image_proxy : False
      http_protocol_version : "1.0"
 diff --git a/searx/utils.py b/searx/utils.py
-index 498f8d0..6588863 100644
+index 9494bdf3..6657e6f5 100644
 --- a/searx/utils.py
 +++ b/searx/utils.py
-@@ -1,6 +1,8 @@
- import csv
+@@ -3,6 +3,8 @@ import hashlib
+ import hmac
  import os
  import re
 +import stat
@@ -49,10 +49,10 @@ index 498f8d0..6588863 100644
  
  from babel.dates import format_date
  from codecs import getincrementalencoder
-@@ -312,3 +314,61 @@ def load_module(filename, module_dir):
-     module = load_source(modname, filepath)
-     module.name = modname
-     return module
+@@ -336,3 +338,60 @@ def new_hmac(secret_key, url):
+         return hmac.new(bytes(secret_key), url, hashlib.sha256).hexdigest()
+     else:
+         return hmac.new(bytes(secret_key, 'utf-8'), url, hashlib.sha256).hexdigest()
 +
 +
 +class SecretAppKeyError(IOError):
@@ -62,7 +62,7 @@ index 498f8d0..6588863 100644
 +
 +    def __str__(self):
 +        err = ""
-+        if self.caught != None:
++        if self.caught is not None:
 +            err = '\n' + str(self.caught)
 +        return repr(self.reason) + err
 +
@@ -82,8 +82,7 @@ index 498f8d0..6588863 100644
 +        try:
 +            directory = xdg.BaseDirectory.save_cache_path("searx")
 +        except OSError as e:
-+            raise(SecretAppKeyError("could not get XDG_CACHE_DIR"))
-+
++            raise SecretAppKeyError("could not get XDG_CACHE_HOME")
 +
 +    # we save it as plaintext, assuming only the owner has access
 +    f = os.path.join(directory, _secret_app_key_file_name)
@@ -112,7 +111,7 @@ index 498f8d0..6588863 100644
 +        except OSError as e:
 +            saError("could not be chmodded to 600", e)
 diff --git a/searx/webapp.py b/searx/webapp.py
-index fcea5f2..9d7c960 100644
+index abbbce95..8614cf90 100644
 --- a/searx/webapp.py
 +++ b/searx/webapp.py
 @@ -29,6 +29,7 @@ import os
@@ -132,7 +131,7 @@ index fcea5f2..9d7c960 100644
  )
  from searx.version import VERSION_STRING
  from searx.languages import language_codes
-@@ -118,7 +119,11 @@ app = Flask(
+@@ -123,7 +124,11 @@ app = Flask(
  
  app.jinja_env.trim_blocks = True
  app.jinja_env.lstrip_blocks = True
@@ -143,9 +142,9 @@ index fcea5f2..9d7c960 100644
 +    logger.warning(' The "secret_key" config key is no longer used.')
 +app.secret_key = get_secret_app_key()
  
- if not searx_debug or os.environ.get("WERKZEUG_RUN_MAIN") == "true":
-     initialize_engines(settings['engines'])
-@@ -273,7 +278,7 @@ def proxify(url):
+ if not searx_debug \
+    or os.environ.get("WERKZEUG_RUN_MAIN") == "true" \
+@@ -280,7 +285,7 @@ def proxify(url):
                                             url.encode('utf-8'),
                                             hashlib.sha256).hexdigest()
  
@@ -154,26 +153,26 @@ index fcea5f2..9d7c960 100644
                              urlencode(url_params))
  
  
-@@ -288,7 +293,7 @@ def image_proxify(url):
+@@ -295,7 +300,7 @@ def image_proxify(url):
      if settings.get('result_proxy'):
          return proxify(url)
  
--    h = hmac.new(settings['server']['secret_key'], url.encode('utf-8'), hashlib.sha256).hexdigest()
-+    h = hmac.new(app.secret_key, url.encode('utf-8'), hashlib.sha256).hexdigest()
+-    h = new_hmac(settings['server']['secret_key'], url.encode('utf-8'))
++    h = new_hmac(app.secret_key, url.encode('utf-8'))
  
      return '{0}?{1}'.format(url_for('image_proxy'),
                              urlencode(dict(url=url.encode('utf-8'), h=h)))
-@@ -693,7 +698,7 @@ def image_proxy():
+@@ -719,7 +724,7 @@ def image_proxy():
      if not url:
          return '', 400
  
--    h = hmac.new(settings['server']['secret_key'], url, hashlib.sha256).hexdigest()
-+    h = hmac.new(app.secret_key, url, hashlib.sha256).hexdigest()
+-    h = new_hmac(settings['server']['secret_key'], url)
++    h = new_hmac(app.secret_key, url)
  
      if h != request.args.get('h'):
          return '', 400
 diff --git a/tests/unit/test_utils.py b/tests/unit/test_utils.py
-index eb40e62..b53aec2 100644
+index eb40e62e..b53aec27 100644
 --- a/tests/unit/test_utils.py
 +++ b/tests/unit/test_utils.py
 @@ -1,4 +1,8 @@
diff --git a/machines/profpatsch/pkgs.nix b/machines/profpatsch/pkgs.nix
index 86fa1611..39dd85a3 100644
--- a/machines/profpatsch/pkgs.nix
+++ b/machines/profpatsch/pkgs.nix
@@ -68,6 +68,11 @@ let
       ./patches/searx-secret-key.patch
       ./patches/searx-rm-soundcloud.patch
     ];
+    # xdg.BaseDirectory.save_cache_path() will try to create leading dirs, but
+    # within the builder we don't have a writable home directory.
+    preCheck = (old.preCheck or "") + ''
+      export XDG_CACHE_HOME="$TMPDIR/cache"
+    '';
   });
 
   # A ghci with some sane default packages in scope, & hoogle