12 files changed, 129 insertions, 123 deletions

diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix
index 7490be4ca..0f61688e3 100644
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@@ -82,7 +82,7 @@ rec {
   };
   stockholm-issue = buildSimpleReaktorPlugin "stockholm-issue" {
     script = ./scripts/random-issue.sh;
-    path = with pkgs; [ git gnused lentil ];
+    path = with pkgs; [ git gnused haskellPackages.lentil ];
     env = { "origin" = "http://cgit.gum/stockholm"; };
   };
 
diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix
new file mode 100644
index 000000000..9ab6ac8b2
--- /dev/null
+++ b/krebs/5pkgs/cac-api/default.nix
@@ -0,0 +1,42 @@
+{ stdenv, fetchgit, bc, cac-cert, coreutils, curl, dash, gnused, inotifyTools, jq, ncurses, openssh, sshpass, ... }:
+
+stdenv.mkDerivation {
+  name = "cac-api-1.1.0";
+
+  src = fetchgit {
+    url = http://cgit.cd.krebsco.de/cac-api;
+    rev = "0809fae379239687ed1170e04311dc2880ef0aba";
+    sha256 = "357ced27c9ed88028967c934178a1d230bf38617a7494cd4632fabdd2a04fcdd";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    { cat <<\EOF
+    #! ${dash}/bin/dash
+    export PATH=${stdenv.lib.makeSearchPath "bin" [
+      bc
+      coreutils
+      curl
+      gnused
+      inotifyTools
+      jq
+      ncurses
+      openssh
+      sshpass
+    ]}
+    EOF
+      # [1]: Disable fetching tasks; listtasks is currently broken:
+      # Unknown column 'iod.apitask.cid' in 'field list'
+      sed '
+        /^\s*tasks \\$/d; # [1]
+        s|\<_cac_exec curl|<${cac-cert} & --cacert /dev/stdin|
+      ' cac-api
+    } > $out/bin/cac-api
+    chmod +x $out/bin/cac-api
+  '';
+}
diff --git a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt b/krebs/5pkgs/cac-cert/cac.pem
index 9d02b6bcf..9d02b6bcf 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/panel.cloudatcost.com.crt
+++ b/krebs/5pkgs/cac-cert/cac.pem
diff --git a/krebs/5pkgs/cac-cert/default.nix b/krebs/5pkgs/cac-cert/default.nix
new file mode 100644
index 000000000..d99019dca
--- /dev/null
+++ b/krebs/5pkgs/cac-cert/default.nix
@@ -0,0 +1,2 @@
+{ writeText, ... }:
+writeText "cac.pem" (builtins.readFile ./cac.pem)
diff --git a/krebs/5pkgs/cac-panel/default.nix b/krebs/5pkgs/cac-panel/default.nix
new file mode 100644
index 000000000..fd4799535
--- /dev/null
+++ b/krebs/5pkgs/cac-panel/default.nix
@@ -0,0 +1,18 @@
+{pkgs, python3Packages, ...}:
+
+python3Packages.buildPythonPackage rec {
+  name = "cac-panel-${version}";
+  version = "0.4.4";
+
+  src = pkgs.fetchurl {
+    url = "https://pypi.python.org/packages/source/c/cac-panel/cac-panel-${version}.tar.gz";
+    sha256 = "16bx67fsbgwxciik42jhdnfzxx1xp5b0rimzrif3r7h4fawlnld8";
+  };
+
+  propagatedBuildInputs = with python3Packages; [
+    docopt
+    requests2
+    beautifulsoup4
+  ];
+}
+
diff --git a/krebs/5pkgs/cac/default.nix b/krebs/5pkgs/cac/default.nix
deleted file mode 100644
index 4d39ce2fb..000000000
--- a/krebs/5pkgs/cac/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ stdenv, fetchgit, bc, coreutils, curl, gnused, inotifyTools, jq, ncurses, sshpass, ... }:
-
-stdenv.mkDerivation {
-  name = "cac-1.0.3";
-
-  src = fetchgit {
-    url = http://cgit.cd.retiolum/cac;
-    rev = "22acc1b990ac7d97c16344fbcbc2621e24cdf915";
-    sha256 = "135b740617c983b3f46a1983d4744be17340d5146a0a0de0dff4bb7a53688f2f";
-  };
-
-  phases = [
-    "unpackPhase"
-    "installPhase"
-  ];
-
-  installPhase =
-    let
-      path = stdenv.lib.makeSearchPath "bin" [
-        bc
-        coreutils
-        curl
-        gnused
-        inotifyTools
-        jq
-        ncurses
-        sshpass
-      ];
-    in
-    ''
-      mkdir -p $out/bin
-
-      sed < ./cac > $out/bin/cac '
-        s;^_cac_main .*;PATH=${path}''${PATH+:$PATH} &;
-      '
-
-      chmod +x $out/bin/cac
-    '';
-}
diff --git a/krebs/5pkgs/cacpanel/default.nix b/krebs/5pkgs/cacpanel/default.nix
deleted file mode 100644
index 3df4dffed..000000000
--- a/krebs/5pkgs/cacpanel/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{pkgs, python3Packages, ...}:
-
-python3Packages.buildPythonPackage rec {
-  name = "cacpanel-${version}";
-  version = "0.2.3";
-
-  src = pkgs.fetchurl {
-    url = "https://pypi.python.org/packages/source/c/cacpanel/cacpanel-${version}.tar.gz";
-    sha256 = "1fib7416qqv8yzrj75kxra7ccpz9abqh58b6gkaavws2fa6m3mm8";
-  };
-
-  propagatedBuildInputs = with python3Packages; [
-    docopt
-    requests2
-    beautifulsoup4
-  ];
-}
-
diff --git a/krebs/5pkgs/lentil/default.nix b/krebs/5pkgs/lentil/default.nix
deleted file mode 100644
index 8a57a77fe..000000000
--- a/krebs/5pkgs/lentil/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ pkgs, ... }:
-
-(pkgs.haskellPackages.override {
-  overrides = self: super: {
-    lentil = super.lentil.override {
-      mkDerivation = (attrs: self.mkDerivation (attrs // {
-        version = "0.1.3.0";
-        sha256 = "0xa59avh0bvfg69xh9p5b8dppfhx29mvfq8v41sk9j7qbcnzjivg";
-        patches = [
-          ./syntaxes.patch
-        ];
-      }));
-    };
-  };
-}).lentil
diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix
index 886e250e2..3be4b1c41 100644
--- a/krebs/5pkgs/test/infest-cac-centos7/default.nix
+++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, coreutils,makeWrapper, cac, cacpanel, gnumake, gnused, jq, openssh, ... }:
+{ stdenv, coreutils,makeWrapper, cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, ... }:
 
 stdenv.mkDerivation rec {
   name = "${shortname}-${version}";
@@ -10,28 +10,28 @@ stdenv.mkDerivation rec {
   phases = [
     "installPhase"
   ];
+
   buildInputs = [ makeWrapper ];
 
   path = stdenv.lib.makeSearchPath "bin" [
     coreutils
-    cac
-    cacpanel
+    cac-api
+    cac-panel
     gnumake
     gnused
     jq
     openssh
   ];
 
-  installPhase =
-    ''
-      mkdir -p $out/bin
-      cp ${src} $out/bin/${shortname}
-      chmod +x $out/bin/${shortname}
-      wrapProgram $out/bin/${shortname} \
-              --prefix PATH : ${path} \
-              --set SSL_CERT_FILE ${./panel.cloudatcost.com.crt} \
-              --set REQUESTS_CA_BUNDLE ${./panel.cloudatcost.com.crt}
-    '';
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ${src} $out/bin/${shortname}
+    chmod +x $out/bin/${shortname}
+    wrapProgram $out/bin/${shortname} \
+        --prefix PATH : ${path} \
+        --set REQUESTS_CA_BUNDLE ${cac-cert} \
+        --set SSL_CERT_FILE ${cac-cert}
+  '';
   meta = with stdenv.lib; {
     homepage = http://krebsco.de;
     description = "Krebs CI Scripts";
diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes
index 6bfb6906e..b3beb392f 100755
--- a/krebs/5pkgs/test/infest-cac-centos7/notes
+++ b/krebs/5pkgs/test/infest-cac-centos7/notes
@@ -1,6 +1,4 @@
-#! /bin/sh
-
-# nix-shell -p gnumake jq openssh cac cacpanel
+# nix-shell -p gnumake jq openssh cac-api cac-panel
 set -eufx
 
 # 2 secrets are required:
@@ -40,22 +38,22 @@ defer "rm -r $krebs_secrets"
 
 cat > $sec_file <<EOF
 cac_login="$(jq -r .email $krebs_cred)"
-cac_key="$(cac-cli --config $krebs_cred panel settings | jq -r .apicode)"
+cac_key="$(cac-panel --config $krebs_cred settings | jq -r .apicode)"
 EOF
 
 export cac_secrets=$sec_file
-cac-cli --config $krebs_cred panel  add-api-ip
+cac-panel --config $krebs_cred add-api-ip
 
 # test login:
-cac update
-cac servers
+cac-api update
+cac-api servers
 
 # preserve old trap
 old_trapstr=$(clear_defer)
 while true;do
   # Template 26: CentOS7
-  # TODO: use cac templates to determine the real Centos7 template in case it changes
-  out=$(cac build cpu=1 ram=512 storage=10 os=26 2>&1)
+  # TODO: use cac-api templates to determine the real Centos7 template in case it changes
+  out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1)
   if name=$(echo "$out" | jq -r .servername);then
     id=servername:$name
     echo "got a working machine, id=$id"
@@ -67,15 +65,15 @@ while true;do
   fi
 
   clear_defer >/dev/null
-  defer "cac delete $id"
+  defer "cac-api delete $id"
 
   # TODO: timeout?
 
   wait_login_cac(){
     # we wait for 30 minutes
     for t in `seq 180`;do
-      # now we have a working cac server
-      if cac ssh $1 -o ConnectTimeout=10 \
+      # now we have a working cac-api server
+      if cac-api ssh $1 -o ConnectTimeout=10 \
                     cat /etc/redhat-release | \
                       grep CentOS ;then
         return 0
@@ -87,7 +85,7 @@ while true;do
   # die on timeout
   if ! wait_login_cac $id;then
     echo "unable to boot a working system within time frame, retrying..." >&2
-    echo "Cleaning up old image,last status: $(cac update;cac getserver $id | jq -r .status)"
+    echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)"
     eval "$(clear_defer | sed 's/;exit//')"
     sleep 15
   else
@@ -96,17 +94,17 @@ while true;do
   fi
 done
 clear_defer >/dev/null
-defer "cac delete $id;$old_trapstr"
+defer "cac-api delete $id;$old_trapstr"
 
 mkdir -p shared/2configs/temp
-cac generatenetworking $id > \
+cac-api generatenetworking $id > \
   shared/2configs/temp/networking.nix
 # new temporary ssh key we will use to log in after infest
 ssh-keygen -f $krebs_ssh -N ""
 cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv
 # we override the directories for secrets and stockholm
 # additionally we set the ssh key we generated
-ip=$(cac getserver $id | jq -r .ip)
+ip=$(cac-api getserver $id | jq -r .ip)
 
 cat > shared/2configs/temp/dirs.nix <<EOF
 _: {
@@ -123,18 +121,18 @@ EOF
 
 LOGNAME=shared make eval get=krebs.infest \
   target=derp system=test-centos7 filter=json \
-  | sed -e "s#^ssh.*<<#cac ssh $id<<#" \
-        -e "/^rsync/a -e 'cac ssh $id' \\\\"  \
+  | sed -e "s#^ssh.*<<#cac-api ssh $id<<#" \
+        -e "/^rsync/a -e 'cac-api ssh $id' \\\\"  \
         -e "s#root.derp:#:#" > $krebs_secrets/infest
 sh -x $krebs_secrets/infest
 
 # TODO: generate secrets directory $krebs_secrets for nix import
-cac powerop $id reset
+cac-api powerop $id reset
 
 wait_login(){
   # timeout
   for t in `seq 90`;do
-    # now we have a working cac server
+    # now we have a working cac-api server
     if ssh -o StrictHostKeyChecking=no \
            -o UserKnownHostsFile=/dev/null \
            -i $krebs_ssh \
diff --git a/krebs/5pkgs/urlwatch/default.nix b/krebs/5pkgs/urlwatch/default.nix
index d9b595314..780ad24f5 100644
--- a/krebs/5pkgs/urlwatch/default.nix
+++ b/krebs/5pkgs/urlwatch/default.nix
@@ -1,29 +1,18 @@
 { stdenv, fetchurl, python3Packages }:
 
 python3Packages.buildPythonPackage rec {
-  name = "urlwatch-2.0";
+  name = "urlwatch-2.1";
 
   src = fetchurl {
     url = "https://thp.io/2008/urlwatch/${name}.tar.gz";
-    sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b";
+    sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6";
   };
 
   propagatedBuildInputs = with python3Packages; [
-    pyyaml
     keyring
-    (python3Packages.buildPythonPackage rec {
-      name = "minidb-2.0.1";
-      src = fetchurl {
-        url = "https://thp.io/2010/minidb/${name}.tar.gz";
-        sha256 = "1x958zr9jc26vaqij451qb9m2l7apcpz34ir9fwfjg4fwv24z2dy";
-      };
-      meta = {
-        description = "A simple SQLite3-based store for Python objects";
-        homepage = https://thp.io/2010/minidb/;
-        license = stdenv.lib.licenses.isc;
-        maintainers = [ stdenv.lib.maintainers.tv ];
-      };
-    })
+    minidb
+    pyyaml
+    requests2
   ];
 
   postFixup = ''
@@ -36,4 +25,4 @@ python3Packages.buildPythonPackage rec {
     license = stdenv.lib.licenses.bsd3;
     maintainers = [ stdenv.lib.maintainers.tv ];
   };
-}#
+}
diff --git a/krebs/5pkgs/with-tmpdir/default.nix b/krebs/5pkgs/with-tmpdir/default.nix
new file mode 100644
index 000000000..517e46310
--- /dev/null
+++ b/krebs/5pkgs/with-tmpdir/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, fetchgit, coreutils, dash, ... }:
+
+stdenv.mkDerivation {
+  name = "with-tmpdir-1";
+
+  src = fetchgit {
+    url = http://cgit.cd.krebsco.de/with-tmpdir;
+    rev = "3243c02ed8cd27a04c080bd39560204980f6c16a";
+    sha256 = "80ee6cafb2c337999ddcd1e41747d6256b7cfcea605358c2046eb7e3729555c6";
+  };
+
+  phases = [
+    "unpackPhase"
+    "installPhase"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+
+    { echo '#! ${dash}/bin/dash'
+      echo 'OLDPATH=$PATH'
+      echo 'PATH=${coreutils}/bin'
+      sed '$s/^/#/' ./with-tmpdir
+      echo '(PATH=$OLDPATH; exec "$@")'
+    } > $out/bin/with-tmpdir
+
+    chmod +x $out/bin/with-tmpdir
+  '';
+}