nixops: Fix build by disabling the libvirt backend

pkgs/development/python-modules/libvirt/5.9.0.nix

@@ -18,6 +18,10 @@ buildPythonPackage rec {
     nosetests
   '';
 
+  passthru = {
+    inherit libvirt;
+  };
+
   meta = with lib; {
     homepage = "http://www.libvirt.org/";
     description = "libvirt Python bindings";

pkgs/tools/package-management/nixops/default.nix

@@ -1,16 +1,70 @@
-{ callPackage, fetchurl, fetchpatch }:
+{ lib, python2Packages, libxslt, docbook_xsl_ns, openssh, cacert, nixopsAzurePackages ? []
+, fetchurl, fetchpatch
+}:
 
-callPackage ./generic.nix (rec {
+let
   version = "1.7";
+
+in python2Packages.buildPythonApplication {
+  pname = "nixops";
+  inherit version;
+
   src = fetchurl {
     url = "https://nixos.org/releases/nixops/nixops-${version}/nixops-${version}.tar.bz2";
     sha256 = "091c0b5bca57d4aa20be20e826ec161efe3aec9c788fbbcf3806a734a517f0f3";
   };
+
   patches = [
-    # follow redirect in nixos-infect. Remove with the next release.
     (fetchpatch {
       url = "https://github.com/NixOS/nixops/commit/fb6d4665e8efd858a215bbaaf079ec3f5ebc49b8.patch";
       sha256 = "1hbhykl811zsqlaj3y5m9d8lfsal6ps6n5p16ah6lqy2s18ap9d0";
     })
+    ./optional-virtd.patch
   ];
-})
+
+  buildInputs = [ libxslt ];
+
+  pythonPath = with python2Packages;
+    [ prettytable
+      boto
+      boto3
+      hetzner
+      libcloud
+      adal
+      # Go back to sqlite once Python 2.7.13 is released
+      pysqlite
+      datadog
+      digital-ocean
+      typing
+      ]
+      ++ lib.optional (!libvirt.passthru.libvirt.meta.insecure or true) libvirt
+      ++ nixopsAzurePackages;
+
+  checkPhase =
+  # Ensure, that there are no (python) import errors
+  ''
+    SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt \
+    HOME=$(pwd) \
+      $out/bin/nixops --version
+  '';
+
+  postInstall = ''
+    make -C doc/manual install nixops.1 docbookxsl=${docbook_xsl_ns}/xml/xsl/docbook \
+      docdir=$out/share/doc/nixops mandir=$out/share/man
+
+    mkdir -p $out/share/nix/nixops
+    cp -av "nix/"* $out/share/nix/nixops
+
+    # Add openssh to nixops' PATH. On some platforms, e.g. CentOS and RHEL
+    # the version of openssh is causing errors when have big networks (40+)
+    wrapProgram $out/bin/nixops --prefix PATH : "${openssh}/bin"
+  '';
+
+  meta = {
+    homepage = "https://github.com/NixOS/nixops";
+    description = "NixOS cloud provisioning and deployment tool";
+    maintainers = with lib.maintainers; [ aminechikhaoui eelco rob domenkozar ];
+    platforms = lib.platforms.unix;
+    license = lib.licenses.lgpl3;
+  };
+}

pkgs/tools/package-management/nixops/optional-virtd.patch

@@ -0,0 +1,24 @@
+diff --git a/nixops/backends/libvirtd.py b/nixops/backends/libvirtd.py
+index bc5f4af7..edd1348b 100644
+--- a/nixops/backends/libvirtd.py
++++ b/nixops/backends/libvirtd.py
+@@ -8,12 +8,18 @@ import shutil
+ import string
+ import subprocess
+ import time
+-import libvirt
+
+ from nixops.backends import MachineDefinition, MachineState
+ import nixops.known_hosts
+ import nixops.util
+
++try:
++    import libvirt
++except:
++    class libvirt(object):
++        def __getattribute__(self, name):
++            raise ValueError("The libvirt backend has been disabled because of security issues.")
++
+ # to prevent libvirt errors from appearing on screen, see
+ # https://www.redhat.com/archives/libvirt-users/2017-August/msg00011.html
+

pkgs/top-level/all-packages.nix

@@ -28795,8 +28795,6 @@ in
 
   nixops = callPackage ../tools/package-management/nixops { };
 
-  nixops_1_6_1 = callPackage ../tools/package-management/nixops/nixops-v1_6_1.nix {};
-
   nixopsUnstable = lowPrio (callPackage ../applications/networking/cluster/nixops { });
 
   nixops-dns = callPackage ../tools/package-management/nixops/nixops-dns.nix { };