how often do you clone that repo anyways?
That I don't know, since I'm not actually a NixOS maintainer, just an occasional contributor.
The derivation for obfs4 is already doing something similar, if that provides any sort of reference.
Thanks for the thorough response! I'll find a way to include the full copyright, and trim the binaries.
For the proxy it might be nice to include a systemd service file (or whatever is the standard way for nix to run a service) so people can install the proxy and it will launch in background a provide the service.
In nix, this is done sort of separately from package distribution. A user may install the snowflake package to manually run, but a systemd service would be enabled via a (yet to be written) abstracted module that exposes something like the following interface:
services.snowflake-proxy.enable=true;
with potentially some configuration options such as
services.snowflake-proxy.broker="https://snowflake-broker.bamsoftware.com/";
services.snowflake-proxy.capacity=100;
I plan to write this module, though it would likely be a separate contribution to nixpkgs after the package is integrated.
I'd like to add snowflake to nixpkgs, and wanted to make sure I do so properly.
My current attempt at doing so is here: https://github.com/witchof0x20/nixpkgs/blob/snowflake/pkgs/tools/networking/snowflake/default.nix which is basically a carbon copy of the way obfs4 is packaged in nixpkgs. I'll include it here for convenience:
{ lib, fetchgit, buildGoModule }:
buildGoModule rec {
pname = "snowflake";
version = "1.1.0";
src = fetchgit {
url = meta.repositories.git;
rev = "refs/tags/v${version}";
sha256 = "0d5ddhg2p0mbcj1cmklwn04za2x1khxgm5x9qlsg1ywkn6ngnxad";
};
vendorSha256 = "15nzqibrymbbn6cwz3267jxk60xr5f6v3akwplhjzcc16bgrcx57";
doCheck = false;
meta = with lib; {
description = "A pluggable transport proxy";
homepage = "https://snowflake.torproject.org";
repositories.git = "https://git.torproject.org/pluggable-transports/snowflake.git";
license = licenses.bsd3;
maintainers = with maintainers; [ witchof0x20 ];
};
}
This generates a single bin
directory containing:
broker client probetest proxy server
My questions are
git.torproject.org
as the package source. This would typically be accessed from NixOS's binary-generating build servers, and sometimes end users, but there is a potential that it creates additional load on the server. Would it be more appropriate to use a Github mirror? The obfs4 derivation also uses this server, for reference.