From af19f6de3957993db6c3834cbf6965804f4782f7 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Sat, 25 Oct 2025 15:17:10 +0200
Subject: [PATCH] build: don't use fetchurl to get IANA service names for Nix

As the file may change, even the latest tagged version of flake.nix
won't work to build Akvorado. Instead, rely on an unofficial Git
repository.

Fix #2043
---
 .github/actions/setup/action.yml            |  4 +--
 .github/workflows/update-nix-flake-lock.yml |  1 +
 flake.lock                                  | 17 +++++++++++
 flake.nix                                   | 34 +++++++++------------
 nix/ianaServiceNamesHash.txt                |  1 -
 5 files changed, 35 insertions(+), 22 deletions(-)
 delete mode 100644 nix/ianaServiceNamesHash.txt

diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
index 8f3f6391..d8fa2e45 100644
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -67,6 +67,6 @@ runs:
         path: |
           orchestrator/clickhouse/data/udp.csv
           orchestrator/clickhouse/data/tcp.csv
-        key: iana-cache-${{ hashFiles('Makefile', 'nix/ianaServiceNamesHash.txt') }}-${{ github.run_id }}
+        key: iana-cache-${{ hashFiles('Makefile', 'flake.lock') }}-${{ github.run_id }}
         restore-keys: |
-          iana-cache-${{ hashFiles('Makefile', 'nix/ianaServiceNamesHash.txt') }}-
+          iana-cache-${{ hashFiles('Makefile', 'flake.lock') }}-
diff --git a/.github/workflows/update-nix-flake-lock.yml b/.github/workflows/update-nix-flake-lock.yml
index 7d17ec08..cf85e494 100644
--- a/.github/workflows/update-nix-flake-lock.yml
+++ b/.github/workflows/update-nix-flake-lock.yml
@@ -15,6 +15,7 @@ jobs:
         source:
           - nixpkgs
           - asn2org
+          - iana-assignments
     steps:
       - uses: actions/checkout@v5
         with:
diff --git a/flake.lock b/flake.lock
index 80a51b69..303d8f09 100644
--- a/flake.lock
+++ b/flake.lock
@@ -35,6 +35,22 @@
         "type": "github"
       }
     },
+    "iana-assignments": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1761359241,
+        "narHash": "sha256-Q/bkxeQJFELXd+4Ma50PliUimIPiMBeGhC6nFUUDOzc=",
+        "owner": "larseggert",
+        "repo": "iana-assignments",
+        "rev": "597006e11311b3ebee998d86ab862955c5e7d6ce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "larseggert",
+        "repo": "iana-assignments",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1760164275,
@@ -53,6 +69,7 @@
       "inputs": {
         "asn2org": "asn2org",
         "flake-utils": "flake-utils",
+        "iana-assignments": "iana-assignments",
         "nixpkgs": "nixpkgs"
       }
     },
diff --git a/flake.nix b/flake.nix
index 67f0243d..5cebff30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,8 +6,12 @@
       url = "github:vincentbernat/asn2org/gh-pages";
       flake = false;
     };
+    iana-assignments = {
+      url = "github:larseggert/iana-assignments";
+      flake = false;
+    };
   };
-  outputs = { self, nixpkgs, flake-utils, asn2org }:
+  outputs = { self, nixpkgs, flake-utils, asn2org, iana-assignments }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = import nixpkgs {
@@ -42,17 +46,15 @@
             cp -r ../data/frontend $out/data
           '';
         };
-        ianaServiceNames = pkgs.fetchurl {
-          url = "https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.csv";
-          hash = l.readFile ./nix/ianaServiceNamesHash.txt;
-          # There are many bogus changes in this file. To avoid updating the
-          # hash too often, filter the lines with a service name and a port.
-          downloadToTemp = true;
-          postFetch = ''
-            < $downloadedFile > $out \
-            awk -F, '(NR == 1) {print} ($0 !~ "^ " && $1 != "" && $2 != "" && ($3 == "tcp" || $3 == "udp")) {print}'
-          '';
-        };
+        ianaServiceNames = pkgs.runCommand "service-names-port-numbers.csv" {} ''
+          > $out echo name,port,protocol
+          >> $out \
+          ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "_:registry/_:record[_:name and _:number]" \
+            -v _:name -o , \
+            -v _:number -o , \
+            -v _:protocol -o , -n \
+            ${iana-assignments}/service-names-port-numbers/service-names-port-numbers.xml
+        '';
         backend = pkgs.buildGoModule.override { inherit go; } {
           doCheck = false;
           name = "akvorado";
@@ -103,15 +105,9 @@
                           | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
               [[ -z "$sha256" ]] && echo $oldSha256 || echo $sha256 > nix/npmDepsHash.txt
             '';
-            update-ianaServiceNamesHash = ''
-              sha256=$(2>&1 nix build --no-link .#ianaServiceNames \
-                          | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
-              [[ -z "$sha256" ]] || echo $sha256 > nix/ianaServiceNamesHash.txt
-            '';
             update = ''
               ${update-vendorHash}
               ${update-npmDepsHash}
-              ${update-ianaServiceNamesHash}
             '';
             # Run nix build depending on TARGETPLATFORM value (for Docker).
             build = ''
@@ -130,7 +126,7 @@
           };
 
         packages = {
-          inherit backend frontend ianaServiceNames;
+          inherit backend frontend;
           default = backend;
         } // (l.optionalAttrs (system == "x86_64-linux")
           (l.attrsets.listToAttrs (l.lists.map
diff --git a/nix/ianaServiceNamesHash.txt b/nix/ianaServiceNamesHash.txt
deleted file mode 100644
index 8c7c2ad5..00000000
--- a/nix/ianaServiceNamesHash.txt
+++ /dev/null
@@ -1 +0,0 @@
-sha256-MMTJRwpFEvXDHxp+OXbpwTa6aUNd0JXvR6KMwymKiTo=