From 3b2399bf26acc7ba9dd209286fb6824070371a8d Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Fri, 13 Jan 2023 20:13:49 +0000
Subject: [PATCH 1/5] python3Packages.graphite-web: switch to github source

this includes the tests which will be useful when we enable them
and also makes patches apply better
---
 .../python-modules/graphite-web/default.nix            | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix
index 91def6f2886b..f5a59c6a4cd9 100644
--- a/pkgs/development/python-modules/graphite-web/default.nix
+++ b/pkgs/development/python-modules/graphite-web/default.nix
@@ -4,7 +4,7 @@
 , cairocffi
 , django
 , django_tagging
-, fetchPypi
+, fetchFromGitHub
 , gunicorn
 , pyparsing
 , python-memcached
@@ -24,9 +24,11 @@ buildPythonPackage rec {
 
   disabled = pythonOlder "3.7";
 
-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-Pxho1QWo2jJZYAMJx999bbELDVMr7Wp7wsssYPkc01o=";
+  src = fetchFromGitHub {
+    owner = "graphite-project";
+    repo = pname;
+    rev = version;
+    hash = "sha256-2HgCBKwLfxJLKMopoIdsEW5k/j3kNAiifWDnJ98a7Qo=";
   };
 
   propagatedBuildInputs = [

From 670f603a2d6601a76af1ab6317bf73449171a7ed Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Fri, 13 Jan 2023 20:15:48 +0000
Subject: [PATCH 2/5] python3Packages.graphite-web: add patches for
 CVE-2022-4730, CVE-2022-4729 & CVE-2022-4728

---
 .../python-modules/graphite-web/default.nix        | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix
index f5a59c6a4cd9..babecf674f26 100644
--- a/pkgs/development/python-modules/graphite-web/default.nix
+++ b/pkgs/development/python-modules/graphite-web/default.nix
@@ -5,6 +5,7 @@
 , django
 , django_tagging
 , fetchFromGitHub
+, fetchpatch
 , gunicorn
 , pyparsing
 , python-memcached
@@ -31,6 +32,19 @@ buildPythonPackage rec {
     hash = "sha256-2HgCBKwLfxJLKMopoIdsEW5k/j3kNAiifWDnJ98a7Qo=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-4730.CVE-2022-4729.CVE-2022-4728.part-1.patch";
+      url = "https://github.com/graphite-project/graphite-web/commit/9c626006eea36a9fd785e8f811359aebc9774970.patch";
+      sha256 = "sha256-JMmdhLqsaRhUG2FsH+yPNl+cR7O2YLfKFliL2GU0aAk=";
+    })
+    (fetchpatch {
+      name = "CVE-2022-4730.CVE-2022-4729.CVE-2022-4728.part-2.patch";
+      url = "https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23.patch";
+      sha256 = "sha256-NL7K5uekf3NlLa58aFFRPJT9ktjqBeNlWC4Htd0fRQ0=";
+    })
+  ];
+
   propagatedBuildInputs = [
     cairocffi
     django

From 760d26e16dc42b02be93d09e33aa74085bf5a720 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Fri, 13 Jan 2023 20:18:55 +0000
Subject: [PATCH 3/5] python3Packages.graphite-web: remove whitenoise

whitenoise support is broken with whitenoise>=6.0, and this is
revealed when we enable the tests.

See https://github.com/graphite-project/graphite-web/issues/2735
---
 pkgs/development/python-modules/graphite-web/default.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix
index babecf674f26..63ddd906e16e 100644
--- a/pkgs/development/python-modules/graphite-web/default.nix
+++ b/pkgs/development/python-modules/graphite-web/default.nix
@@ -15,7 +15,6 @@
 , txamqp
 , urllib3
 , whisper
-, whitenoise
 }:
 
 buildPythonPackage rec {
@@ -57,7 +56,6 @@ buildPythonPackage rec {
     txamqp
     urllib3
     whisper
-    whitenoise
   ];
 
   postPatch = ''

From 5ccffc22c9688c7383ee79eb9b8868621b416fce Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Fri, 13 Jan 2023 20:19:30 +0000
Subject: [PATCH 4/5] python3Packages.graphite-web: enable tests

---
 .../python-modules/graphite-web/default.nix   | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix
index 63ddd906e16e..a82f9982cb3b 100644
--- a/pkgs/development/python-modules/graphite-web/default.nix
+++ b/pkgs/development/python-modules/graphite-web/default.nix
@@ -1,12 +1,14 @@
 { lib
 , stdenv
 , buildPythonPackage
+, python
 , cairocffi
 , django
 , django_tagging
 , fetchFromGitHub
 , fetchpatch
 , gunicorn
+, mock
 , pyparsing
 , python-memcached
 , pythonOlder
@@ -73,6 +75,23 @@ buildPythonPackage rec {
       --replace "join(WEBAPP_DIR, 'content')" "join('$out', 'webapp', 'content')"
   '';
 
+  checkInputs = [ mock ];
+  checkPhase = ''
+    runHook preCheck
+
+    pushd webapp/
+    # avoid confusion with installed module
+    rm -r graphite
+    # redis not practical in test environment
+    substituteInPlace tests/test_tags.py \
+      --replace test_redis_tagdb _dont_test_redis_tagdb
+
+    DJANGO_SETTINGS_MODULE=tests.settings ${python.interpreter} manage.py test
+    popd
+
+    runHook postCheck
+  '';
+
   pythonImportsCheck = [
     "graphite"
   ];

From 890bf782f3c059bf9305f12b00507d56fb3e134b Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Fri, 13 Jan 2023 20:24:32 +0000
Subject: [PATCH 5/5] python3Packages.graphite-web: unmark as broken on aarch64
 and darwin

WFM on both, tests pass
---
 pkgs/development/python-modules/graphite-web/default.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix
index a82f9982cb3b..221b1cfbfae1 100644
--- a/pkgs/development/python-modules/graphite-web/default.nix
+++ b/pkgs/development/python-modules/graphite-web/default.nix
@@ -97,7 +97,6 @@ buildPythonPackage rec {
   ];
 
   meta = with lib; {
-    broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin;
     description = "Enterprise scalable realtime graphing";
     homepage = "http://graphiteapp.org/";
     license = licenses.asl20;