From 95a329a5d363849b2e998851e77a9e178d30f975 Mon Sep 17 00:00:00 2001
From: Sumner Evans <me@sumnerevans.com>
Date: Tue, 29 Jun 2021 16:54:28 -0600
Subject: [PATCH 1/4] matrix-synapse: 1.37.0 -> 1.37.1

(cherry picked from commit 9d694395a863e4b4a0441f792dbb320aa3c53fe4)
---
 pkgs/servers/matrix-synapse/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/matrix-synapse/default.nix b/pkgs/servers/matrix-synapse/default.nix
index bf9ee13b3b7..18d19c51597 100644
--- a/pkgs/servers/matrix-synapse/default.nix
+++ b/pkgs/servers/matrix-synapse/default.nix
@@ -12,11 +12,11 @@ let
 in
 buildPythonApplication rec {
   pname = "matrix-synapse";
-  version = "1.37.0";
+  version = "1.37.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-BWGbfDBB1jX0PJSR8WCZE3FE1pDs0fRg8/fML3FsJHA=";
+    sha256 = "sha256-KxDHJrKm/QUZtOzI6MEpIUb4hTtxtIPLFuD1as3j4EA=";
   };
 
   patches = [

From 3540e860f61aa552d09f389875d65b5bc8dcff5a Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Mon, 28 Jun 2021 07:57:40 -0700
Subject: [PATCH 2/4] vault-bin: wrap with gawk glibc

Binary will shell out awk and getent

(cherry picked from commit 2c402cc7606684c595375bf78faedec23ef9913f)
---
 pkgs/tools/security/vault/vault-bin.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix
index b283a40888b..8d82061c061 100644
--- a/pkgs/tools/security/vault/vault-bin.nix
+++ b/pkgs/tools/security/vault/vault-bin.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, unzip }:
+{ lib, stdenv, fetchurl, unzip, makeWrapper, gawk, glibc }:
 
 let
   version = "1.7.2";
@@ -30,7 +30,7 @@ in stdenv.mkDerivation {
 
   src = sources.${stdenv.hostPlatform.system} or (throw "unsupported system: ${stdenv.hostPlatform.system}");
 
-  nativeBuildInputs = [ unzip ];
+  nativeBuildInputs = [ makeWrapper unzip ];
 
   sourceRoot = ".";
 
@@ -41,6 +41,9 @@ in stdenv.mkDerivation {
     mv vault $out/bin
     echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault
 
+    wrapProgram $out/bin/vault \
+      --prefix PATH ${lib.makeBinPath [ gawk glibc ]}
+
     runHook postInstall
   '';
 

From 2ff2298f0799621d483e84716c834204a25a7fe6 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Mon, 28 Jun 2021 14:22:31 -0700
Subject: [PATCH 3/4] vault: wrap with gawk glibc

Binary will shell out awk and getent

(cherry picked from commit 8161c0930504be8c30c51fa36374d751d3850b03)
---
 pkgs/tools/security/vault/default.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix
index eb5ac31d300..f00136d041f 100644
--- a/pkgs/tools/security/vault/default.nix
+++ b/pkgs/tools/security/vault/default.nix
@@ -1,4 +1,8 @@
-{ lib, fetchFromGitHub, buildGoPackage, installShellFiles, nixosTests }:
+{ lib, fetchFromGitHub, buildGoPackage, installShellFiles, nixosTests
+, makeWrapper
+, gawk
+, glibc
+}:
 
 buildGoPackage rec {
   pname = "vault";
@@ -15,13 +19,16 @@ buildGoPackage rec {
 
   subPackages = [ "." ];
 
-  nativeBuildInputs = [ installShellFiles ];
+  nativeBuildInputs = [ installShellFiles makeWrapper ];
 
   buildFlagsArray = [ "-tags=vault" "-ldflags=-s -w -X ${goPackagePath}/sdk/version.GitCommit=${src.rev}" ];
 
   postInstall = ''
     echo "complete -C $out/bin/vault vault" > vault.bash
     installShellCompletion vault.bash
+
+    wrapProgram $out/bin/vault \
+      --prefix PATH ${lib.makeBinPath [ gawk glibc ]}
   '';
 
   passthru.tests.vault = nixosTests.vault;

From acc107f4be14608171c0a0d7e8d50ec2320d0318 Mon Sep 17 00:00:00 2001
From: Jonathan Ringer <jonringer117@gmail.com>
Date: Tue, 29 Jun 2021 10:10:12 -0700
Subject: [PATCH 4/4] nixos/test/vault: fix assertion logic

"vault status" now returns exit code 2 when the
vault is still unsealed.

(cherry picked from commit 7737a0fc9c890bca80cd42d898f04edf6bf8f850)
---
 nixos/tests/vault.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/tests/vault.nix b/nixos/tests/vault.nix
index 59bccbe2595..c3b28b62695 100644
--- a/nixos/tests/vault.nix
+++ b/nixos/tests/vault.nix
@@ -19,6 +19,8 @@ import ./make-test-python.nix ({ pkgs, ... }:
       machine.wait_for_unit("vault.service")
       machine.wait_for_open_port(8200)
       machine.succeed("vault operator init")
-      machine.succeed("vault status | grep Sealed | grep true")
+      # vault now returns exit code 2 for sealed vaults
+      machine.fail("vault status")
+      machine.succeed("vault status || test $? -eq 2")
     '';
 })