From 687175e309c79d09ab4a3878d6605526fc4af014 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sat, 28 Feb 2026 21:53:20 -0800 Subject: [PATCH] C2(authentik-source-build): plan update python314-nixpkgs-compat with dacite and exceptiongroup Build testing on ringtail revealed two more Python 3.14 compat gaps: dacite (Union string repr change) and exceptiongroup (recursion limit change). Both are cosmetic test failures, not functional issues. Co-Authored-By: Claude Opus 4.6 --- docs/how-to/authentik/python314-nixpkgs-compat.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/how-to/authentik/python314-nixpkgs-compat.md b/docs/how-to/authentik/python314-nixpkgs-compat.md index 7542609..76ac41d 100644 --- a/docs/how-to/authentik/python314-nixpkgs-compat.md +++ b/docs/how-to/authentik/python314-nixpkgs-compat.md @@ -16,12 +16,14 @@ Document and implement the `packageOverrides` needed to build authentik's Python ## Problem -Authentik 2026.2.0 requires Python 3.14 (`requires-python = "==3.14.*"`). The nixos-25.11 channel's `python314` package set has two issues: +Authentik 2026.2.0 requires Python 3.14 (`requires-python = "==3.14.*"`). The nixos-25.11 channel's `python314` package set has four issues: 1. **`astor` 0.8.1** — test suite uses `ast.Num`, `ast.Str`, and `ast.NameConstant`, which were removed in Python 3.14. Build fails during `pytestCheckPhase`. 2. **`django` defaults to 4.2.x** — Django 4.2 does not support Python 3.14. The `python314.pkgs.django` attribute points to `django_4` (4.2.28), not `django_5`. +3. **`dacite` 1.9.2** — test asserts on `typing.Union[int, str]` string representation, but Python 3.14 renders it as `int | str`. Cosmetic test failure; functionality is fine. +4. **`exceptiongroup` 1.3.0** — tests expect `RecursionError` on deep nesting, but Python 3.14 increased the recursion limit. The module is a no-op shim on Python 3.11+ anyway. -Both failures cascade through the dependency graph, breaking `trio` → `anyio` → `httpcore`/`azure-core`/etc. and ultimately `authentik-django`. +The astor and django failures cascade through the dependency graph, breaking `trio` → `anyio` → `httpcore`/`azure-core`/etc. and ultimately `authentik-django`. ## Research Findings @@ -59,6 +61,8 @@ Add these overrides to `authentik-django.nix`'s `packageOverrides` block: 1. **`django = final.django_5;`** — same as nixpkgs authentik does 2. **`astor`** — override to use the patched git snapshot with the python314-compat.patch, matching what current nixpkgs does (NOT just disabling tests) +3. **`dacite`** — disable `test_from_dict_with_union_and_wrong_data` (cosmetic string repr change, not a functional issue) +4. **`exceptiongroup`** — disable `test_deep_split` and `test_deep_subgroup` (recursion limit change, module is a no-op shim on 3.11+) The override for astor should use `fetchFromGitHub` with owner `berkerpeksag`, repo `astor`, rev `df09001112f079db54e7c5358fa143e1e63e74c4`, and carry the patch from nixpkgs PR #233. This is a proper fix, not a test skip.