From 439da176f439fd863ed6c3b201020926ca07ae4b Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Wed, 10 Sep 2025 04:21:52 +0200
Subject: [PATCH] hiawatha: drop

Hiawatha is no longer actively maintained by the upstream developer and
there was no maintainer for this package since the original contributor
was removed in 2019.

With https://kb.cert.org/vuls/id/461364 there are three new CVEs that
will eventually be fixed, but the interest in nixpkgs is likely low
since we don't even ship a module.
---
 doc/release-notes/rl-2511.section.md |  2 +
 pkgs/by-name/hi/hiawatha/package.nix | 80 --------------------------
 pkgs/by-name/hi/hiawatha/test.nix    | 86 ----------------------------
 pkgs/top-level/aliases.nix           |  1 +
 4 files changed, 3 insertions(+), 166 deletions(-)
 delete mode 100644 pkgs/by-name/hi/hiawatha/package.nix
 delete mode 100644 pkgs/by-name/hi/hiawatha/test.nix

diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md
index f5ca4d1efc5d..08c973623661 100644
--- a/doc/release-notes/rl-2511.section.md
+++ b/doc/release-notes/rl-2511.section.md
@@ -54,6 +54,8 @@
 
 - `spidermonkey_91` has been removed, as it has been EOL since September 2022.
 
+- `hiawata` has been removed, due to lack of active development upstream, lack of maintainership downstream and upcoming security issues.
+
 - `cudaPackages.cudatoolkit-legacy-runfile` has been removed.
 
 - `conduwuit` was removed due to upstream ceasing development and deleting their repository. For existing data, a migration to `matrix-conduit`, `matrix-continuwuity` or `matrix-tuwunel` may be possible.
diff --git a/pkgs/by-name/hi/hiawatha/package.nix b/pkgs/by-name/hi/hiawatha/package.nix
deleted file mode 100644
index ae6d50abf579..000000000000
--- a/pkgs/by-name/hi/hiawatha/package.nix
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchFromGitLab,
-  callPackage,
-
-  cmake,
-  ninja,
-  mbedtls,
-  libxcrypt,
-  zlib,
-
-  enableCache ? true, # Internal cache support.
-  enableIpV6 ? true,
-  enableTls ? true,
-  enableMonitor ? false, # Support for the Hiawatha Monitor.
-  enableRproxy ? true, # Reverse proxy support.
-  enableTomahawk ? false, # Tomahawk, the Hiawatha command shell.
-  enableXslt ? true,
-  libxml2 ? null,
-  libxslt ? null,
-  enableToolkit ? true, # The URL Toolkit.
-}:
-
-stdenv.mkDerivation (finalAttrs: {
-  pname = "hiawatha";
-  version = "11.7";
-
-  src = fetchFromGitLab {
-    owner = "hsleisink";
-    repo = "hiawatha";
-    rev = "v${finalAttrs.version}";
-    hash = "sha256-Vr7rpYyUgB2NI/PJgh/nQa7gY1XJ4AfUDAHEOVblD1g=";
-  };
-
-  nativeBuildInputs = [
-    cmake
-    ninja
-  ];
-  buildInputs = [
-    mbedtls
-    libxcrypt
-    zlib
-  ]
-  ++ lib.optionals enableXslt [
-    libxslt
-    libxml2
-  ];
-
-  prePatch = ''
-    substituteInPlace CMakeLists.txt --replace SETUID ""
-  '';
-
-  cmakeFlags = [
-    "-DUSE_SYSTEM_MBEDTLS=on" # Policy to use Nix deps, and Nix uses up to date deps
-    (if enableCache then "-DENABLE_CACHE=on" else "-DENABLE_CACHE=off")
-    (if enableIpV6 then "-DENABLE_IPV6=on" else "-DENABLE_IPV6=off")
-    (if enableTls then "-DENABLE_TLS=on" else "-DENABLE_TLS=off")
-    (if enableMonitor then "-DENABLE_MONITOR=on" else "-DENABLE_MONITOR=off")
-    (if enableRproxy then "-DENABLE_RPROXY=on" else "-DENABLE_RPROXY=off")
-    (if enableTomahawk then "-DENABLE_TOMAHAWK=on" else "-DENABLE_TOMAHAWK=off")
-    (if enableXslt then "-DENABLE_XSLT=on" else "-DENABLE_XSLT=off")
-    (if enableToolkit then "-DENABLE_TOOLKIT=on" else "-DENABLE_TOOLKIT=off")
-  ];
-
-  passthru.tests.serve-static-files = callPackage ./test.nix {
-    hiawatha = finalAttrs.finalPackage;
-    inherit enableTls;
-  };
-
-  meta = with lib; {
-    homepage = "https://hiawatha.leisink.net/";
-    description = "Advanced and secure webserver";
-    license = licenses.gpl2Only;
-    platforms = platforms.unix; # "Hiawatha runs perfectly on Linux, BSD and MacOS X"
-    mainProgram = "hiawatha";
-    maintainers = [ ];
-  };
-
-})
diff --git a/pkgs/by-name/hi/hiawatha/test.nix b/pkgs/by-name/hi/hiawatha/test.nix
deleted file mode 100644
index 8f17a6874563..000000000000
--- a/pkgs/by-name/hi/hiawatha/test.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-{
-  lib,
-  stdenvNoCC,
-  hiawatha,
-  curl,
-  mbedtls,
-  enableTls,
-}:
-
-stdenvNoCC.mkDerivation {
-  name = "hiawatha-test";
-
-  nativeBuildInputs = [
-    hiawatha
-    curl
-  ]
-  ++ lib.optional enableTls mbedtls;
-
-  env = {
-    inherit enableTls;
-  };
-
-  buildCommand = ''
-    cp -r --no-preserve=mode ${hiawatha}/etc/hiawatha config
-    sed "1i set TEST_DIR = $(pwd)" $serverConfigPath > config/hiawatha.conf
-
-    mkdir www
-    echo "it works" > www/index.html
-
-    if [ -n "$enableTls" ]; then
-      echo "Generating self-signed certificate"
-      gen_key type=ec filename=server.key
-      cert_write selfsign=1 issuer_key=server.key output_file=server.crt
-      cat server.crt server.key > config/server.crt
-    fi
-
-    echo "Checking server configuration"
-    hiawatha -c ./config -k
-
-    echo "Starting server"
-    hiawatha -c ./config
-
-    testUrl() {
-      echo "Testing $1"
-      curl --verbose --insecure --fail "$1" | tee response
-      grep -q "it works" response
-    }
-
-    testUrl http://127.0.0.1:8000
-    if [ -n "$enableTls" ]; then
-      testUrl https://127.0.0.1:8443
-    fi
-
-    touch $out
-  '';
-
-  serverConfig = ''
-    # By default the server uses read-only directories like /var/lib and /etc
-    WorkDirectory = TEST_DIR
-    PIDfile = TEST_DIR/hiawatha.pid
-    SystemLogfile = TEST_DIR/system.log
-    GarbageLogfile = TEST_DIR/garbage.log
-    ExploitLogfile = TEST_DIR/exploit.log
-    AccessLogfile = TEST_DIR/access.log
-    ErrorLogfile = TEST_DIR/error.log
-
-    Binding {
-      Interface = 127.0.0.1
-      Port = 8000
-    }
-
-    ${lib.optionalString enableTls ''
-      Binding {
-        Interface = 127.0.0.1
-        Port = 8443
-        TLScertFile = TEST_DIR/config/server.crt
-      }
-    ''}
-
-    Hostname = 127.0.0.1
-    WebsiteRoot = TEST_DIR/www
-    StartFile = index.html
-  '';
-
-  passAsFile = [ "serverConfig" ];
-}
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 847f9e18bef3..f149abc9f503 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -1155,6 +1155,7 @@ mapAliases {
   haven-cli = throw "'haven-cli' has been removed due to the official announcement of the project closure. Read more at https://havenprotocol.org/2024/12/12/project-closure-announcement"; # Added 2025-02-25
   hawknl = throw "'hawknl' has been removed as it was unmaintained and the upstream unavailable"; # Added 2025-05-07
   HentaiAtHome = hentai-at-home; # Added 2024-06-12
+  hiawatha = throw "hiawatha has been removed, since it is no longer actively supported upstream, nor well maintained in nixpkgs"; # Added 2025-09-10
   hiddify-app = throw "hiddify-app has been removed, since it is unmaintained"; # added 2025-08-20
   hll2390dw-cups = throw "The hll2390dw-cups package was dropped since it was unmaintained."; # Added 2024-06-21
   hoarder = throw "'hoarder' has been renamed to 'karakeep'"; # Added 2025-04-21