difftreelog
feat minimal rollback support
in: trunk
20 files changed
Cargo.lockdiffbeforeafterboth83 "i18n-embed",83 "i18n-embed",84 "i18n-embed-fl",84 "i18n-embed-fl",85 "lazy_static",85 "lazy_static",86 "nom",86 "nom 7.1.3",87 "num-traits",87 "num-traits",88 "pin-project",88 "pin-project",89 "rand",89 "rand 0.8.5",90 "rsa",90 "rsa",91 "rust-embed",91 "rust-embed",92 "scrypt",92 "scrypt",107 "cookie-factory",107 "cookie-factory",108 "hkdf",108 "hkdf",109 "io_tee",109 "io_tee",110 "nom",110 "nom 7.1.3",111 "rand",111 "rand 0.8.5",112 "secrecy",112 "secrecy",113 "sha2",113 "sha2",114]114]233dependencies = [233dependencies = [234 "proc-macro2",234 "proc-macro2",235 "quote",235 "quote",236 "syn 2.0.87",236 "syn",237]237]238238239[[package]]239[[package]]240name = "async-trait"240name = "async-trait"241version = "0.1.83"241version = "0.1.88"242source = "registry+https://github.com/rust-lang/crates.io-index"242source = "registry+https://github.com/rust-lang/crates.io-index"243checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"243checksum = "e539d3fca749fcee5236ab05e93a52867dd549cc157c8cb7f99595f3cedffdb5"244dependencies = [244dependencies = [245 "proc-macro2",245 "proc-macro2",246 "quote",246 "quote",247 "syn 2.0.87",247 "syn",248]248]249249250[[package]]250[[package]]395 "regex",395 "regex",396 "rustc-hash",396 "rustc-hash",397 "shlex",397 "shlex",398 "syn 2.0.87",398 "syn",399 "which",399 "which",400]400]401401402[[package]]402[[package]]403name = "bitflags"403name = "bitflags"404version = "2.6.0"404version = "2.9.1"405source = "registry+https://github.com/rust-lang/crates.io-index"405source = "registry+https://github.com/rust-lang/crates.io-index"406checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"406checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"407dependencies = [407dependencies = [408 "serde",408 "serde",409]409]493source = "registry+https://github.com/rust-lang/crates.io-index"493source = "registry+https://github.com/rust-lang/crates.io-index"494checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"494checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"495dependencies = [495dependencies = [496 "nom",496 "nom 7.1.3",497]497]498498499[[package]]499[[package]]534534535[[package]]535[[package]]536name = "chrono"536name = "chrono"537version = "0.4.38"537version = "0.4.41"538source = "registry+https://github.com/rust-lang/crates.io-index"538source = "registry+https://github.com/rust-lang/crates.io-index"539checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"539checksum = "c469d952047f47f91b68d1cba3f10d63c11d73e4636f24f08daf0278abf01c4d"540dependencies = [540dependencies = [541 "android-tzdata",541 "android-tzdata",542 "iana-time-zone",542 "iana-time-zone",543 "js-sys",543 "js-sys",544 "num-traits",544 "num-traits",545 "serde",545 "serde",546 "wasm-bindgen",546 "wasm-bindgen",547 "windows-targets",547 "windows-link",548]548]549549550[[package]]550[[package]]609source = "registry+https://github.com/rust-lang/crates.io-index"609source = "registry+https://github.com/rust-lang/crates.io-index"610checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab"610checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab"611dependencies = [611dependencies = [612 "heck 0.5.0",612 "heck",613 "proc-macro2",613 "proc-macro2",614 "quote",614 "quote",615 "syn 2.0.87",615 "syn",616]616]617617618[[package]]618[[package]]646source = "registry+https://github.com/rust-lang/crates.io-index"646source = "registry+https://github.com/rust-lang/crates.io-index"647checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"647checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"648649[[package]]650name = "convert_case"651version = "0.7.1"652source = "registry+https://github.com/rust-lang/crates.io-index"653checksum = "bb402b8d4c85569410425650ce3eddc7d698ed96d39a73f941b08fb63082f1e7"654dependencies = [655 "unicode-segmentation",656]648657649[[package]]658[[package]]650name = "cookie-factory"659name = "cookie-factory"684693685[[package]]694[[package]]686name = "crossterm"695name = "crossterm"687version = "0.28.1"696version = "0.29.0"688source = "registry+https://github.com/rust-lang/crates.io-index"697source = "registry+https://github.com/rust-lang/crates.io-index"689checksum = "829d955a0bb380ef178a640b91779e3987da38c9aea133b20614cfed8cdea9c6"698checksum = "d8b9f2e4c67f833b660cdb0a3523065869fb35570177239812ed4c905aeff87b"690dependencies = [699dependencies = [691 "bitflags",700 "bitflags",692 "crossterm_winapi",701 "crossterm_winapi",702 "derive_more",703 "document-features",693 "filedescriptor",704 "filedescriptor",694 "mio",705 "mio",695 "parking_lot",706 "parking_lot",696 "rustix",707 "rustix 1.0.7",697 "signal-hook",708 "signal-hook",698 "signal-hook-mio",709 "signal-hook-mio",699 "winapi",710 "winapi",715checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"726checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"716dependencies = [727dependencies = [717 "generic-array",728 "generic-array",718 "rand_core",729 "rand_core 0.6.4",719 "typenum",730 "typenum",720]731]721732752dependencies = [763dependencies = [753 "proc-macro2",764 "proc-macro2",754 "quote",765 "quote",755 "syn 2.0.87",766 "syn",756]767]757768758[[package]]769[[package]]781792782[[package]]793[[package]]783name = "deranged"794name = "deranged"784version = "0.3.11"795version = "0.4.0"785source = "registry+https://github.com/rust-lang/crates.io-index"796source = "registry+https://github.com/rust-lang/crates.io-index"786checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"797checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"787dependencies = [798dependencies = [788 "powerfmt",799 "powerfmt",789 "serde",800 "serde",790]801]802803[[package]]804name = "derive_more"805version = "2.0.1"806source = "registry+https://github.com/rust-lang/crates.io-index"807checksum = "093242cf7570c207c83073cf82f79706fe7b8317e98620a47d5be7c3d8497678"808dependencies = [809 "derive_more-impl",810]811812[[package]]813name = "derive_more-impl"814version = "2.0.1"815source = "registry+https://github.com/rust-lang/crates.io-index"816checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3"817dependencies = [818 "convert_case",819 "proc-macro2",820 "quote",821 "syn",822]791823792[[package]]824[[package]]793name = "digest"825name = "digest"809dependencies = [841dependencies = [810 "proc-macro2",842 "proc-macro2",811 "quote",843 "quote",812 "syn 2.0.87",844 "syn",813]845]846847[[package]]848name = "document-features"849version = "0.2.11"850source = "registry+https://github.com/rust-lang/crates.io-index"851checksum = "95249b50c6c185bee49034bcb378a49dc2b5dff0be90ff6616d31d64febab05d"852dependencies = [853 "litrs",854]814855815[[package]]856[[package]]816name = "ed25519"857name = "ed25519"830dependencies = [871dependencies = [831 "curve25519-dalek",872 "curve25519-dalek",832 "ed25519",873 "ed25519",833 "rand_core",834 "serde",874 "serde",835 "sha2",875 "sha2",836 "subtle",876 "subtle",857897858[[package]]898[[package]]859name = "errno"899name = "errno"860version = "0.3.9"900version = "0.3.12"861source = "registry+https://github.com/rust-lang/crates.io-index"901source = "registry+https://github.com/rust-lang/crates.io-index"862checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"902checksum = "cea14ef9355e3beab063703aa9dab15afd25f0667c341310c1e5274bb1d0da18"863dependencies = [903dependencies = [864 "libc",904 "libc",865 "windows-sys 0.52.0",905 "windows-sys 0.59.0",866]906]867907868[[package]]908[[package]]924 "hostname",964 "hostname",925 "human-repr",965 "human-repr",926 "indicatif",966 "indicatif",927 "itertools 0.13.0",967 "itertools 0.14.0",928 "nix-eval",968 "nix-eval",929 "nixlike",969 "nixlike",930 "nom",970 "nom 8.0.0",931 "openssh",971 "openssh",932 "owo-colors",972 "owo-colors",933 "peg",973 "peg",958 "futures",998 "futures",959 "hostname",999 "hostname",960 "indoc",1000 "indoc",961 "itertools 0.13.0",1001 "itertools 0.14.0",962 "nix-eval",1002 "nix-eval",963 "nixlike",1003 "nixlike",964 "nom",1004 "nom 8.0.0",965 "openssh",1005 "openssh",966 "rand",1006 "rand 0.9.1",967 "serde",1007 "serde",968 "serde_json",1008 "serde_json",1009 "tabled",969 "tempfile",1010 "tempfile",1011 "time",970 "tokio",1012 "tokio",971 "tokio-util",1013 "tokio-util",972 "tracing",1014 "tracing",983 "ed25519-dalek",1025 "ed25519-dalek",984 "fleet-shared",1026 "fleet-shared",985 "hex",1027 "hex",986 "rand",1028 "rand 0.9.1",987 "x25519-dalek",1029 "x25519-dalek",988]1030]98910311119dependencies = [1161dependencies = [1120 "proc-macro2",1162 "proc-macro2",1121 "quote",1163 "quote",1122 "syn 2.0.87",1164 "syn",1123]1165]112411661125[[package]]1167[[package]]1170dependencies = [1212dependencies = [1171 "cfg-if",1213 "cfg-if",1172 "libc",1214 "libc",1173 "wasi",1215 "wasi 0.11.0+wasi-snapshot-preview1",1174]1216]12171218[[package]]1219name = "getrandom"1220version = "0.3.3"1221source = "registry+https://github.com/rust-lang/crates.io-index"1222checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4"1223dependencies = [1224 "cfg-if",1225 "libc",1226 "r-efi",1227 "wasi 0.14.2+wasi-0.2.4",1228]117512291176[[package]]1230[[package]]1177name = "ghash"1231name = "ghash"1238source = "registry+https://github.com/rust-lang/crates.io-index"1292source = "registry+https://github.com/rust-lang/crates.io-index"1239checksum = "3a9bfc1af68b1726ea47d3d5109de126281def866b33970e10fbab11b5dafab3"1293checksum = "3a9bfc1af68b1726ea47d3d5109de126281def866b33970e10fbab11b5dafab3"12401241[[package]]1242name = "heck"1243version = "0.4.1"1244source = "registry+https://github.com/rust-lang/crates.io-index"1245checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"124612941247[[package]]1295[[package]]1248name = "heck"1296name = "heck"129713451298[[package]]1346[[package]]1299name = "hostname"1347name = "hostname"1300version = "0.4.0"1348version = "0.4.1"1301source = "registry+https://github.com/rust-lang/crates.io-index"1349source = "registry+https://github.com/rust-lang/crates.io-index"1302checksum = "f9c7c7c8ac16c798734b8a24560c1362120597c40d5e1459f09498f8f6c8f2ba"1350checksum = "a56f203cd1c76362b69e3863fd987520ac36cf70a8c92627449b2f64a8cf7d65"1303dependencies = [1351dependencies = [1304 "cfg-if",1352 "cfg-if",1305 "libc",1353 "libc",1306 "windows",1354 "windows-link",1307]1355]130813561309[[package]]1357[[package]]1463 "proc-macro2",1511 "proc-macro2",1464 "quote",1512 "quote",1465 "strsim",1513 "strsim",1466 "syn 2.0.87",1514 "syn",1467 "unic-langid",1515 "unic-langid",1468]1516]146915171477 "i18n-config",1525 "i18n-config",1478 "proc-macro2",1526 "proc-macro2",1479 "quote",1527 "quote",1480 "syn 2.0.87",1528 "syn",1481]1529]148215301483[[package]]1531[[package]]1619 "either",1667 "either",1620]1668]16691670[[package]]1671name = "itertools"1672version = "0.14.0"1673source = "registry+https://github.com/rust-lang/crates.io-index"1674checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285"1675dependencies = [1676 "either",1677]162116781622[[package]]1679[[package]]1623name = "itoa"1680name = "itoa"165117081652[[package]]1709[[package]]1653name = "libc"1710name = "libc"1654version = "0.2.164"1711version = "0.2.174"1655source = "registry+https://github.com/rust-lang/crates.io-index"1712source = "registry+https://github.com/rust-lang/crates.io-index"1656checksum = "433bfe06b8c75da9b2e3fbea6e5329ff87748f0b144ef75306e674c3f6f7c13f"1713checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"165717141658[[package]]1715[[package]]1659name = "libloading"1716name = "libloading"1693source = "registry+https://github.com/rust-lang/crates.io-index"1750source = "registry+https://github.com/rust-lang/crates.io-index"1694checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"1751checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"17521753[[package]]1754name = "linux-raw-sys"1755version = "0.9.4"1756source = "registry+https://github.com/rust-lang/crates.io-index"1757checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12"17581759[[package]]1760name = "litrs"1761version = "0.4.1"1762source = "registry+https://github.com/rust-lang/crates.io-index"1763checksum = "b4ce301924b7887e9d637144fdade93f9dfff9b60981d4ac161db09720d39aa5"169517641696[[package]]1765[[package]]1697name = "lock_api"1766name = "lock_api"1778 "hermit-abi 0.3.9",1847 "hermit-abi 0.3.9",1779 "libc",1848 "libc",1780 "log",1849 "log",1781 "wasi",1850 "wasi 0.11.0+wasi-snapshot-preview1",1782 "windows-sys 0.52.0",1851 "windows-sys 0.52.0",1783]1852]17841853179018591791[[package]]1860[[package]]1792name = "nix"1861name = "nix"1793version = "0.29.0"1862version = "0.30.1"1794source = "registry+https://github.com/rust-lang/crates.io-index"1863source = "registry+https://github.com/rust-lang/crates.io-index"1795checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46"1864checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6"1796dependencies = [1865dependencies = [1797 "bitflags",1866 "bitflags",1798 "cfg-if",1867 "cfg-if",1807 "anyhow",1876 "anyhow",1808 "better-command",1877 "better-command",1809 "futures",1878 "futures",1810 "itertools 0.13.0",1879 "itertools 0.14.0",1811 "nixlike",1880 "nixlike",1812 "r2d2",1881 "r2d2",1813 "regex",1882 "regex",1814 "serde",1883 "serde",1815 "serde_json",1884 "serde_json",1816 "thiserror 2.0.3",1885 "thiserror 2.0.12",1817 "tokio",1886 "tokio",1818 "tokio-util",1887 "tokio-util",1819 "tracing",1888 "tracing",1839 "serde",1908 "serde",1840 "serde-transcode",1909 "serde-transcode",1841 "serde_json",1910 "serde_json",1842 "thiserror 2.0.3",1911 "thiserror 2.0.12",1843]1912]184419131845[[package]]1914[[package]]1871 "minimal-lexical",1940 "minimal-lexical",1872]1941]19421943[[package]]1944name = "nom"1945version = "8.0.0"1946source = "registry+https://github.com/rust-lang/crates.io-index"1947checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405"1948dependencies = [1949 "memchr",1950]187319511874[[package]]1952[[package]]1875name = "nu-ansi-term"1953name = "nu-ansi-term"1893 "num-integer",1971 "num-integer",1894 "num-iter",1972 "num-iter",1895 "num-traits",1973 "num-traits",1896 "rand",1974 "rand 0.8.5",1897 "smallvec",1975 "smallvec",1898 "zeroize",1976 "zeroize",1899]1977]196320411964[[package]]2042[[package]]1965name = "openssh"2043name = "openssh"1966version = "0.11.3"2044version = "0.11.5"1967source = "registry+https://github.com/rust-lang/crates.io-index"2045source = "registry+https://github.com/rust-lang/crates.io-index"1968checksum = "b52987a10526b8daef7f1946b0aadfc214479f897ba624776327fd3beec2722c"2046checksum = "ea0bb128ba90e86bc55dae66031935f361cda4cbc1f011547c55a7d80079bc3e"1969dependencies = [2047dependencies = [1970 "libc",2048 "libc",1971 "once_cell",2049 "once_cell",1972 "shell-escape",2050 "shell-escape",1973 "tempfile",2051 "tempfile",1974 "thiserror 2.0.3",2052 "thiserror 2.0.12",1975 "tokio",2053 "tokio",1976]2054]19772055198320611984[[package]]2062[[package]]1985name = "owo-colors"2063name = "owo-colors"1986version = "4.1.0"2064version = "4.2.1"1987source = "registry+https://github.com/rust-lang/crates.io-index"2065source = "registry+https://github.com/rust-lang/crates.io-index"1988checksum = "fb37767f6569cd834a413442455e0f066d0d522de8630436e2a1761d9726ba56"2066checksum = "26995317201fa17f3656c36716aed4a7c81743a9634ac4c99c0eeda495db0cec"1989dependencies = [2067dependencies = [1990 "supports-color 2.1.0",2068 "supports-color 2.1.0",1991 "supports-color 3.0.1",2069 "supports-color 3.0.1",1992]2070]199320711994[[package]]2072[[package]]1995name = "papergrid"2073name = "papergrid"1996version = "0.12.0"2074version = "0.17.0"1997source = "registry+https://github.com/rust-lang/crates.io-index"2075source = "registry+https://github.com/rust-lang/crates.io-index"1998checksum = "c7419ad52a7de9b60d33e11085a0fe3df1fbd5926aa3f93d3dd53afbc9e86725"2076checksum = "6978128c8b51d8f4080631ceb2302ab51e32cc6e8615f735ee2f83fd269ae3f1"1999dependencies = [2077dependencies = [2000 "bytecount",2078 "bytecount",2001 "fnv",2079 "fnv",2002 "unicode-width 0.1.11",2080 "unicode-width 0.2.0",2003]2081]200420822005[[package]]2083[[package]]204321212044[[package]]2122[[package]]2045name = "peg"2123name = "peg"2046version = "0.8.4"2124version = "0.8.5"2047source = "registry+https://github.com/rust-lang/crates.io-index"2125source = "registry+https://github.com/rust-lang/crates.io-index"2048checksum = "295283b02df346d1ef66052a757869b2876ac29a6bb0ac3f5f7cd44aebe40e8f"2126checksum = "9928cfca101b36ec5163e70049ee5368a8a1c3c6efc9ca9c5f9cc2f816152477"2049dependencies = [2127dependencies = [2050 "peg-macros",2128 "peg-macros",2051 "peg-runtime",2129 "peg-runtime",2052]2130]205321312054[[package]]2132[[package]]2055name = "peg-macros"2133name = "peg-macros"2056version = "0.8.4"2134version = "0.8.5"2057source = "registry+https://github.com/rust-lang/crates.io-index"2135source = "registry+https://github.com/rust-lang/crates.io-index"2058checksum = "bdad6a1d9cf116a059582ce415d5f5566aabcd4008646779dab7fdc2a9a9d426"2136checksum = "6298ab04c202fa5b5d52ba03269fb7b74550b150323038878fe6c372d8280f71"2059dependencies = [2137dependencies = [2060 "peg-runtime",2138 "peg-runtime",2061 "proc-macro2",2139 "proc-macro2",206421422065[[package]]2143[[package]]2066name = "peg-runtime"2144name = "peg-runtime"2067version = "0.8.3"2145version = "0.8.5"2068source = "registry+https://github.com/rust-lang/crates.io-index"2146source = "registry+https://github.com/rust-lang/crates.io-index"2069checksum = "e3aeb8f54c078314c2065ee649a7241f46b9d8e418e1a9581ba0546657d7aa3a"2147checksum = "132dca9b868d927b35b5dd728167b2dee150eb1ad686008fc71ccb298b776fca"207021482071[[package]]2149[[package]]2072name = "pem"2150name = "pem"2111dependencies = [2189dependencies = [2112 "proc-macro2",2190 "proc-macro2",2113 "quote",2191 "quote",2114 "syn 2.0.87",2192 "syn",2115]2193]211621942117[[package]]2195[[package]]2204checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"2282checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"2205dependencies = [2283dependencies = [2206 "proc-macro2",2284 "proc-macro2",2207 "syn 2.0.87",2285 "syn",2208]2286]22092210[[package]]2211name = "proc-macro-error"2212version = "1.0.4"2213source = "registry+https://github.com/rust-lang/crates.io-index"2214checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"2215dependencies = [2216 "proc-macro-error-attr",2217 "proc-macro2",2218 "quote",2219 "syn 1.0.109",2220 "version_check",2221]22222223[[package]]2224name = "proc-macro-error-attr"2225version = "1.0.4"2226source = "registry+https://github.com/rust-lang/crates.io-index"2227checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"2228dependencies = [2229 "proc-macro2",2230 "quote",2231 "version_check",2232]223322872234[[package]]2288[[package]]2235name = "proc-macro-error-attr2"2289name = "proc-macro-error-attr2"2250 "proc-macro-error-attr2",2304 "proc-macro-error-attr2",2251 "proc-macro2",2305 "proc-macro2",2252 "quote",2306 "quote",2253 "syn 2.0.87",2307 "syn",2254]2308]225523092256[[package]]2310[[package]]2279checksum = "0c1318b19085f08681016926435853bbf7858f9c082d0999b80550ff5d9abe15"2333checksum = "0c1318b19085f08681016926435853bbf7858f9c082d0999b80550ff5d9abe15"2280dependencies = [2334dependencies = [2281 "bytes",2335 "bytes",2282 "heck 0.5.0",2336 "heck",2283 "itertools 0.13.0",2337 "itertools 0.13.0",2284 "log",2338 "log",2285 "multimap",2339 "multimap",2289 "prost",2343 "prost",2290 "prost-types",2344 "prost-types",2291 "regex",2345 "regex",2292 "syn 2.0.87",2346 "syn",2293 "tempfile",2347 "tempfile",2294]2348]229523492303 "itertools 0.13.0",2357 "itertools 0.13.0",2304 "proc-macro2",2358 "proc-macro2",2305 "quote",2359 "quote",2306 "syn 2.0.87",2360 "syn",2307]2361]230823622309[[package]]2363[[package]]2324 "proc-macro2",2378 "proc-macro2",2325]2379]23802381[[package]]2382name = "r-efi"2383version = "5.3.0"2384source = "registry+https://github.com/rust-lang/crates.io-index"2385checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"232623862327[[package]]2387[[package]]2328name = "r2d2"2388name = "r2d2"2342checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"2402checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"2343dependencies = [2403dependencies = [2344 "libc",2404 "libc",2345 "rand_chacha",2405 "rand_chacha 0.3.1",2346 "rand_core",2406 "rand_core 0.6.4",2347]2407]24082409[[package]]2410name = "rand"2411version = "0.9.1"2412source = "registry+https://github.com/rust-lang/crates.io-index"2413checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"2414dependencies = [2415 "rand_chacha 0.9.0",2416 "rand_core 0.9.3",2417]234824182349[[package]]2419[[package]]2350name = "rand_chacha"2420name = "rand_chacha"2353checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"2423checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"2354dependencies = [2424dependencies = [2355 "ppv-lite86",2425 "ppv-lite86",2356 "rand_core",2426 "rand_core 0.6.4",2357]2427]24282429[[package]]2430name = "rand_chacha"2431version = "0.9.0"2432source = "registry+https://github.com/rust-lang/crates.io-index"2433checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"2434dependencies = [2435 "ppv-lite86",2436 "rand_core 0.9.3",2437]235824382359[[package]]2439[[package]]2360name = "rand_core"2440name = "rand_core"2361version = "0.6.4"2441version = "0.6.4"2362source = "registry+https://github.com/rust-lang/crates.io-index"2442source = "registry+https://github.com/rust-lang/crates.io-index"2363checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"2443checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"2364dependencies = [2444dependencies = [2365 "getrandom",2445 "getrandom 0.2.15",2366]2446]24472448[[package]]2449name = "rand_core"2450version = "0.9.3"2451source = "registry+https://github.com/rust-lang/crates.io-index"2452checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"2453dependencies = [2454 "getrandom 0.3.3",2455]236724562368[[package]]2457[[package]]2369name = "rcgen"2458name = "rcgen"2439dependencies = [2528dependencies = [2440 "cc",2529 "cc",2441 "cfg-if",2530 "cfg-if",2442 "getrandom",2531 "getrandom 0.2.15",2443 "libc",2532 "libc",2444 "spin",2533 "spin",2445 "untrusted",2534 "untrusted",248125702482[[package]]2571[[package]]2483name = "ron"2572name = "ron"2484version = "0.8.1"2573version = "0.10.1"2485source = "registry+https://github.com/rust-lang/crates.io-index"2574source = "registry+https://github.com/rust-lang/crates.io-index"2486checksum = "b91f7eff05f748767f183df4320a63d6936e9c6107d97c9e6bdd9784f4289c94"2575checksum = "beceb6f7bf81c73e73aeef6dd1356d9a1b2b4909e1f0fc3e59b034f9572d7b7f"2487dependencies = [2576dependencies = [2488 "base64 0.21.7",2577 "base64 0.22.1",2489 "bitflags",2578 "bitflags",2490 "serde",2579 "serde",2491 "serde_derive",2580 "serde_derive",2581 "unicode-ident",2492]2582]249325832494[[package]]2584[[package]]2517 "num-traits",2607 "num-traits",2518 "pkcs1",2608 "pkcs1",2519 "pkcs8",2609 "pkcs8",2520 "rand_core",2610 "rand_core 0.6.4",2521 "signature",2611 "signature",2522 "spki",2612 "spki",2523 "subtle",2613 "subtle",2544 "proc-macro2",2634 "proc-macro2",2545 "quote",2635 "quote",2546 "rust-embed-utils",2636 "rust-embed-utils",2547 "syn 2.0.87",2637 "syn",2548 "walkdir",2638 "walkdir",2549]2639]255026402588 "bitflags",2678 "bitflags",2589 "errno",2679 "errno",2590 "libc",2680 "libc",2591 "linux-raw-sys",2681 "linux-raw-sys 0.4.14",2592 "windows-sys 0.52.0",2682 "windows-sys 0.52.0",2593]2683]26842685[[package]]2686name = "rustix"2687version = "1.0.7"2688source = "registry+https://github.com/rust-lang/crates.io-index"2689checksum = "c71e83d6afe7ff64890ec6b71d6a69bb8a610ab78ce364b3352876bb4c801266"2690dependencies = [2691 "bitflags",2692 "errno",2693 "libc",2694 "linux-raw-sys 0.9.4",2695 "windows-sys 0.59.0",2696]259426972595[[package]]2698[[package]]2596name = "rustls"2699name = "rustls"272128242722[[package]]2825[[package]]2723name = "serde"2826name = "serde"2724version = "1.0.215"2827version = "1.0.219"2725source = "registry+https://github.com/rust-lang/crates.io-index"2828source = "registry+https://github.com/rust-lang/crates.io-index"2726checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"2829checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"2727dependencies = [2830dependencies = [2728 "serde_derive",2831 "serde_derive",2729]2832]274828512749[[package]]2852[[package]]2750name = "serde_derive"2853name = "serde_derive"2751version = "1.0.215"2854version = "1.0.219"2752source = "registry+https://github.com/rust-lang/crates.io-index"2855source = "registry+https://github.com/rust-lang/crates.io-index"2753checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"2856checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"2754dependencies = [2857dependencies = [2755 "proc-macro2",2858 "proc-macro2",2756 "quote",2859 "quote",2757 "syn 2.0.87",2860 "syn",2758]2861]275928622760[[package]]2863[[package]]2761name = "serde_json"2864name = "serde_json"2762version = "1.0.133"2865version = "1.0.140"2763source = "registry+https://github.com/rust-lang/crates.io-index"2866source = "registry+https://github.com/rust-lang/crates.io-index"2764checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"2867checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"2765dependencies = [2868dependencies = [2766 "itoa",2869 "itoa",2767 "memchr",2870 "memchr",2838checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"2941checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"2839dependencies = [2942dependencies = [2840 "digest",2943 "digest",2841 "rand_core",2944 "rand_core 0.6.4",2842]2945]284329462844[[package]]2947[[package]]2922 "is_ci",3025 "is_ci",2923]3026]29242925[[package]]2926name = "syn"2927version = "1.0.109"2928source = "registry+https://github.com/rust-lang/crates.io-index"2929checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"2930dependencies = [2931 "proc-macro2",2932 "quote",2933 "unicode-ident",2934]293530272936[[package]]3028[[package]]2937name = "syn"3029name = "syn"295830502959[[package]]3051[[package]]2960name = "tabled"3052name = "tabled"2961version = "0.16.0"3053version = "0.20.0"2962source = "registry+https://github.com/rust-lang/crates.io-index"3054source = "registry+https://github.com/rust-lang/crates.io-index"2963checksum = "77c9303ee60b9bedf722012ea29ae3711ba13a67c9b9ae28993838b63057cb1b"3055checksum = "e39a2ee1fbcd360805a771e1b300f78cc88fec7b8d3e2f71cd37bbf23e725c7d"2964dependencies = [3056dependencies = [2965 "papergrid",3057 "papergrid",2966 "tabled_derive",3058 "tabled_derive",3059 "testing_table",2967]3060]296830612969[[package]]3062[[package]]2970name = "tabled_derive"3063name = "tabled_derive"2971version = "0.8.0"3064version = "0.11.0"2972source = "registry+https://github.com/rust-lang/crates.io-index"3065source = "registry+https://github.com/rust-lang/crates.io-index"2973checksum = "bf0fb8bfdc709786c154e24a66777493fb63ae97e3036d914c8666774c477069"3066checksum = "0ea5d1b13ca6cff1f9231ffd62f15eefd72543dab5e468735f1a456728a02846"2974dependencies = [3067dependencies = [2975 "heck 0.4.1",3068 "heck",2976 "proc-macro-error",3069 "proc-macro-error2",2977 "proc-macro2",3070 "proc-macro2",2978 "quote",3071 "quote",2979 "syn 1.0.109",3072 "syn",2980]3073]298130742982[[package]]3075[[package]]2983name = "tempfile"3076name = "tempfile"2984version = "3.14.0"3077version = "3.20.0"2985source = "registry+https://github.com/rust-lang/crates.io-index"3078source = "registry+https://github.com/rust-lang/crates.io-index"2986checksum = "28cce251fcbc87fac86a866eeb0d6c2d536fc16d06f184bb61aeae11aa4cee0c"3079checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1"2987dependencies = [3080dependencies = [2988 "cfg-if",2989 "fastrand",3081 "fastrand",3082 "getrandom 0.3.3",2990 "once_cell",3083 "once_cell",2991 "rustix",3084 "rustix 1.0.7",2992 "windows-sys 0.59.0",3085 "windows-sys 0.59.0",2993]3086]299430872998source = "registry+https://github.com/rust-lang/crates.io-index"3091source = "registry+https://github.com/rust-lang/crates.io-index"2999checksum = "4f599bd7ca042cfdf8f4512b277c02ba102247820f9d9d4a9f521f496751a6ef"3092checksum = "4f599bd7ca042cfdf8f4512b277c02ba102247820f9d9d4a9f521f496751a6ef"3000dependencies = [3093dependencies = [3001 "rustix",3094 "rustix 0.38.40",3002 "windows-sys 0.59.0",3095 "windows-sys 0.59.0",3003]3096]300430973013 "tokio",3106 "tokio",3014]3107]31083109[[package]]3110name = "testing_table"3111version = "0.3.0"3112source = "registry+https://github.com/rust-lang/crates.io-index"3113checksum = "0f8daae29995a24f65619e19d8d31dea5b389f3d853d8bf297bbf607cd0014cc"3114dependencies = [3115 "unicode-width 0.2.0",3116]301531173016[[package]]3118[[package]]3017name = "text-size"3119name = "text-size"305831603059[[package]]3161[[package]]3060name = "thiserror"3162name = "thiserror"3061version = "2.0.3"3163version = "2.0.12"3062source = "registry+https://github.com/rust-lang/crates.io-index"3164source = "registry+https://github.com/rust-lang/crates.io-index"3063checksum = "c006c85c7651b3cf2ada4584faa36773bd07bac24acfb39f3c431b36d7e667aa"3165checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"3064dependencies = [3166dependencies = [3065 "thiserror-impl 2.0.3",3167 "thiserror-impl 2.0.12",3066]3168]306731693068[[package]]3170[[package]]3073dependencies = [3175dependencies = [3074 "proc-macro2",3176 "proc-macro2",3075 "quote",3177 "quote",3076 "syn 2.0.87",3178 "syn",3077]3179]307831803079[[package]]3181[[package]]3080name = "thiserror-impl"3182name = "thiserror-impl"3081version = "2.0.3"3183version = "2.0.12"3082source = "registry+https://github.com/rust-lang/crates.io-index"3184source = "registry+https://github.com/rust-lang/crates.io-index"3083checksum = "f077553d607adc1caf65430528a576c757a71ed73944b66ebb58ef2bbd243568"3185checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"3084dependencies = [3186dependencies = [3085 "proc-macro2",3187 "proc-macro2",3086 "quote",3188 "quote",3087 "syn 2.0.87",3189 "syn",3088]3190]308931913090[[package]]3192[[package]]309932013100[[package]]3202[[package]]3101name = "time"3203name = "time"3102version = "0.3.36"3204version = "0.3.41"3103source = "registry+https://github.com/rust-lang/crates.io-index"3205source = "registry+https://github.com/rust-lang/crates.io-index"3104checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"3206checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"3105dependencies = [3207dependencies = [3106 "deranged",3208 "deranged",3107 "num-conv",3209 "num-conv",311332153114[[package]]3216[[package]]3115name = "time-core"3217name = "time-core"3116version = "0.1.2"3218version = "0.1.4"3117source = "registry+https://github.com/rust-lang/crates.io-index"3219source = "registry+https://github.com/rust-lang/crates.io-index"3118checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"3220checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"311932213120[[package]]3222[[package]]3121name = "time-macros"3223name = "time-macros"3122version = "0.2.18"3224version = "0.2.22"3123source = "registry+https://github.com/rust-lang/crates.io-index"3225source = "registry+https://github.com/rust-lang/crates.io-index"3124checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"3226checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"3125dependencies = [3227dependencies = [3126 "num-conv",3228 "num-conv",3127 "time-core",3229 "time-core",313832403139[[package]]3241[[package]]3140name = "tokio"3242name = "tokio"3141version = "1.41.1"3243version = "1.45.1"3142source = "registry+https://github.com/rust-lang/crates.io-index"3244source = "registry+https://github.com/rust-lang/crates.io-index"3143checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33"3245checksum = "75ef51a33ef1da925cea3e4eb122833cb377c61439ca401b770f54902b806779"3144dependencies = [3246dependencies = [3145 "backtrace",3247 "backtrace",3146 "bytes",3248 "bytes",315532573156[[package]]3258[[package]]3157name = "tokio-macros"3259name = "tokio-macros"3158version = "2.4.0"3260version = "2.5.0"3159source = "registry+https://github.com/rust-lang/crates.io-index"3261source = "registry+https://github.com/rust-lang/crates.io-index"3160checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"3262checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"3161dependencies = [3263dependencies = [3162 "proc-macro2",3264 "proc-macro2",3163 "quote",3265 "quote",3164 "syn 2.0.87",3266 "syn",3165]3267]316632683167[[package]]3269[[package]]318932913190[[package]]3292[[package]]3191name = "tokio-util"3293name = "tokio-util"3192version = "0.7.12"3294version = "0.7.15"3193source = "registry+https://github.com/rust-lang/crates.io-index"3295source = "registry+https://github.com/rust-lang/crates.io-index"3194checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a"3296checksum = "66a539a9ad6d5d281510d5bd368c973d636c02dbf8a67300bfb6b950696ad7df"3195dependencies = [3297dependencies = [3196 "bytes",3298 "bytes",3197 "futures-core",3299 "futures-core",3252 "prost-build",3354 "prost-build",3253 "prost-types",3355 "prost-types",3254 "quote",3356 "quote",3255 "syn 2.0.87",3357 "syn",3256]3358]325733593258[[package]]3360[[package]]3266 "indexmap 1.9.3",3368 "indexmap 1.9.3",3267 "pin-project",3369 "pin-project",3268 "pin-project-lite",3370 "pin-project-lite",3269 "rand",3371 "rand 0.8.5",3270 "slab",3372 "slab",3271 "tokio",3373 "tokio",3272 "tokio-util",3374 "tokio-util",3337dependencies = [3439dependencies = [3338 "proc-macro2",3440 "proc-macro2",3339 "quote",3441 "quote",3340 "syn 2.0.87",3442 "syn",3341]3443]334234443343[[package]]3445[[package]]3456source = "registry+https://github.com/rust-lang/crates.io-index"3558source = "registry+https://github.com/rust-lang/crates.io-index"3457checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"3559checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"35603561[[package]]3562name = "unicode-segmentation"3563version = "1.12.0"3564source = "registry+https://github.com/rust-lang/crates.io-index"3565checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493"345835663459[[package]]3567[[package]]3460name = "unicode-width"3568name = "unicode-width"347635843477[[package]]3585[[package]]3478name = "unindent"3586name = "unindent"3479version = "0.2.3"3587version = "0.2.4"3480source = "registry+https://github.com/rust-lang/crates.io-index"3588source = "registry+https://github.com/rust-lang/crates.io-index"3481checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce"3589checksum = "7264e107f553ccae879d21fbea1d6724ac785e8c3bfc762137959b5802826ef3"348235903483[[package]]3591[[package]]3484name = "universal-hash"3592name = "universal-hash"3572source = "registry+https://github.com/rust-lang/crates.io-index"3680source = "registry+https://github.com/rust-lang/crates.io-index"3573checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"3681checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"36823683[[package]]3684name = "wasi"3685version = "0.14.2+wasi-0.2.4"3686source = "registry+https://github.com/rust-lang/crates.io-index"3687checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"3688dependencies = [3689 "wit-bindgen-rt",3690]357436913575[[package]]3692[[package]]3576name = "wasm-bindgen"3693name = "wasm-bindgen"3594 "once_cell",3711 "once_cell",3595 "proc-macro2",3712 "proc-macro2",3596 "quote",3713 "quote",3597 "syn 2.0.87",3714 "syn",3598 "wasm-bindgen-shared",3715 "wasm-bindgen-shared",3599]3716]360037173616dependencies = [3733dependencies = [3617 "proc-macro2",3734 "proc-macro2",3618 "quote",3735 "quote",3619 "syn 2.0.87",3736 "syn",3620 "wasm-bindgen-backend",3737 "wasm-bindgen-backend",3621 "wasm-bindgen-shared",3738 "wasm-bindgen-shared",3622]3739]3646 "either",3763 "either",3647 "home",3764 "home",3648 "once_cell",3765 "once_cell",3649 "rustix",3766 "rustix 0.38.40",3650]3767]365137683652[[package]]3769[[package]]3680source = "registry+https://github.com/rust-lang/crates.io-index"3797source = "registry+https://github.com/rust-lang/crates.io-index"3681checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"3798checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"36823683[[package]]3684name = "windows"3685version = "0.52.0"3686source = "registry+https://github.com/rust-lang/crates.io-index"3687checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be"3688dependencies = [3689 "windows-core",3690 "windows-targets",3691]369237993693[[package]]3800[[package]]3694name = "windows-core"3801name = "windows-core"3699 "windows-targets",3806 "windows-targets",3700]3807]38083809[[package]]3810name = "windows-link"3811version = "0.1.3"3812source = "registry+https://github.com/rust-lang/crates.io-index"3813checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"370138143702[[package]]3815[[package]]3703name = "windows-sys"3816name = "windows-sys"3781source = "registry+https://github.com/rust-lang/crates.io-index"3894source = "registry+https://github.com/rust-lang/crates.io-index"3782checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"3895checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"38963897[[package]]3898name = "wit-bindgen-rt"3899version = "0.39.0"3900source = "registry+https://github.com/rust-lang/crates.io-index"3901checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"3902dependencies = [3903 "bitflags",3904]378339053784[[package]]3906[[package]]3785name = "x25519-dalek"3907name = "x25519-dalek"3788checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"3910checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"3789dependencies = [3911dependencies = [3790 "curve25519-dalek",3912 "curve25519-dalek",3791 "rand_core",3913 "rand_core 0.6.4",3792 "serde",3914 "serde",3793 "zeroize",3915 "zeroize",3794]3916]380439263805[[package]]3927[[package]]3806name = "z85"3928name = "z85"3807version = "3.0.5"3929version = "3.0.6"3808source = "registry+https://github.com/rust-lang/crates.io-index"3930source = "registry+https://github.com/rust-lang/crates.io-index"3809checksum = "2a599daf1b507819c1121f0bf87fa37eb19daac6aff3aefefd4e6e2e0f2020fc"3931checksum = "9b3a41ce106832b4da1c065baa4c31cf640cf965fa1483816402b7f6b96f0a64"381039323811[[package]]3933[[package]]3812name = "zerocopy"3934name = "zerocopy"3826dependencies = [3948dependencies = [3827 "proc-macro2",3949 "proc-macro2",3828 "quote",3950 "quote",3829 "syn 2.0.87",3951 "syn",3830]3952]383139533832[[package]]3954[[package]]3846dependencies = [3968dependencies = [3847 "proc-macro2",3969 "proc-macro2",3848 "quote",3970 "quote",3849 "syn 2.0.87",3971 "syn",3850]3972]38513973Cargo.tomldiffbeforeafterboth--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,12 +15,12 @@
anyhow = "1.0"
clap = { version = "4.5", features = ["derive", "env", "unicode", "wrap_help"] }
clap_complete = "4.5"
-nix = { version = "0.29.0", features = ["fs", "user"] }
+nix = { version = "0.30.1", features = ["fs", "user"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
-tempfile = "3.10"
-thiserror = "2.0.3"
-tokio = { version = "1.36.0", features = ["fs", "macros", "rt", "rt-multi-thread", "sync", "time"] }
-tokio-util = { version = "0.7.11", features = ["codec"] }
+tempfile = "3.20"
+thiserror = "2.0.12"
+tokio = { version = "1.45.1", features = ["fs", "macros", "rt", "rt-multi-thread", "sync", "time"] }
+tokio-util = { version = "0.7.15", features = ["codec"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
cmds/fleet/Cargo.tomldiffbeforeafterboth--- a/cmds/fleet/Cargo.toml
+++ b/cmds/fleet/Cargo.toml
@@ -5,6 +5,7 @@
authors = ["Yaroslav Bolyukin <iam@lach.pw>"]
edition.workspace = true
rust-version.workspace = true
+default-run = "fleet"
[dependencies]
age = { workspace = true, features = ["armor"] }
@@ -27,23 +28,23 @@
async-trait = "0.1"
base64 = "0.22.1"
chrono = { version = "0.4", features = ["serde"] }
-crossterm = { version = "0.28.0", features = ["use-dev-tty"] }
+crossterm = { version = "0.29.0", features = ["use-dev-tty"] }
futures = "0.3"
-hostname = "0.4.0"
-itertools = "0.13"
+hostname = "0.4.1"
+itertools = "0.14"
openssh = "0.11"
-owo-colors = { version = "4.0", features = ["supports-color", "supports-colors"] }
+owo-colors = { version = "4.2", features = ["supports-color", "supports-colors"] }
peg = "0.8"
-regex = "1.10"
+regex = "1.11"
shlex = "1.3"
-tabled = { version = "0.16" }
+tabled = { version = "0.20" }
time = { version = "0.3", features = ["serde"] }
tokio-util = { version = "0.7", features = ["codec"] }
fleet-base = { version = "0.1.0", path = "../../crates/fleet-base" }
human-repr = { version = "1.1", optional = true }
indicatif = { version = "0.17", optional = true }
-nom = "7.1.3"
+nom = "8.0.0"
tracing-indicatif = { version = "0.3", optional = true }
[features]
cmds/fleet/src/cmds/build_systems.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/build_systems.rs
+++ b/cmds/fleet/src/cmds/build_systems.rs
@@ -1,14 +1,14 @@
-use std::{env::current_dir, os::unix::fs::symlink, path::PathBuf, time::Duration};
+use std::{env::current_dir, os::unix::fs::symlink, path::PathBuf};
-use anyhow::{anyhow, bail, Context, Result};
-use clap::{Parser, ValueEnum};
+use anyhow::{anyhow, Result};
+use clap::Parser;
use fleet_base::{
- host::{Config, ConfigHost, DeployKind},
+ deploy::{deploy_task, upload_task, DeployAction},
+ host::{Config, DeployKind, GenerationStorage},
opts::FleetOpts,
};
-use itertools::Itertools as _;
use nix_eval::{nix_go, NixBuildBatch};
-use tokio::{task::LocalSet, time::sleep};
+use tokio::task::LocalSet;
use tracing::{error, field, info, info_span, warn, Instrument};
#[derive(Parser)]
@@ -18,300 +18,16 @@
disable_rollback: bool,
/// Action to execute after system is built
action: DeployAction,
-}
-
-#[derive(ValueEnum, Clone, Copy)]
-enum DeployAction {
- /// Upload derivation, but do not execute the update.
- Upload,
- /// Upload and execute the activation script, old version will be used after reboot.
- Test,
- /// Upload and set as current system profile, but do not execute activation script.
- Boot,
- /// Upload, set current profile, and execute activation script.
- Switch,
}
-impl DeployAction {
- pub(crate) fn name(&self) -> Option<&'static str> {
- match self {
- Self::Upload => None,
- Self::Test => Some("test"),
- Self::Boot => Some("boot"),
- Self::Switch => Some("switch"),
- }
- }
- pub(crate) fn should_switch_profile(&self) -> bool {
- matches!(self, Self::Switch | Self::Boot)
- }
- pub(crate) fn should_activate(&self) -> bool {
- matches!(self, Self::Switch | Self::Test | Self::Boot)
- }
- pub(crate) fn should_create_rollback_marker(&self) -> bool {
- // Upload does nothing on the target machine, other than uploading the closure.
- // In boot case we want to have rollback marker prepared, so that the system may rollback itself on the next boot.
- !matches!(self, Self::Upload)
- }
- pub(crate) fn should_schedule_rollback_run(&self) -> bool {
- matches!(self, Self::Switch | Self::Test)
- }
-}
-
#[derive(Parser, Clone)]
pub struct BuildSystems {
/// Attribute to build. Systems are deployed from "toplevel" attr, well-known used attributes
/// are "sdImage"/"isoImage", and your configuration may include any other build attributes.
#[clap(long, default_value = "toplevel")]
build_attr: String,
-}
-
-struct Generation {
- id: u32,
- current: bool,
- datetime: String,
-}
-
-fn parse_generation_line(g: &str) -> Option<Generation> {
- let mut parts = g.split_whitespace();
- let id = parts.next()?;
- let id: u32 = id.parse().ok()?;
- let date = parts.next()?;
- let time = parts.next()?;
- let current = if let Some(current) = parts.next() {
- if current == "(current)" {
- Some(true)
- } else {
- None
- }
- } else {
- Some(false)
- };
- let current = current?;
- if parts.next().is_some() {
- warn!("unexpected text after generation: {g}");
- }
- Some(Generation {
- id,
- current,
- datetime: format!("{date} {time}"),
- })
-}
-
-async fn get_current_generation(host: &ConfigHost) -> Result<Generation> {
- let mut cmd = host.cmd("nix-env").await?;
- cmd.comparg("--profile", "/nix/var/nix/profiles/system")
- .arg("--list-generations");
- // Sudo is required due to --list-generations acquiring lock on the profile.
- let data = cmd.sudo().run_string().await?;
- let generations = data
- .split('\n')
- .map(|e| e.trim())
- .filter(|&l| !l.is_empty())
- .filter_map(|g| {
- let gen = parse_generation_line(g);
- if gen.is_none() {
- warn!("bad generation: {g}");
- }
- gen
- })
- .collect::<Vec<_>>();
- let current = generations
- .into_iter()
- .filter(|g| g.current)
- .at_most_one()
- .map_err(|_e| anyhow!("bad list-generations output"))?
- .ok_or_else(|| anyhow!("failed to find generation"))?;
- Ok(current)
}
-
-async fn deploy_task(
- action: DeployAction,
- host: &ConfigHost,
- built: PathBuf,
- specialisation: Option<String>,
- disable_rollback: bool,
-) -> Result<()> {
- let deploy_kind = host.deploy_kind().await?;
- if (deploy_kind == DeployKind::NixosInstall || deploy_kind == DeployKind::NixosLustrate)
- && !matches!(action, DeployAction::Boot | DeployAction::Upload)
- {
- bail!("{deploy_kind:?} deploy kind only supports boot and upload actions");
- }
-
- let mut failed = false;
- // TODO: Lockfile, to prevent concurrent system switch?
- // TODO: If rollback target exists - bail, it should be removed. Lockfile will not work in case if rollback
- // is scheduler on next boot (default behavior). On current boot - rollback activator will fail due to
- // unit name conflict in systemd-run
- // This code is tied to rollback.nix
- if !disable_rollback && action.should_create_rollback_marker() {
- let _span = info_span!("preparing").entered();
- info!("preparing for rollback");
- let generation = get_current_generation(host).await?;
- info!(
- "rollback target would be {} {}",
- generation.id, generation.datetime
- );
- {
- let mut cmd = host.cmd("sh").await?;
- cmd.arg("-c").arg(format!("mark=$(mktemp -p /etc -t fleet_rollback_marker.XXXXX) && echo -n {} > $mark && mv --no-clobber $mark /etc/fleet_rollback_marker", generation.id));
- if let Err(e) = cmd.sudo().run().await {
- error!("failed to set rollback marker: {e}");
- failed = true;
- }
- }
- // Activation script also starts rollback-watchdog.timer, however, it is possible that it won't be started.
- // Kicking it on manually will work best.
- //
- // There wouldn't be conflict, because here we trigger start of the primary service, and systemd will
- // only allow one instance of it.
-
- // TODO: We should also watch how this process is going.
- // After running this command, we have less than 3 minutes to deploy everything,
- // if we fail to perform generation switch in time, then we will still call the activation script, and this may break something.
- // Anyway, reboot will still help in this case.
- if action.should_schedule_rollback_run() {
- let mut cmd = host.cmd("systemd-run").await?;
- cmd.comparg("--on-active", "3min")
- .comparg("--unit", "rollback-watchdog-run")
- .arg("systemctl")
- .arg("start")
- .arg("rollback-watchdog.service");
- if let Err(e) = cmd.sudo().run().await {
- error!("failed to schedule rollback run: {e}");
- failed = true;
- }
- }
- }
- if deploy_kind == DeployKind::NixosLustrate {
- // Fleet could also create this file, but as this operation is potentially disruptive,
- // make user do it themself.
- if !host.file_exists("/etc/NIXOS_LUSTRATE").await? {
- bail!("/etc/NIXOS_LUSTRATE should be created on remote host");
- }
- // Wanted by NixOS to recognize the system as NixOS.
- let mut cmd = host.cmd("touch").await?;
- cmd.arg("/etc/NIXOS");
- cmd.sudo().run().await.context("creating /etc/NIXOS")?;
- }
- if deploy_kind == DeployKind::NixosInstall {
- info!(
- "running nixos-install to switch profile, install bootloader, and perform activation"
- );
- let mut cmd = host.cmd("nixos-install").await?;
- cmd.arg("--system").arg(&built).args([
- // Channels here aren't fleet host system channels, but channels embedded in installation cd, which might be old.
- // It is possible to copy host channels, but I would prefer non-flake nix just to be unsupported.
- "--no-channel-copy",
- "--root",
- "/mnt",
- ]);
- if let Err(e) = cmd.sudo().run().await {
- error!("failed to execute nixos-install: {e}");
- failed = true;
- }
- } else {
- if action.should_switch_profile() && !failed {
- info!("switching system profile generation");
-
- // To avoid even more problems, using nixos-install for now.
- // // nix build is unable to work with --store argument for some reason, and nix until 2.26 didn't support copy with --profile argument,
- // // falling back to using nix-env command
- // // After stable NixOS starts using 2.26 - use `nix --store /mnt copy --from /mnt --profile ...` here, and instead of nix build below.
- // let mut cmd = host.cmd("nix-env").await?;
- // cmd.args([
- // "--store",
- // "/mnt",
- // "--profile",
- // "/mnt/nix/var/nix/profiles/system",
- // "--set",
- // ])
- // .arg(&built);
- // if let Err(e) = cmd.sudo().run_nix().await {
- // error!("failed to switch system profile generation: {e}");
- // failed = true;
- // }
- // It would also be possible to update profile atomically during copy:
- // https://github.com/NixOS/nix/pull/11657
- let mut cmd = host.nix_cmd().await?;
- cmd.arg("build");
- cmd.comparg("--profile", "/nix/var/nix/profiles/system");
- cmd.arg(&built);
- if let Err(e) = cmd.sudo().run_nix().await {
- error!("failed to switch system profile generation: {e}");
- failed = true;
- }
- }
-
- // FIXME: Connection might be disconnected after activation run
-
- if action.should_activate() && !failed {
- let _span = info_span!("activating").entered();
- info!("executing activation script");
- let specialised = if let Some(specialisation) = specialisation {
- let mut specialised = built.join("specialisation");
- specialised.push(specialisation);
- specialised
- } else {
- built.clone()
- };
- let switch_script = specialised.join("bin/switch-to-configuration");
- let mut cmd = host.cmd(switch_script).in_current_span().await?;
- if deploy_kind == DeployKind::NixosLustrate {
- cmd.env("NIXOS_INSTALL_BOOTLOADER", "1");
- }
- cmd.env("FLEET_ONLINE_ACTIVATION", "1")
- .arg(action.name().expect("upload.should_activate == false"));
- if let Err(e) = cmd.sudo().run().in_current_span().await {
- error!("failed to activate: {e}");
- failed = true;
- }
- }
- }
- if action.should_create_rollback_marker() {
- if !disable_rollback {
- if failed {
- if action.should_schedule_rollback_run() {
- info!("executing rollback");
- if let Err(e) = host
- .systemctl_start("rollback-watchdog.service")
- .instrument(info_span!("rollback"))
- .await
- {
- error!("failed to trigger rollback: {e}")
- }
- }
- } else {
- info!("trying to mark upgrade as successful");
- if let Err(e) = host
- .rm_file("/etc/fleet_rollback_marker", true)
- .in_current_span()
- .await
- {
- error!("failed to remove rollback marker. This is bad, as the system will be rolled back by watchdog: {e}")
- }
- }
- info!("disarming watchdog, just in case");
- if let Err(_e) = host.systemctl_stop("rollback-watchdog.timer").await {
- // It is ok, if there was no reboot - then timer might not be running.
- }
- if action.should_schedule_rollback_run() {
- if let Err(e) = host.systemctl_stop("rollback-watchdog-run.timer").await {
- error!("failed to disarm rollback run: {e}");
- }
- }
- } else if let Err(_e) = host
- .rm_file("/etc/fleet_rollback_marker", true)
- .in_current_span()
- .await
- {
- // Marker might not exist, yet better try to remove it.
- }
- }
- Ok(())
-}
-
async fn build_task(
config: Config,
hostname: String,
@@ -328,7 +44,8 @@
.get("out")
.ok_or_else(|| anyhow!("system build should produce \"out\" output"))?;
- {
+ // We already have system profiles for backups.
+ if !host.local {
info!("adding gc root");
let mut cmd = config.local_host().cmd("nix").await?;
cmd.arg("build")
@@ -403,7 +120,6 @@
let config = config.clone();
let span = info_span!("deploy", host = field::display(&host.name));
let hostname = host.name.clone();
- let local_host = config.local_host();
let opts = opts.clone();
let batch = batch.clone();
if let Some(deploy_kind) = opts.action_attr::<DeployKind>(&host, "deploy_kind").await? {
@@ -437,51 +153,20 @@
disable_rollback = true;
}
- if !opts.is_local(&hostname) {
- info!("uploading system closure");
+ let remote_path =
+ match upload_task(&config, &host, GenerationStorage::Deployer, built).await
{
- // TODO: Move to remote_derivation method.
- // Alternatively, nix store make-content-addressed can be used,
- // at least for the first deployment, to provide trusted store key.
- //
- // It is much slower, yet doesn't require root on the deployer machine.
- let Ok(mut sign) = local_host.cmd("nix").await else {
- error!("failed to setup local");
+ Ok(v) => v,
+ Err(e) => {
+ error!("upload failed: {e}");
return;
- };
- // Private key for host machine is registered in nix-sign.nix
- sign.arg("store")
- .arg("sign")
- .comparg("--key-file", "/etc/nix/private-key")
- .arg("-r")
- .arg(&built);
- if let Err(e) = sign.sudo().run_nix().await {
- warn!("failed to sign store paths: {e}");
- };
- }
- let mut tries = 0;
- loop {
- match host.remote_derivation(&built).await {
- Ok(remote) => {
- assert!(remote == built, "CA derivations aren't implemented");
- break;
- }
- Err(e) if tries < 3 => {
- tries += 1;
- warn!("copy failure ({}/3): {}", tries, e);
- sleep(Duration::from_millis(5000)).await;
- }
- Err(e) => {
- error!("upload failed: {e}");
- return;
- }
}
- }
- }
+ };
+
if let Err(e) = deploy_task(
self.action,
&host,
- built,
+ remote_path,
if let Ok(v) = opts.action_attr(&host, "specialisation").await {
v
} else {
cmds/fleet/src/cmds/mod.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/mod.rs
+++ b/cmds/fleet/src/cmds/mod.rs
@@ -3,3 +3,4 @@
pub mod info;
pub mod secrets;
pub mod tf;
+pub mod rollback;
\ No newline at end of file
cmds/fleet/src/cmds/rollback.rsdiffbeforeafterboth--- /dev/null
+++ b/cmds/fleet/src/cmds/rollback.rs
@@ -0,0 +1,127 @@
+use std::collections::HashSet;
+
+use anyhow::{bail, Result};
+use clap::Parser;
+use fleet_base::{
+ deploy::{deploy_task, upload_task, DeployAction},
+ host::{Config, ConfigHost, Generation, GenerationStorage},
+ opts::FleetOpts,
+};
+use tabled::Table;
+use tracing::{info, warn};
+
+#[derive(Parser)]
+pub struct RollbackSingle {
+ machine: String,
+ #[clap(subcommand)]
+ action: RollbackAction,
+}
+
+#[derive(Parser, Clone)]
+struct DeployOptions {
+ /// Rollback target to use
+ id: String,
+ /// Rollback to the current generation if rollback fails
+ // Automatic rollback seems to be unnecessary for manual rollback...
+ #[clap(long)]
+ enable_rollback: bool,
+ /// Specialization to use
+ #[clap(long)]
+ specialization: Option<String>,
+}
+
+#[derive(Parser, Clone)]
+enum RollbackAction {
+ /// List available rollback targets
+ ListTargets,
+ /// Upload and execute the activation script, old version will be used after reboot.
+ Test(#[clap(flatten)] DeployOptions),
+ /// Upload, set current profile, and execute activation script.
+ Switch(#[clap(flatten)] DeployOptions),
+ /// Upload and set as current system profile, but do not execute activation script.
+ Boot(#[clap(flatten)] DeployOptions),
+}
+
+pub async fn list_all_generations(host: &ConfigHost, config: &Config) -> Vec<Generation> {
+ let stored_on_machine = host
+ .list_generations("system")
+ .await
+ .inspect_err(|e| {
+ warn!("failed to list generations available on the remote machine: {e}");
+ })
+ .unwrap_or_default();
+ let on_machine_store_paths = stored_on_machine
+ .iter()
+ .map(|g| &g.store_path)
+ .collect::<HashSet<_>>();
+ let mut stored_locally = config
+ .local_host()
+ .list_generations(&format!("{}-{}", config.data().gc_root_prefix, host.name))
+ .await
+ .inspect_err(|e| {
+ warn!("failed to list generations available locally: {e}");
+ })
+ .unwrap_or_default();
+ dbg!(&stored_locally);
+ stored_locally.retain(|g| !on_machine_store_paths.contains(&g.store_path));
+ for ele in stored_locally.iter_mut() {
+ ele.current = false;
+ ele.location = GenerationStorage::Deployer;
+ }
+ stored_locally.extend(stored_on_machine);
+ stored_locally.sort_by_key(|v| v.datetime);
+ stored_locally
+}
+
+impl RollbackSingle {
+ pub(crate) async fn run(&self, config: &Config, _opts: &FleetOpts) -> Result<()> {
+ let host = config.host(&self.machine).await?;
+ match &self.action {
+ RollbackAction::ListTargets => {
+ let generations = list_all_generations(&host, config).await;
+ if generations.is_empty() {
+ bail!("no available rollback targets found");
+ }
+ info!("Generation list:\n{}", Table::new(&generations));
+ Ok(())
+ }
+ RollbackAction::Boot(o) | RollbackAction::Test(o) | RollbackAction::Switch(o) => {
+ let DeployOptions {
+ id,
+ enable_rollback,
+ specialization,
+ } = o;
+ let action: DeployAction = match self.action {
+ RollbackAction::Test { .. } => DeployAction::Test,
+ RollbackAction::Switch { .. } => DeployAction::Switch,
+ RollbackAction::Boot { .. } => DeployAction::Boot,
+ _ => unreachable!(),
+ };
+ let generations = list_all_generations(&host, config).await;
+ let Some(generation) = generations.iter().find(|g| &g.rollback_id() == id) else {
+ bail!(
+ "generation by this name is not found, existing generations:\n{}",
+ Table::new(&generations)
+ );
+ };
+ let remote_path = upload_task(
+ config,
+ &host,
+ generation.location,
+ generation.store_path.clone(),
+ )
+ .await?;
+
+ deploy_task(
+ action,
+ &host,
+ remote_path,
+ specialization.clone(),
+ !*enable_rollback,
+ )
+ .await?;
+ Ok(())
+ }
+ }
+ }
+}
cmds/fleet/src/main.rsdiffbeforeafterboth--- a/cmds/fleet/src/main.rs
+++ b/cmds/fleet/src/main.rs
@@ -10,6 +10,7 @@
use clap::{CommandFactory, Parser};
use cmds::{
build_systems::{BuildSystems, Deploy},
+ rollback::RollbackSingle,
complete::Complete,
info::Info,
secrets::Secret,
@@ -70,6 +71,8 @@
BuildSystems(BuildSystems),
/// Upload and switch system closures
Deploy(Deploy),
+ /// Rollback remote machine by redeploying old generation as the new one
+ RollbackSingle(RollbackSingle),
/// Secret management
#[clap(subcommand)]
Secret(Secret),
@@ -97,6 +100,7 @@
match command {
Opts::BuildSystems(c) => c.run(config, &opts).await?,
Opts::Deploy(d) => d.run(config, &opts).await?,
+ Opts::RollbackSingle(r) => r.run(config, &opts).await?,
Opts::Secret(s) => s.run(config, &opts).await?,
Opts::Info(i) => i.run(config).await?,
Opts::Prefetch(p) => p.run(config).await?,
cmds/generator-helper/Cargo.tomldiffbeforeafterboth--- a/cmds/generator-helper/Cargo.toml
+++ b/cmds/generator-helper/Cargo.toml
@@ -11,7 +11,7 @@
fleet-shared.workspace = true
base64 = "0.22.1"
-ed25519-dalek = { version = "2.1", features = ["rand_core"] }
+ed25519-dalek = { version = "2.1" }
hex = "0.4.3"
-rand = "0.8.5"
-x25519-dalek = "2.0.1"
+rand = "0.9.1"
+x25519-dalek = { version = "2.0.1", features = ["getrandom"] }
cmds/generator-helper/src/main.rsdiffbeforeafterboth--- a/cmds/generator-helper/src/main.rs
+++ b/cmds/generator-helper/src/main.rs
@@ -11,10 +11,11 @@
};
use anyhow::{anyhow, bail, ensure, Context, Result};
use clap::{Parser, ValueEnum};
+use ed25519_dalek::SecretKey;
use fleet_shared::SecretData;
use rand::{
- distributions::{Alphanumeric, DistString, Distribution, Uniform},
- thread_rng, RngCore,
+ distr::{Alphanumeric, Distribution, SampleString, Uniform},
+ rng, RngCore,
};
fn write_output_file(out: &str) -> Result<File> {
@@ -224,7 +225,7 @@
fn main() -> Result<()> {
let opts = Opts::parse();
// Assumed to be secure, seeded from secure OsRng+reseeded.
- let mut rng = thread_rng();
+ let mut rng = rng();
match opts {
Opts::Public { output, encoding } => {
@@ -245,7 +246,10 @@
use ed25519_dalek::SigningKey;
let recipients = load_identities()?;
- let key = SigningKey::generate(&mut rng).to_keypair_bytes();
+ let mut secret = SecretKey::default();
+ rng.fill_bytes(&mut secret);
+ // TODO: Use SigningKey::generate after https://github.com/dalek-cryptography/curve25519-dalek/pull/762
+ let key = SigningKey::from_bytes(&secret).to_keypair_bytes();
write_public(&public, &key[32..], encoding)?;
write_private(
&recipients,
@@ -268,7 +272,8 @@
use x25519_dalek::{PublicKey, StaticSecret};
let recipients = load_identities()?;
- let key = StaticSecret::random_from_rng(rng);
+ // TODO: Use random_from_rng after https://github.com/dalek-cryptography/curve25519-dalek/pull/762
+ let key = StaticSecret::random();
let public_key: PublicKey = (&key).into();
write_public(&public, public_key.as_bytes().as_slice(), encoding)?;
write_private(&recipients, &private, key.as_bytes().as_slice(), encoding)?;
@@ -289,7 +294,8 @@
} else {
// Alphabet of Alphanumberic + symbols
const GEN_ASCII_SYMBOLS: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
- let uniform = Uniform::new(0, GEN_ASCII_SYMBOLS.len());
+ let uniform =
+ Uniform::new(0, GEN_ASCII_SYMBOLS.len()).expect("range is valid");
(0..size)
.map(|_| uniform.sample(&mut rng))
.map(|i| GEN_ASCII_SYMBOLS[i] as char)
@@ -310,7 +316,9 @@
let recipients = load_identities()?;
let mut bytes = vec![0u8; count];
if no_nuls {
- let rand = Uniform::new_inclusive(0x1u8, 0xffu8).sample_iter(&mut rng);
+ let rand = Uniform::new_inclusive(0x1u8, 0xffu8)
+ .expect("range is valid")
+ .sample_iter(&mut rng);
for (byte, rand) in bytes.iter_mut().zip(rand) {
*byte = rand;
}
cmds/terraform-provider-fleet/Cargo.tomldiffbeforeafterboth--- a/cmds/terraform-provider-fleet/Cargo.toml
+++ b/cmds/terraform-provider-fleet/Cargo.toml
@@ -9,5 +9,5 @@
serde = { workspace = true, features = ["derive"] }
tokio.workspace = true
-async-trait = "0.1.81"
+async-trait = "0.1.88"
tf-provider = "0.2.2"
crates/better-command/Cargo.tomldiffbeforeafterboth--- a/crates/better-command/Cargo.toml
+++ b/crates/better-command/Cargo.toml
@@ -5,7 +5,7 @@
rust-version.workspace = true
[dependencies]
-regex = "1.10"
+regex = "1.11"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
tracing = "0.1"
crates/fleet-base/Cargo.tomldiffbeforeafterboth--- a/crates/fleet-base/Cargo.toml
+++ b/crates/fleet-base/Cargo.toml
@@ -8,21 +8,23 @@
age.workspace = true
anyhow.workspace = true
better-command.workspace = true
-chrono = "0.4.38"
+chrono = "0.4.41"
clap = { workspace = true, features = ["derive"] }
fleet-shared.workspace = true
-futures = "0.3.30"
-hostname = "0.4.0"
+futures = "0.3.31"
+hostname = "0.4.1"
indoc = "2.0.6"
-itertools = "0.13.0"
+itertools = "0.14.0"
nix-eval.workspace = true
nixlike.workspace = true
-nom = "7.1.3"
-openssh = "0.11.0"
-rand = "0.8.5"
+nom = "8.0.0"
+openssh = "0.11.5"
+rand = "0.9.1"
serde.workspace = true
-serde_json = "1.0.127"
+serde_json = "1.0.140"
+tabled = "0.20.0"
tempfile.workspace = true
+time = { version = "0.3.41", features = ["parsing"] }
tokio.workspace = true
-tokio-util = "0.7.11"
+tokio-util = "0.7.15"
tracing.workspace = true
crates/fleet-base/src/deploy.rsdiffbeforeafterboth--- /dev/null
+++ b/crates/fleet-base/src/deploy.rs
@@ -0,0 +1,297 @@
+use std::{path::PathBuf, time::Duration};
+
+use anyhow::{anyhow, bail, Context as _, Result};
+use clap::ValueEnum;
+use itertools::Itertools;
+use tokio::time::sleep;
+use tracing::{error, info, info_span, warn, Instrument as _};
+
+use crate::host::{Config, ConfigHost, DeployKind, Generation, GenerationStorage};
+
+#[derive(ValueEnum, Clone, Copy)]
+pub enum DeployAction {
+ /// Upload derivation, but do not execute the update.
+ Upload,
+ /// Upload and execute the activation script, old version will be used after reboot.
+ Test,
+ /// Upload and set as current system profile, but do not execute activation script.
+ Boot,
+ /// Upload, set current profile, and execute activation script.
+ Switch,
+}
+
+impl DeployAction {
+ pub(crate) fn name(&self) -> Option<&'static str> {
+ match self {
+ Self::Upload => None,
+ Self::Test => Some("test"),
+ Self::Boot => Some("boot"),
+ Self::Switch => Some("switch"),
+ }
+ }
+ pub(crate) fn should_switch_profile(&self) -> bool {
+ matches!(self, Self::Switch | Self::Boot)
+ }
+ pub(crate) fn should_activate(&self) -> bool {
+ matches!(self, Self::Switch | Self::Test | Self::Boot)
+ }
+ pub(crate) fn should_create_rollback_marker(&self) -> bool {
+ // Upload does nothing on the target machine, other than uploading the closure.
+ // In boot case we want to have rollback marker prepared, so that the system may rollback itself on the next boot.
+ !matches!(self, Self::Upload)
+ }
+ pub(crate) fn should_schedule_rollback_run(&self) -> bool {
+ matches!(self, Self::Switch | Self::Test)
+ }
+}
+
+async fn get_current_generation(host: &ConfigHost) -> Result<Generation> {
+ let generations = host.list_generations("system").await?;
+ let current = generations
+ .into_iter()
+ .filter(|g| g.current)
+ .at_most_one()
+ .map_err(|_e| anyhow!("bad list-generations output"))?
+ .ok_or_else(|| anyhow!("failed to find generation"))?;
+ Ok(current)
+}
+
+pub async fn deploy_task(
+ action: DeployAction,
+ host: &ConfigHost,
+ built: PathBuf,
+ specialisation: Option<String>,
+ disable_rollback: bool,
+) -> Result<()> {
+ let deploy_kind = host.deploy_kind().await?;
+ if (deploy_kind == DeployKind::NixosInstall || deploy_kind == DeployKind::NixosLustrate)
+ && !matches!(action, DeployAction::Boot | DeployAction::Upload)
+ {
+ bail!("{deploy_kind:?} deploy kind only supports boot and upload actions");
+ }
+
+ let mut failed = false;
+
+ // TODO: Lockfile, to prevent concurrent system switch?
+ // TODO: If rollback target exists - bail, it should be removed. Lockfile will not work in case if rollback
+ // is scheduler on next boot (default behavior). On current boot - rollback activator will fail due to
+ // unit name conflict in systemd-run
+ // This code is tied to rollback.nix
+ if !disable_rollback && action.should_create_rollback_marker() {
+ let _span = info_span!("preparing").entered();
+ info!("preparing for rollback");
+ let generation = get_current_generation(host).await?;
+ info!(
+ "rollback target would be {} {}",
+ generation.id, generation.datetime
+ );
+ {
+ let mut cmd = host.cmd("sh").await?;
+ cmd.arg("-c").arg(format!("mark=$(mktemp -p /etc -t fleet_rollback_marker.XXXXX) && echo -n {} > $mark && mv --no-clobber $mark /etc/fleet_rollback_marker", generation.id));
+ if let Err(e) = cmd.sudo().run().await {
+ error!("failed to set rollback marker: {e}");
+ failed = true;
+ }
+ }
+ // Activation script also starts rollback-watchdog.timer, however, it is possible that it won't be started.
+ // Kicking it on manually will work best.
+ //
+ // There wouldn't be conflict, because here we trigger start of the primary service, and systemd will
+ // only allow one instance of it.
+
+ // TODO: We should also watch how this process is going.
+ // After running this command, we have less than 3 minutes to deploy everything,
+ // if we fail to perform generation switch in time, then we will still call the activation script, and this may break something.
+ // Anyway, reboot will still help in this case.
+ if action.should_schedule_rollback_run() {
+ let mut cmd = host.cmd("systemd-run").await?;
+ cmd.comparg("--on-active", "3min")
+ .comparg("--unit", "rollback-watchdog-run")
+ .arg("systemctl")
+ .arg("start")
+ .arg("rollback-watchdog.service");
+ if let Err(e) = cmd.sudo().run().await {
+ error!("failed to schedule rollback run: {e}");
+ failed = true;
+ }
+ }
+ }
+ if deploy_kind == DeployKind::NixosLustrate {
+ // Fleet could also create this file, but as this operation is potentially disruptive,
+ // make user do it themself.
+ if !host.file_exists("/etc/NIXOS_LUSTRATE").await? {
+ bail!("/etc/NIXOS_LUSTRATE should be created on remote host");
+ }
+ // Wanted by NixOS to recognize the system as NixOS.
+ let mut cmd = host.cmd("touch").await?;
+ cmd.arg("/etc/NIXOS");
+ cmd.sudo().run().await.context("creating /etc/NIXOS")?;
+ }
+ if deploy_kind == DeployKind::NixosInstall {
+ info!(
+ "running nixos-install to switch profile, install bootloader, and perform activation"
+ );
+ let mut cmd = host.cmd("nixos-install").await?;
+ cmd.arg("--system").arg(&built).args([
+ // Channels here aren't fleet host system channels, but channels embedded in installation cd, which might be old.
+ // It is possible to copy host channels, but I would prefer non-flake nix just to be unsupported.
+ "--no-channel-copy",
+ "--root",
+ "/mnt",
+ ]);
+ if let Err(e) = cmd.sudo().run().await {
+ error!("failed to execute nixos-install: {e}");
+ failed = true;
+ }
+ } else {
+ if action.should_switch_profile() && !failed {
+ info!("switching system profile generation");
+
+ // To avoid even more problems, using nixos-install for now.
+ // // nix build is unable to work with --store argument for some reason, and nix until 2.26 didn't support copy with --profile argument,
+ // // falling back to using nix-env command
+ // // After stable NixOS starts using 2.26 - use `nix --store /mnt copy --from /mnt --profile ...` here, and instead of nix build below.
+ // let mut cmd = host.cmd("nix-env").await?;
+ // cmd.args([
+ // "--store",
+ // "/mnt",
+ // "--profile",
+ // "/mnt/nix/var/nix/profiles/system",
+ // "--set",
+ // ])
+ // .arg(&built);
+ // if let Err(e) = cmd.sudo().run_nix().await {
+ // error!("failed to switch system profile generation: {e}");
+ // failed = true;
+ // }
+ // It would also be possible to update profile atomically during copy:
+ // https://github.com/NixOS/nix/pull/11657
+ let mut cmd = host.nix_cmd().await?;
+ cmd.arg("build");
+ cmd.comparg("--profile", "/nix/var/nix/profiles/system");
+ cmd.arg(&built);
+ if let Err(e) = cmd.sudo().run_nix().await {
+ error!("failed to switch system profile generation: {e}");
+ failed = true;
+ }
+ }
+
+ // FIXME: Connection might be disconnected after activation run
+
+ if action.should_activate() && !failed {
+ let _span = info_span!("activating").entered();
+ info!("executing activation script");
+ let specialised = if let Some(specialisation) = specialisation {
+ let mut specialised = built.join("specialisation");
+ specialised.push(specialisation);
+ specialised
+ } else {
+ built.clone()
+ };
+ let switch_script = specialised.join("bin/switch-to-configuration");
+ let mut cmd = host.cmd(switch_script).in_current_span().await?;
+ if deploy_kind == DeployKind::NixosLustrate {
+ cmd.env("NIXOS_INSTALL_BOOTLOADER", "1");
+ }
+ cmd.env("FLEET_ONLINE_ACTIVATION", "1")
+ .arg(action.name().expect("upload.should_activate == false"));
+ if let Err(e) = cmd.sudo().run().in_current_span().await {
+ error!("failed to activate: {e}");
+ failed = true;
+ }
+ }
+ }
+ if action.should_create_rollback_marker() {
+ if !disable_rollback {
+ if failed {
+ if action.should_schedule_rollback_run() {
+ info!("executing rollback");
+ if let Err(e) = host
+ .systemctl_start("rollback-watchdog.service")
+ .instrument(info_span!("rollback"))
+ .await
+ {
+ error!("failed to trigger rollback: {e}")
+ }
+ }
+ } else {
+ info!("trying to mark upgrade as successful");
+ if let Err(e) = host
+ .rm_file("/etc/fleet_rollback_marker", true)
+ .in_current_span()
+ .await
+ {
+ error!("failed to remove rollback marker. This is bad, as the system will be rolled back by watchdog: {e}")
+ }
+ }
+ info!("disarming watchdog, just in case");
+ if let Err(_e) = host.systemctl_stop("rollback-watchdog.timer").await {
+ // It is ok, if there was no reboot - then timer might not be running.
+ }
+ if action.should_schedule_rollback_run() {
+ if let Err(e) = host.systemctl_stop("rollback-watchdog-run.timer").await {
+ error!("failed to disarm rollback run: {e}");
+ }
+ }
+ } else if let Err(_e) = host
+ .rm_file("/etc/fleet_rollback_marker", true)
+ .in_current_span()
+ .await
+ {
+ // Marker might not exist, yet better try to remove it.
+ }
+ }
+ Ok(())
+}
+
+pub async fn upload_task(
+ config: &Config,
+ host: &ConfigHost,
+ location: GenerationStorage,
+ generation: PathBuf,
+) -> Result<PathBuf> {
+ let local_host = config.local_host();
+ if matches!(location, GenerationStorage::Pusher) {
+ bail!("pusher is not enabled in this version of fleet");
+ }
+ if !host.local {
+ info!("uploading system closure");
+ {
+ // TODO: Move to remote_derivation method.
+ // Alternatively, nix store make-content-addressed can be used,
+ // at least for the first deployment, to provide trusted store key.
+ //
+ // It is much slower, yet doesn't require root on the deployer machine.
+ let Ok(mut sign) = local_host.cmd("nix").await else {
+ bail!("failed to setup local");
+ };
+ // Private key for host machine is registered in nix-sign.nix
+ sign.arg("store")
+ .arg("sign")
+ .comparg("--key-file", "/etc/nix/private-key")
+ .arg("-r")
+ .arg(&generation);
+ if let Err(e) = sign.sudo().run_nix().await {
+ warn!("failed to sign store paths: {e}");
+ };
+ }
+ let mut tries = 0;
+ loop {
+ match host.remote_derivation(&generation).await {
+ Ok(remote) => {
+ assert!(remote == generation, "CA derivations aren't implemented");
+ return Ok(remote);
+ }
+ Err(e) if tries < 3 => {
+ tries += 1;
+ warn!("copy failure ({}/3): {}", tries, e);
+ sleep(Duration::from_millis(5000)).await;
+ }
+ Err(e) => {
+ bail!("upload failed: {e}");
+ }
+ }
+ }
+ }
+ Ok(generation)
+}
crates/fleet-base/src/fleetdata.rsdiffbeforeafterboth--- a/crates/fleet-base/src/fleetdata.rs
+++ b/crates/fleet-base/src/fleetdata.rs
@@ -7,8 +7,8 @@
use chrono::{DateTime, Utc};
use fleet_shared::SecretData;
use rand::{
- distributions::{Alphanumeric, DistString},
- thread_rng,
+ distr::{Alphanumeric, SampleString as _},
+ rng,
};
use serde::{de::Error, Deserialize, Serialize};
use serde_json::Value;
@@ -47,7 +47,7 @@
}
fn generate_gc_prefix() -> String {
- let id = Alphanumeric.sample_string(&mut thread_rng(), 8);
+ let id = Alphanumeric.sample_string(&mut rng(), 8);
format!("fleet-gc-{id}")
}
crates/fleet-base/src/host.rsdiffbeforeafterboth--- a/crates/fleet-base/src/host.rs
+++ b/crates/fleet-base/src/host.rs
@@ -15,7 +15,10 @@
use nix_eval::{nix_go, nix_go_json, util::assert_warn, NixSession, Value};
use openssh::SessionBuilder;
use serde::de::DeserializeOwned;
+use tabled::Tabled;
use tempfile::NamedTempFile;
+use time::{format_description, UtcDateTime};
+use tracing::warn;
use crate::{
command::MyCommand,
@@ -104,8 +107,106 @@
pub local: bool,
pub session: OnceLock<Arc<openssh::Session>>,
}
+
+#[derive(Debug, Clone, Copy)]
+pub enum GenerationStorage {
+ Deployer,
+ Machine,
+ Pusher,
+}
+impl GenerationStorage {
+ fn prefix(&self) -> &'static str {
+ match self {
+ GenerationStorage::Deployer => "deployer.",
+ GenerationStorage::Machine => "",
+ GenerationStorage::Pusher => "pusher.",
+ }
+ }
+}
+
+#[derive(Tabled, Debug)]
+pub struct Generation {
+ #[tabled(rename = "ID", format("{}", self.rollback_id()))]
+ pub id: u32,
+ #[tabled(rename = "Current")]
+ pub current: bool,
+ #[tabled(rename = "Created at")]
+ pub datetime: UtcDateTime,
+ #[tabled(format = "{:?}")]
+ pub store_path: PathBuf,
+ #[tabled(skip)]
+ pub location: GenerationStorage,
+}
+impl Generation {
+ pub fn rollback_id(&self) -> String {
+ format!("{}{}", self.location.prefix(), self.id)
+ }
+}
+
+fn parse_generation_line(g: &str) -> Option<Generation> {
+ let mut parts = g.split_whitespace();
+ let id = parts.next()?;
+ let id: u32 = id.parse().ok()?;
+ let date = parts.next()?;
+ let time = parts.next()?;
+ let current = if let Some(current) = parts.next() {
+ if current == "(current)" {
+ Some(true)
+ } else {
+ None
+ }
+ } else {
+ Some(false)
+ };
+ let current = current?;
+ if parts.next().is_some() {
+ warn!("unexpected text after generation: {g}");
+ }
+
+ let format = format_description::parse("[year]-[month]-[day] [hour]:[minute]:[second]")
+ .expect("valid format");
+ let datetime = UtcDateTime::parse(&format!("{date} {time}"), &format).ok()?;
+
+ Some(Generation {
+ id,
+ current,
+ datetime,
+ store_path: PathBuf::new(),
+ location: GenerationStorage::Machine,
+ })
+}
// TODO: Move command helpers away with connectivity refactor
impl ConfigHost {
+ pub async fn list_generations(&self, profile: &str) -> Result<Vec<Generation>> {
+ let mut cmd = self.cmd("nix-env").await?;
+ cmd.comparg("--profile", format!("/nix/var/nix/profiles/{profile}"))
+ .arg("--list-generations")
+ .env("TZ", "UTC");
+ // Sudo is required because --list-generations tries to acquire profile lock
+ let data = cmd.sudo().run_string().await?;
+ let mut generations = data
+ .split('\n')
+ .map(|e| e.trim())
+ .filter(|&l| !l.is_empty())
+ .filter_map(|g| {
+ let gen = parse_generation_line(g);
+ if gen.is_none() {
+ warn!("bad generation: {g}");
+ };
+ gen
+ })
+ .collect::<Vec<_>>();
+ for ele in generations.iter_mut() {
+ let mut cmd = self.cmd("readlink").await?;
+ cmd.arg("--")
+ .arg(format!("/nix/var/nix/profiles/{profile}-{}-link", ele.id));
+ let path = cmd.run_string().await?;
+ ele.store_path = PathBuf::from(path.trim_end_matches("\n"));
+ }
+
+ Ok(generations)
+ }
+
pub fn set_deploy_kind(&self, kind: DeployKind) {
self.deploy_kind
.set(kind)
crates/fleet-base/src/lib.rsdiffbeforeafterboth--- a/crates/fleet-base/src/lib.rs
+++ b/crates/fleet-base/src/lib.rs
@@ -3,3 +3,4 @@
pub mod host;
mod keys;
pub mod opts;
+pub mod deploy;
\ No newline at end of file
crates/fleet-base/src/opts.rsdiffbeforeafterboth--- a/crates/fleet-base/src/opts.rs
+++ b/crates/fleet-base/src/opts.rs
@@ -7,7 +7,6 @@
};
use anyhow::{bail, Context, Result};
-use clap::Parser;
use nix_eval::{nix_go, util::assert_warn, NixSessionPool, Value};
use nom::{
bytes::complete::take_while1,
@@ -15,6 +14,7 @@
combinator::{map, opt},
multi::separated_list1,
sequence::{preceded, separated_pair},
+ Parser,
};
use crate::{
@@ -38,11 +38,13 @@
err.to_string()
}
- let (input, is_tag) = map(opt(char('@')), |c| c.is_some())(input).map_err(err_to_string)?;
+ let (input, is_tag) = map(opt(char('@')), |c| c.is_some())
+ .parse_complete(input)
+ .map_err(err_to_string)?;
let (input, name) = map(
take_while1(|v| v != ',' && v != '?' && v != '@'),
str::to_owned,
- )(input)
+ ).parse_complete(input)
.map_err(err_to_string)?;
let kw_item = separated_pair(
@@ -55,7 +57,7 @@
});
let mut opt_kw = map(opt(preceded(char('?'), kw)), Option::unwrap_or_default);
- let (input, attrs) = opt_kw(input).map_err(err_to_string)?;
+ let (input, attrs) = opt_kw.parse_complete(input).map_err(err_to_string)?;
if !input.is_empty() {
return Err(format!("unexpected trailing input: {input:?}"));
@@ -68,7 +70,7 @@
}
// TODO: Rename to HostSelector
-#[derive(Parser, Clone)]
+#[derive(clap::Parser, Clone)]
pub struct FleetOpts {
/// All hosts except those would be skipped
#[clap(long, number_of_values = 1, value_parser = host_item_parser)]
crates/fleet-shared/Cargo.tomldiffbeforeafterboth--- a/crates/fleet-shared/Cargo.toml
+++ b/crates/fleet-shared/Cargo.toml
@@ -6,6 +6,6 @@
[dependencies]
base64 = "0.22.1"
-serde = "1.0.202"
+serde = "1.0.219"
unicode_categories = "0.1.1"
-z85 = "3.0.5"
+z85 = "3.0.6"
crates/nix-eval/Cargo.tomldiffbeforeafterboth--- a/crates/nix-eval/Cargo.toml
+++ b/crates/nix-eval/Cargo.toml
@@ -16,11 +16,11 @@
tokio-util.workspace = true
tracing.workspace = true
-futures = "0.3.30"
-itertools = "0.13.0"
+futures = "0.3.31"
+itertools = "0.14.0"
r2d2 = "0.8.10"
-regex = "1.10.6"
-unindent = "0.2.3"
+regex = "1.11.1"
+unindent = "0.2.4"
# [build-dependencies]
# bindgen = "0.69.4"
crates/nixlike/Cargo.tomldiffbeforeafterboth--- a/crates/nixlike/Cargo.toml
+++ b/crates/nixlike/Cargo.toml
@@ -9,8 +9,8 @@
alejandra = { git = "https://github.com/kamadorueda/alejandra" }
linked-hash-map = "0.5.6"
-peg = "0.8.2"
-ron = "0.8.1"
-serde = "1.0.196"
+peg = "0.8.5"
+ron = "0.10.1"
+serde = "1.0.219"
serde-transcode = "1.1.1"
-serde_json = "1.0.113"
+serde_json = "1.0.140"