difftreelog
refactor use z85
in: trunk
5 files changed
src/cmds/build_systems.rsdiffbeforeafterboth1use std::process::Command;23use crate::{command::CommandExt, host::Config, nix::SYSTEMS_ATTRIBUTE};4use anyhow::Result;5use clap::Clap;6use log::info;78#[derive(Clap)]9#[clap(group = clap::ArgGroup::new("target"))]10pub struct BuildSystems {11 /// --builders arg for nix12 #[clap(long)]13 builders: Option<String>,14 /// Jobs to run locally15 #[clap(long)]16 jobs: Option<usize>,17 /// Do not continue on error18 #[clap(long)]19 fail_fast: bool,20 #[clap(long)]21 privileged_build: bool,22 #[clap(subcommand)]23 subcommand: Option<Subcommand>,24}2526#[derive(Clap)]27enum Subcommand {28 /// Switch to built system until reboot29 Test,30 /// Switch to built system after reboot31 Boot,32 /// test + boot33 Switch,34}35impl Subcommand {36 fn should_switch_profile(&self) -> bool {37 matches!(self, Self::Test | Self::Switch)38 }39 fn name(&self) -> &'static str {40 match self {41 Self::Test => "test",42 Self::Boot => "boot",43 Self::Switch => "switch",44 }45 }46}4748impl BuildSystems {49 pub fn run(self, config: &Config) -> Result<()> {50 println!("Build");51 let hosts = config.list_hosts()?;5253 for host in hosts.iter() {54 if config.should_skip(host) {55 continue;56 }57 info!("Building host {}", host);58 let built = {59 let dir = tempfile::tempdir()?;60 dir.path().to_owned()61 };6263 let mut nix_build = if self.privileged_build {64 let mut out = Command::new("sudo");65 out.arg("nix");66 out67 } else {68 Command::new("nix")69 };70 nix_build71 .args(&["build", "--impure", "--no-link", "--out-link"])72 .arg(&built)73 .arg(format!(74 "{}.{}.config.system.build.toplevel",75 SYSTEMS_ATTRIBUTE, host,76 ));7778 if let Some(builders) = &self.builders {79 println!("Using builders: {}", builders);80 nix_build.arg("--builders").arg(builders);81 }82 if let Some(jobs) = &self.jobs {83 nix_build.arg("--max-jobs");84 nix_build.arg(format!("{}", jobs));85 }86 if !self.fail_fast {87 nix_build.arg("--keep-going");88 }8990 nix_build.inherit_stdio().run()?;91 let built = std::fs::canonicalize(built)?;92 info!("Built closure: {:?}", built);93 if !config.is_local(host) {94 info!("Uploading system closure");95 Command::new("nix")96 .args(&["copy", "--to"])97 .arg(format!("ssh://root@{}", host))98 .arg(&built)99 .inherit_stdio()100 .run()?;101 }102 if let Some(subcommand) = &self.subcommand {103 if subcommand.should_switch_profile() {104 info!("Switching generation");105 config106 .command_on(host, "nix-env", true)107 .args(&["-p", "/nix/var/nix/profiles/system", "--set"])108 .arg(&built)109 .inherit_stdio()110 .run()?;111 }112 info!("Executing activation script");113 let mut switch_script = built.clone();114 switch_script.push("bin");115 switch_script.push("switch-to-configuration");116 config117 .command_on(host, switch_script, true)118 .arg(subcommand.name())119 .inherit_stdio()120 .run()?;121 }122 }123 Ok(())124 }125}1use std::process::Command;23use crate::{command::CommandExt, host::Config, nix::SYSTEMS_ATTRIBUTE};4use anyhow::Result;5use clap::Clap;6use log::info;78#[derive(Clap)]9#[clap(group = clap::ArgGroup::new("target"))]10pub struct BuildSystems {11 /// --builders arg for nix12 #[clap(long)]13 builders: Option<String>,14 /// Jobs to run locally15 #[clap(long)]16 jobs: Option<usize>,17 /// Do not continue on error18 #[clap(long)]19 fail_fast: bool,20 #[clap(long)]21 privileged_build: bool,22 #[clap(subcommand)]23 subcommand: Option<Subcommand>,24}2526#[derive(Clap)]27enum Subcommand {28 /// Switch to built system until reboot29 Test,30 /// Switch to built system after reboot31 Boot,32 /// test + boot33 Switch,34}35impl Subcommand {36 fn should_switch_profile(&self) -> bool {37 matches!(self, Self::Test | Self::Switch)38 }39 fn name(&self) -> &'static str {40 match self {41 Self::Test => "test",42 Self::Boot => "boot",43 Self::Switch => "switch",44 }45 }46}4748impl BuildSystems {49 pub fn run(self, config: &Config) -> Result<()> {50 let hosts = config.list_hosts()?;5152 for host in hosts.iter() {53 if config.should_skip(host) {54 continue;55 }56 info!("Building host {}", host);57 let built = {58 let dir = tempfile::tempdir()?;59 dir.path().to_owned()60 };6162 let mut nix_build = if self.privileged_build {63 let mut out = Command::new("sudo");64 out.arg("nix");65 out66 } else {67 Command::new("nix")68 };69 nix_build70 .args(&["build", "--impure", "--no-link", "--out-link"])71 .arg(&built)72 .arg(format!(73 "{}.{}.config.system.build.toplevel",74 SYSTEMS_ATTRIBUTE, host,75 ));7677 if let Some(builders) = &self.builders {78 nix_build.arg("--builders").arg(builders);79 }80 if let Some(jobs) = &self.jobs {81 nix_build.arg("--max-jobs");82 nix_build.arg(format!("{}", jobs));83 }84 if !self.fail_fast {85 nix_build.arg("--keep-going");86 }8788 nix_build.inherit_stdio().run()?;89 let built = std::fs::canonicalize(built)?;90 info!("Built closure: {:?}", built);91 if !config.is_local(host) {92 info!("Uploading system closure");93 Command::new("nix")94 .args(&["copy", "--to"])95 .arg(format!("ssh://root@{}", host))96 .arg(&built)97 .inherit_stdio()98 .run()?;99 }100 if let Some(subcommand) = &self.subcommand {101 if subcommand.should_switch_profile() {102 info!("Switching generation");103 config104 .command_on(host, "nix-env", true)105 .args(&["-p", "/nix/var/nix/profiles/system", "--set"])106 .arg(&built)107 .inherit_stdio()108 .run()?;109 }110 info!("Executing activation script");111 let mut switch_script = built.clone();112 switch_script.push("bin");113 switch_script.push("switch-to-configuration");114 config115 .command_on(host, switch_script, true)116 .arg(subcommand.name())117 .inherit_stdio()118 .run()?;119 }120 }121 Ok(())122 }123}src/cmds/secrets/mod.rsdiffbeforeafterboth--- a/src/cmds/secrets/mod.rs
+++ b/src/cmds/secrets/mod.rs
@@ -56,14 +56,15 @@
let mut encryptor =
age::Encryptor::with_recipients(recipients).wrap_output(&mut encrypted)?;
io::copy(&mut Cursor::new(input), &mut encryptor)?;
- ascii85::encode(&encrypted)
+ encryptor.finish()?;
+ encrypted
};
let mut data = config.data_mut();
- if data.secret.contains_key(&name) && !force {
+ if data.secrets.contains_key(&name) && !force {
bail!("secret already defined");
}
- data.secret.insert(
+ data.secrets.insert(
name,
FleetSecret {
owners: machines,
src/fleetdata.rsdiffbeforeafterboth--- a/src/fleetdata.rs
+++ b/src/fleetdata.rs
@@ -1,5 +1,5 @@
use chrono::{DateTime, Utc};
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Deserializer, Serialize, Serializer};
use std::collections::BTreeMap;
#[derive(Serialize, Deserialize, Default)]
@@ -16,7 +16,7 @@
pub hosts: BTreeMap<String, HostData>,
#[serde(default)]
#[serde(skip_serializing_if = "BTreeMap::is_empty")]
- pub secret: BTreeMap<String, FleetSecret>,
+ pub secrets: BTreeMap<String, FleetSecret>,
}
#[derive(Serialize, Deserialize)]
@@ -28,5 +28,22 @@
pub expire_at: Option<DateTime<Utc>>,
#[serde(skip_serializing_if = "Option::is_none")]
pub public: Option<String>,
- pub secret: String,
+ #[serde(serialize_with = "as_z85", deserialize_with = "from_z85")]
+ pub secret: Vec<u8>,
+}
+
+fn as_z85<S>(key: &[u8], serializer: S) -> Result<S::Ok, S::Error>
+where
+ S: Serializer,
+{
+ serializer.serialize_str(&z85::encode(&key))
+}
+
+fn from_z85<'de, D>(deserializer: D) -> Result<Vec<u8>, D::Error>
+where
+ D: Deserializer<'de>,
+{
+ use serde::de::Error;
+ String::deserialize(deserializer)
+ .and_then(|string| z85::decode(&string).map_err(|err| Error::custom(err.to_string())))
}
src/host.rsdiffbeforeafterboth--- a/src/host.rs
+++ b/src/host.rs
@@ -68,8 +68,6 @@
let mut str = self.directory.as_os_str().to_owned();
str.push("#");
str.push(attr_name);
-
- println!("{:?}", str);
str
}
src/nixlike.rsdiffbeforeafterbothno changes