difftreelog
feat move secret generation helpers to core
in: trunk
13 files changed
Cargo.lockdiffbeforeafterboth--- a/Cargo.lock
+++ b/Cargo.lock
@@ -38,9 +38,9 @@
[[package]]
name = "aes"
-version = "0.8.3"
+version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2"
+checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
dependencies = [
"cfg-if",
"cipher",
@@ -63,14 +63,14 @@
[[package]]
name = "age"
-version = "0.9.2"
+version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d55a4d912c80a92762ffd1c884065f3f9646467d22c95390e824a0ff7def472"
+checksum = "edeef7d7b199195a2d7d7a8155d2d04aee736e60c5c7bdd7097d115369a8817d"
dependencies = [
"aes",
"aes-gcm",
"age-core",
- "base64 0.13.1",
+ "base64",
"bcrypt-pbkdf",
"bech32",
"cbc",
@@ -79,7 +79,6 @@
"cookie-factory",
"ctr",
"curve25519-dalek",
- "hkdf",
"hmac",
"i18n-embed",
"i18n-embed-fl",
@@ -87,8 +86,7 @@
"nom",
"num-traits",
"pin-project",
- "rand 0.7.3",
- "rand 0.8.5",
+ "rand",
"rsa",
"rust-embed",
"scrypt",
@@ -100,17 +98,17 @@
[[package]]
name = "age-core"
-version = "0.9.0"
+version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3d2e815ac879dc23c1139e720d21c6cd4d1276345c772587285d965a69b8f32"
+checksum = "a5f11899bc2bbddd135edbc30c36b1924fa59d0746bb45beb5933fafe3fe509b"
dependencies = [
- "base64 0.13.1",
+ "base64",
"chacha20poly1305",
"cookie-factory",
"hkdf",
"io_tee",
"nom",
- "rand 0.8.5",
+ "rand",
"secrecy",
"sha2",
]
@@ -150,29 +148,10 @@
]
[[package]]
-name = "ansi-str"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1cf4578926a981ab0ca955dc023541d19de37112bc24c1a197bd806d3d86ad1d"
-dependencies = [
- "ansitok",
-]
-
-[[package]]
-name = "ansitok"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "220044e6a1bb31ddee4e3db724d29767f352de47445a6cd75e1a173142136c83"
-dependencies = [
- "nom",
- "vte 0.10.1",
-]
-
-[[package]]
name = "anstream"
-version = "0.6.5"
+version = "0.6.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6"
+checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5"
dependencies = [
"anstyle",
"anstyle-parse",
@@ -184,9 +163,9 @@
[[package]]
name = "anstyle"
-version = "1.0.4"
+version = "1.0.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87"
+checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc"
[[package]]
name = "anstyle-parse"
@@ -218,9 +197,9 @@
[[package]]
name = "anyhow"
-version = "1.0.77"
+version = "1.0.79"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9d19de80eff169429ac1e9f48fffb163916b448a44e8e046186232046d9e1f9"
+checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca"
[[package]]
name = "arc-swap"
@@ -230,12 +209,6 @@
[[package]]
name = "arrayvec"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
-
-[[package]]
-name = "arrayvec"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
@@ -248,18 +221,7 @@
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
-]
-
-[[package]]
-name = "atty"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi 0.1.19",
- "libc",
- "winapi",
+ "syn 2.0.49",
]
[[package]]
@@ -285,15 +247,9 @@
[[package]]
name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
-[[package]]
-name = "base64"
-version = "0.21.5"
+version = "0.21.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
+checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
[[package]]
name = "base64ct"
@@ -303,9 +259,9 @@
[[package]]
name = "bcrypt-pbkdf"
-version = "0.9.0"
+version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3806a8db60cf56efee531616a34a6aaa9a114d6da2add861b0fa4a188881b2c7"
+checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2"
dependencies = [
"blowfish",
"pbkdf2",
@@ -338,9 +294,9 @@
[[package]]
name = "bitflags"
-version = "2.4.1"
+version = "2.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
+checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf"
dependencies = [
"serde",
]
@@ -375,9 +331,9 @@
[[package]]
name = "bumpalo"
-version = "3.14.0"
+version = "3.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec"
+checksum = "d32a994c2b3ca201d9b263612a374263f05e7adde37c4707f693dcd375076d1f"
[[package]]
name = "bytecount"
@@ -456,9 +412,9 @@
[[package]]
name = "chrono"
-version = "0.4.31"
+version = "0.4.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38"
+checksum = "5bc015644b92d5890fab7489e49d21f879d5c990186827d42ec511919404f38b"
dependencies = [
"android-tzdata",
"iana-time-zone",
@@ -466,7 +422,7 @@
"num-traits",
"serde",
"wasm-bindgen",
- "windows-targets 0.48.5",
+ "windows-targets 0.52.0",
]
[[package]]
@@ -482,9 +438,9 @@
[[package]]
name = "clap"
-version = "4.4.12"
+version = "4.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcfab8ba68f3668e89f6ff60f5b205cea56aa7b769451a59f34b8682f51c056d"
+checksum = "c918d541ef2913577a0f9566e9ce27cb35b6df072075769e0b26cb5a554520da"
dependencies = [
"clap_builder",
"clap_derive",
@@ -492,14 +448,14 @@
[[package]]
name = "clap_builder"
-version = "4.4.12"
+version = "4.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb7fb5e4e979aec3be7791562fcba452f94ad85e954da024396433e0e25a79e9"
+checksum = "9f3e7391dad68afb0c2ede1bf619f579a3dc9c2ec67f089baa397123a2f3d1eb"
dependencies = [
"anstream",
"anstyle",
"clap_lex",
- "strsim",
+ "strsim 0.11.0",
"terminal_size",
"unicase",
"unicode-width",
@@ -507,21 +463,21 @@
[[package]]
name = "clap_derive"
-version = "4.4.7"
+version = "4.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442"
+checksum = "307bc0538d5f0f83b8248db3087aa92fe504e4691294d0c96c0eabc33f47ba47"
dependencies = [
"heck",
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
name = "clap_lex"
-version = "0.6.0"
+version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1"
+checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce"
[[package]]
name = "colorchoice"
@@ -531,15 +487,15 @@
[[package]]
name = "console"
-version = "0.15.7"
+version = "0.15.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c926e00cc70edefdc64d3a5ff31cc65bb97a3460097762bd23afb4d8145fccf8"
+checksum = "0e1f83fc076bd6dd27517eacdf25fef6c4dfe5f1d7448bafaaf3a26f13b5e4eb"
dependencies = [
"encode_unicode",
"lazy_static",
"libc",
"unicode-width",
- "windows-sys 0.45.0",
+ "windows-sys 0.52.0",
]
[[package]]
@@ -568,9 +524,9 @@
[[package]]
name = "cpufeatures"
-version = "0.2.11"
+version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0"
+checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504"
dependencies = [
"libc",
]
@@ -582,7 +538,7 @@
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
dependencies = [
"generic-array",
- "rand_core 0.6.4",
+ "rand_core",
"typenum",
]
@@ -597,18 +553,32 @@
[[package]]
name = "curve25519-dalek"
-version = "3.2.0"
+version = "4.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
+checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348"
dependencies = [
- "byteorder",
- "digest 0.9.0",
- "rand_core 0.5.1",
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "fiat-crypto",
+ "platforms",
+ "rustc_version",
"subtle",
"zeroize",
]
[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.49",
+]
+
+[[package]]
name = "dashmap"
version = "5.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -623,9 +593,9 @@
[[package]]
name = "der"
-version = "0.6.1"
+version = "0.7.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
+checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c"
dependencies = [
"const-oid",
"zeroize",
@@ -639,15 +609,6 @@
dependencies = [
"powerfmt",
"serde",
-]
-
-[[package]]
-name = "digest"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066"
-dependencies = [
- "generic-array",
]
[[package]]
@@ -660,27 +621,6 @@
"const-oid",
"crypto-common",
"subtle",
-]
-
-[[package]]
-name = "dirs"
-version = "5.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225"
-dependencies = [
- "dirs-sys",
-]
-
-[[package]]
-name = "dirs-sys"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c"
-dependencies = [
- "libc",
- "option-ext",
- "redox_users",
- "windows-sys 0.48.0",
]
[[package]]
@@ -691,14 +631,14 @@
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
name = "either"
-version = "1.9.0"
+version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07"
+checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a"
[[package]]
name = "encode_unicode"
@@ -707,19 +647,6 @@
checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
[[package]]
-name = "env_logger"
-version = "0.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece"
-dependencies = [
- "humantime",
- "is-terminal",
- "log",
- "regex",
- "termcolor",
-]
-
-[[package]]
name = "equivalent"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -742,6 +669,12 @@
checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5"
[[package]]
+name = "fiat-crypto"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382"
+
+[[package]]
name = "find-crate"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -759,7 +692,7 @@
"age-core",
"anyhow",
"async-trait",
- "base64 0.21.5",
+ "base64",
"better-command",
"chrono",
"clap",
@@ -797,12 +730,12 @@
"age",
"anyhow",
"clap",
- "env_logger",
- "log",
"nix",
"serde",
"serde_json",
"tempfile",
+ "tracing",
+ "tracing-subscriber",
"z85",
]
@@ -912,7 +845,7 @@
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
@@ -957,24 +890,13 @@
[[package]]
name = "getrandom"
-version = "0.1.16"
+version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
+checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5"
dependencies = [
"cfg-if",
"libc",
- "wasi 0.9.0+wasi-snapshot-preview1",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
]
[[package]]
@@ -1013,20 +935,11 @@
[[package]]
name = "hermit-abi"
-version = "0.1.19"
+version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
-dependencies = [
- "libc",
-]
+checksum = "bd5256b483761cd23699d0da46cc6fd2ee3be420bbe6d020ae4a091e70b7e9fd"
[[package]]
-name = "hermit-abi"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7"
-
-[[package]]
name = "hkdf"
version = "0.12.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1041,7 +954,7 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
- "digest 0.10.7",
+ "digest",
]
[[package]]
@@ -1062,12 +975,6 @@
checksum = "f58b778a5761513caf593693f8951c97a5b610841e754788400f32102eefdff1"
[[package]]
-name = "humantime"
-version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
-
-[[package]]
name = "i18n-config"
version = "0.4.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1077,15 +984,15 @@
"serde",
"serde_derive",
"thiserror",
- "toml 0.8.8",
+ "toml 0.8.10",
"unic-langid",
]
[[package]]
name = "i18n-embed"
-version = "0.13.9"
+version = "0.14.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92a86226a7a16632de6723449ee5fe70bac5af718bc642ee9ca2f0f6e14fa1fa"
+checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c"
dependencies = [
"arc-swap",
"fluent",
@@ -1104,9 +1011,9 @@
[[package]]
name = "i18n-embed-fl"
-version = "0.6.7"
+version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d26a3d3569737dfaac7fc1c4078e6af07471c3060b8e570bcd83cdd5f4685395"
+checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2"
dependencies = [
"dashmap",
"find-crate",
@@ -1118,8 +1025,8 @@
"proc-macro-error",
"proc-macro2",
"quote",
- "strsim",
- "syn 2.0.48",
+ "strsim 0.10.0",
+ "syn 2.0.49",
"unic-langid",
]
@@ -1133,14 +1040,14 @@
"i18n-config",
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
name = "iana-time-zone"
-version = "0.1.59"
+version = "0.1.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539"
+checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141"
dependencies = [
"android_system_properties",
"core-foundation-sys",
@@ -1161,9 +1068,9 @@
[[package]]
name = "indexmap"
-version = "2.1.0"
+version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f"
+checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177"
dependencies = [
"equivalent",
"hashbrown 0.14.3",
@@ -1171,9 +1078,9 @@
[[package]]
name = "indicatif"
-version = "0.17.7"
+version = "0.17.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb28741c9db9a713d93deb3bb9515c20788cef5815265bee4980e87bde7e0f25"
+checksum = "763a5a8f45087d6bcea4222e7b72c291a054edf80e4ef6efd2a4979878c7bea3"
dependencies = [
"console",
"instant",
@@ -1229,26 +1136,26 @@
[[package]]
name = "is-terminal"
-version = "0.4.10"
+version = "0.4.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455"
+checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b"
dependencies = [
- "hermit-abi 0.3.3",
- "rustix",
+ "hermit-abi",
+ "libc",
"windows-sys 0.52.0",
]
[[package]]
name = "is_ci"
-version = "1.1.1"
+version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "616cde7c720bb2bb5824a224687d8f77bfd38922027f01d825cd7453be5099fb"
+checksum = "7655c9839580ee829dfacba1d1278c2b7883e50a277ff7541299489d6bdfdc45"
[[package]]
name = "itertools"
-version = "0.11.0"
+version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
dependencies = [
"either",
]
@@ -1261,9 +1168,9 @@
[[package]]
name = "js-sys"
-version = "0.3.66"
+version = "0.3.68"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca"
+checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee"
dependencies = [
"wasm-bindgen",
]
@@ -1279,9 +1186,9 @@
[[package]]
name = "libc"
-version = "0.2.151"
+version = "0.2.153"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4"
+checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd"
[[package]]
name = "libm"
@@ -1300,17 +1207,6 @@
]
[[package]]
-name = "libredox"
-version = "0.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85c833ca1e66078851dba29046874e38f08b2c883700aa29a03ddd3b23814ee8"
-dependencies = [
- "bitflags 2.4.1",
- "libc",
- "redox_syscall",
-]
-
-[[package]]
name = "linked-hash-map"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1318,9 +1214,9 @@
[[package]]
name = "linux-raw-sys"
-version = "0.4.12"
+version = "0.4.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456"
+checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c"
[[package]]
name = "lock_api"
@@ -1385,9 +1281,9 @@
[[package]]
name = "miniz_oxide"
-version = "0.7.1"
+version = "0.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
+checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7"
dependencies = [
"adler",
]
@@ -1399,7 +1295,7 @@
checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
dependencies = [
"libc",
- "wasi 0.11.0+wasi-snapshot-preview1",
+ "wasi",
"windows-sys 0.48.0",
]
@@ -1409,7 +1305,7 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
dependencies = [
- "bitflags 2.4.1",
+ "bitflags 2.4.2",
"cfg-if",
"libc",
]
@@ -1460,26 +1356,31 @@
"num-integer",
"num-iter",
"num-traits",
- "rand 0.8.5",
+ "rand",
"smallvec",
"zeroize",
]
[[package]]
+name = "num-conv"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+
+[[package]]
name = "num-integer"
-version = "0.1.45"
+version = "0.1.46"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
dependencies = [
- "autocfg",
"num-traits",
]
[[package]]
name = "num-iter"
-version = "0.1.43"
+version = "0.1.44"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252"
+checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9"
dependencies = [
"autocfg",
"num-integer",
@@ -1488,9 +1389,9 @@
[[package]]
name = "num-traits"
-version = "0.2.17"
+version = "0.2.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c"
+checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a"
dependencies = [
"autocfg",
"libm",
@@ -1502,7 +1403,7 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
dependencies = [
- "hermit-abi 0.3.3",
+ "hermit-abi",
"libc",
]
@@ -1535,11 +1436,10 @@
[[package]]
name = "openssh"
-version = "0.10.2"
+version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8274f2bf1fc3785406a3ff07c92c15590c00e84efb883da77b671562ca9a6115"
+checksum = "cab71dc3fc68747816c7eecdffcede064d6bac9621fd658bf1ab5414e91558a3"
dependencies = [
- "dirs",
"libc",
"once_cell",
"shell-escape",
@@ -1548,12 +1448,6 @@
"tokio",
"tokio-pipe",
]
-
-[[package]]
-name = "option-ext"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d"
[[package]]
name = "overload"
@@ -1563,21 +1457,19 @@
[[package]]
name = "owo-colors"
-version = "3.5.0"
+version = "4.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1b04fb49957986fdce4d6ee7a65027d55d4b6d2265e5848bbb507b58ccfdb6f"
+checksum = "caff54706df99d2a78a5a4e3455ff45448d81ef1bb63c22cd14052ca0e993a3f"
dependencies = [
"supports-color",
]
[[package]]
name = "papergrid"
-version = "0.10.0"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2ccbe15f2b6db62f9a9871642746427e297b0ceb85f9a7f1ee5ff47d184d0c8"
+checksum = "9ad43c07024ef767f9160710b3a6773976194758c7919b17e63b863db0bdf7fb"
dependencies = [
- "ansi-str",
- "ansitok",
"bytecount",
"fnv",
"unicode-width",
@@ -1608,11 +1500,12 @@
[[package]]
name = "pbkdf2"
-version = "0.11.0"
+version = "0.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917"
+checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
dependencies = [
- "digest 0.10.7",
+ "digest",
+ "hmac",
]
[[package]]
@@ -1644,22 +1537,22 @@
[[package]]
name = "pin-project"
-version = "1.1.3"
+version = "1.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fda4ed1c6c173e3fc7a83629421152e01d7b1f9b7f65fb301e490e8cfc656422"
+checksum = "0302c4a0442c456bd56f841aee5c3bfd17967563f6fadc9ceb9f9c23cf3807e0"
dependencies = [
"pin-project-internal",
]
[[package]]
name = "pin-project-internal"
-version = "1.1.3"
+version = "1.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405"
+checksum = "266c042b60c9c76b8d53061e52b2e0d1116abc57cefc8c5cd671619a56ac3690"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
@@ -1676,27 +1569,32 @@
[[package]]
name = "pkcs1"
-version = "0.4.1"
+version = "0.7.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
dependencies = [
"der",
"pkcs8",
"spki",
- "zeroize",
]
[[package]]
name = "pkcs8"
-version = "0.9.0"
+version = "0.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
dependencies = [
"der",
"spki",
]
[[package]]
+name = "platforms"
+version = "3.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c"
+
+[[package]]
name = "poly1305"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1763,9 +1661,9 @@
[[package]]
name = "proc-macro2"
-version = "1.0.75"
+version = "1.0.78"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "907a61bd0f64c2f29cd1cf1dc34d05176426a3f504a78010f08416ddb7b13708"
+checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae"
dependencies = [
"unicode-ident",
]
@@ -1788,19 +1686,6 @@
"log",
"parking_lot",
"scheduled-thread-pool",
-]
-
-[[package]]
-name = "rand"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
-dependencies = [
- "getrandom 0.1.16",
- "libc",
- "rand_chacha 0.2.2",
- "rand_core 0.5.1",
- "rand_hc",
]
[[package]]
@@ -1810,18 +1695,8 @@
checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
dependencies = [
"libc",
- "rand_chacha 0.3.1",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.5.1",
+ "rand_chacha",
+ "rand_core",
]
[[package]]
@@ -1831,16 +1706,7 @@
checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
dependencies = [
"ppv-lite86",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19"
-dependencies = [
- "getrandom 0.1.16",
+ "rand_core",
]
[[package]]
@@ -1848,17 +1714,8 @@
version = "0.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
-dependencies = [
- "getrandom 0.2.11",
-]
-
-[[package]]
-name = "rand_hc"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
- "rand_core 0.5.1",
+ "getrandom",
]
[[package]]
@@ -1868,28 +1725,17 @@
checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
dependencies = [
"bitflags 1.3.2",
-]
-
-[[package]]
-name = "redox_users"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a18479200779601e498ada4e8c1e1f50e3ee19deb0259c25825a98b5603b2cb4"
-dependencies = [
- "getrandom 0.2.11",
- "libredox",
- "thiserror",
]
[[package]]
name = "regex"
-version = "1.10.2"
+version = "1.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343"
+checksum = "b62dbe01f0b06f9d8dc7d49e05a0785f153b00b2c227856282f671e0318c9b15"
dependencies = [
"aho-corasick",
"memchr",
- "regex-automata 0.4.3",
+ "regex-automata 0.4.5",
"regex-syntax 0.8.2",
]
@@ -1904,9 +1750,9 @@
[[package]]
name = "regex-automata"
-version = "0.4.3"
+version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f"
+checksum = "5bb987efffd3c6d0d8f5f89510bb458559eab11e4f869acb20bf845e016259cd"
dependencies = [
"aho-corasick",
"memchr",
@@ -1950,8 +1796,8 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b91f7eff05f748767f183df4320a63d6936e9c6107d97c9e6bdd9784f4289c94"
dependencies = [
- "base64 0.21.5",
- "bitflags 2.4.1",
+ "base64",
+ "bitflags 2.4.2",
"serde",
"serde_derive",
]
@@ -1971,30 +1817,29 @@
[[package]]
name = "rsa"
-version = "0.7.2"
+version = "0.9.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
+checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
dependencies = [
- "byteorder",
- "digest 0.10.7",
+ "const-oid",
+ "digest",
"num-bigint-dig",
"num-integer",
- "num-iter",
"num-traits",
"pkcs1",
"pkcs8",
- "rand_core 0.6.4",
+ "rand_core",
"signature",
- "smallvec",
+ "spki",
"subtle",
"zeroize",
]
[[package]]
name = "rust-embed"
-version = "6.8.1"
+version = "8.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a36224c3276f8c4ebc8c20f158eca7ca4359c8db89991c4925132aaaf6702661"
+checksum = "a82c0bbc10308ed323529fd3c1dce8badda635aa319a5ff0e6466f33b8101e3f"
dependencies = [
"rust-embed-impl",
"rust-embed-utils",
@@ -2003,22 +1848,22 @@
[[package]]
name = "rust-embed-impl"
-version = "6.8.1"
+version = "8.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49b94b81e5b2c284684141a2fb9e2a31be90638caf040bf9afbc5a0416afe1ac"
+checksum = "6227c01b1783cdfee1bcf844eb44594cd16ec71c35305bf1c9fb5aade2735e16"
dependencies = [
"proc-macro2",
"quote",
"rust-embed-utils",
- "syn 2.0.48",
+ "syn 2.0.49",
"walkdir",
]
[[package]]
name = "rust-embed-utils"
-version = "7.8.1"
+version = "8.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d38ff6bf570dc3bb7100fce9f7b60c33fa71d80e88da3f2580df4ff2bdded74"
+checksum = "8cb0a25bfbb2d4b4402179c2cf030387d9990857ce08a32592c6238db9fa8665"
dependencies = [
"sha2",
"walkdir",
@@ -2037,12 +1882,21 @@
checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
+[[package]]
name = "rustix"
-version = "0.38.28"
+version = "0.38.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316"
+checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949"
dependencies = [
- "bitflags 2.4.1",
+ "bitflags 2.4.2",
"errno",
"libc",
"linux-raw-sys",
@@ -2090,11 +1944,10 @@
[[package]]
name = "scrypt"
-version = "0.10.0"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d"
+checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f"
dependencies = [
- "hmac",
"pbkdf2",
"salsa20",
"sha2",
@@ -2125,10 +1978,16 @@
checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba"
[[package]]
+name = "semver"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0"
+
+[[package]]
name = "serde"
-version = "1.0.193"
+version = "1.0.196"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89"
+checksum = "870026e60fa08c69f064aa766c10f10b1d62db9ccd4d0abb206472bee0ce3b32"
dependencies = [
"serde_derive",
]
@@ -2144,20 +2003,20 @@
[[package]]
name = "serde_derive"
-version = "1.0.193"
+version = "1.0.196"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3"
+checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
name = "serde_json"
-version = "1.0.108"
+version = "1.0.113"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b"
+checksum = "69801b70b1c3dac963ecb03a364ba0ceda9cf60c71cfe475e99864759c8b8a79"
dependencies = [
"itoa",
"ryu",
@@ -2181,7 +2040,7 @@
dependencies = [
"cfg-if",
"cpufeatures",
- "digest 0.10.7",
+ "digest",
]
[[package]]
@@ -2201,9 +2060,9 @@
[[package]]
name = "shlex"
-version = "1.2.0"
+version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "signal-hook-registry"
@@ -2216,12 +2075,12 @@
[[package]]
name = "signature"
-version = "1.6.4"
+version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
dependencies = [
- "digest 0.10.7",
- "rand_core 0.6.4",
+ "digest",
+ "rand_core",
]
[[package]]
@@ -2235,9 +2094,9 @@
[[package]]
name = "smallvec"
-version = "1.11.2"
+version = "1.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970"
+checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7"
[[package]]
name = "smol_str"
@@ -2266,9 +2125,9 @@
[[package]]
name = "spki"
-version = "0.6.0"
+version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
dependencies = [
"base64ct",
"der",
@@ -2281,6 +2140,12 @@
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
[[package]]
+name = "strsim"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01"
+
+[[package]]
name = "subtle"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2288,11 +2153,11 @@
[[package]]
name = "supports-color"
-version = "1.3.1"
+version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ba6faf2ca7ee42fdd458f4347ae0a9bd6bcc445ad7cb57ad82b383f18870d6f"
+checksum = "d6398cde53adc3c4557306a96ce67b302968513830a77a95b2b17305d9719a89"
dependencies = [
- "atty",
+ "is-terminal",
"is_ci",
]
@@ -2309,9 +2174,9 @@
[[package]]
name = "syn"
-version = "2.0.48"
+version = "2.0.49"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f"
+checksum = "915aea9e586f80826ee59f8453c1101f9d1c4b3964cd2460185ee8e299ada496"
dependencies = [
"proc-macro2",
"quote",
@@ -2320,12 +2185,10 @@
[[package]]
name = "tabled"
-version = "0.14.0"
+version = "0.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dfe9c3632da101aba5131ed63f9eed38665f8b3c68703a6bb18124835c1a5d22"
+checksum = "4c998b0c8b921495196a48aabaf1901ff28be0760136e31604f7967b0792050e"
dependencies = [
- "ansi-str",
- "ansitok",
"papergrid",
"tabled_derive",
"unicode-width",
@@ -2333,9 +2196,9 @@
[[package]]
name = "tabled_derive"
-version = "0.6.0"
+version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99f688a08b54f4f02f0a3c382aefdb7884d3d69609f785bd253dc033243e3fe4"
+checksum = "4c138f99377e5d653a371cdad263615634cfc8467685dfe8e73e2b8e98f44b17"
dependencies = [
"heck",
"proc-macro-error",
@@ -2346,27 +2209,17 @@
[[package]]
name = "tempfile"
-version = "3.9.0"
+version = "3.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa"
+checksum = "a365e8cd18e44762ef95d87f284f4b5cd04107fec2ff3052bd6a3e6069669e67"
dependencies = [
"cfg-if",
"fastrand",
- "redox_syscall",
"rustix",
"windows-sys 0.52.0",
]
[[package]]
-name = "termcolor"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff1bc3d3f05aff0403e8ac0d92ced918ec05b666a43f83297ccef5bea8a3d449"
-dependencies = [
- "winapi-util",
-]
-
-[[package]]
name = "terminal_size"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2384,22 +2237,22 @@
[[package]]
name = "thiserror"
-version = "1.0.53"
+version = "1.0.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2cd5904763bad08ad5513ddbb12cf2ae273ca53fa9f68e843e236ec6dfccc09"
+checksum = "1e45bcbe8ed29775f228095caf2cd67af7a4ccf756ebff23a306bf3e8b47b24b"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
-version = "1.0.53"
+version = "1.0.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3dcf4a824cce0aeacd6f38ae6f24234c8e80d68632338ebaa1443b5df9e29e19"
+checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
@@ -2414,11 +2267,12 @@
[[package]]
name = "time"
-version = "0.3.31"
+version = "0.3.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e"
+checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749"
dependencies = [
"deranged",
+ "num-conv",
"powerfmt",
"serde",
"time-core",
@@ -2433,10 +2287,11 @@
[[package]]
name = "time-macros"
-version = "0.2.16"
+version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f"
+checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774"
dependencies = [
+ "num-conv",
"time-core",
]
@@ -2451,9 +2306,9 @@
[[package]]
name = "tokio"
-version = "1.35.1"
+version = "1.36.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
+checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
dependencies = [
"backtrace",
"bytes",
@@ -2475,7 +2330,7 @@
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
@@ -2513,9 +2368,9 @@
[[package]]
name = "toml"
-version = "0.8.8"
+version = "0.8.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1a195ec8c9da26928f773888e0742ca3ca1040c6cd859c919c9f59c1954ab35"
+checksum = "9a9aad4a3066010876e8dcf5a8a06e70a558751117a145c6ce2b82c2e2054290"
dependencies = [
"serde",
"serde_spanned",
@@ -2534,9 +2389,9 @@
[[package]]
name = "toml_edit"
-version = "0.21.0"
+version = "0.22.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d34d383cd00a163b4a5b85053df514d45bc330f6de7737edfe0a93311d1eaa03"
+checksum = "2c1b5fd4128cc8d3e0cb74d4ed9a9cc7c7284becd4df68f5f940e1ad123606f6"
dependencies = [
"indexmap",
"serde",
@@ -2564,7 +2419,7 @@
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
[[package]]
@@ -2716,18 +2571,7 @@
"itoa",
"log",
"unicode-width",
- "vte 0.11.1",
-]
-
-[[package]]
-name = "vte"
-version = "0.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6cbce692ab4ca2f1f3047fcf732430249c0e971bfdd2b234cf2c47ad93af5983"
-dependencies = [
- "arrayvec 0.5.2",
- "utf8parse",
- "vte_generate_state_changes",
+ "vte",
]
[[package]]
@@ -2736,7 +2580,7 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f5022b5fbf9407086c180e9557be968742d839e68346af7792b8592489732197"
dependencies = [
- "arrayvec 0.7.4",
+ "arrayvec",
"utf8parse",
"vte_generate_state_changes",
]
@@ -2763,21 +2607,15 @@
[[package]]
name = "wasi"
-version = "0.9.0+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519"
-
-[[package]]
-name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasm-bindgen"
-version = "0.2.89"
+version = "0.2.91"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e"
+checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f"
dependencies = [
"cfg-if",
"wasm-bindgen-macro",
@@ -2785,24 +2623,24 @@
[[package]]
name = "wasm-bindgen-backend"
-version = "0.2.89"
+version = "0.2.91"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826"
+checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b"
dependencies = [
"bumpalo",
"log",
"once_cell",
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
-version = "0.2.89"
+version = "0.2.91"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2"
+checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
@@ -2810,22 +2648,22 @@
[[package]]
name = "wasm-bindgen-macro-support"
-version = "0.2.89"
+version = "0.2.91"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283"
+checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
-version = "0.2.89"
+version = "0.2.91"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f"
+checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838"
[[package]]
name = "winapi"
@@ -2869,15 +2707,6 @@
[[package]]
name = "windows-sys"
-version = "0.45.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
-dependencies = [
- "windows-targets 0.42.2",
-]
-
-[[package]]
-name = "windows-sys"
version = "0.48.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
@@ -2892,21 +2721,6 @@
checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
dependencies = [
"windows-targets 0.52.0",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
-dependencies = [
- "windows_aarch64_gnullvm 0.42.2",
- "windows_aarch64_msvc 0.42.2",
- "windows_i686_gnu 0.42.2",
- "windows_i686_msvc 0.42.2",
- "windows_x86_64_gnu 0.42.2",
- "windows_x86_64_gnullvm 0.42.2",
- "windows_x86_64_msvc 0.42.2",
]
[[package]]
@@ -2938,12 +2752,6 @@
"windows_x86_64_gnullvm 0.52.0",
"windows_x86_64_msvc 0.52.0",
]
-
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
[[package]]
name = "windows_aarch64_gnullvm"
@@ -2959,12 +2767,6 @@
[[package]]
name = "windows_aarch64_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
-
-[[package]]
-name = "windows_aarch64_msvc"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
@@ -2974,12 +2776,6 @@
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef"
-
-[[package]]
-name = "windows_i686_gnu"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
[[package]]
name = "windows_i686_gnu"
@@ -2992,12 +2788,6 @@
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313"
-
-[[package]]
-name = "windows_i686_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
[[package]]
name = "windows_i686_msvc"
@@ -3010,12 +2800,6 @@
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a"
-
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
[[package]]
name = "windows_x86_64_gnu"
@@ -3028,12 +2812,6 @@
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd"
-
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
[[package]]
name = "windows_x86_64_gnullvm"
@@ -3046,12 +2824,6 @@
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e"
-
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
[[package]]
name = "windows_x86_64_msvc"
@@ -3067,21 +2839,22 @@
[[package]]
name = "winnow"
-version = "0.5.31"
+version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97a4882e6b134d6c28953a387571f1acdd3496830d5e36c5e3a1075580ea641c"
+checksum = "d90f4e0f530c4c69f62b80d839e9ef3855edc9cba471a160c4d692deed62b401"
dependencies = [
"memchr",
]
[[package]]
name = "x25519-dalek"
-version = "1.1.1"
+version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
+checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277"
dependencies = [
"curve25519-dalek",
- "rand_core 0.5.1",
+ "rand_core",
+ "serde",
"zeroize",
]
@@ -3108,5 +2881,5 @@
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.48",
+ "syn 2.0.49",
]
Cargo.tomldiffbeforeafterboth--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,5 +6,5 @@
nixlike = { path = "./crates/nixlike" }
better-command = { path = "./crates/better-command" }
bifrostlink = "0.1.0"
-uuid = { version = "1.3.3", features = ["v4"] }
-tokio = { version = "1.33.0", features = ["fs", "rt", "macros", "sync", "time", "rt-multi-thread"] }
+uuid = { version = "1.7.0", features = ["v4"] }
+tokio = { version = "1.36.0", features = ["fs", "rt", "macros", "sync", "time", "rt-multi-thread"] }
README.adocdiffbeforeafterboth--- a/README.adoc
+++ b/README.adoc
@@ -11,3 +11,164 @@
- Modules can configure multiple hosts at once (I.e for wireguard/kubernetes installation)
- Secrets can be securely stored in Git (No one except target hosts can decrypt them), automatically regenerated, reencrypted, etc.
- Automatic rollback on deployment failure, which will work, as long as system is passing initrd stage (So still be carefull with root filesystem mount)
+
+== Secret generator example
+
+TODO:: This section should into some kind of fleet documentation... But as there is none, it is just left here as-is.
+
+=== Quickly run securely setup gitlab
+
+[source,nix]
+----
+{config, ...}: {
+ secrets = let ownership = { owner = "gitlab"; group = "gitlab"; }; in {
+ gitlab-initial-root = {
+ generator = {mkPassword}: mkPassword {};
+ } // ownership;
+ gitlab-secret = {
+ generator = {mkPassword}: mkPassword {};
+ } // ownership;
+ gitlab-otp = {
+ generator = {mkPassword}: mkPassword {};
+ } // ownership;
+ gitlab-db = {
+ generator = {mkPassword}: mkPassword {};
+ } // ownership;
+ gitlab-jws = {
+ generator = {mkRsa}: mkRsa {};
+ } // ownership;
+ };
+ services.gitlab = let secrets = config.secrets; in {
+ enable = true;
+ initialRootPasswordFile = secrets.gitlab-initial-root.secretPath;
+ secrets = {
+ secretFile = secrets.gitlab-secret.secretPath;
+ otpFile = secrets.gitlab-otp.secretPath;
+ dbFile = secrets.gitlab-db.secretPath;
+ jwsFile = secrets.gitlab-jws.secretPath;
+ };
+ };
+}
+----
+
+=== Securely initialize kubernetes secrets
+
+In my homelab and clusters, I almost always have some sort of HSM, and to issue new kubernetes certs I directly connect to it.
+This setup should probably split into multiple steps, where I allow target machine to generate CSR, then copy it to the HSM machine, and then sign it there... But this is just the plan.
+I want to build ansible-like script execution in fleet for this kind of tasks.
+
+[source,nix]
+----
+{...}: {
+ # First I define required secret generators:
+ nixpkgs.overlays = [
+ (final: prev: let
+ lib = final.lib;
+ in {
+ readKubernetesCa = {impureOn}:
+ final.mkImpureSecretGenerator ''
+ cd ~/ca
+
+ cert=kubernetes-intermediateCA.crt
+
+ expires_at=$(openssl x509 -in $cert -noout -enddate | cut -d= -f2 | xargs -I{} date -u -d {} +"%Y-%m-%dT%H:%M:%S.%NZ")
+ echo -n $expires_at > $out/expires_at
+
+ cat $cert > $out/public
+ ''
+ impureOn;
+ mkKubernetesCert = {
+ subj,
+ sans ? [],
+ impureOn,
+ }:
+ final.mkImpureSecretGenerator ''
+ cd ~/ca
+
+ params=$(sudo mktemp)
+ csr=$(sudo mktemp)
+ cert=$(sudo mktemp)
+ sudo openssl ecparam -genkey -name secp384r1 -out $params
+ sudo openssl req -new -key $params \
+ -subj "${lib.strings.concatStringsSep "" (lib.attrsets.mapAttrsToList (k: v: "/${k}=${v}") subj)}" \
+ ${lib.optionalString (sans != []) "-addext \"subjectAltName = ${lib.strings.concatStringsSep "," sans}\""} \
+ -out $csr
+ sudo hsms x509 -req -days 365 -in $csr -CA kubernetes-intermediateCA.crt -CAkey "pkcs11:object=[CENSORED] Kubernetes Intermediate CA;type=private" -CAcreateserial -copy_extensions copy -out $cert
+
+ expires_at=$(sudo openssl x509 -in $cert -noout -enddate | cut -d= -f2 | xargs -I{} date -u -d {} +"%Y-%m-%dT%H:%M:%S.%NZ")
+ echo -n $expires_at > $out/expires_at
+
+ sudo cat $params | encrypt > $out/secret
+ sudo cat $cert > $out/public
+ ''
+ impureOn;
+ })
+ ];
+ # Those secret generators are impure, thus they are run in system environment.
+ # Probably there needs to be a dedicated user for that kind of tasks, but this is my current setup, don't judge.
+ # I write a couple of scripts for executing openssl with HSM.
+ environment.systemPackages = [
+ pkgs.openssl.bin
+ (pkgs.writeShellApplication {
+ name = "hsms";
+ text = ''
+ set -eu
+ export OPENSSL_CONF=${openssl-conf}
+ # Yay, using secrets to generate secrets!
+ HSM_PIN=$(cat ${config.secrets.hsm-pin.secretPath})
+ exec ${pkgs.openssl}/bin/openssl "$@" -keyform=engine -CAkeyform=engine -engine=pkcs11 -passin=pass:"$HSM_PIN"
+ '';
+ })
+ (pkgs.writeShellApplication {
+ name = "hsmt";
+ text = ''
+ set -eu
+ HSM_PIN=$(cat ${config.secrets.hsm-pin.secretPath})
+ exec ${pkgs.opensc}/bin/pkcs11-tool -l --pin="$HSM_PIN" "$@"
+ '';
+ })
+ ];
+ # And finally, I have secrets, which are shared between machines.
+ # Note that this example is somewhat wrong, as this goes not into the machine configuration, but to fleet configuration.
+ sharedSecrets = {
+ "ca.pem" = {
+ # This is just the public key, no need to regenerate it to change owner list
+ regenerateOnOwnerAdded = false;
+ # For secret regeneration/reencryption, we need to specify which machines SHOULD have it.
+ expectedOwners = ["controlplane-1" "controlplane-2" "worker-1" "worker-2"];
+ generator = {readKubernetesCa}:
+ readKubernetesCa {
+ impureOn = "[CENSORED]";
+ };
+ };
+ "kube-admin.pem" = {
+ regenerateOnOwnerAdded = false;
+ expectedOwners = ["cluster-admin"];
+ generator = {mkKubernetesCert}:
+ mkKubernetesCert {
+ subj = {
+ CN = "admin";
+ O = "system:masters";
+ };
+ impureOn = "[CENSORED]";
+ };
+ };
+ "kube-apiserver.pem" = {
+ # This secret depends on machine SANS, so if owner list has been changed, then we need to regenerate it.
+ # However, SANS dependency is in fact handled by secret seed, and secret is regenerated if the seed is changed...
+ #
+ # In this case regeneration is added as a half-assed security measure, as if apiserver is removed, we don't
+ # want for it to be able to pretend like it is a valid server.
+ #
+ # However, certificate revokation is complicated in my setup, and I can't show it here.
+ regenerateOnOwnerAdded = true;
+ expectedOwners = ["controlplane-1" "controlplane-2"];
+ generator = {mkKubernetesCert}:
+ mkKubernetesCert {
+ inherit sans;
+ subj.CN = "kubernetes";
+ impureOn = "[CENSORED]";
+ };
+ };
+}
+----
cmds/fleet/Cargo.tomldiffbeforeafterboth--- a/cmds/fleet/Cargo.toml
+++ b/cmds/fleet/Cargo.toml
@@ -12,17 +12,17 @@
anyhow = "1.0"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
-time = { version = "0.3.30", features = ["serde"] }
-tempfile = "3.8"
-once_cell = "1.18.0"
-hostname = "0.3.1"
-age-core = "0.9.0"
-peg = "0.8.2"
-age = { version = "0.9.2", features = ["ssh", "armor"] }
-base64 = "0.21.5"
-chrono = { version = "0.4.31", features = ["serde"] }
-z85 = "3.0.5"
-clap = { version = "4.4.7", features = [
+time = { version = "0.3", features = ["serde"] }
+tempfile = "3.10"
+once_cell = "1.19"
+hostname = "0.3"
+age-core = "0.10"
+peg = "0.8"
+age = { version = "0.10", features = ["ssh", "armor"] }
+base64 = "0.21"
+chrono = { version = "0.4", features = ["serde"] }
+z85 = "3.0"
+clap = { version = "4.5", features = [
"derive",
"env",
"wrap_help",
@@ -30,18 +30,18 @@
] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
-tokio-util = { version = "0.7.10", features = ["codec"] }
-async-trait = "0.1.74"
-futures = "0.3.29"
-tracing-indicatif = "0.3.5"
-indicatif = "0.17.7"
-itertools = "0.11.0"
-shlex = "1.2.0"
-tabled = { version = "0.14.0", features = ["color"] }
-owo-colors = { version = "3.5.0", features = ["supports-color", "supports-colors"] }
+tokio-util = { version = "0.7", features = ["codec"] }
+async-trait = "0.1"
+futures = "0.3"
+tracing-indicatif = "0.3"
+indicatif = "0.17"
+itertools = "0.12"
+shlex = "1.3"
+tabled = { version = "0.15" }
+owo-colors = { version = "4.0", features = ["supports-color", "supports-colors"] }
r2d2 = "0.8.10"
-abort-on-drop = "0.2.2"
-unindent = "0.2.3"
-regex = "1.10.2"
-openssh = "0.10.1"
-human-repr = "1.1.0"
+abort-on-drop = "0.2"
+unindent = "0.2"
+regex = "1.10"
+openssh = "0.10"
+human-repr = "1.1"
cmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -1,5 +1,6 @@
use crate::{
better_nix_eval::Field,
+ command::MyCommand,
fleetdata::{FleetSecret, FleetSharedSecret, SecretData},
host::Config,
nix_go, nix_go_json,
@@ -8,14 +9,16 @@
use chrono::{DateTime, Utc};
use clap::Parser;
use owo_colors::OwoColorize;
-use serde::Deserialize;
+use serde::{de::DeserializeOwned, Deserialize};
use std::{
collections::{BTreeSet, HashSet},
io::{self, Cursor, Read},
- path::PathBuf,
+ path::{Path, PathBuf},
+ str::FromStr,
};
use tabled::{Table, Tabled};
-use tokio::fs::read_to_string;
+use tempfile::tempdir;
+use tokio::fs::{self, read_to_string};
use tracing::{error, info, info_span, warn, Instrument};
#[derive(Parser)]
@@ -67,6 +70,10 @@
#[clap(long)]
plaintext: bool,
},
+ ReadPublic {
+ name: String,
+ machine: String,
+ },
UpdateShared {
name: String,
@@ -151,8 +158,89 @@
#[serde(rename_all = "camelCase")]
enum GeneratorKind {
Impure,
+ Pure,
}
+async fn generate_pure(
+ config: &Config,
+ _display_name: &str,
+ secret: Field,
+ default_generator: Field,
+ owners: &[String],
+) -> Result<FleetSecret> {
+ // TODO: pure secrets are supposed to be generated by nix daemon itself,
+ // inside of a sandbox... But we aren't here yet.
+ let config_field = &config.config_unchecked_field;
+ let generator = nix_go!(secret.generator);
+ let default_pkgs = &config.default_pkgs;
+
+ let call_package = nix_go!(default_pkgs.callPackage);
+
+ let generator = nix_go!(call_package(generator)(Obj {}));
+ let generator = generator.build().await?;
+ let generator = generator
+ .get("out")
+ .ok_or_else(|| anyhow!("missing generate out"))?;
+
+ let mut recipients = String::new();
+ for owner in owners {
+ let key = config.key(owner).await?;
+ recipients.push_str(&format!("-r \"{key}\" "));
+ }
+ recipients.push_str("-e");
+
+ let out = tempdir()?;
+
+ let mut gen = MyCommand::new(generator);
+ gen.env("rageArgs", recipients);
+ gen.env(
+ "out",
+ out.path().to_str().expect("sane tempdir should be utf-8"),
+ );
+ gen.run().await.context("impure generator")?;
+
+ {
+ let mut marker_path = out.path().to_owned();
+ marker_path.push("marker");
+ let marker = fs::read_to_string(&marker_path).await?;
+ ensure!(marker == "SUCCESS", "generation not succeeded");
+ }
+
+ let mut public_path = out.path().to_owned();
+ public_path.push("public");
+ let mut secret_path = out.path().to_owned();
+ secret_path.push("secret");
+ let public = fs::read_to_string(&public_path).await.ok();
+ let secret = fs::read(&secret_path).await.ok();
+ if let Some(secret) = &secret {
+ ensure!(
+ age::Decryptor::new(Cursor::new(&secret)).is_ok(),
+ "builder produced non-encrypted value as secret, this is highly insecure, and not allowed."
+ );
+ }
+
+ let mut created_at_path = out.path().to_owned();
+ created_at_path.push("created_at");
+ let mut expires_at_path = out.path().to_owned();
+ expires_at_path.push("expires_at");
+
+ async fn read_value<T: FromStr>(path: &Path) -> Result<T> {
+ dbg!(path);
+ let raw = fs::read(path).await?;
+ let raw = String::from_utf8(raw)?;
+ raw.parse().map_err(|_| anyhow!("fromStr failed"))
+ }
+
+ let created_at = read_value(&created_at_path).await?;
+ let expires_at = read_value(&expires_at_path).await.ok();
+
+ Ok(FleetSecret {
+ created_at,
+ expires_at,
+ public,
+ secret: secret.map(SecretData),
+ })
+}
async fn generate_impure(
config: &Config,
_display_name: &str,
@@ -254,6 +342,9 @@
GeneratorKind::Impure => {
generate_impure(config, display_name, secret, default_generator, owners).await
}
+ GeneratorKind::Pure => {
+ generate_pure(config, display_name, secret, default_generator, owners).await
+ }
}
}
async fn generate_shared(
@@ -357,6 +448,8 @@
expires_at,
re_add,
} => {
+ // TODO: Forbid updating secrets with set expectedOwners (= not user-managed).
+
let exists = config.has_shared(&name);
if exists && !force && !re_add {
bail!("secret already defined");
@@ -456,6 +549,16 @@
println!("{}", z85::encode(&data));
}
}
+ Secret::ReadPublic {
+ name,
+ machine,
+ } => {
+ let secret = config.host_secret(&machine, &name)?;
+ let Some(public) = secret.public else {
+ bail!("no secret {name}");
+ };
+ print!("{public}");
+ }
Secret::UpdateShared {
name,
machines,
@@ -463,6 +566,8 @@
remove_machines,
prefer_identities,
} => {
+ // TODO: Forbid updating secrets with set expectedOwners (= not user-managed).
+
let secret = config.shared_secret(&name)?;
if secret.secret.secret.is_none() {
bail!("no secret");
cmds/fleet/src/main.rsdiffbeforeafterboth--- a/cmds/fleet/src/main.rs
+++ b/cmds/fleet/src/main.rs
@@ -11,9 +11,8 @@
mod fleetdata;
-use std::ffi::OsString;
-use std::process::exit;
use std::time::Duration;
+use std::{ffi::OsString, process::ExitCode};
use anyhow::{bail, Result};
use clap::Parser;
@@ -62,6 +61,7 @@
path.push(entry.path());
let mut status = MyCommand::new("nix");
+ status.args(&config.nix_args);
status.arg("store").arg("prefetch-file").arg(path);
status.run_nix_string().instrument(span).await?;
Ok(())
@@ -118,7 +118,11 @@
return;
};
let pos = state.pos();
- let _ = write!(writer, "{} / {}", pos.human_count_bare(), len.human_count_bare());
+ if pos > len {
+ let _ = write!(writer, "{}", pos.human_count_bare());
+ } else {
+ let _ = write!(writer, "{} / {}", pos.human_count_bare(), len.human_count_bare());
+ }
})
.with_key(
"color_start",
@@ -151,7 +155,7 @@
tracing_subscriber::fmt::layer()
.without_time()
.with_target(true)
- .with_writer(indicatif_layer.get_stderr_writer())
+ .with_writer(indicatif_layer.get_stdout_writer())
.with_filter(filter), // .withou,
)
.with(indicatif_layer)
@@ -159,12 +163,15 @@
}
#[tokio::main]
-async fn main() {
+async fn main() -> ExitCode {
setup_logging();
if let Err(e) = main_real().await {
+ // If I remove this line, the next error!() line gets eaten.
+ info!("fixme: this line gets eaten by tracing-indicatif on levels info+");
error!("{e:#}");
- exit(1);
+ return ExitCode::FAILURE;
}
+ ExitCode::SUCCESS
}
async fn main_real() -> Result<()> {
cmds/install-secrets/Cargo.tomldiffbeforeafterboth--- a/cmds/install-secrets/Cargo.toml
+++ b/cmds/install-secrets/Cargo.toml
@@ -4,18 +4,18 @@
edition = "2021"
[dependencies]
-age = { version = "0.9.2", features = ["ssh"] }
-anyhow = "1.0.75"
-env_logger = "0.10.0"
-log = "0.4.20"
+age = { version = "0.10.0", features = ["ssh"] }
+anyhow = "1.0.79"
+tracing-subscriber = "0.3"
+tracing = "0.1"
nix = {version = "0.27.1", features = ["user", "fs"]}
-serde = { version = "1.0.190", features = ["derive"] }
-serde_json = "1.0.107"
-clap = { version = "4.4.7", features = [
+serde = { version = "1.0.196", features = ["derive"] }
+serde_json = "1.0.113"
+clap = { version = "4.5.1", features = [
"derive",
"env",
"wrap_help",
"unicode",
] }
-tempfile = "3.8.1"
+tempfile = "3.10.0"
z85 = "3.0.5"
cmds/install-secrets/src/main.rsdiffbeforeafterboth--- a/cmds/install-secrets/src/main.rs
+++ b/cmds/install-secrets/src/main.rs
@@ -2,9 +2,8 @@
use age::{Encryptor, Identity, Recipient};
use anyhow::{anyhow, bail, Context, Result};
use clap::Parser;
-use log::{error, info, warn};
use nix::sys::stat::Mode;
-use nix::unistd::{User, Group, chown};
+use nix::unistd::{chown, Group, User};
use serde::{Deserialize, Deserializer};
use std::fmt::{self, Display};
use std::fs::{self, File};
@@ -14,6 +13,9 @@
use std::path::Path;
use std::str::{from_utf8, FromStr};
use std::{collections::HashMap, path::PathBuf};
+use tracing::{error, info, warn};
+use tracing_subscriber::filter::LevelFilter;
+use tracing_subscriber::EnvFilter;
#[derive(Clone, Debug)]
struct SecretWrapper(Vec<u8>);
@@ -228,8 +230,13 @@
}
fn main() -> anyhow::Result<()> {
- env_logger::Builder::new()
- .filter_level(log::LevelFilter::Info)
+ tracing_subscriber::fmt()
+ .with_env_filter(
+ EnvFilter::builder()
+ .with_default_directive(LevelFilter::INFO.into())
+ .from_env_lossy(),
+ )
+ .without_time()
.init();
let opts = Opts::parse();
crates/better-command/Cargo.tomldiffbeforeafterboth--- a/crates/better-command/Cargo.toml
+++ b/crates/better-command/Cargo.toml
@@ -3,12 +3,10 @@
version = "0.1.0"
edition = "2021"
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
[dependencies]
-once_cell = "1.19.0"
-regex = "1.10.2"
-serde = { version = "1.0.193", features = ["derive"] }
-serde_json = "1.0.108"
-tracing = "0.1.40"
-tracing-indicatif = "0.3.6"
+once_cell = "1.19"
+regex = "1.10"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+tracing = "0.1"
+tracing-indicatif = "0.3"
crates/nixlike/Cargo.tomldiffbeforeafterboth--- a/crates/nixlike/Cargo.toml
+++ b/crates/nixlike/Cargo.toml
@@ -7,8 +7,8 @@
alejandra = {git = "https://github.com/kamadorueda/alejandra"}
linked-hash-map = "0.5.6"
peg = "0.8.2"
-serde = "1.0.190"
-thiserror = "1.0.50"
-serde_json = "1.0.107"
+serde = "1.0.196"
+thiserror = "1.0.57"
+serde_json = "1.0.113"
ron = "0.8.1"
serde-transcode = "1.1.1"
flake.lockdiffbeforeafterboth--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1701680307,
- "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+ "lastModified": 1705309234,
+ "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+ "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@@ -23,11 +23,11 @@
"systems": "systems_2"
},
"locked": {
- "lastModified": 1681202837,
- "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+ "lastModified": 1705309234,
+ "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+ "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@@ -38,11 +38,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1704409229,
- "narHash": "sha256-Vc41cRJ3trOnocovLe0zZE35pK5Lfuo/zHk0xx3CNDY=",
+ "lastModified": 1708177587,
+ "narHash": "sha256-Tj/YV9kdC+I7V/kjrq3Bdl8z2VIHT5hiAG74s52vLgw=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "786f788914f2a6e94cedf361541894e972b8fd23",
+ "rev": "3c43b81701e73452df1c080b05770407da9e16d6",
"type": "github"
},
"original": {
@@ -67,11 +67,11 @@
]
},
"locked": {
- "lastModified": 1704075545,
- "narHash": "sha256-L3zgOuVKhPjKsVLc3yTm2YJ6+BATyZBury7wnhyc8QU=",
+ "lastModified": 1708135817,
+ "narHash": "sha256-EUMO/K3+Wgh0THOLoRXhxrh6G/pQ7BlJ8No+ciy1nKA=",
"owner": "oxalica",
"repo": "rust-overlay",
- "rev": "a0df72e106322b67e9c6e591fe870380bd0da0d5",
+ "rev": "c77e68d33a84ce3f9e86905c0f2ef78d5defad28",
"type": "github"
},
"original": {
flake.nixdiffbeforeafterboth--- a/flake.nix
+++ b/flake.nix
@@ -29,7 +29,7 @@
llvmPkgs = pkgs.buildPackages.llvmPackages_11;
rust =
(pkgs.rustChannelOf {
- date = "2024-01-01";
+ date = "2024-02-10";
channel = "nightly";
})
.default
@@ -38,12 +38,14 @@
packages = (import ./pkgs) pkgs pkgs;
devShell = (pkgs.mkShell.override {stdenv = llvmPkgs.stdenv;}) {
nativeBuildInputs = with pkgs; [
+ alejandra
rust
lld
cargo-edit
cargo-udeps
cargo-fuzz
cargo-watch
+ cargo-outdated
pkg-config
openssl
modules/fleet/secrets.nixdiffbeforeafterboth1{ lib, fleetLib, config, ... }: with lib; with fleetLib;2let3 sharedSecret = with types; ({config, ...}: {4 options = {5 expectedOwners = mkOption {6 type = nullOr (listOf str);7 description = ''8 List of hosts to encrypt secret for. null if managed by user (= via owners field from fleet.nix)910 Secrets would be decrypted and stored to /run/secrets/$\{name} on owners11 '';12 };13 # TODO: Aren't those options may be just desugared to data/expectedData?14 regenerateOnOwnerAdded = mkOption {15 type = bool;16 description = ''17 Is this secret owner-dependent, and needs to be regenerated on ownership set change, or it may be just reencrypted.18 19 You want to have this option set to true, when this secret contains some reference to its owners, i.e x509 SANs.20 '';21 };22 regenerateOnOwnerRemoved = mkOption {23 default = config.regenerateOnOwnerAdded;24 type = bool;25 description = ''26 Should this secret be removed on owner removal, or it may be just reencrypted27 28 Most probably its value should be equal to regenerateOnOwnerAdded, override only if you know what are you doing.29 Contrary to regenerateOnOwnerAdded, you may want to set this option to false, when host permissions are revoked30 in some other way than by this secret ownership, I.e by firewall/etc.31 '';32 };33 generator = mkOption {34 type = nullOr unspecified;35 description = "Derivation to evaluate for secret generation";36 default = null;37 };38 createdAt = mkOption {39 type = nullOr str;40 description = "When this secret was (re)generated";41 default = null;42 };43 expiresAt = mkOption {44 type = nullOr str;45 description = "On which date this secret will expire, someone should regenerate this secret before it expires.";46 default = null;47 };4849 owners = mkOption {50 type = listOf str;51 description = ''52 For which owners this secret is currently encrypted,53 if not matches expectedOwners - then this secret is considered outdated, and54 should be regenerated/reencrypted.5556 Imported from fleet.nix57 '';58 default = [ ];59 };60 # TODO: Make secret generator generate arbitrary number of secret/public parts?61 # Make it generate a folder, where all files except suffixed by .enc are public, and the rest are secret?62 # How should modules refer to those files then?63 public = mkOption {64 type = nullOr str;65 description = "Secret public data. Imported from fleet.nix";66 default = null;67 };68 secret = mkOption {69 type = nullOr str;70 description = "Encrypted secret data. Imported from fleet.nix";71 default = null;72 internal = true;73 };74 };75 });76 hostSecret = with types; {77 options = {78 createdAt = mkOption {79 type = nullOr str;80 default = null;81 };82 expiresAt = mkOption {83 type = nullOr str;84 default = null;85 };86 public = mkOption {87 type = nullOr str;88 description = "Secret public data. Imported from fleet.nix";89 default = null;90 };91 secret = mkOption {92 type = nullOr str;93 description = "Encrypted secret data. Imported from fleet.nix";94 default = null;95 internal = true;96 };97 };98 };99in100{101 options = with types; {102 sharedSecrets = mkOption {103 type = attrsOf (submodule sharedSecret);104 default = { };105 description = "Shared secrets";106 };107 hostSecrets = mkOption {108 type = attrsOf (attrsOf (submodule hostSecret));109 default = { };110 description = "Host secrets. Imported from fleet.nix";111 internal = true;112 };113 };114 config = {115 assertions = mapAttrsToList116 (name: secret: {117 assertion = secret.expectedOwners == null || builtins.sort (a: b: a < b) secret.owners == builtins.sort (a: b: a < b) secret.expectedOwners;118 message = "Shared secret ${name} is expected to be encrypted for ${builtins.toJSONsecret.expectedOwners}, but it is encrypted for ${builtins.toJSONsecret.owners}. Run fleet secrets regenerate to fix";119 })120 config.sharedSecrets;121 hosts = hostsToAttrs (host: {122 modules =123 let124 cleanupSecret = (secretName: v: {125 inherit (v) public secret;126 shared = true;127 });128 in129 [130 {131 secrets = (mapAttrs cleanupSecret132 (filterAttrs (_: v: builtins.elem host v.owners) config.sharedSecrets)133 ) // (mapAttrs cleanupSecret (config.hostSecrets.${host} or { }));134 }135 ];136 });137 };138}1{2 lib,3 fleetLib,4 config,5 ...6}:7with lib;8with fleetLib; let9 sharedSecret = with types; ({config, ...}: {10 options = {11 expectedOwners = mkOption {12 type = nullOr (listOf str);13 description = ''14 List of hosts to encrypt secret for. null if managed by user (= via owners field from fleet.nix)1516 Secrets would be decrypted and stored to /run/secrets/$\{name} on owners17 '';18 default = null;19 };20 # TODO: Aren't those options may be just desugared to data/expectedData?21 regenerateOnOwnerAdded = mkOption {22 type = bool;23 description = ''24 Is this secret owner-dependent, and needs to be regenerated on ownership set change, or it may be just reencrypted.2526 You want to have this option set to true, when this secret contains some reference to its owners, i.e x509 SANs.27 '';28 };29 regenerateOnOwnerRemoved = mkOption {30 default = config.regenerateOnOwnerAdded;31 type = bool;32 description = ''33 Should this secret be removed on owner removal, or it may be just reencrypted3435 Most probably its value should be equal to regenerateOnOwnerAdded, override only if you know what are you doing.36 Contrary to regenerateOnOwnerAdded, you may want to set this option to false, when host permissions are revoked37 in some other way than by this secret ownership, I.e by firewall/etc.38 '';39 };40 generator = mkOption {41 type = nullOr unspecified;42 description = "Derivation to evaluate for secret generation";43 default = null;44 };45 createdAt = mkOption {46 type = nullOr str;47 description = "When this secret was (re)generated";48 default = null;49 };50 expiresAt = mkOption {51 type = nullOr str;52 description = "On which date this secret will expire, someone should regenerate this secret before it expires.";53 default = null;54 };5556 owners = mkOption {57 type = listOf str;58 description = ''59 For which owners this secret is currently encrypted,60 if not matches expectedOwners - then this secret is considered outdated, and61 should be regenerated/reencrypted.6263 Imported from fleet.nix64 '';65 default = [];66 };67 # TODO: Make secret generator generate arbitrary number of secret/public parts?68 # Make it generate a folder, where all files except suffixed by .enc are public, and the rest are secret?69 # How should modules refer to those files then?70 public = mkOption {71 type = nullOr str;72 description = "Secret public data. Imported from fleet.nix";73 default = null;74 };75 secret = mkOption {76 type = nullOr str;77 description = "Encrypted secret data. Imported from fleet.nix";78 default = null;79 internal = true;80 };81 };82 });83 hostSecret = with types; {84 options = {85 createdAt = mkOption {86 type = nullOr str;87 default = null;88 };89 expiresAt = mkOption {90 type = nullOr str;91 default = null;92 };93 public = mkOption {94 type = nullOr str;95 description = "Secret public data. Imported from fleet.nix";96 default = null;97 };98 secret = mkOption {99 type = nullOr str;100 description = "Encrypted secret data. Imported from fleet.nix";101 default = null;102 internal = true;103 };104 };105 };106in {107 options = with types; {108 sharedSecrets = mkOption {109 type = attrsOf (submodule sharedSecret);110 default = {};111 description = "Shared secrets";112 };113 hostSecrets = mkOption {114 type = attrsOf (attrsOf (submodule hostSecret));115 default = {};116 description = "Host secrets. Imported from fleet.nix";117 internal = true;118 };119 };120 config = {121 assertions =122 mapAttrsToList123 (name: secret: {124 assertion = secret.expectedOwners == null || builtins.sort (a: b: a < b) secret.owners == builtins.sort (a: b: a < b) secret.expectedOwners;125 message = "Shared secret ${name} is expected to be encrypted for ${builtins.toJSONsecret.expectedOwners}, but it is encrypted for ${builtins.toJSONsecret.owners}. Run fleet secrets regenerate to fix";126 })127 config.sharedSecrets;128 hosts = hostsToAttrs (host: {129 modules = let130 cleanupSecret = secretName: v: {131 inherit (v) public secret;132 shared = true;133 };134 in [135 {136 secrets =137 (138 mapAttrs cleanupSecret139 (filterAttrs (_: v: builtins.elem host v.owners) config.sharedSecrets)140 )141 // (mapAttrs cleanupSecret (config.hostSecrets.${host} or {}));142 }143 ];144 });145 # TODO: Should this attribute be moved to `nixpkgs.overlays`?146 overlays = [147 (final: prev: let148 lib = final.lib;149 in {150 mkPassword = {size ? 32}:151 final.mkSecretGenerator ''152 ${final.coreutils}/bin/tr -dc 'A-Za-z0-9!?%=' < /dev/random \153 | ${final.coreutils}/bin/head -c ${toStringsize} \154 | encrypt > $out/secret155 '';156 mkRsa = {size ? 4096}:157 final.mkSecretGenerator ''158 ${final.openssl}/bin/openssl genrsa -out rsa_private.key ${toStringsize}159 ${final.openssl}/bin/openssl rsa -in rsa_private.key -pubout -out rsa_public.key160161 sudo cat rsa_private.key | encrypt > $out/secret162 sudo cat rsa_public.key > $out/public163 '';164 # TODO: Move to fleet165 # TODO: Merge both generators to one with consistent options syntax?166 # Impure generator is built on local machine, then built closure is copied to remote machine,167 # and then it is ran in inpure context, so that this generator may access HSMs and other things.168 mkImpureSecretGenerator = generatorText: machine:169 (prev.writeShellScript "impureGenerator.sh" ''170 #!/bin/sh171 set -eu172173 # TODO: Provide encryption function as script passed to `callPackage generator {encrypt = ...;}`174 function encrypt() {175 eval ${final.rage}/bin/rage $rageArgs176 }177178 created_at=date-u"%Y-%m-%dT%H:%M:%S.%NZ"179 echo -n $created_at > $out/created_at180181 ${generatorText}182183 echo -n SUCCESS > $out/marker184 '')185 .overrideAttrs (old: {186 passthru = {187 generatorKind = "impure";188 impureOn = machine;189 };190 });191 # TODO: Implement consistent naming192 # Pure secret generator is supposed to be run entirely by nix, using `__impure` derivation type...193 # But for now, it is ran the same way as `impureSecretGenerator`, but on the local machine.194 mkSecretGenerator = generatorText:195 (prev.writeShellScript "generator.sh" ''196 #!/bin/sh197 set -eu198 # TODO: User should create output directory by themselves.199 cd $out200201 # TODO: Provide encryption function as script passed to `callPackage generator {encrypt = ...;}`202 function encrypt() {203 eval ${final.rage}/bin/rage $rageArgs204 }205206 created_at=date-u"%Y-%m-%dT%H:%M:%S.%NZ"207 echo -n $created_at > $out/created_at208209 ${generatorText}210211 echo -n SUCCESS > $out/marker212 '')213 .overrideAttrs (old: {214 passthru = {215 generatorKind = "pure";216 };217 # TODO: make nix daemon build secret, not just the script.218 # __impure = true;219 });220 })221 ];222 };223}