git.delta.rocks / jrsonnet / refs/commits / b66f85717079

difftreelog

chore(deps) update to `age` version `0.11` (#9)

Petr Portnov | PROgrm_JARvis2024-11-17parent: #966948d.patch.diff
in: trunk
* chore(deps): update to `age` version `0.11`

* chore(deps): update the remaining dependencies

* chore: simplify `encrypt_secret_data` bounds

* chore: simplify `encrypt_secret_data` bounds even more

9 files changed

modifiedCargo.lockdiffbeforeafterboth
before · Cargo.lock
397 packageslockfile v3
modifiedCargo.tomldiffbeforeafterboth
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@
 tokio-util = { version = "0.7.11", features = ["codec"] }
 clap = { version = "4.5", features = ["derive", "env", "wrap_help", "unicode"] }
 clap_complete = "4.5"
-age = { version = "0.10", features = ["ssh"] }
+age = { version = "0.11", features = ["ssh"] }
 anyhow = "1.0"
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
modifiedcmds/fleet/Cargo.tomldiffbeforeafterboth
--- a/cmds/fleet/Cargo.toml
+++ b/cmds/fleet/Cargo.toml
@@ -20,7 +20,7 @@
 tempfile.workspace = true
 time = { version = "0.3", features = ["serde"] }
 hostname = "0.4.0"
-age-core = "0.10"
+age-core = "0.11"
 peg = "0.8"
 base64 = "0.22.1"
 chrono = { version = "0.4", features = ["serde"] }
@@ -29,15 +29,15 @@
 futures = "0.3"
 itertools = "0.13"
 shlex = "1.3"
-tabled = { version = "0.15" }
+tabled = { version = "0.16" }
 owo-colors = { version = "4.0", features = [
 	"supports-color",
 	"supports-colors",
 ] }
 abort-on-drop = "0.2"
 regex = "1.10"
-openssh = "0.10"
-crossterm = { version = "0.27.0", features = ["use-dev-tty"] }
+openssh = "0.11"
+crossterm = { version = "0.28.0", features = ["use-dev-tty"] }
 fleet-shared.workspace = true
 
 tracing-indicatif = { version = "0.3", optional = true }
modifiedcmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth
--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -4,6 +4,7 @@
 	path::PathBuf,
 };
 
+use age::Recipient;
 use anyhow::{anyhow, bail, ensure, Context, Result};
 use chrono::{DateTime, Utc};
 use clap::Parser;
@@ -161,7 +162,8 @@
 
 	if should_regenerate {
 		info!("secret is owner-dependent, will regenerate");
-		let generated = generate_shared(config, secret_name, field, updated_set.to_vec(), batch).await?;
+		let generated =
+			generate_shared(config, secret_name, field, updated_set.to_vec(), batch).await?;
 		Ok(generated)
 	} else {
 		drop(batch);
@@ -487,8 +489,9 @@
 				io::stdin().read_to_end(&mut input)?;
 
 				if !input.is_empty() {
-					let encrypted = encrypt_secret_data(recipients, input)
-						.ok_or_else(|| anyhow!("no recipients provided"))?;
+					let encrypted =
+						encrypt_secret_data(recipients.iter().map(|r| r as &dyn Recipient), input)
+							.ok_or_else(|| anyhow!("no recipients provided"))?;
 					parts.insert(part_name, FleetSecretPart { raw: encrypted });
 				}
 
@@ -536,8 +539,8 @@
 
 				if let Some(secret) = parse_secret().await? {
 					let recipient = config.recipient(&machine).await?;
-					let encrypted =
-						encrypt_secret_data(vec![recipient], secret).expect("recipient provided");
+					let encrypted = encrypt_secret_data([&recipient as &dyn Recipient], secret)
+						.expect("recipient provided");
 					if out
 						.parts
 						.insert(part_name.clone(), FleetSecretPart { raw: encrypted })
modifiedcmds/generator-helper/src/main.rsdiffbeforeafterboth
--- a/cmds/generator-helper/src/main.rs
+++ b/cmds/generator-helper/src/main.rs
@@ -89,15 +89,10 @@
 		.map_err(|e| anyhow!("parse recipients: {e:?}"))
 }
 fn make_encryptor(r: &Identities) -> Result<Encryptor> {
-	Ok(Encryptor::with_recipients(
-		r.iter()
-			.map(|v| {
-				let coerced: Box<dyn Recipient + Send> = Box::new(v.clone());
-				coerced
-			})
-			.collect(),
+	Ok(
+		Encryptor::with_recipients(r.iter().map(|v| v as &dyn Recipient))
+			.expect("list is not empty"),
 	)
-	.expect("list is not empty"))
 }
 fn wrap_encoder<'t>(w: impl Write + 't, encoding: OutputEncoding) -> impl Write + 't {
 	fn coerce<'t>(w: impl Write + 't) -> Box<dyn Write + 't> {
modifiedcmds/install-secrets/src/main.rsdiffbeforeafterboth
--- a/cmds/install-secrets/src/main.rs
+++ b/cmds/install-secrets/src/main.rs
@@ -68,10 +68,9 @@
 	ensure!(input.encrypted, "passed data is not encrypted!");
 	let mut input = Cursor::new(&input.data);
 	let decryptor = Decryptor::new(&mut input).context("failed to init decryptor")?;
-	let decryptor = match decryptor {
-		Decryptor::Recipients(r) => r,
-		Decryptor::Passphrase(_) => bail!("should be recipients"),
-	};
+	if decryptor.is_scrypt() {
+		bail!("should be recipients");
+	}
 	let mut decryptor = decryptor
 		.decrypt(iter::once(identity as &dyn age::Identity))
 		.context("failed to decrypt, wrong key?")?;
@@ -89,10 +88,7 @@
 			SshRecipient::from_str(&t).map_err(|e| anyhow!("failed to parse recipient: {e:?}"))
 		})
 		.collect::<Result<Vec<SshRecipient>>>()?;
-	let recipients = recipients
-		.into_iter()
-		.map(|v| Box::new(v) as Box<dyn Recipient + Send>)
-		.collect::<Vec<_>>();
+	let recipients = recipients.iter().map(|v| v as &dyn Recipient);
 	let mut encrypted = vec![];
 	let mut encryptor = Encryptor::with_recipients(recipients)
 		.expect("recipients provided")
modifiedcrates/fleet-base/src/fleetdata.rsdiffbeforeafterboth
--- a/crates/fleet-base/src/fleetdata.rs
+++ b/crates/fleet-base/src/fleetdata.rs
@@ -6,7 +6,6 @@
 use age::Recipient;
 use chrono::{DateTime, Utc};
 use fleet_shared::SecretData;
-use itertools::Itertools;
 use serde::{de::Error, Deserialize, Serialize};
 use serde_json::Value;
 
@@ -73,16 +72,13 @@
 }
 
 /// Returns None if recipients.is_empty()
-pub fn encrypt_secret_data(
-	recipients: impl IntoIterator<Item = impl Recipient + Send + 'static>,
+pub fn encrypt_secret_data<'a>(
+	recipients: impl IntoIterator<Item = &'a dyn Recipient>,
 	data: Vec<u8>,
 ) -> Option<SecretData> {
 	let mut encrypted = vec![];
-	let recipients = recipients
-		.into_iter()
-		.map(|v| Box::new(v) as Box<dyn Recipient + Send>)
-		.collect_vec();
-	let mut encryptor = age::Encryptor::with_recipients(recipients)?
+	let mut encryptor = age::Encryptor::with_recipients(recipients.into_iter())
+		.ok()?
 		.wrap_output(&mut encrypted)
 		.expect("in memory write");
 	io::copy(&mut Cursor::new(data), &mut encryptor).expect("in memory copy");
modifiedflake.lockdiffbeforeafterboth
--- a/flake.lock
+++ b/flake.lock
@@ -37,11 +37,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731514040,
-        "narHash": "sha256-4VkY8gwyR83N6MPT7ipXTOSBXpVL2Hrwh898UAR3HZ8=",
+        "lastModified": 1731873344,
+        "narHash": "sha256-bKfFggwcvvh9gmOsaMCXKVAGBfXCZZ6QrxLq9Nb1/vw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "155168226cb666d242306e13d7dbdaa8a76d20e1",
+        "rev": "39e98fadd66c2564ac85b1f65bab89e044302c62",
         "type": "github"
       },
       "original": {
@@ -66,11 +66,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731464916,
-        "narHash": "sha256-WZ5rpjr/wCt7yBOUsvDE2i22hYz9g8W921jlwVktRQ4=",
+        "lastModified": 1731820690,
+        "narHash": "sha256-/hHFMTD+FGURXZ4JtfXoIgpy87zL505pVi6AL76Wc+U=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "2c19bad6e881b5a154cafb7f9106879b5b356d1f",
+        "rev": "bbab2ab9e1932133b1996baa1dc00fefe924ca81",
         "type": "github"
       },
       "original": {
modifiedmodules/secrets.nixdiffbeforeafterboth
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -1,4 +1,8 @@
-{lib, config, ...}: let
+{
+  lib,
+  config,
+  ...
+}: let
   inherit (lib.options) mkOption;
   inherit (lib.types) unspecified nullOr listOf str bool attrsOf submodule;
   inherit (lib.strings) concatStringsSep;
@@ -51,9 +55,11 @@
     };
   };
   config = {
-    hosts = mapAttrs (_: secretMap: {
-      nixos.secrets = mapAttrs (_: s: removeAttrs s ["createdAt" "expiresAt"]) secretMap;
-    }) config.data.hostSecrets;
+    hosts =
+      mapAttrs (_: secretMap: {
+        nixos.secrets = mapAttrs (_: s: removeAttrs s ["createdAt" "expiresAt"]) secretMap;
+      })
+      config.data.hostSecrets;
     nixpkgs.overlays = [
       (final: prev: {
         mkSecretGenerators = {recipients}: rec {