difftreelog
refactor cleanup bindings
in: trunk
12 files changed
Cargo.lockdiffbeforeafterboth--- a/Cargo.lock
+++ b/Cargo.lock
@@ -729,22 +729,6 @@
]
[[package]]
-name = "ctor"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67773048316103656a637612c4a62477603b777d91d9c62ff2290f9cde178fdb"
-dependencies = [
- "ctor-proc-macro",
- "dtor",
-]
-
-[[package]]
-name = "ctor-proc-macro"
-version = "0.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2931af7e13dc045d8e9d26afccc6fa115d64e115c9c84b1166288b46f6782c2"
-
-[[package]]
name = "ctr"
version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -916,21 +900,6 @@
]
[[package]]
-name = "dtor"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e58a0764cddb55ab28955347b45be00ade43d4d6f3ba4bf3dc354e4ec9432934"
-dependencies = [
- "dtor-proc-macro",
-]
-
-[[package]]
-name = "dtor-proc-macro"
-version = "0.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f678cf4a922c215c63e0de95eb1ff08a958a81d47e485cf9da1e27bf6305cfa5"
-
-[[package]]
name = "ed25519"
version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1973,17 +1942,12 @@
version = "0.1.0"
dependencies = [
"anyhow",
- "better-command",
"bindgen",
- "ctor",
"cxx",
"cxx-build",
- "futures",
"itertools 0.14.0",
"nixlike",
"pkg-config",
- "r2d2",
- "regex",
"serde",
"serde_json",
"test-log",
@@ -1992,7 +1956,6 @@
"tokio-util",
"tracing",
"tracing-indicatif",
- "unindent",
]
[[package]]
@@ -2454,17 +2417,6 @@
version = "5.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
-
-[[package]]
-name = "r2d2"
-version = "0.8.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51de85fb3fb6524929c8a2eb85e6b6d363de4e8c48f9e2c2eac4944abc181c93"
-dependencies = [
- "log",
- "parking_lot",
- "scheduled-thread-pool",
-]
[[package]]
name = "rand"
@@ -2829,15 +2781,6 @@
]
[[package]]
-name = "scheduled-thread-pool"
-version = "0.2.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3cbc66816425a074528352f5789333ecff06ca41b36b0b0efdfbb29edc391a19"
-dependencies = [
- "parking_lot",
-]
-
-[[package]]
name = "scopeguard"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3673,12 +3616,6 @@
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
-
-[[package]]
-name = "unindent"
-version = "0.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7264e107f553ccae879d21fbea1d6724ac785e8c3bfc762137959b5802826ef3"
[[package]]
name = "unit-prefix"
cmds/fleet/Cargo.tomldiffbeforeafterboth--- a/cmds/fleet/Cargo.toml
+++ b/cmds/fleet/Cargo.toml
@@ -55,4 +55,5 @@
"dep:indicatif",
"dep:human-repr",
"better-command/indicatif",
+ "nix-eval/indicatif",
]
cmds/fleet/src/cmds/build_systems.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/build_systems.rs
+++ b/cmds/fleet/src/cmds/build_systems.rs
@@ -28,18 +28,12 @@
build_attr: String,
}
-async fn build_task(
- config: Config,
- hostname: String,
- build_attr: &str,
- // batch: Option<NixBuildBatch>,
-) -> Result<PathBuf> {
+async fn build_task(config: Config, hostname: String, build_attr: &str) -> Result<PathBuf> {
info!("building");
let host = config.host(&hostname).await?;
// let action = Action::from(self.subcommand.clone());
let nixos = host.nixos_config().await?;
let drv = nix_go!(nixos.system.build[{ build_attr }]);
- // let outputs = drv.build_maybe_batch(batch).await?;
let out_output = drv.build("out").await?;
// We already have system profiles for backups.
@@ -66,17 +60,11 @@
let hosts = opts.filter_skipped(config.list_hosts().await?).await?;
let set = LocalSet::new();
let build_attr = self.build_attr.clone();
- // let batch = (hosts.len() > 1).then(|| {
- // config
- // .nix_session
- // .new_build_batch("build-hosts".to_string())
- // });
for host in hosts {
let config = config.clone();
let span = info_span!("build", host = field::display(&host.name));
let hostname = host.name;
let build_attr = build_attr.clone();
- // let batch = batch.clone();
set.spawn_local(
(async move {
let built = match build_task(config, hostname.clone(), &build_attr).await {
@@ -107,11 +95,6 @@
pub async fn run(self, config: &Config, opts: &FleetOpts) -> Result<()> {
let hosts = opts.filter_skipped(config.list_hosts().await?).await?;
let set = LocalSet::new();
- // let batch = (hosts.len() > 1).then(|| {
- // config
- // .nix_session
- // .new_build_batch("deploy-hosts".to_string())
- // });
for host in hosts.into_iter() {
let config = config.clone();
let span = info_span!("deploy", host = field::display(&host.name));
cmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth1use std::{2 collections::{BTreeMap, BTreeSet, HashSet},3 io::{self, Read, Write, stdin, stdout},4 path::PathBuf,5 slice,6};78use age::Recipient;9use anyhow::{Context, Result, anyhow, bail, ensure};10use chrono::{DateTime, Utc};11use clap::Parser;12use fleet_base::{13 fleetdata::{FleetSecret, FleetSecretPart, FleetSharedSecret, encrypt_secret_data},14 host::Config,15 opts::FleetOpts,16};17use fleet_shared::SecretData;18use nix_eval::{NixType, Value, nix_go, nix_go_json};19use owo_colors::OwoColorize;20use serde::Deserialize;21use tabled::{Table, Tabled};22use tokio::fs::read;23use tracing::{Instrument, error, info, info_span, warn};2425#[derive(Parser)]26pub enum Secret {27 AddManager,28 /// Force load host keys for all defined hosts29 ForceKeys,30 /// Add secret, data should be provided in stdin31 AddShared {32 /// Secret name33 name: String,34 /// Secret owners35 #[clap(long, short)]36 machines: Vec<String>,37 /// Override secret if already present38 #[clap(long)]39 force: bool,40 /// Secret public part41 #[clap(long)]42 public: Option<String>,43 /// Load public part from specified file44 #[clap(long)]45 public_file: Option<PathBuf>,4647 /// Create a notification on secret expiration48 #[clap(long)]49 expires_at: Option<DateTime<Utc>>,5051 /// Secret with this name already exists, override its value while keeping the same owners.52 #[clap(long)]53 re_add: bool,5455 /// How to name public secret part56 #[clap(long, short = 'p', default_value = "public")]57 public_part: String,58 /// How to name private secret part59 #[clap(short = 's', long, default_value = "secret")]60 part: String,61 },62 /// Add secret, data should be provided in stdin63 Add {64 /// Secret name65 name: String,66 /// Secret owner67 #[clap(short = 'm', long)]68 machine: String,69 /// Replace secret if already present70 #[clap(long)]71 replace: bool,72 /// Add new parts to existing secret73 #[clap(long)]74 merge: bool,75 /// Secret public part76 #[clap(long)]77 public: Option<String>,78 /// Load public part from specified file79 #[clap(long)]80 public_file: Option<PathBuf>,8182 /// How to name public secret part83 #[clap(short = 'p', long, default_value = "public")]84 public_part: String,85 /// How to name private secret part86 #[clap(short = 's', long, default_value = "secret")]87 part: String,88 },89 /// Read secret from remote host, requires sudo on said host90 Read {91 name: String,92 #[clap(short = 'm', long)]93 machine: String,9495 /// Which private secret part to read96 #[clap(short = 'p', long, default_value = "secret")]97 part: String,98 },99 /// Read secret from remote host, requires sudo on said host100 ReadShared {101 name: String,102 /// Which private secret part to read103 #[clap(short = 'p', long, default_value = "secret")]104 part: String,105 /// Which host should we use to decrypt, in case if reencryption is required, without106 /// regeneration107 #[clap(long)]108 prefer_identities: Vec<String>,109 },110 UpdateShared {111 name: String,112113 #[clap(short = 'm', long)]114 machine: Option<Vec<String>>,115116 #[clap(long)]117 add_machine: Vec<String>,118 #[clap(long)]119 remove_machine: Vec<String>,120121 /// Which host should we use to decrypt122 #[clap(long)]123 prefer_identities: Vec<String>,124 },125 Regenerate {126 /// Which host should we use to decrypt, in case if reencryption is required, without127 /// regeneration128 #[clap(long)]129 prefer_identities: Vec<String>,130 /// Only regenerate shared secrets131 #[clap(long)]132 skip_hosts: bool,133 },134 List {},135 Edit {136 name: String,137 #[clap(short = 'm', long)]138 machine: String,139140 #[clap(long)]141 add: bool,142143 /// Which private secret part to read144 #[clap(short = 'p', long, default_value = "secret")]145 part: String,146 },147}148149fn secret_needs_regeneration(150 secret: &FleetSecret,151 expected_generation_data: &serde_json::Value,152) -> bool {153 let data_is_expected = secret.generation_data == *expected_generation_data;154 // TODO: Leeway?155 let expired = secret156 .expires_at157 .map(|expiration| expiration < Utc::now())158 .unwrap_or(false);159 expired || !data_is_expected160}161162#[allow(clippy::too_many_arguments)]163#[tracing::instrument(skip(config, secret, field, prefer_identities))]164async fn maybe_regenerate_shared_secret(165 secret_name: &str,166 config: &Config,167 mut secret: FleetSharedSecret,168 field: Value,169 expected_owners: &[String],170 expected_generation_data: serde_json::Value,171 prefer_identities: &[String],172 // batch: Option<NixBuildBatch>,173) -> Result<FleetSharedSecret> {174 let original_set = secret.owners.clone();175176 let set = original_set.iter().collect::<BTreeSet<_>>();177 let expected_set = expected_owners.iter().collect::<BTreeSet<_>>();178179 let regeneration_required =180 secret_needs_regeneration(&secret.secret, &expected_generation_data);181182 if set == expected_set && !regeneration_required {183 info!("no need to update owner list, it is already correct");184 return Ok(secret);185 }186187 let should_regenerate = if regeneration_required {188 info!("secret has its generation data changed, regeneration is required");189 true190 } else if set.difference(&expected_set).next().is_some() {191 // TODO: Remove this warning for revokable secrets.192 warn!(193 "host was removed from secret owners, but until this host rebuild, the secret will still be stored on it."194 );195 nix_go_json!(field.regenerateOnOwnerRemoved)196 } else if expected_set.difference(&set).next().is_some() {197 nix_go_json!(field.regenerateOnOwnerAdded)198 } else {199 false200 };201202 if should_regenerate {203 info!("secret needs to be regenerated");204 let generated = generate_shared(205 config,206 secret_name,207 field,208 expected_owners.to_vec(),209 expected_generation_data,210 // batch,211 )212 .await?;213 Ok(generated)214 } else {215 // drop(batch);216 let identity_holder = if !prefer_identities.is_empty() {217 prefer_identities218 .iter()219 .find(|i| original_set.iter().any(|s| s == *i))220 } else {221 secret.owners.first()222 };223 let Some(identity_holder) = identity_holder else {224 bail!("no available holder found");225 };226227 for (part_name, part) in secret.secret.parts.iter_mut() {228 let _span = info_span!("part reencryption", part_name);229 if !part.raw.encrypted {230 continue;231 }232 let host = config.host(identity_holder).await?;233 let encrypted = host234 .reencrypt(part.raw.clone(), expected_owners.to_vec())235 .await?;236 part.raw = encrypted;237 }238239 secret.owners = expected_owners.to_vec();240 Ok(secret)241 }242}243244#[derive(Deserialize)]245#[serde(rename_all = "camelCase")]246enum GeneratorKind {247 Impure,248 Pure,249}250251async fn generate_pure(252 _config: &Config,253 _display_name: &str,254 _secret: Value,255 _default_generator: Value,256 _owners: &[String],257) -> Result<FleetSecret> {258 bail!("pure generators are broken for now")259}260async fn generate_impure(261 config: &Config,262 _display_name: &str,263 secret: Value,264 default_generator: Value,265 expected_owners: &[String],266 expected_generation_data: serde_json::Value,267 // batch: Option<NixBuildBatch>,268) -> Result<FleetSecret> {269 let generator = nix_go!(secret.generator);270 let on: Option<String> = nix_go_json!(default_generator.impureOn);271272 let nixpkgs = &config.nixpkgs;273274 let host = if let Some(on) = &on {275 config.host(on).await?276 } else {277 config.local_host()278 };279 let on_pkgs = host.pkgs().await?;280 let mk_secret_generators = nix_go!(on_pkgs.mkSecretGenerators);281282 let mut recipients = Vec::new();283 for owner in expected_owners {284 let key = config.key(owner).await?;285 recipients.push(key);286 }287 let generators = nix_go!(mk_secret_generators(Obj { recipients }));288 // FIXME: Apparently, // operator is slow in nix289 let pkgs_and_generators = on_pkgs.attrs_update(generators)?;290291 let call_package = nix_go!(nixpkgs.lib.callPackageWith(pkgs_and_generators));292293 let generator = nix_go!(call_package(generator)(Obj {}));294295 // let generator = generator.build_maybe_batch(batch).await?;296 let generator = generator.build("out").await?;297 let generator = host.remote_derivation(&generator).await?;298299 let out_parent = host.mktemp_dir().await?;300 let out = format!("{out_parent}/out");301302 let mut r#gen = host.cmd(generator).await?;303 r#gen.env("out", &out);304 if on.is_none() {305 // This path is local, thus we can feed `OsString` directly to env var... But I don't think that's necessary to handle.306 let project_path: String = config307 .directory308 .clone()309 .into_os_string()310 .into_string()311 .map_err(|s| anyhow!("fleet project path is not utf-8: {s:?}"))?;312 r#gen.env("FLEET_PROJECT", project_path);313 }314 r#gen.run().await.context("impure generator")?;315316 {317 let marker = host.read_file_text(format!("{out}/marker")).await?;318 ensure!(marker == "SUCCESS", "generation not succeeded");319 }320321 let mut parts = BTreeMap::new();322 for part in host.read_dir(&out).await? {323 if part == "created_at" || part == "expires_at" || part == "marker" {324 continue;325 }326 let contents: SecretData = host327 .read_file_text(format!("{out}/{part}"))328 .await?329 .parse()330 .map_err(|e| anyhow!("failed to decode secret {out:?} part {part:?}: {e}"))?;331 parts.insert(part.to_owned(), FleetSecretPart { raw: contents });332 }333334 let created_at = host.read_file_value(format!("{out}/created_at")).await?;335 let expires_at = host.read_file_value(format!("{out}/expires_at")).await.ok();336337 Ok(FleetSecret {338 created_at,339 expires_at,340 parts,341 generation_data: expected_generation_data,342 })343}344async fn generate(345 config: &Config,346 display_name: &str,347 secret: Value,348 expected_owners: &[String],349 expected_generation_data: serde_json::Value,350 // batch: Option<NixBuildBatch>,351) -> Result<FleetSecret> {352 let generator = nix_go!(secret.generator);353 // Can't properly check on nix module system level354 {355 let gen_ty = generator.type_of()?;356 if matches!(gen_ty, NixType::Null) {357 bail!("secret has no generator defined, can't automatically generate it.");358 }359 if matches!(gen_ty, NixType::Attrs) {360 if !generator.has_field("__functor")? {361 bail!("generator should be functor, got {gen_ty:?}");362 }363 } else if matches!(gen_ty, NixType::Function) {364 bail!("generator should be functor, got {gen_ty:?}");365 }366 }367 let nixpkgs = &config.nixpkgs;368 let default_pkgs = &config.default_pkgs;369 let default_mk_secret_generators = nix_go!(default_pkgs.mkSecretGenerators);370 // Generators provide additional information in passthru, to access371 // passthru we should call generator, but information about where this generator is supposed to build372 // is located in passthru... Thus evaluating generator on host.373 //374 // Maybe it is also possible to do some magic with __functor?375 //376 // I don't want to make modules always responsible for additional secret data anyway,377 // so it should be in derivation, and not in the secret data itself.378 let generators = nix_go!(default_mk_secret_generators(Obj {379 recipients: <Vec<String>>::new(),380 }));381 let pkgs_and_generators = default_pkgs.clone().attrs_update(generators)?;382383 let call_package = nix_go!(nixpkgs.lib.callPackageWith(pkgs_and_generators));384 let default_generator = nix_go!(call_package(generator)(Obj {}));385386 let kind: GeneratorKind = nix_go_json!(default_generator.generatorKind);387388 match kind {389 GeneratorKind::Impure => {390 generate_impure(391 config,392 display_name,393 secret,394 default_generator,395 expected_owners,396 expected_generation_data,397 // batch,398 )399 .await400 }401 GeneratorKind::Pure => {402 generate_pure(403 config,404 display_name,405 secret,406 default_generator,407 expected_owners,408 )409 .await410 }411 }412}413async fn generate_shared(414 config: &Config,415 display_name: &str,416 secret: Value,417 expected_owners: Vec<String>,418 expected_generation_data: serde_json::Value,419 // batch: Option<NixBuildBatch>,420) -> Result<FleetSharedSecret> {421 // let owners: Vec<String> = nix_go_json!(secret.expectedOwners);422 Ok(FleetSharedSecret {423 secret: generate(424 config,425 display_name,426 secret,427 &expected_owners,428 expected_generation_data,429 // batch,430 )431 .await?,432 owners: expected_owners,433 })434}435436async fn parse_public(437 public: Option<String>,438 public_file: Option<PathBuf>,439) -> Result<Option<SecretData>> {440 Ok(match (public, public_file) {441 (Some(v), None) => Some(SecretData {442 data: v.into(),443 encrypted: false,444 }),445 (None, Some(v)) => Some(SecretData {446 data: read(v).await?,447 encrypted: false,448 }),449 (Some(_), Some(_)) => {450 bail!("only public or public_file should be set")451 }452 (None, None) => None,453 })454}455456async fn parse_secret() -> Result<Option<Vec<u8>>> {457 let mut input = vec![];458 stdin().read_to_end(&mut input)?;459 if input.is_empty() {460 Ok(None)461 } else {462 Ok(Some(input))463 }464}465466fn parse_machines(467 initial: Vec<String>,468 machines: Option<Vec<String>>,469 mut add_machines: Vec<String>,470 mut remove_machines: Vec<String>,471) -> Result<Vec<String>> {472 if machines.is_none() && add_machines.is_empty() && remove_machines.is_empty() {473 bail!("no operation");474 }475476 let initial_machines = initial.clone();477 let mut target_machines = initial;478 info!("Currently encrypted for {initial_machines:?}");479480 // ensure!(machines.is_some() || !add_machines.is_empty() || )481 if let Some(machines) = machines {482 ensure!(483 add_machines.is_empty() && remove_machines.is_empty(),484 "can't combine --machines and --add-machines/--remove-machines"485 );486 let target = initial_machines.iter().collect::<HashSet<_>>();487 let source = machines.iter().collect::<HashSet<_>>();488 for removed in target.difference(&source) {489 remove_machines.push((*removed).clone());490 }491 for added in source.difference(&target) {492 add_machines.push((*added).clone());493 }494 }495496 for machine in &remove_machines {497 let mut removed = false;498 while let Some(pos) = target_machines.iter().position(|m| m == machine) {499 target_machines.swap_remove(pos);500 removed = true;501 }502 if !removed {503 warn!("secret is not enabled for {machine}");504 }505 }506 for machine in &add_machines {507 if target_machines.iter().any(|m| m == machine) {508 warn!("secret is already added to {machine}");509 } else {510 target_machines.push(machine.to_owned());511 }512 }513 if !remove_machines.is_empty() {514 // TODO: maybe force secret regeneration?515 // Not that useful without revokation.516 warn!(517 "secret will not be regenerated for removed machines, and until host rebuild, they will still possess the ability to decode secret"518 );519 }520 Ok(target_machines)521}522impl Secret {523 pub async fn run(self, config: &Config, opts: &FleetOpts) -> Result<()> {524 match self {525 Secret::AddManager => {526 todo!("part of fleet-pusher")527 }528 Secret::ForceKeys => {529 for host in config.list_hosts().await? {530 if opts.should_skip(&host).await? {531 continue;532 }533 config.key(&host.name).await?;534 }535 }536 Secret::AddShared {537 mut machines,538 name,539 force,540 public,541 public_part: public_name,542 public_file,543 expires_at,544 re_add,545 part: part_name,546 } => {547 // TODO: Forbid updating secrets with set expectedOwners (= not user-managed).548549 let exists = config.has_shared(&name);550 if exists && !force && !re_add {551 bail!("secret already defined");552 }553 if re_add {554 // Fixme: use clap to limit this usage555 ensure!(!force, "--force and --readd are not compatible");556 ensure!(exists, "secret doesn't exists");557 ensure!(558 machines.is_empty(),559 "you can't use machines argument for --readd"560 );561 let shared = config.shared_secret(&name)?;562 machines = shared.owners;563 }564565 let recipients = config.recipients(machines.clone()).await?;566567 let mut parts = BTreeMap::new();568569 let mut input = vec![];570 io::stdin().read_to_end(&mut input)?;571572 if !input.is_empty() {573 let encrypted =574 encrypt_secret_data(recipients.iter().map(|r| r as &dyn Recipient), input)575 .ok_or_else(|| anyhow!("no recipients provided"))?;576 parts.insert(part_name, FleetSecretPart { raw: encrypted });577 }578579 if let Some(public) = parse_public(public, public_file).await? {580 parts.insert(public_name, FleetSecretPart { raw: public });581 }582583 config.replace_shared(584 name,585 FleetSharedSecret {586 owners: machines,587 secret: FleetSecret {588 created_at: Utc::now(),589 expires_at,590 parts,591 generation_data: serde_json::Value::Null,592 },593 },594 );595 }596 Secret::Add {597 machine,598 name,599 replace,600 merge,601 public,602 public_part: public_name,603 public_file,604 part: part_name,605 } => {606 if config.has_secret(&machine, &name) && !replace && !merge {607 bail!(608 "secret already defined.\nUse --replace to override, or --merge to add new parts to existing secret"609 );610 }611612 let mut out = if merge && !replace {613 config614 .host_secret(&machine, &name)615 .context("failed to read existing secret for --merge")?616 } else {617 FleetSecret {618 created_at: Utc::now(),619 expires_at: None,620 parts: BTreeMap::new(),621 generation_data: serde_json::Value::Null,622 }623 };624625 if let Some(secret) = parse_secret().await? {626 let recipient = config.recipient(&machine).await?;627 let encrypted = encrypt_secret_data([&recipient as &dyn Recipient], secret)628 .expect("recipient provided");629 if out630 .parts631 .insert(part_name.clone(), FleetSecretPart { raw: encrypted })632 .is_some() && !replace633 {634 bail!("part {part_name:?} is already defined");635 }636 }637638 if let Some(public) = parse_public(public, public_file).await? {639 if out640 .parts641 .insert(public_name.clone(), FleetSecretPart { raw: public })642 .is_some() && !replace643 {644 bail!("part {public_name:?} is already defined");645 }646 };647648 config.insert_secret(&machine, name, out);649 }650 #[allow(clippy::await_holding_refcell_ref)]651 Secret::Read {652 name,653 machine,654 part: part_name,655 } => {656 let secret = config.host_secret(&machine, &name)?;657 let Some(secret) = secret.parts.get(&part_name) else {658 bail!("no part {part_name} in secret {name}");659 };660 let data = if secret.raw.encrypted {661 let host = config.host(&machine).await?;662 host.decrypt(secret.raw.clone()).await?663 } else {664 secret.raw.data.clone()665 };666667 stdout().write_all(&data)?;668 }669 Secret::ReadShared {670 name,671 part: part_name,672 prefer_identities,673 } => {674 let secret = config.shared_secret(&name)?;675 let Some(part) = secret.secret.parts.get(&part_name) else {676 bail!("no part {part_name} in secret {name}");677 };678 let data = if part.raw.encrypted {679 let identity_holder = if !prefer_identities.is_empty() {680 prefer_identities681 .iter()682 .find(|i| secret.owners.iter().any(|s| s == *i))683 } else {684 secret.owners.first()685 };686 let Some(identity_holder) = identity_holder else {687 bail!("no available holder found");688 };689 let host = config.host(identity_holder).await?;690 host.decrypt(part.raw.clone()).await?691 } else {692 part.raw.data.clone()693 };694 stdout().write_all(&data)?;695 }696 Secret::UpdateShared {697 name,698 machine,699 add_machine,700 remove_machine,701 prefer_identities,702 } => {703 // TODO: Forbid updating secrets with set expectedOwners (= not user-managed).704705 let secret = config.shared_secret(&name)?;706 if secret.secret.parts.values().all(|v| !v.raw.encrypted) {707 bail!("no secret");708 }709710 let initial_machines = secret.owners.clone();711 let target_machines = parse_machines(712 initial_machines.clone(),713 machine,714 add_machine,715 remove_machine,716 )?;717718 if target_machines.is_empty() {719 info!("no machines left for secret, removing it");720 config.remove_shared(&name);721 return Ok(());722 }723724 let config_field = &config.config_field;725 let name_clone = name.clone();726 let field = nix_go!(config_field.sharedSecrets[name_clone]);727 let expected_generation_data = nix_go_json!(field.expectedGenerationData);728729 let updated = maybe_regenerate_shared_secret(730 &name,731 config,732 secret,733 field,734 &target_machines,735 expected_generation_data,736 &prefer_identities,737 // None,738 )739 .await?;740 config.replace_shared(name, updated);741 }742 Secret::Regenerate {743 prefer_identities,744 skip_hosts,745 } => {746 info!("checking for secrets to regenerate");747 let stored_shared_set = config.list_shared().into_iter().collect::<HashSet<_>>();748 {749 // Generate missing shared750 // let shared_batch = None;751 let _span = info_span!("shared").entered();752 let expected_shared_set = config753 .list_configured_shared()754 .await?755 .into_iter()756 .collect::<HashSet<_>>();757 for missing in expected_shared_set.difference(&stored_shared_set) {758 let config_field = &config.config_field;759 let secret = nix_go!(config_field.sharedSecrets[{ missing }]);760 let expected_generation_data: serde_json::Value =761 nix_go_json!(secret.expectedGenerationData);762 let expected_owners: Option<Vec<String>> =763 nix_go_json!(secret.expectedOwners);764 let Some(expected_owners) = expected_owners else {765 // Can't generate this missing secret, as it has no defined owners.766 continue;767 };768 info!("generating secret: {missing}");769 let shared = generate_shared(770 config,771 missing,772 secret,773 expected_owners,774 expected_generation_data,775 // shared_batch.clone(),776 )777 .in_current_span()778 .await?;779 config.replace_shared(missing.to_string(), shared)780 }781 }782 if !skip_hosts {783 // let hosts_batch = None;784 for host in config.list_hosts().await? {785 if opts.should_skip(&host).await? {786 continue;787 }788789 let _span = info_span!("host", host = host.name).entered();790 let expected_set = host791 .list_configured_secrets()792 .in_current_span()793 .await?794 .into_iter()795 .collect::<HashSet<_>>();796 let stored_set = config797 .list_secrets(&host.name)798 .into_iter()799 .collect::<HashSet<_>>();800 for missing in expected_set.difference(&stored_set) {801 info!("generating secret: {missing}");802 let secret = host.secret_field(missing).in_current_span().await?;803 let expected_generation_data =804 nix_go_json!(secret.expectedGenerationData);805 let generated = match generate(806 config,807 missing,808 secret,809 slice::from_ref(&host.name),810 expected_generation_data,811 // hosts_batch.clone(),812 )813 .in_current_span()814 .await815 {816 Ok(v) => v,817 Err(e) => {818 error!("{e:?}");819 continue;820 }821 };822 config.insert_secret(&host.name, missing.to_string(), generated)823 }824 for name in stored_set {825 info!("updating secret: {name}");826 let data = config.host_secret(&host.name, &name)?;827 let secret = host.secret_field(&name).in_current_span().await?;828 let expected_generation_data =829 nix_go_json!(secret.expectedGenerationData);830 if secret_needs_regeneration(&data, &expected_generation_data) {831 let generated = match generate(832 config,833 &name,834 secret,835 slice::from_ref(&host.name),836 expected_generation_data,837 // hosts_batch.clone(),838 )839 .in_current_span()840 .await841 {842 Ok(v) => v,843 Err(e) => {844 error!("{e:?}");845 continue;846 }847 };848 config.insert_secret(&host.name, name.to_string(), generated)849 }850 }851 }852 }853 let mut to_remove = Vec::new();854 for name in &stored_shared_set {855 info!("updating secret: {name}");856 let data = config.shared_secret(name)?;857 let config_field = &config.config_field;858 let expected_owners: Option<Vec<String>> =859 nix_go_json!(config_field.sharedSecrets[{ name }].expectedOwners);860 let Some(expected_owners) = expected_owners else {861 warn!("secret was removed from fleet config: {name}, removing from data");862 to_remove.push(name.to_string());863 continue;864 };865866 let secret = nix_go!(config_field.sharedSecrets[{ name }]);867 let expected_generation_data = nix_go_json!(secret.expectedGenerationData);868 config.replace_shared(869 name.to_owned(),870 maybe_regenerate_shared_secret(871 name,872 config,873 data,874 secret,875 &expected_owners,876 expected_generation_data,877 &prefer_identities,878 // None,879 )880 .await?,881 );882 }883 for k in to_remove {884 config.remove_shared(&k);885 }886 }887 Secret::List {} => {888 let _span = info_span!("loading secrets").entered();889 let configured = config.list_configured_shared().await?;890 #[derive(Tabled)]891 struct SecretDisplay {892 #[tabled(rename = "Name")]893 name: String,894 #[tabled(rename = "Owners")]895 owners: String,896 }897 let mut table = vec![];898 for name in configured.iter().cloned() {899 let config = config.clone();900 let expected_owners = config.shared_secret_expected_owners(&name).await?;901 let data = config.shared_secret(&name)?;902 let owners = data903 .owners904 .iter()905 .map(|o| {906 if expected_owners.contains(o) {907 o.green().to_string()908 } else {909 o.red().to_string()910 }911 })912 .collect::<Vec<_>>();913 table.push(SecretDisplay {914 owners: owners.join(", "),915 name,916 })917 }918 info!("loaded\n{}", Table::new(table).to_string())919 }920 Secret::Edit {921 name,922 machine,923 part,924 add,925 } => {926 let secret = config.host_secret(&machine, &name)?;927 if let Some(data) = secret.parts.get(&part) {928 let host = config.host(&machine).await?;929 let secret = host.decrypt(data.raw.clone()).await?;930 String::from_utf8(secret).context("secret is not utf8")?931 } else if add {932 String::new()933 } else {934 bail!("part {part} not found in secret {name}. Did you mean to `--add` it?");935 };936 }937 }938 Ok(())939 }940}941942/*943async fn edit_temp_file(944 builder: tempfile::Builder<'_, '_>,945 r: Vec<u8>,946 header: &str,947 comment: &str,948) -> Result<(Vec<u8>, Option<String>), anyhow::Error> {949 if !stdin().is_tty() {950 // TODO: Also try to open /dev/tty directly?951 bail!("stdin is not tty, can't open editor");952 }953954 use std::fmt::Write;955 let mut file = builder.tempfile()?;956957 let mut full_header = String::new();958 let mut had = false;959 for line in header.trim_end().lines() {960 had = true;961 writeln!(&mut full_header, "{comment}{line}")?;962 }963 if had {964 writeln!(&mut full_header, "{}", comment.trim_end())?;965 }966 writeln!(967 &mut full_header,968 "{comment}Do not touch this header! It will be removed automatically"969 )?;970971 file.write_all(full_header.as_bytes())?;972 file.write_all(&r)?;973974 let abs_path = file.into_temp_path();975 let editor = std::env::var_os("VISUAL")976 .or_else(|| std::env::var_os("EDITOR"))977 .unwrap_or_else(|| "vi".into());978 let editor_args = shlex::bytes::split(editor.as_encoded_bytes())979 .ok_or_else(|| anyhow!("EDITOR env var has wrong syntax"))?;980 let editor_args = editor_args981 .into_iter()982 .map(|v| {983 // Only ASCII subsequences are replaced984 unsafe { OsString::from_encoded_bytes_unchecked(v) }985 })986 .collect_vec();987 let Some((editor, args)) = editor_args.split_first() else {988 bail!("EDITOR env var has no command");989 };990 let mut command = Command::new(editor);991 command.args(args);992993 let path_arg = abs_path.canonicalize()?;994995 // TODO: Save full state, using tcget/_getmode/_setmode996 let was_raw = terminal::is_raw_mode_enabled()?;997 terminal::enable_raw_mode()?;998999 let status = command.arg(path_arg).status().await;10001001 if !was_raw {1002 terminal::disable_raw_mode()?;1003 }10041005 let success = match status {1006 Ok(s) => s.success(),1007 Err(e) if e.kind() == io::ErrorKind::NotFound => {1008 bail!("editor not found")1009 }1010 Err(e) => bail!("editor spawn error: {e}"),1011 };10121013 let mut file = std::fs::read(&abs_path).context("read editor output")?;1014 let Some(v) = file.strip_prefix(full_header.as_bytes()) else {1015 todo!();1016 };1017 todo!();10181019 // Ok((success, abs_path))1020}1021*/cmds/fleet/src/cmds/tf.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/tf.rs
+++ b/cmds/fleet/src/cmds/tf.rs
@@ -1,8 +1,4 @@
-use std::{
- collections::{BTreeMap, HashMap},
- ffi::OsString,
- path::PathBuf,
-};
+use std::{collections::BTreeMap, ffi::OsString, path::PathBuf};
use anyhow::{Context, Result};
use clap::Parser;
crates/nix-eval/Cargo.tomldiffbeforeafterboth--- a/crates/nix-eval/Cargo.toml
+++ b/crates/nix-eval/Cargo.toml
@@ -7,26 +7,23 @@
[dependencies]
anyhow.workspace = true
-better-command.workspace = true
nixlike.workspace = true
serde = { workspace = true, features = ["derive"] }
serde_json.workspace = true
thiserror.workspace = true
-tokio = { workspace = true, features = ["io-util", "process"] }
+tokio = { workspace = true }
tokio-util.workspace = true
tracing.workspace = true
cxx = "1.0.168"
-futures = "0.3.31"
itertools = "0.14.0"
-r2d2 = "0.8.10"
-regex = "1.11.1"
test-log = { version = "0.2.18", features = ["trace"] }
-unindent = "0.2.4"
-tracing-indicatif = "0.3.13"
-ctor = "0.5.0"
+tracing-indicatif = { version = "0.3.13", optional = true }
[build-dependencies]
bindgen = "0.72.0"
cxx-build = "1.0.168"
pkg-config = "0.3.30"
+
+[features]
+indicatif = ["dep:tracing-indicatif"]
crates/nix-eval/src/lib.rsdiffbeforeafterboth--- a/crates/nix-eval/src/lib.rs
+++ b/crates/nix-eval/src/lib.rs
@@ -1,8 +1,3 @@
-//! This whole library should be replaced with either binding to nix libexpr,
-//! or with tvix (once it is able to build NixOS).
-//!
-//! Current api is awful, little effort was put into this implementation.
-
use std::borrow::Cow;
use std::cell::RefCell;
use std::ffi::{CStr, CString, c_char, c_int, c_uint, c_void};
@@ -11,7 +6,7 @@
use std::sync::LazyLock;
use std::{collections::HashMap, path::PathBuf};
-use anyhow::{Context, bail};
+use anyhow::{Context, anyhow, bail};
use serde::Serialize;
use serde::de::DeserializeOwned;
@@ -27,17 +22,21 @@
flake_reference_parse_flags_new, flake_reference_parse_flags_set_base_directory,
flake_settings, flake_settings_free, flake_settings_new, init_bool, init_int, init_string,
locked_flake_free, locked_flake_get_output_attrs, set_err_msg, setting_set, state_free,
- value_decref, value_force, value_incref,
+ value_decref, value_incref,
};
-mod value;
// Contains macros helpers
pub mod logging;
#[doc(hidden)]
pub mod macros;
pub mod util;
-#[allow(non_upper_case_globals, non_camel_case_types, non_snake_case)]
+#[allow(
+ non_upper_case_globals,
+ non_camel_case_types,
+ non_snake_case,
+ dead_code
+)]
mod nix_raw {
include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
}
@@ -88,6 +87,11 @@
}
}
+enum FunctorKind {
+ Function,
+ Functor,
+}
+
#[derive(Debug)]
#[repr(i32)]
enum NixErrorKind {
@@ -130,9 +134,9 @@
unsafe { nix_raw::GC_unregister_my_thread() };
}
-struct ThreadRegisterGuard {}
+pub struct ThreadRegisterGuard {}
impl ThreadRegisterGuard {
- fn new() -> Self {
+ pub fn new() -> Self {
gc_register_my_thread();
Self {}
}
@@ -143,12 +147,12 @@
}
}
-struct NixContext(*mut c_context);
+pub struct NixContext(*mut c_context);
impl NixContext {
- fn set_err(&mut self, err: NixErrorKind, msg: &CStr) {
+ pub fn set_err(&mut self, err: NixErrorKind, msg: &CStr) {
unsafe { set_err_msg(self.0, err as c_int, msg.as_ptr()) };
}
- fn new() -> Self {
+ pub fn new() -> Self {
let ctx = unsafe { c_context_create() };
Self(ctx)
}
@@ -174,12 +178,6 @@
// but it looks ugly
let str = unsafe { nix_raw::err_msg(null_mut(), self.0, null_mut()) };
Some(unsafe { CStr::from_ptr(str) }.to_string_lossy())
-
- // TODO: There is also nix_err_info_msg, but I don't understand when it should be used
- // Some(match self.error_kind()? {
- // NixErrorKind::Generic => {
- // }
- // })
}
fn clean_err(&mut self) {
unsafe {
@@ -210,6 +208,8 @@
}
}
struct GlobalState {
+ // Store should be valid as long as EvalState is valid
+ #[allow(dead_code)]
store: Store,
state: EvalState,
}
@@ -269,7 +269,7 @@
v
}
-fn set_setting(s: &CStr, v: &CStr) -> Result<()> {
+pub fn set_setting(s: &CStr, v: &CStr) -> Result<()> {
with_default_context(|c, _| unsafe { setting_set(c, s.as_ptr(), v.as_ptr()) }).map(|_| ())
}
@@ -289,6 +289,13 @@
}
unsafe impl Send for FetchSettings {}
unsafe impl Sync for FetchSettings {}
+
+impl Default for FetchSettings {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
impl Drop for FetchSettings {
fn drop(&mut self) {
unsafe { fetchers_settings_free(self.0) };
@@ -310,13 +317,13 @@
}
}
-struct FlakeReferenceParseFlags(*mut flake_reference_parse_flags);
+pub struct FlakeReferenceParseFlags(*mut flake_reference_parse_flags);
impl FlakeReferenceParseFlags {
- fn new(settings: &mut FlakeSettings) -> Result<Self> {
+ pub fn new(settings: &mut FlakeSettings) -> Result<Self> {
with_default_context(|c, _| unsafe { flake_reference_parse_flags_new(c, settings.0) })
.map(Self)
}
- fn set_base_dir(&mut self, dir: &str) -> Result<()> {
+ pub fn set_base_dir(&mut self, dir: &str) -> Result<()> {
with_default_context(|c, _| {
unsafe {
flake_reference_parse_flags_set_base_directory(
@@ -361,19 +368,9 @@
unsafe impl Sync for Store {}
struct EvalState(*mut nix_raw::EvalState);
-impl EvalState {
- // TODO: store ownership
- fn new_raw(store: *mut nix_raw::Store) -> Result<Self> {
- let builder =
- with_default_context(|c, _| unsafe { nix_raw::eval_state_builder_new(c, store) })?;
-
- with_default_context(|c, _| unsafe { eval_state_build(c, builder) }).map(Self)
-
- // with_default_context(|c| state_create(c))
- }
-}
unsafe impl Send for EvalState {}
unsafe impl Sync for EvalState {}
+
impl Drop for EvalState {
fn drop(&mut self) {
unsafe {
@@ -386,9 +383,7 @@
impl FlakeReference {
pub fn new(s: &str, fetch: &FetchSettings) -> Result<(Self, String)> {
let mut flake_settings = FlakeSettings::new()?;
- let mut parse_flags = FlakeReferenceParseFlags::new(&mut flake_settings)?;
-
- // parse_flags.set_base_dir("/home/lach/build/fleet")?;
+ let parse_flags = FlakeReferenceParseFlags::new(&mut flake_settings)?;
let mut out = null_mut();
let mut fragment = String::new();
@@ -461,16 +456,16 @@
}
impl RealisedString {
- fn as_str(&self) -> &str {
+ pub fn as_str(&self) -> &str {
let len = unsafe { nix_raw::realised_string_get_buffer_size(self.0) };
let data: *const u8 = unsafe { nix_raw::realised_string_get_buffer_start(self.0) }.cast();
let data = unsafe { std::slice::from_raw_parts(data, len) };
std::str::from_utf8(data).expect("non-utf8 strings not supported")
}
- fn path_count(&self) -> usize {
+ pub fn path_count(&self) -> usize {
unsafe { nix_raw::realised_string_get_store_path_count(self.0) }
}
- fn path(&self, i: usize) -> String {
+ pub fn path(&self, i: usize) -> String {
assert!(i < self.path_count());
let path = unsafe { nix_raw::realised_string_get_store_path(self.0, i) };
let mut err_out = String::new();
@@ -482,8 +477,7 @@
unsafe impl Send for RealisedString {}
impl Drop for RealisedString {
fn drop(&mut self) {
- with_default_context(|c, _| unsafe { nix_raw::realised_string_free(self.0) })
- .expect("string free should not fail")
+ unsafe { nix_raw::realised_string_free(self.0) }
}
}
@@ -541,46 +535,53 @@
}
impl Value {
- pub fn new_attrs(v: HashMap<&str, Value>) -> Result<Self> {
- let out = Self::new_uninit()?;
+ pub fn new_attrs(v: HashMap<&str, Value>) -> Self {
+ let out = Self::new_uninit();
let mut b = AttrsBuilder::new(v.len());
for (k, v) in v {
b.insert(&k, v);
}
- with_default_context(|c, _| unsafe { nix_raw::make_attrs(c, out.0, b.0) })?;
- Ok(out)
+ with_default_context(|c, _| unsafe { nix_raw::make_attrs(c, out.0, b.0) })
+ .expect("attrs initialization should not fail");
+ out
}
- fn new_list<T: Into<Self>>(v: Vec<T>) -> Result<Self> {
+ fn new_list<T: Into<Self>>(v: Vec<T>) -> Self {
todo!()
}
- fn new_uninit() -> Result<Self> {
- let out = with_default_context(|c, es| unsafe { alloc_value(c, es) })?;
- Ok(Self(out))
+ fn new_uninit() -> Self {
+ let out = with_default_context(|c, es| unsafe { alloc_value(c, es) })
+ .expect("value allocation should not fail");
+ Self(out)
}
- fn new_str(v: &str) -> Result<Self> {
+ pub fn new_str(v: &str) -> Self {
let s = CString::new(v).expect("string should not contain NULs");
- let uninit = Self::new_uninit()?;
+ let out = Self::new_uninit();
// String is copied, `s` is free to be dropped
- with_default_context(|c, _| unsafe { init_string(c, uninit.0, s.as_ptr()) })?;
- Ok(uninit)
+ with_default_context(|c, _| unsafe { init_string(c, out.0, s.as_ptr()) })
+ .expect("string initialization should not fail");
+ out
}
- fn new_int(i: i64) -> Result<Self> {
- let uninit = Self::new_uninit()?;
- with_default_context(|c, _| unsafe { init_int(c, uninit.0, i) })?;
- Ok(uninit)
+ pub fn new_int(i: i64) -> Self {
+ let out = Self::new_uninit();
+ with_default_context(|c, _| unsafe { init_int(c, out.0, i) })
+ .expect("int initialization should not fail");
+ out
}
- fn new_bool(v: bool) -> Result<Self> {
- let uninit = Self::new_uninit()?;
- with_default_context(|c, _| unsafe { init_bool(c, uninit.0, v) })?;
- Ok(uninit)
+ pub fn new_bool(v: bool) -> Self {
+ let out = Self::new_uninit();
+ with_default_context(|c, _| unsafe { init_bool(c, out.0, v) })
+ .expect("bool initialization should not fail");
+ out
}
- fn force(&mut self, st: &mut EvalState) -> Result<()> {
- with_default_context(|c, _| unsafe { value_force(c, st.0, self.0) })?;
- Ok(())
- }
- pub fn type_of(&self) -> Result<NixType> {
- let ty = with_default_context(|c, _| unsafe { nix_raw::get_type(c, self.0) })?;
- Ok(NixType::from_int(ty))
+ // TODO: As far as I can see, there is no way to get Thunks from nix public C api, so this function is useless
+ // fn force(&mut self, st: &mut EvalState) -> Result<()> {
+ // with_default_context(|c, _| unsafe { value_force(c, st.0, self.0) })?;
+ // Ok(())
+ // }
+ pub fn type_of(&self) -> NixType {
+ let ty = with_default_context(|c, _| unsafe { nix_raw::get_type(c, self.0) })
+ .expect("get_type should not fail");
+ NixType::from_int(ty)
}
pub fn to_string(&self) -> Result<String> {
Ok(self.to_realised_string()?.as_str().to_owned())
@@ -608,7 +609,7 @@
// nix_raw::real
// }
pub fn list_fields(&self) -> Result<Vec<String>> {
- if !matches!(self.type_of()?, NixType::Attrs) {
+ if !matches!(self.type_of(), NixType::Attrs) {
bail!("invalid type: expected attrs");
}
@@ -625,7 +626,7 @@
Ok(out)
}
pub fn get_elem(&self, v: usize) -> Result<Self> {
- if !matches!(self.type_of()?, NixType::List) {
+ if !matches!(self.type_of(), NixType::List) {
bail!("invalid type: expected list");
}
let len =
@@ -659,10 +660,10 @@
for f in b_fields.iter() {
out.insert(f.as_str(), other.get_field(f)?);
}
- Self::new_attrs(out)
+ Ok(Self::new_attrs(out))
}
pub fn get_field(&self, name: impl AsFieldName) -> Result<Self> {
- if !matches!(self.type_of()?, NixType::Attrs) {
+ if !matches!(self.type_of(), NixType::Attrs) {
bail!("invalid type: expected attrs");
}
@@ -675,19 +676,33 @@
.with_context(|| format!("getting field {:?}", name.to_field_name()))
}
pub fn call(&self, v: Value) -> Result<Self> {
- if !matches!(self.type_of()?, NixType::Function) {
- // TODO: Functors
- bail!("invalid type: expected function");
- }
+ let kind = self
+ .functor_kind()
+ .ok_or_else(|| anyhow!("can only call function or functor"))?;
+
+ let function = match kind {
+ FunctorKind::Function => self.clone(),
+ FunctorKind::Functor => {
+ let f = self.get_field("__functor")?;
+ assert_eq!(
+ f.type_of(),
+ NixType::Function,
+ "invalid functor encountered"
+ );
+ f
+ }
+ };
- let out = Value::new_uninit()?;
- with_default_context(|c, es| unsafe { nix_raw::value_call(c, es, self.0, v.0, out.0) })?;
+ let out = Value::new_uninit();
+ with_default_context(|c, es| unsafe {
+ nix_raw::value_call(c, es, function.0, v.0, out.0)
+ })?;
Ok(out)
}
pub fn eval(v: &str) -> Result<Self> {
let s = CString::new(v).expect("expression shouldn't have internal NULs");
- let out = Self::new_uninit()?;
+ let out = Self::new_uninit();
with_default_context(|c, es| unsafe {
expr_eval_from_string(c, es, s.as_ptr(), c"/homeless-shelter".as_ptr(), out.0)
})?;
@@ -723,13 +738,13 @@
}
// Convert to string/evaluate derivations/etc
- fn to_string_weak(&self) -> Result<String> {
- // TODO
- self.to_string()
- }
+ // fn to_string_weak(&self) -> Result<String> {
+ // // TODO: For now, it works exactly like to_string, see the comment for fn force()
+ // self.to_string()
+ // }
fn is_derivation(&self) -> bool {
- if !matches!(self.type_of(), Ok(NixType::Attrs)) {
+ if !matches!(self.type_of(), NixType::Attrs) {
return false;
}
let Some(ty) = self.get_field("type").ok() else {
@@ -737,21 +752,34 @@
};
matches!(ty.to_string().as_deref(), Ok("derivation"))
}
+ fn functor_kind(&self) -> Option<FunctorKind> {
+ match self.type_of() {
+ NixType::Attrs => self
+ .has_field("__functor")
+ .expect("has_field shouldn't fail for attrs")
+ .then_some(FunctorKind::Functor),
+ NixType::Function => Some(FunctorKind::Function),
+ _ => None,
+ }
+ }
+ pub fn is_function(&self) -> bool {
+ self.functor_kind().is_some()
+ }
}
impl From<String> for Value {
fn from(value: String) -> Self {
- Value::new_str(&value).expect("todo: TryFrom")
+ Value::new_str(&value)
}
}
impl From<bool> for Value {
fn from(value: bool) -> Self {
- Value::new_bool(value).expect("todo: TryFrom")
+ Value::new_bool(value)
}
}
impl From<&str> for Value {
fn from(value: &str) -> Self {
- Value::new_str(&value).expect("todo: TryFrom")
+ Value::new_str(value)
}
}
impl<T> From<Vec<T>> for Value
@@ -759,7 +787,7 @@
T: Into<Value>,
{
fn from(value: Vec<T>) -> Self {
- Value::new_list(value).expect("todo: TryFrom")
+ Value::new_list(value)
}
}
@@ -793,102 +821,24 @@
#[test_log::test]
fn test_native() -> Result<()> {
+ init_libraries();
+
let mut fetch_settings = FetchSettings::new();
fetch_settings.set(c"warn-dirty", c"false");
- //
- let (mut r, _) = FlakeReference::new("/home/lach/build/fleet", &fetch_settings)?;
+ let manifest = format!("{}/../../", env!("CARGO_MANIFEST_DIR"));
+ let (mut r, _) = FlakeReference::new(&manifest, &fetch_settings)?;
let locked = r.lock(&fetch_settings)?;
let attrs = locked.get_attrs(&mut FlakeSettings::new()?)?;
let builtins = Value::eval("builtins")?;
- dbg!(builtins.type_of()?);
+ assert_eq!(builtins.type_of(), NixType::Attrs);
- dbg!(attrs.type_of()?);
- dbg!(attrs.list_fields()?);
- dbg!(
- attrs
- .get_field("packages")?
- .get_field("x86_64-linux")?
- .get_field("fleet")?
- .get_field("outPath")?
- .to_string()
- );
+ assert_eq!(attrs.type_of(), NixType::Attrs);
+ let test_data = nix_go!(attrs.testData);
+ let test_string: String = nix_go_json!(test_data.testString);
+ assert_eq!(test_string, "hello");
+
Ok(())
}
-
-// struct NixBuildTask(Value, oneshot::Sender<Result<HashMap<String, PathBuf>>>);
-//
-// #[derive(Clone)]
-// pub struct NixBuildBatch {
-// tx: mpsc::UnboundedSender<NixBuildTask>,
-// }
-//
-// #[instrument(skip(values))]
-// async fn build_multiple(name: String, values: Vec<Value>) -> Result<()> {
-// let builtins = Value::eval("builtins")?;
-// let drv = nix_go!(builtins.derivation(Obj {
-// // FIXME: pass system from localSystem or fleet args
-// // system,
-// name,
-// builder: "/bin/sh",
-// // we want nothing from this derivation, it is only used to perform multiple builds at once.
-// args: vec!["-c", "echo > $out"],
-// preferLocalBuild: true,
-// allowSubstitutes: false,
-// buildInputs: values,
-// }));
-// drv.build()?;
-// Ok(())
-// }
-//
-// impl NixBuildBatch {
-// fn new(name: String) -> Self {
-// let (tx, mut rx) = mpsc::unbounded_channel::<NixBuildTask>();
-//
-// tokio::task::spawn(async move {
-// let mut deps = vec![];
-// let mut build_data = vec![];
-// while let Some(task) = rx.recv().await {
-// build_data.push(task.0.clone());
-// deps.push(task);
-// }
-// if deps.is_empty() {
-// return;
-// }
-// match build_multiple(name, build_data).await {
-// Ok(_) => {
-// for NixBuildTask(v, o) in deps {
-// let _ = o.send(v.build());
-// }
-// }
-// Err(e) => {
-// for NixBuildTask(v, o) in deps {
-// let s = v.to_string_weak();
-// let s = match s {
-// Ok(s) => s,
-// Err(e) => {
-// let _ = o.send(Err(e));
-// continue;
-// }
-// };
-// if PathBuf::from(s).exists() {
-// let _ = o.send(v.build());
-// } else {
-// let _ = o.send(Err(e.clone()));
-// }
-// }
-// }
-// };
-// });
-// Self { tx }
-// }
-// pub async fn submit(self, task: Value) -> Result<HashMap<String, PathBuf>> {
-// let Self { tx: task_tx } = self;
-// let (tx, rx) = oneshot::channel();
-// let _ = task_tx.send(NixBuildTask(task, tx));
-// drop(task_tx);
-// rx.await.expect("shoudn't be cancelled here")
-// }
-// }
crates/nix-eval/src/logging.rsdiffbeforeafterboth--- a/crates/nix-eval/src/logging.rs
+++ b/crates/nix-eval/src/logging.rs
@@ -3,9 +3,10 @@
use std::sync::{LazyLock, Mutex};
use tracing::{
- Level, Metadata, Span, debug, debug_span, error, error_span, event, info, info_span, trace,
- trace_span, warn, warn_span,
+ Level, Span, debug, debug_span, error, error_span, info, info_span, trace, trace_span, warn,
+ warn_span,
};
+#[cfg(feature = "indicatif")]
use tracing_indicatif::span_ext::IndicatifSpanExt as _;
#[derive(Debug)]
@@ -31,8 +32,7 @@
}
fn parse_path(path: &str) -> &str {
- let path = strip_prefix_suffix(path, "\x1b[35;1m", "\x1b[0m").unwrap_or(path);
- path
+ strip_prefix_suffix(path, "\x1b[35;1m", "\x1b[0m").unwrap_or(path)
}
fn parse_drv(drv: &str) -> &str {
@@ -245,9 +245,9 @@
Debug,
Vomit,
}
-impl Into<tracing::Level> for Verbosity {
- fn into(self) -> tracing::Level {
- match self {
+impl From<Verbosity> for tracing::Level {
+ fn from(val: Verbosity) -> Self {
+ match val {
Verbosity::Error => Level::ERROR,
Verbosity::Warn => Level::WARN,
Verbosity::Notice => Level::WARN,
@@ -277,126 +277,9 @@
warn!("unknown log level: {u}");
Verbosity::Vomit
})
- }
-}
-
-#[derive(Hash, PartialEq, Eq, Clone, Copy)]
-enum MetadataKind {
- Span,
- Event,
-}
-// impl MetadataKind {
-// fn kind(&self) -> Kind {
-// match self {
-// MetadataKind::Span => Kind::SPAN,
-// MetadataKind::Event => Kind::EVENT,
-// }
-// }
-// }
-
-#[derive(Hash, PartialEq, Eq)]
-struct ForeignMetadataInfo {
- target: &'static str,
- level: Level,
- kind: MetadataKind,
- name: &'static str,
- module: Option<&'static str>,
- file: Option<&'static str>,
- line: Option<u32>,
- names: &'static [&'static str],
-}
-
-struct FakeCallsite;
-impl tracing::callsite::Callsite for FakeCallsite {
- fn set_interest(&self, interest: tracing::subscriber::Interest) {
- unreachable!()
- }
-
- fn metadata(&self) -> &Metadata<'_> {
- unreachable!()
- }
-}
-const FAKE_CALLSITE: FakeCallsite = FakeCallsite;
-
-#[cfg(false)]
-#[derive(Default)]
-struct ForeignSpanData {
- interned: HashSet<&'static str>,
- metadatas: HashMap<ForeignMetadataInfo, &'static Metadata<'static>>,
-}
-#[cfg(false)]
-impl ForeignSpanData {
- fn intern(&mut self, s: &str) -> &'static str {
- if let Some(v) = self.interned.get(s) {
- return *v;
- }
- let leaked: Box<str> = s.into();
- let leaked = Box::leak(leaked);
- self.interned.insert(leaked);
- return leaked;
- }
- fn alloc_metadata<'t>(
- &'t mut self,
- target: &'static str,
- level: Level,
- kind: MetadataKind,
- name: &'static str,
- module: Option<&'static str>,
- file: Option<&'static str>,
- line: Option<u32>,
- names: &'static [&'static str],
- ) -> &'static Metadata<'static> {
- let info = ForeignMetadataInfo {
- target,
- level,
- kind,
- name,
- module,
- file,
- line,
- names,
- };
- if let Some(v) = self.metadatas.get(&info) {
- return *v;
- }
- let fake = FakeCallsite;
- let metadata = Box::leak::<'static>(Box::new(Metadata::new(
- name,
- target,
- level,
- file,
- line,
- module,
- FieldSet::new(names, tracing::callsite::Identifier(&FAKE_CALLSITE)),
- kind.kind(),
- )));
-
- let meta_raw = &raw const *metadata;
- let fields_raw = &raw const *metadata.fields();
-
- // SAFETY: FieldSet struct should be inside of metadata struct... Which we assume here, but do not test
- // FIXME: Safety comment above might be invalidated at any time, this should actually be covered by unit test (or, better: runtime assertion... Somehow.)
- let fields_offset = unsafe { fields_raw.cast::<u8>().offset_from(meta_raw.cast()) };
- let field_set = unsafe {
- ((&raw mut *metadata).cast::<()>())
- .byte_offset(fields_offset)
- .cast::<FieldSet>()
- };
- // FIXME: metadata borrow here invalidates our &mut borrow of 'static Metadata, and 'static FieldSet so this construction should be replaced with raw pointers or idk.
- // Something should be better done inside of tracing crate itself, someting like interior mutability.
- let callsite = Box::leak(Box::new(tracing::callsite::DefaultCallsite::new(metadata)));
- unsafe { *field_set = FieldSet::new(names, tracing::callsite::Identifier(callsite)) };
-
- tracing::callsite::register(&*callsite);
-
- self.metadatas.insert(info, metadata);
- return metadata;
}
}
-#[cfg(false)]
-static FOREIGN_SPAN_DATA: LazyLock<Mutex<ForeignSpanData>> =
- LazyLock::new(|| Mutex::new(ForeignSpanData::default()));
static NIX_SPAN_MAPPING: LazyLock<Mutex<HashMap<u64, Span>>> =
LazyLock::new(|| Mutex::new(HashMap::new()));
@@ -491,7 +374,10 @@
}
};
if !s.trim().is_empty() {
- span.pb_set_message(s);
+ #[cfg(feature = "indicatif")]
+ {
+ span.pb_set_message(s);
+ }
let _e = span.enter();
let level: Level = self.verbosity.into();
if level == Level::ERROR {
@@ -506,12 +392,15 @@
trace!(target: "nix", "{}", s)
}
} else {
- span.pb_start();
+ #[cfg(feature = "indicatif")]
+ {
+ span.pb_start();
+ }
}
mapping.insert(self.activity_id, span);
}
fn emit_result(&mut self, ty: u32) {
- let mut mapping = NIX_SPAN_MAPPING.lock().expect("not poisoned");
+ let mapping = NIX_SPAN_MAPPING.lock().expect("not poisoned");
let Some(parent) = mapping.get(&self.activity_id) else {
panic!("unexpected result for dead parent");
@@ -536,9 +425,12 @@
// parent.pb_set_message(phase);
debug!(target: "nix::phase", phase)
}
- (ResultType::Progress, [Int(done), Int(expected), Int(_), Int(_)]) => {
- parent.pb_set_length(*expected as u64);
- parent.pb_set_position(*done as u64);
+ (ResultType::Progress, [Int(_done), Int(_expected), Int(_), Int(_)]) => {
+ #[cfg(feature = "indicatif")]
+ {
+ parent.pb_set_length(*_expected as u64);
+ parent.pb_set_position(*_done as u64);
+ }
}
_ => warn!("unknown progress report: {:?}({:?})", &res, &self.fields),
}
@@ -575,10 +467,6 @@
trace!(target: "nix", "{v}")
}
}
-
-// fn start_activity(act: u64, lvl: u32, act_ty: u32, s: &str, parent: u32) {
-// tracing::Span::new(meta, values)
-// }
#[cxx::bridge]
pub mod nix_logging_cxx {
crates/nix-eval/src/macros.rsdiffbeforeafterboth--- a/crates/nix-eval/src/macros.rs
+++ b/crates/nix-eval/src/macros.rs
@@ -20,7 +20,7 @@
use $crate::{nix_expr_inner};
let mut out = std::collections::hash_map::HashMap::new();
nix_expr_inner!(@obj(out) $($tt)*);
- Value::new_attrs(out)?
+ Value::new_attrs(out)
}};
(@field($o:ident) . $var:ident $($tt:tt)*) => {{
$o.index_attr(stringify!($var));
crates/nix-eval/src/value.rsdiffbeforeafterboth--- a/crates/nix-eval/src/value.rs
+++ /dev/null
@@ -1,6 +0,0 @@
-use std::{collections::HashMap, fmt, path::PathBuf, sync::Arc};
-
-use better_command::NixHandler;
-use serde::{Serialize, de::DeserializeOwned};
-
-use crate::{Result, Value, nix_go};
flake.lockdiffbeforeafterboth--- a/flake.lock
+++ b/flake.lock
@@ -104,14 +104,18 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
- "lastModified": 1756860322,
- "narHash": "sha256-mT01CpWVdqSm79L270dSkjdYbdc37r+Hq9vk4GTp7Ao=",
- "path": "/home/lach/build/nix-src",
- "type": "path"
+ "lastModified": 1757000273,
+ "narHash": "sha256-9AKhwsSlegWnNFy8++OMNctrxJUUIE7nG4s4ZHmFPic=",
+ "owner": "deltarocks",
+ "repo": "nix",
+ "rev": "eba1f549ec21208cf98343f1351a95e2e6eb3fbb",
+ "type": "github"
},
"original": {
- "path": "/home/lach/build/nix-src",
- "type": "path"
+ "owner": "deltarocks",
+ "ref": "fleet",
+ "repo": "nix",
+ "type": "github"
}
},
"nixpkgs": {
flake.nixdiffbeforeafterboth--- a/flake.nix
+++ b/flake.nix
@@ -19,7 +19,7 @@
};
# DeterminateSystem's nix fork is controversial, but I don't mind it,
# and it has lazy-trees support which is useful for fleet.
- nix.url = "/home/lach/build/nix-src";
+ nix.url = "github:deltarocks/nix/fleet";
};
outputs =
inputs:
@@ -44,10 +44,13 @@
fleetModules.tf = ./modules/extras/tf.nix;
- testObj = {
- v = "Hello";
+ # Used to test nix-eval bindings
+ testData = {
+ testObj = {
+ v = "Hello";
+ };
+ testString = "hello";
};
- testString = "hello";
# To be used with https://github.com/NixOS/nix/pull/8892
schemas =