git.delta.rocks / jrsonnet / refs/commits / e8c42d8d3245

difftreelog

fix post secret management refactor

Yaroslav Bolyukin2024-04-26parent: #d8c8e6d.patch.diff
in: trunk

3 files changed

modifiedcmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth
6};6};
7use anyhow::{anyhow, bail, ensure, Context, Result};7use anyhow::{anyhow, bail, ensure, Context, Result};
8use chrono::{DateTime, Utc};8use chrono::{DateTime, Utc};
9use clap::Parser;9use clap::{error::ErrorKind, Parser};
10use crossterm::{terminal, tty::IsTty};
11use itertools::Itertools;
10use owo_colors::OwoColorize;12use owo_colors::OwoColorize;
11use serde::Deserialize;13use serde::Deserialize;
12use std::{14use std::{
13	collections::{BTreeSet, HashSet},15	collections::{BTreeSet, HashSet},
16	ffi::OsString,
14	io::{self, Cursor, Read},17	io::{self, stdin, Cursor, Read, Write},
15	path::PathBuf,18	path::PathBuf,
16};19};
17use tabled::{Table, Tabled};20use tabled::{Table, Tabled};
21use tempfile::NamedTempFile;
18use tokio::fs::read_to_string;22use tokio::{fs::read_to_string, process::Command};
19use tracing::{error, info, info_span, warn, Instrument};23use tracing::{error, info, info_span, warn, Instrument};
2024
21#[derive(Parser)]25#[derive(Parser)]
586							{590							{
587								Ok(v) => v,591								Ok(v) => v,
588								Err(e) => {592								Err(e) => {
589									error!("{e}");593									error!("{e:?}");
590									continue;594									continue;
591								}595								}
592							};596							};
modifiedcmds/fleet/src/host.rsdiffbeforeafterboth
--- a/cmds/fleet/src/host.rs
+++ b/cmds/fleet/src/host.rs
@@ -385,7 +385,7 @@
 		let config_unchecked_field = nix_go!(fleet_field.unchecked.config);
 
 		let import = nix_go!(builtins_field.import);
-		let overlays = nix_go!(fleet_field.overlays);
+		let overlays = nix_go!(config_unchecked_field.overlays);
 		let nixpkgs = nix_go!(fleet_field.nixpkgs | import);
 
 		let default_pkgs = nix_go!(nixpkgs(Obj {
modifiedmodules/fleet/secrets.nixdiffbeforeafterboth
--- a/modules/fleet/secrets.nix
+++ b/modules/fleet/secrets.nix
@@ -153,7 +153,7 @@
     overlays = [
       (final: prev: let
         lib = final.lib;
-        inherit (lib) strings;
+        inherit (lib) strings concatMap;
         inherit (strings) escapeShellArgs;
       in {
         mkEncryptSecret = {
@@ -162,7 +162,7 @@
         }:
           prev.writeShellScript "encryptor" ''
             #!/bin/sh
-            exec ${rage}/bin/rage ${escapeShellArgs recipients} -e "$@"
+            exec ${rage}/bin/rage ${escapeShellArgs (concatMap (r: ["-r" r]) recipients)} -e "$@"
           '';
         # TODO: Move to fleet
         # TODO: Merge both generators to one with consistent options syntax?
@@ -177,8 +177,12 @@
           (prev.writeShellScript "impureGenerator.sh" ''
             #!/bin/sh
             set -eu
-            cd /var/empty
 
+            # TODO: Provide tempdir from outside, to make it securely erasurable as needed?
+            tmp=$(mktemp -d)
+            cd $tmp
+            # cd /var/empty
+
             created_at=$(date -u +"%Y-%m-%dT%H:%M:%S.%NZ")
 
             ${script}