lix-project/lix-installer
17
2
Fork 2
Code Issues 11 Code Review (Gerrit) Projects Activity

Use ssl-cert-file config (#527)

Browse source 
* Use ssl-cert-file config

* Include mac change

* Use canonical ssl cert file

* Don't set ssl-cert-file in shell profiles

* Canonicalize in diagnostics

* Optionally read cert file
This commit is contained in:
Ana Hobden 2023-06-26 10:36:46 -07:00 committed by GitHub
parent 0b6d723db3
commit 4bfd6c2547
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 35 additions and 127 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
src/action/common/configure_init_service.rs
View file

@ -34,7 +34,6 @@ Configure the init to run the Nix daemon
pub struct ConfigureInitService {
init: InitSystem,
start_daemon: bool,
ssl_cert_file: Option<PathBuf>,
}
impl ConfigureInitService {
@ -72,18 +71,7 @@ impl ConfigureInitService {
pub async fn plan(
init: InitSystem,
start_daemon: bool,
ssl_cert_file: Option<PathBuf>,
) -> Result<StatefulAction<Self>, ActionError> {
let ssl_cert_file_path = if let Some(ssl_cert_file) = ssl_cert_file {
Some(
ssl_cert_file
.canonicalize()
.map_err(|e| Self::error(ActionErrorKind::Canonicalize(ssl_cert_file, e)))?,
)
} else {
None
};
match init {
#[cfg(target_os = "macos")]
InitSystem::Launchd => {
@ -114,12 +102,7 @@ impl ConfigureInitService {
},
};
Ok(Self {
init,
start_daemon,
ssl_cert_file: ssl_cert_file_path,
}
.into())
Ok(Self { init, start_daemon }.into())
}
}
@ -180,11 +163,7 @@ impl Action for ConfigureInitService {
#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
let Self {
init,
start_daemon,
ssl_cert_file,
} = self;
let Self { init, start_daemon } = self;
match init {
#[cfg(target_os = "macos")]
@ -210,19 +189,6 @@ impl Action for ConfigureInitService {
.await
.map_err(Self::error)?;
if let Some(ssl_cert_file) = ssl_cert_file {
execute_command(
Command::new("launchctl")
.process_group(0)
.arg("setenv")
.arg("NIX_SSL_CERT_FILE")
.arg(format!("{ssl_cert_file:?}"))
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
}
if *start_daemon {
execute_command(
Command::new("launchctl")
@ -350,30 +316,6 @@ impl Action for ConfigureInitService {
.map_err(Self::error)?;
}
if let Some(ssl_cert_file) = ssl_cert_file {
let service_conf_dir_path = PathBuf::from(format!("{SERVICE_DEST}.d"));
tokio::fs::create_dir(&service_conf_dir_path)
.await
.map_err(|e| {
ActionErrorKind::CreateDirectory(service_conf_dir_path.clone(), e)
})
.map_err(Self::error)?;
let service_conf_file_path =
service_conf_dir_path.join("nix-ssl-cert-file.conf");
tokio::fs::write(
service_conf_file_path,
format!(
"\
[Service]\n\
Environment=\"NIX_SSL_CERT_FILE={ssl_cert_file:?}\"\n\
"
),
)
.await
.map_err(|e| ActionErrorKind::Write(ssl_cert_file.clone(), e))
.map_err(Self::error)?;
}
if *start_daemon || socket_was_active {
enable(SOCKET_SRC, true).await.map_err(Self::error)?;
} else {
@ -514,16 +456,6 @@ impl Action for ConfigureInitService {
errors.push(err);
}
if self.ssl_cert_file.is_some() {
let service_conf_dir_path = PathBuf::from(format!("{SERVICE_DEST}.d"));
if let Err(err) = tokio::fs::remove_dir_all(&service_conf_dir_path)
.await
.map_err(|e| ActionErrorKind::Remove(service_conf_dir_path.clone(), e))
{
errors.push(err);
}
}
if let Err(err) = tokio::fs::remove_file(TMPFILES_DEST)
.await
.map_err(|e| ActionErrorKind::Remove(PathBuf::from(TMPFILES_DEST), e))

10
src/action/common/configure_nix.rs
View file

@ -34,18 +34,16 @@ impl ConfigureNix {
let configure_shell_profile = if settings.modify_profile {
Some(
ConfigureShellProfile::plan(
shell_profile_locations,
settings.ssl_cert_file.clone(),
)
.await
.map_err(Self::error)?,
ConfigureShellProfile::plan(shell_profile_locations)
.await
.map_err(Self::error)?,
)
} else {
None
};
let place_nix_configuration = PlaceNixConfiguration::plan(
settings.nix_build_group_name.clone(),
settings.ssl_cert_file.clone(),
settings.extra_conf.clone(),
settings.force,
)

13
src/action/common/configure_shell_profile.rs
View file

@ -26,25 +26,13 @@ impl ConfigureShellProfile {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
locations: ShellProfileLocations,
ssl_cert_file: Option<PathBuf>,
) -> Result<StatefulAction<Self>, ActionError> {
let mut create_or_insert_files = Vec::default();
let mut create_directories = Vec::default();
let maybe_ssl_cert_file_setting = if let Some(ssl_cert_file) = ssl_cert_file {
format!(
"export NIX_SSL_CERT_FILE={:?}\n",
ssl_cert_file.canonicalize().map_err(|e| {
Self::error(ActionErrorKind::Canonicalize(ssl_cert_file, e))
})?
)
} else {
"".to_string()
};
let shell_buf = format!(
"\n\
# Nix\n\
{maybe_ssl_cert_file_setting}\
if [ -e '{PROFILE_NIX_FILE_SHELL}' ]; then\n\
{inde}. '{PROFILE_NIX_FILE_SHELL}'\n\
fi\n\
@ -80,7 +68,6 @@ impl ConfigureShellProfile {
let fish_buf = format!(
"\n\
# Nix\n\
{maybe_ssl_cert_file_setting}\
if test -e '{PROFILE_NIX_FILE_FISH}'\n\
{inde}. '{PROFILE_NIX_FILE_FISH}'\n\
end\n\

11
src/action/common/place_nix_configuration.rs
View file

@ -6,6 +6,7 @@ use crate::action::{
Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
};
use std::collections::hash_map::Entry;
use std::path::PathBuf;
const NIX_CONF_FOLDER: &str = "/etc/nix";
const NIX_CONF: &str = "/etc/nix/nix.conf";
@ -23,6 +24,7 @@ impl PlaceNixConfiguration {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
nix_build_group_name: String,
ssl_cert_file: Option<PathBuf>,
extra_conf: Vec<String>,
force: bool,
) -> Result<StatefulAction<Self>, ActionError> {
@ -53,6 +55,15 @@ impl PlaceNixConfiguration {
"bash-prompt-prefix".to_string(),
"(nix:$name)\\040".to_string(),
);
if let Some(ssl_cert_file) = ssl_cert_file {
let ssl_cert_file_canonical = ssl_cert_file
.canonicalize()
.map_err(|e| Self::error(ActionErrorKind::Canonicalize(ssl_cert_file, e)))?;
settings.insert(
"ssl-cert-file".to_string(),
ssl_cert_file_canonical.display().to_string(),
);
}
settings.insert(
"extra-nix-path".to_string(),
"nixpkgs=flake:nixpkgs".to_string(),

12
src/cli/subcommand/install.rs
View file

@ -307,7 +307,7 @@ impl CommandExecute for Install {
println!(
"\
{success}\n\
To get started using Nix, open a new shell or run `{maybe_ssl_cert_file_reminder}{shell_reminder}`\n\
To get started using Nix, open a new shell or run `{shell_reminder}`\n\
",
success = "Nix was installed successfully!".green().bold(),
shell_reminder = match std::env::var("SHELL") {
@ -316,16 +316,6 @@ impl CommandExecute for Install {
Ok(_) | Err(_) =>
". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh".bold(),
},
maybe_ssl_cert_file_reminder = if let Some(ssl_cert_file) = &settings.ssl_cert_file {
format!(
"export NIX_SSL_CERT_FILE={:?}; ",
ssl_cert_file
.canonicalize()
.map_err(|e| { eyre!(e).wrap_err(format!("Could not canonicalize {}", ssl_cert_file.display())) })?
)
} else {
"".to_string()
}
);
},
}

8
src/diagnostics.rs
View file

@ -89,7 +89,7 @@ impl DiagnosticData {
os_version,
triple: target_lexicon::HOST.to_string(),
is_ci,
ssl_cert_file,
ssl_cert_file: ssl_cert_file.and_then(|v| v.canonicalize().ok()),
failure_chain: None,
})
}
@ -174,8 +174,10 @@ impl DiagnosticData {
tracing::debug!("Sending diagnostic to `{endpoint}`");
let mut buildable_client = reqwest::Client::builder();
if let Some(ssl_cert_file) = &self.ssl_cert_file {
let ssl_cert = parse_ssl_cert(&ssl_cert_file).await?;
buildable_client = buildable_client.add_root_certificate(ssl_cert);
let ssl_cert = parse_ssl_cert(&ssl_cert_file).await.ok();
if let Some(ssl_cert) = ssl_cert {
buildable_client = buildable_client.add_root_certificate(ssl_cert);
}
}
let client = buildable_client
.build()

12
src/planner/linux.rs
View file

@ -88,14 +88,10 @@ impl Planner for Linux {
}
plan.push(
ConfigureInitService::plan(
self.init.init,
self.init.start_daemon,
self.settings.ssl_cert_file.clone(),
)
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(self.init.init, self.init.start_daemon)
.await
.map_err(PlannerError::Action)?
.boxed(),
);
plan.push(
RemoveDirectory::plan(crate::settings::SCRATCH_DIR)

12
src/planner/macos.rs
View file

@ -157,14 +157,10 @@ impl Planner for Macos {
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(
InitSystem::Launchd,
true,
self.settings.ssl_cert_file.clone(),
)
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(InitSystem::Launchd, true)
.await
.map_err(PlannerError::Action)?
.boxed(),
RemoveDirectory::plan(crate::settings::SCRATCH_DIR)
.await
.map_err(PlannerError::Action)?

12
src/planner/steam_deck.rs
View file

@ -334,14 +334,10 @@ impl Planner for SteamDeck {
.map_err(PlannerError::Action)?
.boxed(),
// Init is required for the steam-deck archetype to make the `/nix` mount
ConfigureInitService::plan(
InitSystem::Systemd,
true,
self.settings.ssl_cert_file.clone(),
)
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(InitSystem::Systemd, true)
.await
.map_err(PlannerError::Action)?
.boxed(),
StartSystemdUnit::plan("ensure-symlinked-units-resolve.service".to_string(), true)
.await
.map_err(PlannerError::Action)?