Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use ssl-cert-file config #527

Merged
merged 6 commits into from
Jun 26, 2023
Merged

Use ssl-cert-file config #527

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
606894d
Use ssl-cert-file config
Hoverbear Jun 23, 2023
2056f69
Include mac change
Hoverbear Jun 23, 2023
f7067ee
Use canonical ssl cert file
Hoverbear Jun 23, 2023
5a65f39
Don't set ssl-cert-file in shell profiles
Hoverbear Jun 23, 2023
a8c51ff
Canonicalize in diagnostics
Hoverbear Jun 23, 2023
7fb050b
Optionally read cert file
Hoverbear Jun 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 2 additions & 70 deletions src/action/common/configure_init_service.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ Configure the init to run the Nix daemon
pub struct ConfigureInitService {
init: InitSystem,
start_daemon: bool,
ssl_cert_file: Option<PathBuf>,
}

impl ConfigureInitService {
Expand Down Expand Up @@ -72,18 +71,7 @@ impl ConfigureInitService {
pub async fn plan(
init: InitSystem,
start_daemon: bool,
ssl_cert_file: Option<PathBuf>,
) -> Result<StatefulAction<Self>, ActionError> {
let ssl_cert_file_path = if let Some(ssl_cert_file) = ssl_cert_file {
Some(
ssl_cert_file
.canonicalize()
.map_err(|e| Self::error(ActionErrorKind::Canonicalize(ssl_cert_file, e)))?,
)
} else {
None
};

match init {
#[cfg(target_os = "macos")]
InitSystem::Launchd => {
Expand Down Expand Up @@ -114,12 +102,7 @@ impl ConfigureInitService {
},
};

Ok(Self {
init,
start_daemon,
ssl_cert_file: ssl_cert_file_path,
}
.into())
Ok(Self { init, start_daemon }.into())
}
}

Expand Down Expand Up @@ -180,11 +163,7 @@ impl Action for ConfigureInitService {

#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
let Self {
init,
start_daemon,
ssl_cert_file,
} = self;
let Self { init, start_daemon } = self;

match init {
#[cfg(target_os = "macos")]
Expand All @@ -210,19 +189,6 @@ impl Action for ConfigureInitService {
.await
.map_err(Self::error)?;

if let Some(ssl_cert_file) = ssl_cert_file {
execute_command(
Command::new("launchctl")
.process_group(0)
.arg("setenv")
.arg("NIX_SSL_CERT_FILE")
.arg(format!("{ssl_cert_file:?}"))
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
}

if *start_daemon {
execute_command(
Command::new("launchctl")
Expand Down Expand Up @@ -350,30 +316,6 @@ impl Action for ConfigureInitService {
.map_err(Self::error)?;
}

if let Some(ssl_cert_file) = ssl_cert_file {
let service_conf_dir_path = PathBuf::from(format!("{SERVICE_DEST}.d"));
tokio::fs::create_dir(&service_conf_dir_path)
.await
.map_err(|e| {
ActionErrorKind::CreateDirectory(service_conf_dir_path.clone(), e)
})
.map_err(Self::error)?;
let service_conf_file_path =
service_conf_dir_path.join("nix-ssl-cert-file.conf");
tokio::fs::write(
service_conf_file_path,
format!(
"\
[Service]\n\
Environment=\"NIX_SSL_CERT_FILE={ssl_cert_file:?}\"\n\
"
),
)
.await
.map_err(|e| ActionErrorKind::Write(ssl_cert_file.clone(), e))
.map_err(Self::error)?;
}

if *start_daemon || socket_was_active {
enable(SOCKET_SRC, true).await.map_err(Self::error)?;
} else {
Expand Down Expand Up @@ -514,16 +456,6 @@ impl Action for ConfigureInitService {
errors.push(err);
}

if self.ssl_cert_file.is_some() {
let service_conf_dir_path = PathBuf::from(format!("{SERVICE_DEST}.d"));
if let Err(err) = tokio::fs::remove_dir_all(&service_conf_dir_path)
.await
.map_err(|e| ActionErrorKind::Remove(service_conf_dir_path.clone(), e))
{
errors.push(err);
}
}

if let Err(err) = tokio::fs::remove_file(TMPFILES_DEST)
.await
.map_err(|e| ActionErrorKind::Remove(PathBuf::from(TMPFILES_DEST), e))
Expand Down
10 changes: 4 additions & 6 deletions src/action/common/configure_nix.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,18 +34,16 @@ impl ConfigureNix {

let configure_shell_profile = if settings.modify_profile {
Some(
ConfigureShellProfile::plan(
shell_profile_locations,
settings.ssl_cert_file.clone(),
)
.await
.map_err(Self::error)?,
ConfigureShellProfile::plan(shell_profile_locations)
.await
.map_err(Self::error)?,
)
} else {
None
};
let place_nix_configuration = PlaceNixConfiguration::plan(
settings.nix_build_group_name.clone(),
settings.ssl_cert_file.clone(),
settings.extra_conf.clone(),
settings.force,
)
Expand Down
13 changes: 0 additions & 13 deletions src/action/common/configure_shell_profile.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,25 +26,13 @@ impl ConfigureShellProfile {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
locations: ShellProfileLocations,
ssl_cert_file: Option<PathBuf>,
) -> Result<StatefulAction<Self>, ActionError> {
let mut create_or_insert_files = Vec::default();
let mut create_directories = Vec::default();

let maybe_ssl_cert_file_setting = if let Some(ssl_cert_file) = ssl_cert_file {
format!(
"export NIX_SSL_CERT_FILE={:?}\n",
ssl_cert_file.canonicalize().map_err(|e| {
Self::error(ActionErrorKind::Canonicalize(ssl_cert_file, e))
})?
)
} else {
"".to_string()
};
let shell_buf = format!(
"\n\
# Nix\n\
{maybe_ssl_cert_file_setting}\
if [ -e '{PROFILE_NIX_FILE_SHELL}' ]; then\n\
{inde}. '{PROFILE_NIX_FILE_SHELL}'\n\
fi\n\
Expand Down Expand Up @@ -80,7 +68,6 @@ impl ConfigureShellProfile {
let fish_buf = format!(
"\n\
# Nix\n\
{maybe_ssl_cert_file_setting}\
if test -e '{PROFILE_NIX_FILE_FISH}'\n\
{inde}. '{PROFILE_NIX_FILE_FISH}'\n\
end\n\
Expand Down
11 changes: 11 additions & 0 deletions src/action/common/place_nix_configuration.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ use crate::action::{
Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
};
use std::collections::hash_map::Entry;
use std::path::PathBuf;

const NIX_CONF_FOLDER: &str = "/etc/nix";
const NIX_CONF: &str = "/etc/nix/nix.conf";
Expand All @@ -23,6 +24,7 @@ impl PlaceNixConfiguration {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
nix_build_group_name: String,
ssl_cert_file: Option<PathBuf>,
extra_conf: Vec<String>,
force: bool,
) -> Result<StatefulAction<Self>, ActionError> {
Expand Down Expand Up @@ -53,6 +55,15 @@ impl PlaceNixConfiguration {
"bash-prompt-prefix".to_string(),
"(nix:$name)\\040".to_string(),
);
if let Some(ssl_cert_file) = ssl_cert_file {
let ssl_cert_file_canonical = ssl_cert_file
.canonicalize()
.map_err(|e| Self::error(ActionErrorKind::Canonicalize(ssl_cert_file, e)))?;
settings.insert(
"ssl-cert-file".to_string(),
ssl_cert_file_canonical.display().to_string(),
);
}
settings.insert(
"extra-nix-path".to_string(),
"nixpkgs=flake:nixpkgs".to_string(),
Expand Down
12 changes: 1 addition & 11 deletions src/cli/subcommand/install.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ impl CommandExecute for Install {
println!(
"\
{success}\n\
To get started using Nix, open a new shell or run `{maybe_ssl_cert_file_reminder}{shell_reminder}`\n\
To get started using Nix, open a new shell or run `{shell_reminder}`\n\
",
success = "Nix was installed successfully!".green().bold(),
shell_reminder = match std::env::var("SHELL") {
Expand All @@ -316,16 +316,6 @@ impl CommandExecute for Install {
Ok(_) | Err(_) =>
". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh".bold(),
},
maybe_ssl_cert_file_reminder = if let Some(ssl_cert_file) = &settings.ssl_cert_file {
format!(
"export NIX_SSL_CERT_FILE={:?}; ",
ssl_cert_file
.canonicalize()
.map_err(|e| { eyre!(e).wrap_err(format!("Could not canonicalize {}", ssl_cert_file.display())) })?
)
} else {
"".to_string()
}
);
},
}
Expand Down
8 changes: 5 additions & 3 deletions src/diagnostics.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ impl DiagnosticData {
os_version,
triple: target_lexicon::HOST.to_string(),
is_ci,
ssl_cert_file,
ssl_cert_file: ssl_cert_file.and_then(|v| v.canonicalize().ok()),
failure_chain: None,
})
}
Expand Down Expand Up @@ -174,8 +174,10 @@ impl DiagnosticData {
tracing::debug!("Sending diagnostic to `{endpoint}`");
let mut buildable_client = reqwest::Client::builder();
if let Some(ssl_cert_file) = &self.ssl_cert_file {
let ssl_cert = parse_ssl_cert(&ssl_cert_file).await?;
buildable_client = buildable_client.add_root_certificate(ssl_cert);
let ssl_cert = parse_ssl_cert(&ssl_cert_file).await.ok();
if let Some(ssl_cert) = ssl_cert {
buildable_client = buildable_client.add_root_certificate(ssl_cert);
}
}
let client = buildable_client
.build()
Expand Down
12 changes: 4 additions & 8 deletions src/planner/linux.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,14 +88,10 @@ impl Planner for Linux {
}

plan.push(
ConfigureInitService::plan(
self.init.init,
self.init.start_daemon,
self.settings.ssl_cert_file.clone(),
)
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(self.init.init, self.init.start_daemon)
.await
.map_err(PlannerError::Action)?
.boxed(),
);
plan.push(
RemoveDirectory::plan(crate::settings::SCRATCH_DIR)
Expand Down
12 changes: 4 additions & 8 deletions src/planner/macos.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,14 +157,10 @@ impl Planner for Macos {
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(
InitSystem::Launchd,
true,
self.settings.ssl_cert_file.clone(),
)
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(InitSystem::Launchd, true)
.await
.map_err(PlannerError::Action)?
.boxed(),
RemoveDirectory::plan(crate::settings::SCRATCH_DIR)
.await
.map_err(PlannerError::Action)?
Expand Down
12 changes: 4 additions & 8 deletions src/planner/steam_deck.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,14 +334,10 @@ impl Planner for SteamDeck {
.map_err(PlannerError::Action)?
.boxed(),
// Init is required for the steam-deck archetype to make the `/nix` mount
ConfigureInitService::plan(
InitSystem::Systemd,
true,
self.settings.ssl_cert_file.clone(),
)
.await
.map_err(PlannerError::Action)?
.boxed(),
ConfigureInitService::plan(InitSystem::Systemd, true)
.await
.map_err(PlannerError::Action)?
.boxed(),
StartSystemdUnit::plan("ensure-symlinked-units-resolve.service".to_string(), true)
.await
.map_err(PlannerError::Action)?
Expand Down