Main motivation for this is to get the openldap update that fixes
10 CVEs: CVE-2020-36221 to including CVE-2020-36230. See also this
issue which lists them all: https://github.com/NixOS/nixpkgs/issues/113490
Someone should also redeploy whitby as soon as this lands in canon and
all build failures have been fixed.
Things done to resolve upstream breakages:
* grpc no longer takes abseil-cpp as an input, it has also been removed
in the override.
* Upgrade glittershark's kernel to 5.11 since the linuxPackages_5_9
attribute has been removed by upstream and the patch used by them is
available for 5.11 as well.
* The fixed output hash for third_patry.apereo-cas changed for some reason.
* Remove the pin of haskellPackages.vector from the haskell overlay. It
broke as the most recent version of vector in nixos-unstable no longer
depends on semigroups. This effectively updates vector from 0.12.1.2
to 0.12.2.0.
* Align two comments in tvix/libstore/worker-protocol.hh because the
updated clang-format now demands that.
Change-Id: I2ecf10a98de935e9222acf1feaea447d4c11ed2d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2538
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Was messing around with serde and trying to build serde_json something,
might as well commit this.
Change-Id: I60f87aa3180f750fa171eca7f9c375ed053f8456
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2537
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
This adds a trivial test case on the transitive lib in tests and builds
it by wrapping in with testRustSimple. This should check:
* testRustSimple doesn't change the output and other packages can just
use it as a normal dependency
* tests are built and executed
Change-Id: Ia4ea7425432b8b0da09f63054f51f0c480300aa4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2531
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
The rust tests are now automatically built and run if
users.Profpatsch.netencode-rs is built without changing the content of
its output. users.Profpatsch.netencode-rs-tests has been removed in
favor of this, but can still be accessed as
builtins.head users.Profpatsch.netencode.netencode-rs.drvDeps
Change-Id: I25e8191f5b9efa08ace4a584a75978565c79d8d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2530
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
testRustSimple is intended to wrap rustSimpleLib and rustSimpleBin and
theoretically pkgs.buildRustCrate with { buildTests = false; } while
building and running their tests, making them fail if the tests don't
succeed.
This is implemented using nix.drvSeqL which is a perfect fit here:
* { buildTests = true; } only returns an output with the test binaries
and does not actually run the tests. With drvSeqL we can easily wrap
this derivation.
* { buildTests = true } doesn't contain anything other derivations want
to depend on, so it is an derivation output we don't want to have.
drvSeqL hides the tests derivation away and only requires us to build
it once.
* Usually drvSeqL has the issue that tests (or advantage) are not rebuilt
if the test derivation changes. This is no question in this case as
due to the embedded nature of Rust's test, both the derivation with
and without tests change anyways regardless of which part was changed.
Future work: Allow injecting other tests?
Change-Id: If6ecfb3a360ce059320dbb05642b391b617aede7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2529
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
We forgot the special casing of derivations; if we recurse into a
derivation like we’d recurse into an attrset, it always ends in tears,
so dwim will just print the derivation path instead, which is usually
what you want anyway.
Change-Id: Ieed1b68dfcf8f2925ee3a75ae4f460fa5081da28
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2526
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tested-by: BuildkiteCI
eprintenv is a debugging tool, as such the code should probably not
crash when the environment variable we want to look at is missing.
But we can print a warning instead.
Change-Id: I41a24dc0c1cc488587563b85c1adbd089dd364f2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2525
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
The headers are not a scalar, so record-splice-env doesn’t know how to
convert them to an envvar; let’s just ignore everything that can’t be
converted to a scalar for now.
Change-Id: I74ed0aa942fcd26beb058705830bc2f2b516e93e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2523
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tries to decode the inner type, turning it into an Option.
Change-Id: I29d1286fe873c28d7c4a4b71f220acaf2d23f8e1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2522
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Small helper that empties out the environment, except for the given
list of variables.
Change-Id: I5e265496aaa5c248136318aa1c6cd91a67d3f028
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2506
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Some programs need an exact amount of arguments, and we want to fail
if they get too many or not enough.
Change-Id: Ic703949f38780718f26118b896e7c7d7aa5553d9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2504
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Some programs don’t need any arguments, so fail if they do get them,
because that’s usually a bug.
Change-Id: I28639056d3d9cea0cc0e7fcbfa42120c4f129c8c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2503
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Projecting into one record field of netencode given on stdin.
Change-Id: I975bd5558a06988aa159156ca73a449710db983f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2502
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
arglib should remove its arguments after reading it, to prevent them
from leaking to any child processes.
Change-Id: Ifc107b1620b8e407bad6b3d0ad7f4728856ec2ba
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2501
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Interestingly, the code is not any shorter, but a lot more
declarative, and all parsing footwork and error message generation is
done by the `Decoder` trait. \o/
Change-Id: Idb1064a3b5198e38e06e1860d4d71054ae53bbb9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2499
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
`Text` and `Binary` should be self-explaining, they just match on the
primitive and throw an error otherwise.
OneOf is cool, because it allows the user to match on the
result type of decoding `inner`, and give a list of values that should
be allowed as the result type (the associated type `A` in the
`Decoder` trait).
Change-Id: Ia252e25194610555c17c37640a96953142f0a165
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2498
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Shouldn’t use the netstring function, since that adds the length of
the containing string, which doesn’t make sense for numbers, they just
have their one length number and content.
Change-Id: I5591f6dd59154c5ef38d6e9b7300d19884a2d57b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2497
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
This fell out of us moving the `U::List` to a `Vec`.
I noticed that now we have deep recursion for `U`s, which originally
wasn’t intended; reverting to contain `&[u8]` might be a good
experiment, as long as the lists stay a `Vec<&'a [u8]`, which was the
thing preventing us from parsing lists without allocating memory.
Change-Id: I4900c5dea460fa69a78ce0dbed5708495af5d2e1
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2495
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
`dec::RecordDot` accesses a specific field of a netencode record.
In order to implement this, either we’d have to introduce a type-level
string, but in all honesty this kind of typelevel circlejerking never
leads anywhere, so let’s change the trait to use `&self` after all.
Usage is pretty much the same, except actually more like you’d expect.
Change-Id: I5a7f1a3f587256c50df1b65c2969e5a7194bba70
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2494
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Since we don’t necessarily need to decode deeply, we can make the
decoders take a `U` instead of a `T`.
Change-Id: I9704a21edb3922d58411e6807d027d684b18d390
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2492
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Also change the toplevel `encode()` to take a `&U` instead of an owned
`U`.
Change-Id: I8e51540cc531e70ae1c94e3676f4dd88da7a924d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2491
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
`U::Record` is required to be a hash map (later keys should be
ignored), so why not do the hash map immediately.
This surfaced a problem with read-http, because duplicate headers in
http are possible, but before they’d be silently ignored.
Now we merge them into a `U::List` in case, to be handled by
consumers of read-http.
Change-Id: Ifd594916f76e5acf9d08e705e0dec2c10a0081c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2490
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
We expect the users to pass an actual prog, not an argv, so 0 is the
program to exec into.
Also improve the exec error, by including the program we tried to exec
into (the rust IO error doesn’t contain the name).
Change-Id: I664f9f717e4f82bfc1b1da3bd7114124b7582d5f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2489
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tested-by: BuildkiteCI
Earlier we left the next level of values unencoded, since lists are
just concatenated netencode values. But I noticed that you can’t write
e.g. a `t_to_u` function, because only in the case of lists you need
to allocate memory.
Turns out that if we read the next level of values, everything is
handled the same as in `Record` and things suddenly start working.
We can also throw away some of the strange and ad-hoc parser helpers
we needed before, `skip` and `list_take`, since now those are just
normal `Vec::iter().skip()` and take.
Change-Id: Ibc476e028102944a65c2b64621047086cfc09aa5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2488
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tested-by: BuildkiteCI
Since `Text` is a scalar, it doesn’t make sense to delay the utf-8
verification to the consumer.
Change-Id: I36e4d228fbf35374d7c1addb4b24828cf6e927e5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2478
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
a044a87084 removed boxes in T::List, but
the tests were not adjusted accordingly.
Seems like netencode fell victim to CI not recursing into attrsets not
generated by readTree in pipeline generation.
Change-Id: I65d58a82881059983f7d6bc7a32263c6671ccbba
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2486
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tested-by: BuildkiteCI
Seems like 5d44df3af6 forgot to add the
newly split out crate to the dependencies of netencode_mustache.
CI didn't pick up on it since it is hidden away from readTree in an
attrset in a file.
Change-Id: I7df9a636d849de48a99562d1cda8c0e6765f4781
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2485
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
There is this semantic exit code schema championed by execline and
skaware tooling, and we refined and documented it a bit in lorri
d1d673d420/src/ops/mod.rs (L24-L35)
in the past.
This just transcribes the error messages into simple helper functions.
Applies the functions to the places where we would panic or die
`sys::exit()` instead.
Change-Id: I15ca05cd6f99a25a3378518be94110eab416354e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2475
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
`exec_into_args` would just read argv and exec into it, but we want to
be able to write commands which take some positional arguments first.
Thus we split the invocation into `args_for_exec`, which returns the
positional arguments and prog, and then pass prog to `exec_into_args`
when we want to exec eventually (prog is still an iterator at this
point).
Change-Id: I0b180c1a100b96363fe33ba2c42034ed41716b7a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2474
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
There might be exploits since we parsed the headers as utf8 even
though we actually want to interpret them as ASCII.
This fixes it, by using the ascii crate.
Thanks to @sterni for noticing.
Change-Id: I50b6a588d99b34e677cb22968cf0dfd8b331d11c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2457
Reviewed-by: Profpatsch <mail@profpatsch.de>
Tested-by: BuildkiteCI
Splice a netencode record from stdin into the environment.
Change-Id: I7eac19e18164e070e4463ee431d9b0e955857b9c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2454
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Decoders are implemented not directly on output types, but on trivial
proxy types, so that we can easily combine those into a decoder, and
then the associated type is the actual return value of the decoder.
Change-Id: Ibce98fa09fc944e02ab327112ec7ffbc09815830
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2455
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Most tools end by execing into their argv, so here’s a small rust
function which does the boilerplate.
Change-Id: I9748955cf53828e02f04d7e8d74fbaf10c1158b5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2453
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Headers should always be ASCII, so let’s crash if they are not. The
thing gets a lot easier to use, and clients who fail this restriction
can just fuck off.
Also actually print the results to stdout instead of stderr …
Change-Id: I782c96c537ae11b541175e96453c4114e0a71b05
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2451
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
arglib is the simple idea of passing structured data via a
conventional environment variable instead of implementing an optparser
for every little tool.
Pop the envvar, decode the contents, return the contents.
Change-Id: Ie44148293a58aae9a0a613895176227d43b491bb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2449
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
It's not installed because it's broken right now
Change-Id: I1bf198788fb90aabe3ba1a7b65399c3579983704
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2459
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This appears to be getting overridden by a package somewhere now
Change-Id: I4f0776b5ae65e5cfa936e3636ce1bb5e2c85790a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2427
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This gives a permission denied error when I try to log in
Change-Id: Ibb9a66bb0ccec5fdf6839dd38ffd7e0a782687d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2425
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
This way ci should pick up on clhs-lookup since only a single derivation
is exposed with the default.nix and it is less cumbersome to type the
attribute path (users.sterni.clhs.clhs-lookup →
users.sterni.clhs-lookup). The exposed CLHS wasn't used for anything
anyways and I can always expose it again using passthru or extra if it's
ever merged.
Change-Id: I6c5aeba1b58ca650700c6efa0913e4b42685ea6b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2461
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
