This adds support for s3:// URIs in all places where Nix allows URIs,
e.g. in builtins.fetchurl, builtins.fetchTarball, <nix/fetchurl.nix>
and NIX_PATH. It allows fetching resources from private S3 buckets,
using credentials obtained from the standard places (i.e. AWS_*
environment variables, ~/.aws/credentials and the EC2 metadata
server). This may not be super-useful in general, but since we already
depend on aws-sdk-cpp, it's a cheap feature to add.
Currently, 'nix-daemon --stdio' is always failing for me, due to the
splice call always failing with (on a 32-bit host):
splice(0, NULL, 3, NULL, 4294967295, SPLICE_F_MOVE) = -1 EINVAL (Invalid argument)
With a bit of ftracing (and luck) the problem seems to be that splice()
always fails with EINVAL if the len cast as ssize_t is negative:
http://lxr.free-electrons.com/source/fs/read_write.c?v=4.4#L384
So use SSIZE_MAX instead of SIZE_MAX.
For usernames and passwords containing special characters the URL parameters
must be escaped.
Because the entire URI is just query parameters I've opted for using net/url.Values
for the entire URI.
Fixes#1
This introduces support for looking up secret values in the 'pass' command line
tool (https://www.passwordstore.org/).
Values like passwords can be interpolated from pass and even more complex
structures like certificates for Kubernetes Secrets can be retrieved and base64-
encoded as necessary.
Fixes#2
Because config.h can #define things like _FILE_OFFSET_BITS=64 and not
every compilation unit includes config.h, we currently compile half of
Nix with _FILE_OFFSET_BITS=64 and other half with _FILE_OFFSET_BITS
unset. This causes major havoc with the Settings class on e.g. 32-bit ARM,
where different compilation units disagree with the struct layout.
E.g.:
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
@@ -166,6 +166,8 @@ void Settings::update()
_get(useSubstitutes, "build-use-substitutes");
+ fprintf(stderr, "at Settings::update(): &useSubstitutes = %p\n", &nix::settings.useSubstitutes);
_get(buildUsersGroup, "build-users-group");
diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@@ -138,6 +138,8 @@ void RemoteStore::initConnection(Connection & conn)
void RemoteStore::setOptions(Connection & conn)
{
+ fprintf(stderr, "at RemoteStore::setOptions(): &useSubstitutes = %p\n", &nix::settings.useSubstitutes);
conn.to << wopSetOptions
Gave me:
at Settings::update(): &useSubstitutes = 0xb6e5c5cb
at RemoteStore::setOptions(): &useSubstitutes = 0xb6e5c5c7
That was not a fun one to debug!
A resource set collection is a resource set with an addition 'include' array
configured. It is a short-hand for importing multiple resource sets from the
same folder and for excluding/including them as a group.
See https://github.com/tazjin/kontemplate/issues/9 for more information.
Closes#9
* renamed --limit to --include (-i)
* added --exclude (-e)
Kontemplate users can now explicitly include and exclude certain resource sets.
Excludes always override includes.
Closes#11
* Adds support for calling `kubectl replace` (necessary for resource types that do
not support `apply`).
* Sets `kubectl` context to whatever is defined in the cluster configuration file
This integrates support for actually calling out to `kubectl apply`.
A dry-run flag is implemented, too.
The `run` command has been renamed to `template`.
This adds the Go template functions from [sprig][] as well as a custom `json`
function that can interpolate any data as a JSON object - very useful for adding
arrays of data in JSON format into a variable:
```
certificateDomains:
- oslo.pub
- tazj.in
annotations:
acme/certificate: {{ .certificateDomains | json }}
annotations:
acme/certificate: ["oslo.pub", "tazj.in"]
```
[sprig]: https://godoc.org/github.com/Masterminds/sprig
Adds a basic CLI structure with a single "run" command that takes a --file (-f)
and --limit (-l) flag.
--limit can be used to only output certain resource sets.
Closes#4
