Some sites (e.g. BitBucket) give a helpful 401 error when trying to
download a private archive if the User-Agent contains "curl", but give
a redirect to a login page otherwise (so for instance
"nix-prefetch-url" will succeed but produce useless output).
Users of kontemplate may expect variables defined on the parent resource to be
inherited by children.
This implements that functionality. Values defined twice are overwritten by the
child's definition.
Fixes#20
This adds support for s3:// URIs in all places where Nix allows URIs,
e.g. in builtins.fetchurl, builtins.fetchTarball, <nix/fetchurl.nix>
and NIX_PATH. It allows fetching resources from private S3 buckets,
using credentials obtained from the standard places (i.e. AWS_*
environment variables, ~/.aws/credentials and the EC2 metadata
server). This may not be super-useful in general, but since we already
depend on aws-sdk-cpp, it's a cheap feature to add.
Currently, 'nix-daemon --stdio' is always failing for me, due to the
splice call always failing with (on a 32-bit host):
splice(0, NULL, 3, NULL, 4294967295, SPLICE_F_MOVE) = -1 EINVAL (Invalid argument)
With a bit of ftracing (and luck) the problem seems to be that splice()
always fails with EINVAL if the len cast as ssize_t is negative:
http://lxr.free-electrons.com/source/fs/read_write.c?v=4.4#L384
So use SSIZE_MAX instead of SIZE_MAX.
For usernames and passwords containing special characters the URL parameters
must be escaped.
Because the entire URI is just query parameters I've opted for using net/url.Values
for the entire URI.
Fixes#1
This introduces support for looking up secret values in the 'pass' command line
tool (https://www.passwordstore.org/).
Values like passwords can be interpolated from pass and even more complex
structures like certificates for Kubernetes Secrets can be retrieved and base64-
encoded as necessary.
Fixes#2
Because config.h can #define things like _FILE_OFFSET_BITS=64 and not
every compilation unit includes config.h, we currently compile half of
Nix with _FILE_OFFSET_BITS=64 and other half with _FILE_OFFSET_BITS
unset. This causes major havoc with the Settings class on e.g. 32-bit ARM,
where different compilation units disagree with the struct layout.
E.g.:
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
@@ -166,6 +166,8 @@ void Settings::update()
_get(useSubstitutes, "build-use-substitutes");
+ fprintf(stderr, "at Settings::update(): &useSubstitutes = %p\n", &nix::settings.useSubstitutes);
_get(buildUsersGroup, "build-users-group");
diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@@ -138,6 +138,8 @@ void RemoteStore::initConnection(Connection & conn)
void RemoteStore::setOptions(Connection & conn)
{
+ fprintf(stderr, "at RemoteStore::setOptions(): &useSubstitutes = %p\n", &nix::settings.useSubstitutes);
conn.to << wopSetOptions
Gave me:
at Settings::update(): &useSubstitutes = 0xb6e5c5cb
at RemoteStore::setOptions(): &useSubstitutes = 0xb6e5c5c7
That was not a fun one to debug!
A resource set collection is a resource set with an addition 'include' array
configured. It is a short-hand for importing multiple resource sets from the
same folder and for excluding/including them as a group.
See https://github.com/tazjin/kontemplate/issues/9 for more information.
Closes#9
* renamed --limit to --include (-i)
* added --exclude (-e)
Kontemplate users can now explicitly include and exclude certain resource sets.
Excludes always override includes.
Closes#11
* Adds support for calling `kubectl replace` (necessary for resource types that do
not support `apply`).
* Sets `kubectl` context to whatever is defined in the cluster configuration file
This integrates support for actually calling out to `kubectl apply`.
A dry-run flag is implemented, too.
The `run` command has been renamed to `template`.
This adds the Go template functions from [sprig][] as well as a custom `json`
function that can interpolate any data as a JSON object - very useful for adding
arrays of data in JSON format into a variable:
```
certificateDomains:
- oslo.pub
- tazj.in
annotations:
acme/certificate: {{ .certificateDomains | json }}
annotations:
acme/certificate: ["oslo.pub", "tazj.in"]
```
[sprig]: https://godoc.org/github.com/Masterminds/sprig
