diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml deleted file mode 100644 index db9c9cad9..000000000 --- a/.buildkite/pipeline.yml +++ /dev/null @@ -1,51 +0,0 @@ -steps: - - label: nix-installer-x86_64-darwin - agents: - mac: 1 - system: x86_64-darwin - nix: 1 - command: - - nix --extra-experimental-features "nix-command flakes" build .#packages.x86_64-darwin.nix-installer -L - - cp result/bin/nix-installer ./nix-installer-x86_64-darwin - - buildkite-agent artifact upload nix-installer-x86_64-darwin - - label: nix-installer-aarch64-darwin - agents: - mac: 1 - system: aarch64-darwin - nix: 1 - command: - - nix --extra-experimental-features "nix-command flakes" build .#packages.aarch64-darwin.nix-installer -L - - cp result/bin/nix-installer ./nix-installer-aarch64-darwin - - buildkite-agent artifact upload nix-installer-aarch64-darwin - - label: nix-installer-x86_64-linux - agents: - system: x86_64-linux - nix: 1 - command: - - nix --extra-experimental-features "nix-command flakes" build .#packages.x86_64-linux.nix-installer-static -L - - cp result/bin/nix-installer ./nix-installer-x86_64-linux - - buildkite-agent artifact upload nix-installer-x86_64-linux - - label: nix-installer-x86_64-linux-variants - agents: - system: x86_64-linux - nix: 1 - command: - - nix --extra-experimental-features "nix-command flakes" develop --store ~/.ci-store --print-build-logs .# --command "cargo" build --no-default-features - - nix --extra-experimental-features "nix-command flakes" develop --store ~/.ci-store --print-build-logs .# --command "cargo" build --all-features - - nix --extra-experimental-features "nix-command flakes" build --store ~/.ci-store --print-build-logs .#packages.x86_64-linux.nix-installer - - label: nix-installer-i686-linux - agents: - system: x86_64-linux - nix: 1 - command: - - nix --extra-experimental-features "nix-command flakes" build .#packages.i686-linux.nix-installer-static -L - - cp result/bin/nix-installer ./nix-installer-i686-linux - - buildkite-agent artifact upload nix-installer-i686-linux - - label: nix-installer-aarch64-linux - agents: - system: aarch64-linux - nix: 1 - command: - - nix --extra-experimental-features "nix-command flakes" build .#packages.aarch64-linux.nix-installer-static -L - - cp result/bin/nix-installer ./nix-installer-aarch64-linux - - buildkite-agent artifact upload nix-installer-aarch64-linux diff --git a/.github/workflows/build-aarch64-darwin.yml b/.github/workflows/build-aarch64-darwin.yml new file mode 100644 index 000000000..693ae7ccf --- /dev/null +++ b/.github/workflows/build-aarch64-darwin.yml @@ -0,0 +1,36 @@ +name: Build aarch64 Darwin + +on: + workflow_call: + inputs: + cache-key: + type: string + required: false + default: aarch64-darwin-artifacts-${{ github.sha }} + +jobs: + build-aarch64-darwin: + name: Build aarch64 Darwin + runs-on: macos-latest-xlarge + concurrency: ${{ inputs.cache-key }} + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false + - name: Build the installer + run: | + nix build .#packages.aarch64-darwin.nix-installer -L + cp result/bin/nix-installer . + - name: Create GitHub cache from build artifacts + uses: actions/cache/save@v3 + with: + path: nix-installer + key: ${{ inputs.cache-key }} diff --git a/.github/workflows/build-aarch64-linux.yml b/.github/workflows/build-aarch64-linux.yml new file mode 100644 index 000000000..0ea3fb19d --- /dev/null +++ b/.github/workflows/build-aarch64-linux.yml @@ -0,0 +1,36 @@ +name: Build aarch64 Linux (static) + +on: + workflow_call: + inputs: + cache-key: + type: string + required: false + default: aarch64-linux-artifacts-${{ github.sha }} + +jobs: + build-aarch64-linux: + name: Build aarch64 Linux (static) + runs-on: namespace-profile-default-arm64 + concurrency: ${{ inputs.cache-key }} + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false + - name: Build the installer + run: | + nix build .#packages.aarch64-linux.nix-installer-static -L + cp result/bin/nix-installer . + - name: Create GitHub cache from build artifacts + uses: actions/cache/save@v3 + with: + path: nix-installer + key: ${{ inputs.cache-key }} diff --git a/.github/workflows/build-i686-linux.yml b/.github/workflows/build-i686-linux.yml new file mode 100644 index 000000000..6a9877700 --- /dev/null +++ b/.github/workflows/build-i686-linux.yml @@ -0,0 +1,36 @@ +name: Build i686 Linux (static) + +on: + workflow_call: + inputs: + cache-key: + type: string + required: false + default: i686-linux-artifacts-${{ github.sha }} + +jobs: + build-i686-linux: + name: Build i686 Linux (static) + runs-on: UbuntuLatest32Cores128G + concurrency: ${{ inputs.cache-key }} + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false + - name: Build the installer + run: | + nix build .#packages.i686-linux.nix-installer-static -L + cp result/bin/nix-installer . + - name: Create GitHub cache from build artifacts + uses: actions/cache/save@v3 + with: + path: nix-installer + key: ${{ inputs.cache-key }} diff --git a/.github/workflows/build-x86_64-darwin.yml b/.github/workflows/build-x86_64-darwin.yml new file mode 100644 index 000000000..e8b838ddd --- /dev/null +++ b/.github/workflows/build-x86_64-darwin.yml @@ -0,0 +1,36 @@ +name: Build x86_64 Darwin + +on: + workflow_call: + inputs: + cache-key: + type: string + required: false + default: x86_64-darwin-artifacts-${{ github.sha }} + +jobs: + build-x86_64-darwin: + name: Build x86_64 Darwin + runs-on: macos-13-large + concurrency: ${{ inputs.cache-key }} + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false + - name: Build the installer + run: | + nix build .#packages.x86_64-darwin.nix-installer -L + cp result/bin/nix-installer . + - name: Create GitHub cache from build artifacts + uses: actions/cache/save@v3 + with: + path: nix-installer + key: ${{ inputs.cache-key }} diff --git a/.github/workflows/build-x86_64-linux.yml b/.github/workflows/build-x86_64-linux.yml new file mode 100644 index 000000000..3578a2071 --- /dev/null +++ b/.github/workflows/build-x86_64-linux.yml @@ -0,0 +1,36 @@ +name: Build x86_64 Linux (static) + +on: + workflow_call: + inputs: + cache-key: + type: string + required: false + default: x86_64-linux-artifacts-${{ github.sha }} + +jobs: + build-x86_64-linux: + name: Build x86_64 Linux (static) + runs-on: UbuntuLatest32Cores128G + concurrency: ${{ inputs.cache-key }} + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true + - uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false + - name: Build the installer + run: | + nix build .#packages.x86_64-linux.nix-installer-static -L + cp result/bin/nix-installer . + - name: Create GitHub cache from build artifacts + uses: actions/cache/save@v3 + with: + path: nix-installer + key: ${{ inputs.cache-key }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 683e4e1e6..fa27826e4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,10 +5,23 @@ on: push: branches: [main] +permissions: + id-token: "write" + contents: "read" + jobs: + build-x86_64-linux: + uses: ./.github/workflows/build-x86_64-linux.yml + + build-x86_64-darwin: + uses: ./.github/workflows/build-x86_64-darwin.yml + lints: name: Lints - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest + permissions: + id-token: "write" + contents: "read" steps: - uses: actions/checkout@v3 - name: Check Nixpkgs input @@ -18,7 +31,11 @@ jobs: check-outdated: false # PRs shouldn't fail because main's nixpkgs is out of date - name: Install Nix uses: DeterminateSystems/nix-installer-action@main + with: + flakehub: true - uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false - name: Check rustfmt run: nix develop --command check-rustfmt - name: Check Clippy @@ -29,45 +46,32 @@ jobs: run: nix develop --command check-nixpkgs-fmt - name: Check EditorConfig conformance run: nix develop --command check-editorconfig - - name: Download Buildkite Artifacts - uses: EnricoMi/download-buildkite-artifact-action@v1.14 - with: - buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} - output_path: artifacts - - name: Output list of Buildkite artifacts - run: | - ls -lah artifacts/ - ls -lah artifacts/**/* - # Mac's can't run this action, so we're forced to do this. - - name: Create Github cache from Buildkite artifacts - id: cache-buildkite-artifacts - uses: actions/cache/save@v3 - with: - path: artifacts - key: buildkite-artifacts-${{ github.sha }} run-x86_64-linux: name: Run x86_64 Linux - runs-on: ubuntu-22.04 - needs: [lints] + runs-on: ubuntu-latest + needs: [lints, build-x86_64-linux] + permissions: + id-token: "write" + contents: "read" steps: - uses: actions/checkout@v3 - name: Restore Github cache of Buildkite artifacts - id: cache-buildkite-artifacts uses: actions/cache/restore@v3 with: - path: artifacts - key: buildkite-artifacts-${{ github.sha }} - - run: sudo apt install fish zsh + path: nix-installer + key: x86_64-linux-artifacts-${{ github.sha }} - name: Move & set executable run: | mkdir install-root cp nix-installer.sh install-root/nix-installer.sh - mv ./artifacts/nix-installer-x86_64-linux-*/* install-root/nix-installer-x86_64-linux + mv ./nix-installer install-root/nix-installer-x86_64-linux chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh + - run: sudo apt install fish zsh - name: Initial install uses: DeterminateSystems/nix-installer-action@main with: + flakehub: true local-root: install-root/ logger: pretty log-directives: nix_installer=debug @@ -97,6 +101,7 @@ jobs: - name: Repeated install uses: DeterminateSystems/nix-installer-action@main with: + flakehub: true local-root: install-root/ logger: pretty log-directives: nix_installer=debug @@ -152,26 +157,29 @@ jobs: run-x86_64-linux-no-init: name: Run x86_64 Linux (No init) - runs-on: ubuntu-22.04 - needs: [lints] + runs-on: ubuntu-latest + needs: [lints, build-x86_64-linux] + permissions: + id-token: "write" + contents: "read" steps: - uses: actions/checkout@v3 - name: Restore Github cache of Buildkite artifacts - id: cache-buildkite-artifacts uses: actions/cache/restore@v3 with: - path: artifacts - key: buildkite-artifacts-${{ github.sha }} - - run: sudo apt install fish zsh + path: nix-installer + key: x86_64-linux-artifacts-${{ github.sha }} - name: Move & set executable run: | mkdir install-root cp nix-installer.sh install-root/nix-installer.sh - mv ./artifacts/nix-installer-x86_64-linux-*/* install-root/nix-installer-x86_64-linux + mv ./nix-installer install-root/nix-installer-x86_64-linux chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh + - run: sudo apt install fish zsh - name: Initial install uses: DeterminateSystems/nix-installer-action@main with: + flakehub: true init: none planner: linux local-root: install-root/ @@ -205,6 +213,7 @@ jobs: - name: Repeated install uses: DeterminateSystems/nix-installer-action@main with: + flakehub: true init: none planner: linux local-root: install-root/ @@ -262,26 +271,29 @@ jobs: run-x86_64-darwin: name: Run x86_64 Darwin - runs-on: macos-12 - needs: [lints] + runs-on: macos-13 + needs: [lints, build-x86_64-darwin] + permissions: + id-token: "write" + contents: "read" steps: - uses: actions/checkout@v3 - name: Restore Github cache of Buildkite artifacts - id: cache-buildkite-artifacts uses: actions/cache/restore@v3 with: - path: artifacts - key: buildkite-artifacts-${{ github.sha }} - - run: brew install fish coreutils + path: nix-installer + key: x86_64-darwin-artifacts-${{ github.sha }} - name: Move & set executable run: | mkdir install-root cp nix-installer.sh install-root/nix-installer.sh - mv ./artifacts/nix-installer-x86_64-darwin-*/* install-root/nix-installer-x86_64-darwin + mv ./nix-installer install-root/nix-installer-x86_64-darwin chmod +x install-root/nix-installer-x86_64-darwin install-root/nix-installer.sh + - run: brew install fish coreutils - name: Initial install uses: DeterminateSystems/nix-installer-action@main with: + flakehub: true local-root: install-root/ logger: pretty log-directives: nix_installer=debug @@ -299,6 +311,7 @@ jobs: - name: Repeated install uses: DeterminateSystems/nix-installer-action@main with: + flakehub: true local-root: install-root/ logger: pretty log-directives: nix_installer=debug diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml index 34771ea4c..d6ecb24ab 100644 --- a/.github/workflows/release-branches.yml +++ b/.github/workflows/release-branches.yml @@ -1,5 +1,8 @@ name: Release Branch +concurrency: + group: release + on: push: branches: @@ -7,20 +10,88 @@ on: # otherwise creating the directory and uploading to s3 will fail - 'main' +permissions: + id-token: "write" + contents: "read" + jobs: + build-x86_64-linux: + uses: ./.github/workflows/build-x86_64-linux.yml + with: + cache-key: release-x86_64-linux-artifacts-${{ github.sha }} + build-i686-linux: + uses: ./.github/workflows/build-i686-linux.yml + with: + cache-key: release-i686-linux-artifacts-${{ github.sha }} + build-aarch64-linux: + uses: ./.github/workflows/build-aarch64-linux.yml + with: + cache-key: release-aarch64-linux-artifacts-${{ github.sha }} + build-x86_64-darwin: + uses: ./.github/workflows/build-x86_64-darwin.yml + with: + cache-key: release-x86_64-darwin-artifacts-${{ github.sha }} + build-aarch64-darwin: + uses: ./.github/workflows/build-aarch64-darwin.yml + with: + cache-key: release-aarch64-darwin-artifacts-${{ github.sha }} + release: - concurrency: release runs-on: ubuntu-latest permissions: id-token: write # In order to request a JWT for AWS auth + needs: + - build-x86_64-linux + - build-i686-linux + - build-aarch64-linux + - build-x86_64-darwin + - build-aarch64-darwin steps: - name: Checkout uses: actions/checkout@v3 - - name: Download Buildkite Artifacts - uses: EnricoMi/download-buildkite-artifact-action@v1.14 + - name: Create artifacts directory + run: mkdir -p ./artifacts + + - name: Fetch cached x86_64-linux binary + uses: actions/cache/restore@v3 with: - buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} - output_path: artifacts + path: nix-installer + key: release-x86_64-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-x86_64-linux + + - name: Fetch cached i686-linux binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-i686-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-i686-linux + + - name: Fetch cached aarch64-linux binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-aarch64-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-aarch64-linux + + - name: Fetch cached x86_64-darwin binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-x86_64-darwin-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-x86_64-darwin + + - name: Fetch cached aarch64-darwin binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-aarch64-darwin-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-aarch64-darwin + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: diff --git a/.github/workflows/release-prs.yml b/.github/workflows/release-prs.yml index e7e34b8a3..895a06a0f 100644 --- a/.github/workflows/release-prs.yml +++ b/.github/workflows/release-prs.yml @@ -1,5 +1,8 @@ name: Release PR +concurrency: + group: release + on: pull_request: types: @@ -8,28 +11,140 @@ on: - synchronize - labeled +permissions: + id-token: "write" + contents: "read" + jobs: + build-x86_64-linux: + # Only intra-repo PRs are allowed to have PR artifacts uploaded + # We only want to trigger once the upload once in the case the upload label is added, not when any label is added + if: | + always() && !failure() && !cancelled() + && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) + uses: ./.github/workflows/build-x86_64-linux.yml + with: + cache-key: release-x86_64-linux-artifacts-${{ github.sha }} + build-i686-linux: + # Only intra-repo PRs are allowed to have PR artifacts uploaded + # We only want to trigger once the upload once in the case the upload label is added, not when any label is added + if: | + always() && !failure() && !cancelled() + && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) + uses: ./.github/workflows/build-i686-linux.yml + with: + cache-key: release-i686-linux-artifacts-${{ github.sha }} + build-aarch64-linux: + # Only intra-repo PRs are allowed to have PR artifacts uploaded + # We only want to trigger once the upload once in the case the upload label is added, not when any label is added + if: | + always() && !failure() && !cancelled() + && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) + uses: ./.github/workflows/build-aarch64-linux.yml + with: + cache-key: release-aarch64-linux-artifacts-${{ github.sha }} + build-x86_64-darwin: + # Only intra-repo PRs are allowed to have PR artifacts uploaded + # We only want to trigger once the upload once in the case the upload label is added, not when any label is added + if: | + always() && !failure() && !cancelled() + && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) + uses: ./.github/workflows/build-x86_64-darwin.yml + with: + cache-key: release-x86_64-darwin-artifacts-${{ github.sha }} + build-aarch64-darwin: + # Only intra-repo PRs are allowed to have PR artifacts uploaded + # We only want to trigger once the upload once in the case the upload label is added, not when any label is added + if: | + always() && !failure() && !cancelled() + && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) + uses: ./.github/workflows/build-aarch64-darwin.yml + with: + cache-key: release-aarch64-darwin-artifacts-${{ github.sha }} + release: - concurrency: release # Only intra-repo PRs are allowed to have PR artifacts uploaded # We only want to trigger once the upload once in the case the upload label is added, not when any label is added if: | - github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' - && ( - (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') - || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) - ) + always() && !failure() && !cancelled() + && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' + && ( + (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') + || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) + ) runs-on: ubuntu-latest - permissions: - id-token: write # In order to request a JWT for AWS auth + needs: + - build-x86_64-linux + - build-i686-linux + - build-aarch64-linux + - build-x86_64-darwin + - build-aarch64-darwin steps: - name: Checkout uses: actions/checkout@v3 - - name: Download Buildkite Artifacts - uses: EnricoMi/download-buildkite-artifact-action@v1.14 + - name: Create artifacts directory + run: mkdir -p ./artifacts + + - name: Fetch cached x86_64-linux binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-x86_64-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-x86_64-linux + + - name: Fetch cached i686-linux binary + uses: actions/cache/restore@v3 with: - buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} - output_path: artifacts + path: nix-installer + key: release-i686-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-i686-linux + + - name: Fetch cached aarch64-linux binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-aarch64-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-aarch64-linux + + - name: Fetch cached x86_64-darwin binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-x86_64-darwin-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-x86_64-darwin + + - name: Fetch cached aarch64-darwin binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-aarch64-darwin-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-aarch64-darwin + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: diff --git a/.github/workflows/release-tags.yml b/.github/workflows/release-tags.yml index b89f1b8f1..f42550519 100644 --- a/.github/workflows/release-tags.yml +++ b/.github/workflows/release-tags.yml @@ -1,25 +1,93 @@ name: Release Tags +concurrency: + group: release + on: push: tags: - "v*.*.*" +permissions: + contents: write # In order to upload artifacts to GitHub releases + id-token: write # In order to request a JWT for AWS auth + jobs: + build-x86_64-linux: + uses: ./.github/workflows/build-x86_64-linux.yml + with: + cache-key: release-x86_64-linux-artifacts-${{ github.sha }} + build-i686-linux: + uses: ./.github/workflows/build-i686-linux.yml + with: + cache-key: release-i686-linux-artifacts-${{ github.sha }} + build-aarch64-linux: + uses: ./.github/workflows/build-aarch64-linux.yml + with: + cache-key: release-aarch64-linux-artifacts-${{ github.sha }} + build-x86_64-darwin: + uses: ./.github/workflows/build-x86_64-darwin.yml + with: + cache-key: release-x86_64-darwin-artifacts-${{ github.sha }} + build-aarch64-darwin: + uses: ./.github/workflows/build-aarch64-darwin.yml + with: + cache-key: release-aarch64-darwin-artifacts-${{ github.sha }} + release: - concurrency: release runs-on: ubuntu-latest - permissions: - contents: write # In order to upload artifacts to GitHub releases - id-token: write # In order to request a JWT for AWS auth + needs: + - build-x86_64-linux + - build-i686-linux + - build-aarch64-linux + - build-x86_64-darwin + - build-aarch64-darwin steps: - name: Checkout uses: actions/checkout@v3 - - name: Download Buildkite Artifacts - uses: EnricoMi/download-buildkite-artifact-action@v1.14 + - name: Create artifacts directory + run: mkdir -p ./artifacts + + - name: Fetch cached x86_64-linux binary + uses: actions/cache/restore@v3 with: - buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} - output_path: artifacts + path: nix-installer + key: release-x86_64-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-x86_64-linux + + - name: Fetch cached i686-linux binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-i686-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-i686-linux + + - name: Fetch cached aarch64-linux binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-aarch64-linux-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-aarch64-linux + + - name: Fetch cached x86_64-darwin binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-x86_64-darwin-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-x86_64-darwin + + - name: Fetch cached aarch64-darwin binary + uses: actions/cache/restore@v3 + with: + path: nix-installer + key: release-aarch64-darwin-artifacts-${{ github.sha }} + - name: Move artifact to artifacts directory + run: mv ./nix-installer ./artifacts/nix-installer-aarch64-darwin + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 19b534084..027002efc 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -2,18 +2,25 @@ name: update-flake-lock on: workflow_dispatch: schedule: - - cron: '0 0 * * 0' + - cron: "0 0 * * 0" jobs: lockfile: runs-on: ubuntu-22.04 + permissions: + id-token: "write" + contents: "read" steps: - name: Checkout uses: actions/checkout@v3 - name: Install Nix uses: DeterminateSystems/nix-installer-action@main - - name: Enable magic Nix cache + with: + flakehub: true + - name: Enable Magic Nix Cache uses: DeterminateSystems/magic-nix-cache-action@main + with: + use-gha-cache: false - name: Check flake uses: DeterminateSystems/flake-checker-action@main - name: Update flake.lock diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 206094f32..bfbb99d74 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -269,9 +269,9 @@ This package uses [Semantic Versioning](https://semver.org/). When determining t To cut a release: * Ensure the `flake.lock`, `Cargo.lock`, and Rust dependencies are up-to-date with the following: - + `nix flake update` - + `cargo update` - + `cargo outdated` + + `nix flake update --commit-lock-file` + + `cargo outdated --ignore-external-rel --aggressive` + + `cargo update --aggressive` + Make a PR for for this and let it get merged separately * Create a release branch from `main` (`git checkout -b release-v0.0.1`) * Remove the `-unreleased` from the `version` field in `Cargo.toml`, `flake.nix`, and the fixture JSON files diff --git a/Cargo.lock b/Cargo.lock index 77d4a7ecf..945e25e12 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -19,9 +19,9 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] @@ -43,85 +43,75 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.4" +version = "0.6.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" +checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" dependencies = [ "anstyle", "anstyle-parse", "anstyle-query", "anstyle-wincon", "colorchoice", + "is_terminal_polyfill", "utf8parse", ] [[package]] name = "anstyle" -version = "1.0.4" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" [[package]] name = "anstyle-parse" -version = "0.2.2" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" +checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.0" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +checksum = "a64c907d4e79225ac72e2a354c9ce84d50ebb4586dee56c82b3ee73004f537f5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.1" +version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" +checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" dependencies = [ "anstyle", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "async-trait" -version = "0.1.74" +version = "0.1.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" +checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", -] - -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi 0.1.19", - "libc", - "winapi", + "syn", ] [[package]] name = "autocfg" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d" dependencies = [ "addr2line", "cc", @@ -134,9 +124,15 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.4" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" + +[[package]] +name = "base64" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bitflags" @@ -146,15 +142,15 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "bumpalo" -version = "3.14.0" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "byteorder" @@ -174,21 +170,18 @@ dependencies = [ [[package]] name = "bytes" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" dependencies = [ "serde", ] [[package]] name = "cc" -version = "1.0.83" +version = "1.0.96" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "065a29261d53ba54260972629f9ca6bffa69bac13cd1fed61420f7fa68b9f8bd" [[package]] name = "cfg-if" @@ -196,24 +189,30 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "cfg_aliases" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd16c4719339c4530435d38e511904438d07cce7950afa3718a84ac36c10e89e" + [[package]] name = "chrono" -version = "0.4.31" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ "android-tzdata", "iana-time-zone", "num-traits", "serde", - "windows-targets", + "windows-targets 0.52.5", ] [[package]] name = "clap" -version = "4.4.6" +version = "4.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d04704f56c2cde07f43e8e2c154b43f216dc5c92fc98ada720177362f953b956" +checksum = "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" dependencies = [ "clap_builder", "clap_derive", @@ -221,73 +220,73 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.6" +version = "4.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e231faeaca65ebd1ea3c737966bf858971cd38c3849107aa3ea7de90a804e45" +checksum = "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" dependencies = [ "anstream", "anstyle", "clap_lex", - "strsim", + "strsim 0.11.1", ] [[package]] name = "clap_derive" -version = "4.4.2" +version = "4.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0862016ff20d69b84ef8247369fabf5c008a7417002411897d40ee1f4532b873" +checksum = "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" dependencies = [ - "heck", + "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "clap_lex" -version = "0.5.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd7cc57abe963c6d3b9d8be5b06ba7c8957a930305ca90304f24ef040aa6f961" +checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" [[package]] name = "color-eyre" -version = "0.6.2" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a667583cca8c4f8436db8de46ea8233c42a7d9ae424a82d338f2e4675229204" +checksum = "55146f5e46f237f7423d74111267d4597b59b0dad0ffaf7303bce9945d843ad5" dependencies = [ "backtrace", "color-spantrace", "eyre", "indenter", "once_cell", - "owo-colors", + "owo-colors 3.5.0", "tracing-error", "url", ] [[package]] name = "color-spantrace" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ba75b3d9449ecdccb27ecbc479fdc0b87fa2dd43d2f8298f9bf0e59aacc8dce" +checksum = "cd6be1b2a7e382e2b98b43b2adcca6bb0e465af0bdd38123873ae61eb17a72c2" dependencies = [ "once_cell", - "owo-colors", + "owo-colors 3.5.0", "tracing-core", "tracing-error", ] [[package]] name = "colorchoice" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" [[package]] name = "core-foundation" -version = "0.9.3" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" dependencies = [ "core-foundation-sys", "libc", @@ -295,15 +294,15 @@ dependencies = [ [[package]] name = "core-foundation-sys" -version = "0.8.4" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" +checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" [[package]] name = "darling" -version = "0.20.3" +version = "0.20.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0209d94da627ab5605dcccf08bb18afa5009cfbef48d8a8b7d7bdbc79be25c5e" +checksum = "54e36fcd13ed84ffdfda6f5be89b31287cbb80c439841fe69e04841435464391" dependencies = [ "darling_core", "darling_macro", @@ -311,34 +310,34 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.20.3" +version = "0.20.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "177e3443818124b357d8e76f53be906d60937f0d3a90773a664fa63fa253e621" +checksum = "9c2cf1c23a687a1feeb728783b993c4e1ad83d99f351801977dd809b48d0a70f" dependencies = [ "fnv", "ident_case", "proc-macro2", "quote", - "strsim", - "syn 2.0.38", + "strsim 0.10.0", + "syn", ] [[package]] name = "darling_macro" -version = "0.20.3" +version = "0.20.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836a9bbc7ad63342d6d6e7b815ccab164bc77a2d95d84bc3117a8c0d5c98e2d5" +checksum = "a668eda54683121533a393014d8692171709ff57a7d61f187b6e782719f8933f" dependencies = [ "darling_core", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "deranged" -version = "0.3.9" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", "serde", @@ -372,7 +371,7 @@ dependencies = [ "libc", "option-ext", "redox_users", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -388,35 +387,26 @@ dependencies = [ [[package]] name = "dyn-clone" -version = "1.0.14" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d2f3407d9a573d666de4b5bdf10569d73ca9478087346697dcbae6244bfbcd" +checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125" [[package]] name = "either" -version = "1.9.0" +version = "1.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" - -[[package]] -name = "encoding_rs" -version = "0.8.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" -dependencies = [ - "cfg-if", -] +checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2" [[package]] name = "enum-as-inner" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" +checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" dependencies = [ - "heck", + "heck 0.4.1", "proc-macro2", "quote", - "syn 1.0.109", + "syn", ] [[package]] @@ -427,28 +417,28 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "erased-serde" -version = "0.3.31" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c138974f9d5e7fe373eb04df7cae98833802ae4b11c24ac7039a21d5af4b26c" +checksum = "2b73807008a3c7f171cc40312f37d95ef0396e048b5848d775f54b1a4dd4a0d3" dependencies = [ "serde", ] [[package]] name = "errno" -version = "0.3.5" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "eyre" -version = "0.6.8" +version = "0.6.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c2b6b5a29c02cdc822728b7d7b8ae1bab3e3b05d44522770ddd49722eeac7eb" +checksum = "7cd915d99f24784cdc19fd37ef22b97e3ff0ae756c7e492e9fbfe897d61e2aec" dependencies = [ "indenter", "once_cell", @@ -456,20 +446,20 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "filetime" -version = "0.2.22" +version = "0.2.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4029edd3e734da6fe05b6cd7bd2960760a616bd2ddd0d59a0124746d6272af0" +checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.3.5", - "windows-sys", + "redox_syscall 0.4.1", + "windows-sys 0.52.0", ] [[package]] @@ -480,9 +470,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "form_urlencoded" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652" +checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" dependencies = [ "percent-encoding", ] @@ -495,53 +485,53 @@ checksum = "3a471a38ef8ed83cd6e40aa59c1ffe17db6855c18e3604d9c4ed8c08ebc28678" [[package]] name = "futures-channel" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", ] [[package]] name = "futures-core" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-io" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-macro" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" +checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "futures-sink" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "futures-task" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-util" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-core", "futures-io", @@ -556,9 +546,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.10" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" dependencies = [ "cfg-if", "libc", @@ -567,9 +557,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.0" +version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" +checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" [[package]] name = "glob" @@ -577,25 +567,6 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" -[[package]] -name = "h2" -version = "0.3.21" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91fc23aa11be92976ef4729127f1a74adf36d8436f7816b185d18df956790833" -dependencies = [ - "bytes 1.5.0", - "fnv", - "futures-core", - "futures-sink", - "futures-util", - "http", - "indexmap 1.9.3", - "slab", - "tokio", - "tokio-util", - "tracing", -] - [[package]] name = "hashbrown" version = "0.12.3" @@ -604,9 +575,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.14.1" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" [[package]] name = "heck" @@ -615,19 +586,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] -name = "hermit-abi" -version = "0.1.19" +name = "heck" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.3" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hex" @@ -637,32 +605,44 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "home" -version = "0.5.5" +version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "http" -version = "0.2.9" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" dependencies = [ - "bytes 1.5.0", + "bytes 1.6.0", "fnv", "itoa", ] [[package]] name = "http-body" -version = "0.4.5" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" +checksum = "1cac85db508abc24a2e48553ba12a996e87244a0395ce011e62b37158745d643" dependencies = [ - "bytes 1.5.0", + "bytes 1.6.0", "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0475f8b2ac86659c21b64320d5d653f9efe42acd2a4e560073ec61a155a34f1d" +dependencies = [ + "bytes 1.6.0", + "futures-core", + "http", + "http-body", "pin-project-lite", ] @@ -672,62 +652,74 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" -[[package]] -name = "httpdate" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" - [[package]] name = "hyper" -version = "0.14.27" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb1cfd654a8219eaef89881fdb3bb3b1cdc5fa75ded05d6933b2b382e395468" +checksum = "fe575dd17d0862a9a33781c8c4696a55c320909004a67a00fb286ba8b1bc496d" dependencies = [ - "bytes 1.5.0", + "bytes 1.6.0", "futures-channel", - "futures-core", "futures-util", - "h2", "http", "http-body", "httparse", - "httpdate", "itoa", "pin-project-lite", - "socket2 0.4.9", + "smallvec", "tokio", - "tower-service", - "tracing", "want", ] [[package]] name = "hyper-rustls" -version = "0.24.1" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d78e1e73ec14cf7375674f74d7dde185c8206fd9dea6fb6295e8a98098aaa97" +checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" dependencies = [ "futures-util", "http", "hyper", + "hyper-util", "rustls", + "rustls-pki-types", "tokio", "tokio-rustls", + "tower-service", +] + +[[package]] +name = "hyper-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca38ef113da30126bbff9cd1705f9273e15d45498615d138b0c20279ac7a76aa" +dependencies = [ + "bytes 1.6.0", + "futures-channel", + "futures-util", + "http", + "http-body", + "hyper", + "pin-project-lite", + "socket2", + "tokio", + "tower", + "tower-service", + "tracing", ] [[package]] name = "iana-time-zone" -version = "0.1.57" +version = "0.1.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613" +checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", "wasm-bindgen", - "windows", + "windows-core", ] [[package]] @@ -747,9 +739,9 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idna" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" +checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" dependencies = [ "unicode-bidi", "unicode-normalization", @@ -774,20 +766,20 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.0.2" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", - "hashbrown 0.14.1", + "hashbrown 0.14.5", "serde", ] [[package]] name = "inventory" -version = "0.3.12" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1be380c410bf0595e94992a648ea89db4dd3f3354ba54af206fd2a68cf5ac8e" +checksum = "f958d3d68f4167080a18141e10381e7634563984a537f2a49a30fd8e53ac5767" [[package]] name = "iovec" @@ -800,27 +792,44 @@ dependencies = [ [[package]] name = "ipnet" -version = "2.8.0" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" + +[[package]] +name = "is-terminal" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28b29a3cd74f0f4598934efe3aeba42bae0eb4680554128851ebbecb02af14e6" +checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +dependencies = [ + "hermit-abi", + "libc", + "windows-sys 0.52.0", +] [[package]] name = "is_ci" -version = "1.1.1" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7655c9839580ee829dfacba1d1278c2b7883e50a277ff7541299489d6bdfdc45" + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "616cde7c720bb2bb5824a224687d8f77bfd38922027f01d825cd7453be5099fb" +checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "js-sys" -version = "0.3.64" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] @@ -833,30 +842,37 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.149" +version = "0.2.154" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" +checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346" [[package]] -name = "line-wrap" -version = "0.1.1" +name = "libredox" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f30344350a2a51da54c1d53be93fade8a237e545dbcc4bdbe635413f2117cab9" +checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d" dependencies = [ - "safemem", + "bitflags 2.5.0", + "libc", ] +[[package]] +name = "line-wrap" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd1bc4d24ad230d21fb898d1116b1801d7adfc449d42026475862ab48b11e70e" + [[package]] name = "linux-raw-sys" -version = "0.4.10" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" [[package]] name = "lock_api" -version = "0.4.10" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -864,9 +880,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.20" +version = "0.4.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" [[package]] name = "lzma-sys" @@ -890,9 +906,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" [[package]] name = "mime" @@ -902,32 +918,33 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" dependencies = [ "adler", ] [[package]] name = "mio" -version = "0.8.8" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" +checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" dependencies = [ "libc", "wasi", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] name = "nix" -version = "0.27.1" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" +checksum = "ab2156c4fce2f8df6c499cc1c763e4394b7482525bf2a9701c9d79d215f519e4" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.5.0", "cfg-if", + "cfg_aliases", "libc", ] @@ -937,29 +954,29 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "383d96c6f2c44fc706e7a523743434465d62db109b7c8364b642f35853475d67" dependencies = [ - "indexmap 2.0.2", + "indexmap 2.2.6", "serde", "thiserror", ] [[package]] name = "nix-installer" -version = "0.14.0" +version = "0.19.0" dependencies = [ "async-trait", - "bytes 1.5.0", + "bytes 1.6.0", "clap", "color-eyre", "dirs", "dyn-clone", "eyre", "glob", - "indexmap 2.0.2", + "indexmap 2.2.6", "is_ci", "nix", "nix-config-parser", "os-release", - "owo-colors", + "owo-colors 4.0.0", "plist", "rand", "reqwest", @@ -996,11 +1013,17 @@ dependencies = [ "winapi", ] +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" dependencies = [ "autocfg", ] @@ -1011,24 +1034,24 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi 0.3.3", + "hermit-abi", "libc", ] [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "openssl-probe" @@ -1062,15 +1085,21 @@ name = "owo-colors" version = "3.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c1b04fb49957986fdce4d6ee7a65027d55d4b6d2265e5848bbb507b58ccfdb6f" + +[[package]] +name = "owo-colors" +version = "4.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "caff54706df99d2a78a5a4e3455ff45448d81ef1bb63c22cd14052ca0e993a3f" dependencies = [ "supports-color", ] [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "7e4af0ca4f6caed20e900d564c242b8e5d4903fdacf31d3daf527b66fe6f42fb" dependencies = [ "lock_api", "parking_lot_core", @@ -1078,28 +1107,48 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.8" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", - "redox_syscall 0.3.5", + "redox_syscall 0.5.1", "smallvec", - "windows-targets", + "windows-targets 0.52.5", ] [[package]] name = "percent-encoding" -version = "2.3.0" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" + +[[package]] +name = "pin-project" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6bf43b791c5b9e34c3d182969b4abb522f9343702850a2e57f460d00d09b4b3" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" +checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1109,18 +1158,18 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plist" -version = "1.5.0" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdc0001cfea3db57a2e24bc0d818e9e20e554b5f97fabb9bc231dc240269ae06" +checksum = "d9d34169e64b3c7a80c8621a48adaf44e0cf62c78a9b25dd9dd35f1881a17cf9" dependencies = [ - "base64", - "indexmap 1.9.3", + "base64 0.21.7", + "indexmap 2.2.6", "line-wrap", "quick-xml", "serde", @@ -1141,27 +1190,27 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "3d1597b0c024618f09a9c3b8655b7e430397a36d23fdafec26d6965e9eec3eba" dependencies = [ "unicode-ident", ] [[package]] name = "quick-xml" -version = "0.29.0" +version = "0.31.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b9228215d82c7b61490fec1de287136b5de6f5700f6e58ea9ad61a7964ca51" +checksum = "1004a344b30a54e2ee58d66a71b32d2db2feb0a31f9a2d302bf0536f15de2a33" dependencies = [ "memchr", ] [[package]] name = "quote" -version = "1.0.33" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -1198,43 +1247,43 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.2.16" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" dependencies = [ "bitflags 1.3.2", ] [[package]] name = "redox_syscall" -version = "0.3.5" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", ] [[package]] name = "redox_users" -version = "0.4.3" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" +checksum = "bd283d9651eeda4b2a83a43c1c91b266c40fd76ecd39a50a8c630ae69dc72891" dependencies = [ "getrandom", - "redox_syscall 0.2.16", + "libredox", "thiserror", ] [[package]] name = "regex" -version = "1.10.2" +version = "1.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.3", - "regex-syntax 0.8.2", + "regex-automata 0.4.6", + "regex-syntax 0.8.3", ] [[package]] @@ -1248,13 +1297,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.2", + "regex-syntax 0.8.3", ] [[package]] @@ -1265,26 +1314,26 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "reqwest" -version = "0.11.22" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" +checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10" dependencies = [ - "base64", - "bytes 1.5.0", - "encoding_rs", + "base64 0.22.1", + "bytes 1.6.0", "futures-core", "futures-util", - "h2", "http", "http-body", + "http-body-util", "hyper", "hyper-rustls", + "hyper-util", "ipnet", "js-sys", "log", @@ -1295,10 +1344,11 @@ dependencies = [ "rustls", "rustls-native-certs", "rustls-pemfile", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", - "system-configuration", + "sync_wrapper", "tokio", "tokio-rustls", "tokio-socks", @@ -1314,17 +1364,17 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.20" +version = "0.17.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" dependencies = [ "cc", + "cfg-if", + "getrandom", "libc", - "once_cell", "spin", "untrusted", - "web-sys", - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -1335,77 +1385,82 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.38.19" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "745ecfa778e66b2b63c88a61cb36e0eea109e803b0b86bf9879fbc77c70e86ed" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.5.0", "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "rustls" -version = "0.21.7" +version = "0.22.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" +checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" dependencies = [ "log", "ring", + "rustls-pki-types", "rustls-webpki", - "sct", + "subtle", + "zeroize", ] [[package]] name = "rustls-native-certs" -version = "0.6.3" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" +checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" dependencies = [ "openssl-probe", "rustls-pemfile", + "rustls-pki-types", "schannel", "security-framework", ] [[package]] name = "rustls-pemfile" -version = "1.0.3" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" dependencies = [ - "base64", + "base64 0.22.1", + "rustls-pki-types", ] +[[package]] +name = "rustls-pki-types" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "beb461507cee2c2ff151784c52762cf4d9ff6a61f3e80968600ed24fa837fa54" + [[package]] name = "rustls-webpki" -version = "0.101.6" +version = "0.102.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" +checksum = "f3bce581c0dd41bce533ce695a1437fa16a7ab5ac3ccfa99fe1a620a7885eabf" dependencies = [ "ring", + "rustls-pki-types", "untrusted", ] [[package]] name = "rustversion" -version = "1.0.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" - -[[package]] -name = "ryu" version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "80af6f9131f277a45a3fba6ce8e2258037bb0477a67e610d3c1fe046ab31de47" [[package]] -name = "safemem" -version = "0.3.3" +name = "ryu" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef703b7cb59335eae2eb93ceb664c0eb7ea6bf567079d843e09420219668e072" +checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" [[package]] name = "same-file" @@ -1418,11 +1473,11 @@ dependencies = [ [[package]] name = "schannel" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c3733bf4cf7ea0880754e19cb5a462007c4a8c1914bff372ccc95b464f1df88" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1431,21 +1486,11 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "sct" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "security-framework" -version = "2.9.2" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de" +checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" dependencies = [ "bitflags 1.3.2", "core-foundation", @@ -1456,9 +1501,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.9.1" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a" +checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef" dependencies = [ "core-foundation-sys", "libc", @@ -1466,38 +1511,38 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.20" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" +checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" dependencies = [ "serde", ] [[package]] name = "serde" -version = "1.0.189" +version = "1.0.200" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537" +checksum = "ddc6f9cc94d67c0e21aaf7eda3a010fd3af78ebf6e096aa6e2e13c79749cce4f" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.189" +version = "1.0.200" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5" +checksum = "856f046b9400cee3c8c94ed572ecdb752444c24528c035cd35882aad6f492bcb" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "serde_json" -version = "1.0.107" +version = "1.0.116" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" +checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813" dependencies = [ "itoa", "ryu", @@ -1518,16 +1563,17 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.3.0" +version = "3.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ca3b16a3d82c4088f343b7480a93550b3eabe1a358569c2dfe38bbcead07237" +checksum = "0ad483d2ab0149d5a5ebcd9972a3852711e0153d863bf5a5d0391d28883c4a20" dependencies = [ - "base64", + "base64 0.22.1", "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.0.2", + "indexmap 2.2.6", "serde", + "serde_derive", "serde_json", "serde_with_macros", "time", @@ -1535,14 +1581,14 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.3.0" +version = "3.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e6be15c453eb305019bfa438b1593c731f36a289a7853f7707ee29e870b3b3c" +checksum = "65569b702f41443e8bc8bbb1c5779bd0450bbe723b56198980e80ec45780bce2" dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] @@ -1556,9 +1602,9 @@ dependencies = [ [[package]] name = "signal-hook-registry" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" +checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" dependencies = [ "libc", ] @@ -1574,35 +1620,25 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" - -[[package]] -name = "socket2" -version = "0.4.9" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" -dependencies = [ - "libc", - "winapi", -] +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" -version = "0.5.4" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4031e820eb552adee9295814c0ced9e5cf38ddf1e8b7d566d6de8e2538ea989e" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "strsim" @@ -1610,43 +1646,55 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + [[package]] name = "strum" -version = "0.25.0" +version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290d54ea6f91c969195bdbcd7442c8c2a2ba87da8bf60a7ee86a235d4bc1e125" +checksum = "5d8cec3501a5194c432b2b7976db6b7d10ec95c253208b45f83f7136aa985e29" dependencies = [ "strum_macros", ] [[package]] name = "strum_macros" -version = "0.25.3" +version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23dc1fa9ac9c169a78ba62f0b841814b7abae11bdd047b9c58f893439e309ea0" +checksum = "c6cf59daf282c0a494ba14fd21610a0325f9f90ec9d1231dea26bcb1d696c946" dependencies = [ - "heck", + "heck 0.4.1", "proc-macro2", "quote", "rustversion", - "syn 2.0.38", + "syn", ] +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + [[package]] name = "supports-color" -version = "1.3.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ba6faf2ca7ee42fdd458f4347ae0a9bd6bcc445ad7cb57ad82b383f18870d6f" +checksum = "d6398cde53adc3c4557306a96ce67b302968513830a77a95b2b17305d9719a89" dependencies = [ - "atty", + "is-terminal", "is_ci", ] [[package]] name = "syn" -version = "1.0.109" +version = "2.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" dependencies = [ "proc-macro2", "quote", @@ -1654,23 +1702,18 @@ dependencies = [ ] [[package]] -name = "syn" -version = "2.0.38" +name = "sync_wrapper" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" [[package]] name = "sysctl" -version = "0.5.4" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed66d6a2ccbd656659289bc90767895b7abbdec897a0fc6031aca3ed1cb51d3e" +checksum = "ec7dddc5f0fee506baf8b9fdb989e242f17e4b11c61dfbb0635b705217199eea" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", "byteorder", "enum-as-inner", "libc", @@ -1678,27 +1721,6 @@ dependencies = [ "walkdir", ] -[[package]] -name = "system-configuration" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" -dependencies = [ - "bitflags 1.3.2", - "core-foundation", - "system-configuration-sys", -] - -[[package]] -name = "system-configuration-sys" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "tar" version = "0.4.40" @@ -1712,21 +1734,20 @@ dependencies = [ [[package]] name = "target-lexicon" -version = "0.12.11" +version = "0.12.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d0e916b1148c8e263850e1ebcbd046f333e0683c724876bb0da63ea4373dc8a" +checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f" [[package]] name = "tempfile" -version = "3.8.0" +version = "3.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" +checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", "fastrand", - "redox_syscall 0.3.5", "rustix", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1742,29 +1763,29 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.49" +version = "1.0.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" +checksum = "f0126ad08bff79f29fc3ae6a55cc72352056dfff61e3ff8bb7129476d44b23aa" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.49" +version = "1.0.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" +checksum = "d1cd413b5d558b4c5bf3680e324a6fa5014e7b7c067a51e69dbdf47eb7148b66" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "thread_local" -version = "1.1.7" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152" +checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" dependencies = [ "cfg-if", "once_cell", @@ -1772,12 +1793,13 @@ dependencies = [ [[package]] name = "time" -version = "0.3.30" +version = "0.3.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" +checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" dependencies = [ "deranged", "itoa", + "num-conv", "powerfmt", "serde", "time-core", @@ -1792,10 +1814,11 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.15" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" +checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" dependencies = [ + "num-conv", "time-core", ] @@ -1816,22 +1839,22 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.33.0" +version = "1.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653" +checksum = "1adbebffeca75fcfd058afa480fb6c0b81e165a0323f9c9d39c9697e37c46787" dependencies = [ "backtrace", - "bytes 1.5.0", + "bytes 1.6.0", "libc", "mio", "num_cpus", "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.4", + "socket2", "tokio-macros", "tracing", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -1847,22 +1870,23 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" +checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ "rustls", + "rustls-pki-types", "tokio", ] @@ -1880,11 +1904,11 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.9" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d68074620f57a0b21594d9735eb2e98ab38b17f80d3fcb189fca266771ca60d" +checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" dependencies = [ - "bytes 1.5.0", + "bytes 1.6.0", "futures-core", "futures-sink", "pin-project-lite", @@ -1892,6 +1916,28 @@ dependencies = [ "tracing", ] +[[package]] +name = "tower" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c" +dependencies = [ + "futures-core", + "futures-util", + "pin-project", + "pin-project-lite", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-layer" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" + [[package]] name = "tower-service" version = "0.3.2" @@ -1900,10 +1946,11 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" -version = "0.1.39" +version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee2ef2af84856a50c1d430afce2fdded0a4ec7eda868db86409b4543df0797f9" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ + "log", "pin-project-lite", "tracing-attributes", "tracing-core", @@ -1917,7 +1964,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] @@ -1952,9 +1999,9 @@ dependencies = [ [[package]] name = "tracing-subscriber" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30a651bc37f915e81f087d86e62a18eec5f79550c7faff886f7090b4ea757c77" +checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b" dependencies = [ "matchers", "nu-ansi-term", @@ -1971,15 +2018,15 @@ dependencies = [ [[package]] name = "try-lock" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" [[package]] name = "typetag" -version = "0.2.13" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80960fd143d4c96275c0e60b08f14b81fbb468e79bc0ef8fbda69fb0afafae43" +checksum = "661d18414ec032a49ece2d56eee03636e43c4e8d577047ab334c0ba892e29aaf" dependencies = [ "erased-serde", "inventory", @@ -1990,20 +2037,20 @@ dependencies = [ [[package]] name = "typetag-impl" -version = "0.2.13" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfc13d450dc4a695200da3074dacf43d449b968baee95e341920e47f61a3b40f" +checksum = "ac73887f47b9312552aa90ef477927ff014d63d1920ca8037c6c1951eab64bb1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", ] [[package]] name = "unicode-bidi" -version = "0.3.13" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" [[package]] name = "unicode-ident" @@ -2013,24 +2060,24 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" dependencies = [ "tinyvec", ] [[package]] name = "untrusted" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "143b538f18257fac9cad154828a57c6bf5157e1aa604d4816b5995bf6de87ae5" +checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" dependencies = [ "form_urlencoded", "idna", @@ -2046,9 +2093,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "uuid" -version = "1.4.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d" +checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" dependencies = [ "serde", ] @@ -2061,9 +2108,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] name = "walkdir" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" dependencies = [ "same-file", "winapi-util", @@ -2086,9 +2133,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2096,24 +2143,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.38", + "syn", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.37" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c02dbc21516f9f1f04f187958890d7e6026df8d16540b7ad9492bc34a67cea03" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" dependencies = [ "cfg-if", "js-sys", @@ -2123,9 +2170,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2133,28 +2180,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.38", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.87" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "wasm-streams" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4609d447824375f43e1ffbc051b50ad8f4b3ae8219680c94452ea05eb240ac7" +checksum = "b65dc4c90b63b118468cf747d8bf3566c1913ef60be765b5730ead9e0a3ba129" dependencies = [ "futures-util", "js-sys", @@ -2165,9 +2212,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.64" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -2175,14 +2222,14 @@ dependencies = [ [[package]] name = "which" -version = "4.4.2" +version = "6.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +checksum = "8211e4f58a2b2805adfbefbc07bab82958fc91e3836339b1ab7ae32465dce0d7" dependencies = [ "either", "home", - "once_cell", "rustix", + "winsafe", ] [[package]] @@ -2203,11 +2250,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -2217,12 +2264,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] -name = "windows" -version = "0.48.0" +name = "windows-core" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" +checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets", + "windows-targets 0.52.5", ] [[package]] @@ -2231,7 +2278,16 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.5", ] [[package]] @@ -2240,13 +2296,29 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +dependencies = [ + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", ] [[package]] @@ -2255,59 +2327,115 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" + [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" + [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" + [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" + [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" + [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" + [[package]] name = "winreg" -version = "0.50.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" dependencies = [ "cfg-if", - "windows-sys", + "windows-sys 0.48.0", ] +[[package]] +name = "winsafe" +version = "0.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d135d17ab770252ad95e9a872d365cf3090e3be864a34ab46f48555993efc904" + [[package]] name = "xattr" -version = "1.0.1" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4686009f71ff3e5c4dbcf1a282d0a44db3f021ba69350cd42086b3e5f1c6985" +checksum = "8da84f1a25939b27f6820d92aed108f83ff920fdf11a7b19366c27c4cda81d4f" dependencies = [ "libc", + "linux-raw-sys", + "rustix", ] [[package]] @@ -2320,3 +2448,9 @@ dependencies = [ "lzma-sys", "tokio-io", ] + +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" diff --git a/Cargo.toml b/Cargo.toml index cbd6d63ed..1123b3498 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,18 +1,12 @@ [package] name = "nix-installer" description = "Experimental Nix Installer" -version = "0.14.0" +version = "0.19.0" edition = "2021" resolver = "2" license = "LGPL-2.1" repository = "https://github.com/NixOS/experimental-nix-installer" -[package.metadata.riff.targets.aarch64-apple-darwin] -build-inputs = ["darwin.apple_sdk.frameworks.Security"] - -[package.metadata.riff.targets.x86_64-apple-darwin] -build-inputs = ["darwin.apple_sdk.frameworks.Security"] - [features] default = ["cli", "nix-community"] nix-community = [] @@ -30,15 +24,15 @@ clap = { version = "4", features = ["std", "color", "usage", "help", "error-cont color-eyre = { version = "0.6.2", default-features = false, features = [ "track-caller", "issue-url", "tracing-error", "capture-spantrace", "color-spantrace" ], optional = true } eyre = { version = "0.6.8", default-features = false, features = [ "track-caller" ], optional = true } glob = { version = "0.3.0", default-features = false } -nix = { version = "0.27.0", default-features = false, features = ["user", "fs", "process", "term"] } -owo-colors = { version = "3.5.0", default-features = false, features = [ "supports-colors" ] } -reqwest = { version = "0.11.11", default-features = false, features = ["rustls-tls-native-roots", "stream", "socks"] } -serde = { version = "1.0.144", default-features = false, features = [ "std", "derive" ] } -serde_json = { version = "1.0.85", default-features = false, features = [ "std" ] } +nix = { version = "0.28.0", default-features = false, features = ["user", "fs", "process", "term"] } +owo-colors = { version = "4.0.0", default-features = false, features = [ "supports-colors" ] } +reqwest = { version = "0.12.4", default-features = false, features = ["rustls-tls-native-roots", "stream", "socks"] } +serde = { version = "1.0.200", default-features = false, features = [ "std", "derive" ] } +serde_json = { version = "1.0.116", default-features = false, features = [ "std" ] } serde_with = { version = "3", default-features = false, features = [ "std", "macros" ] } tar = { version = "0.4.38", default-features = false, features = [ "xattr" ] } target-lexicon = { version = "0.12.4", default-features = false, features = [ "std" ] } -thiserror = { version = "1.0.33", default-features = false } +thiserror = { version = "1.0.59", default-features = false } tokio = { version = "1.21.0", default-features = false, features = ["time", "io-std", "process", "fs", "signal", "tracing", "rt-multi-thread", "macros", "io-util", "parking_lot" ] } tracing = { version = "0.1.36", default-features = false, features = [ "std", "attributes" ] } tracing-error = { version = "0.2.0", default-features = false, optional = true, features = ["traced-error"] } @@ -55,9 +49,9 @@ term = { version = "0.7.0", default-features = false } uuid = { version = "1.2.2", features = ["serde"] } os-release = { version = "0.1.0", default-features = false } is_ci = { version = "1.1.1", default-features = false, optional = true } -strum = { version = "0.25.0", features = ["derive"] } +strum = { version = "0.26.1", features = ["derive"] } nix-config-parser = { version = "0.2", features = ["serde"] } -which = "4.4.0" +which = "6.0.0" sysctl = "0.5.4" walkdir = "2.3.3" indexmap = { version = "2.0.2", features = ["serde"] } diff --git a/README.md b/README.md index 735910cdb..8025628fe 100644 --- a/README.md +++ b/README.md @@ -13,14 +13,14 @@ If you used the **Determinate Nix Installer**, report issues at https://github.c [![Crates.io](https://img.shields.io/crates/v/nix-installer)](https://crates.io/crates/nix-installer) [![Docs.rs](https://img.shields.io/docsrs/nix-installer)](https://docs.rs/nix-installer/latest/nix_installer/) -A fast, friendly, and reliable tool to help you use Nix with Flakes everywhere. +A fast, friendly, and reliable tool to help you use [Nix] with Flakes everywhere. ```bash curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install ``` -The `nix-installer` has successfully completed over 1,000,000 installs in a number of environments, including [Github Actions](#as-a-github-action): +The `nix-installer` has successfully completed over 2,000,000 installs in a number of environments, including [Github Actions](#as-a-github-action) and [GitLab](#on-gitlab): | Platform | Multi User | `root` only | Maturity | |------------------------------|:------------------:|:-----------:|:-----------------:| @@ -85,13 +85,13 @@ Options: # ... --nix-build-group-name The Nix build group name - + [env: NIX_INSTALLER_NIX_BUILD_GROUP_NAME=] [default: nixbld] --nix-build-group-id The Nix build group GID - + [env: NIX_INSTALLER_NIX_BUILD_GROUP_ID=] [default: 3000] # ... @@ -107,7 +107,7 @@ $ NIX_BUILD_GROUP_NAME=nixbuilder ./nix-installer install linux-multi --nix-buil ### Upgrading Nix -You can upgrade Nix (to the version specified [here](https://raw.githubusercontent.com/NixOS/nixpkgs/master/nixos/modules/installer/tools/nix-fallback-paths.nix)) by running: +You can upgrade Nix to [our currently recommended version of Nix][recommended-nix] by running: ``` sudo -i nix upgrade-nix @@ -146,6 +146,24 @@ jobs: run: nix build . ``` +### On GitLab + +GitLab CI runners are typically Docker based and run as the `root` user. This means `systemd` is not present, so the `--init none` option needs to be passed to the Linux planner. + +On the default [GitLab.com](https://gitlab.com/) runners, `nix` can be installed and used like so: + +```yaml +test: + script: + - curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux --no-confirm --init none + - . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh + - nix run nixpkgs#hello + - nix profile install nixpkgs#hello + - hello +``` + +If you are using different runners, the above example may need to be adjusted. + ### Without systemd (Linux only) > **Warning** @@ -246,7 +264,7 @@ wsl nix run --impure github:guibou/nixGL nix run nixpkgs#obs-studio ``` -If enabling system is not an option, pass `--init none` at the end of the command: +If enabling systemd is not an option, pass `--init none` at the end of the command: > **Warning** > When `--init none` is used, _only_ `root` or users who can elevate to `root` privileges can run Nix: @@ -363,7 +381,7 @@ To make this build portable, pass ` --target x86_64-unknown-linux-musl`. ## As a library > **Warning** -> Use as a library is still experimental. This feature is likely to be removed in the future without an advocate. If you're using this, please let us know and we can make a path to stablization. +> Use as a library is still experimental. This feature is likely to be removed in the future without an advocate. If you're using this, please let us know and we can make a path to stabilization. Add `nix-installer` to your dependencies: @@ -381,6 +399,9 @@ You'll also need to edit your `.cargo/config.toml` to use `tokio_unstable` as we rustflags=["--cfg", "tokio_unstable"] ``` +You'll also need to set the `NIX_INSTALLER_TARBALL_PATH` environment variable to point to a target-appropriate Nix installation tarball, like nix-2.21.2-aarch64-darwin.tar.xz. +The contents are embedded in the resulting binary instead of downloaded at installation time. + Then it's possible to review the [documentation](https://docs.rs/nix-installer/latest/nix_installer/): ```bash @@ -414,6 +435,13 @@ curl -sSf -L https://github.com/DeterminateSystems/nix-installer/releases/downlo ./nix-installer install ``` +Each installer version has an [associated supported nix version](src/settings.rs) -- if you pin the installer version, you'll also indirectly pin to the associated nix version. + +You can also override the `nix` version via `--nix-package-url` or `NIX_INSTALLER_NIX_PACKAGE_URL=` but doing so is not recommended since we haven't tested that combination. +Here are some example `nix` package URLs including nix version, OS and architecture: + +* https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-x86_64-linux.tar.xz +* https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-aarch64-darwin.tar.xz ## Installation Differences diff --git a/flake.lock b/flake.lock index 87dbf7343..3bd948697 100644 --- a/flake.lock +++ b/flake.lock @@ -8,17 +8,17 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1696141234, - "narHash": "sha256-0dZpggYjjmWEk+rGixiBHOHuQfLzEzNfrtjSig04s6Q=", + "lastModified": 1714544767, + "narHash": "sha256-kF1bX+YFMedf1g0PAJYwGUkzh22JmULtj8Rm4IXAQKs=", "owner": "nix-community", "repo": "fenix", - "rev": "9ccae1754eec0341b640d5705302ac0923d22875", + "rev": "73124e1356bde9411b163d636b39fe4804b7ca45", "type": "github" }, "original": { "owner": "nix-community", "repo": "fenix", - "rev": "9ccae1754eec0341b640d5705302ac0923d22875", + "rev": "73124e1356bde9411b163d636b39fe4804b7ca45", "type": "github" } }, @@ -41,11 +41,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -54,19 +54,19 @@ "type": "github" } }, - "lowdown-src": { + "libgit2": { "flake": false, "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "lastModified": 1714600833, + "narHash": "sha256-8pBXgbDWVpVv07zQ9sXFxssH5sLGRqjY0Gh+QlKwfg8=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "e5e233caedaa96d6bdb35a7e42b9028b6dfcf534", "type": "github" }, "original": { - "owner": "kristapsdz", - "repo": "lowdown", + "owner": "libgit2", + "repo": "libgit2", "type": "github" } }, @@ -77,11 +77,11 @@ ] }, "locked": { - "lastModified": 1694081375, - "narHash": "sha256-vzJXOUnmkMCm3xw8yfPP5m8kypQ3BhAIRe4RRCWpzy8=", + "lastModified": 1713520724, + "narHash": "sha256-CO8MmVDmqZX2FovL75pu5BvwhW+Vugc7Q6ze7Hj8heI=", "owner": "nix-community", "repo": "naersk", - "rev": "3f976d822b7b37fc6fb8e6f157c2dd05e7e94e89", + "rev": "c5037590290c6c7dae2e42e7da1e247e54ed2d49", "type": "github" }, "original": { @@ -93,37 +93,37 @@ "nix": { "inputs": { "flake-compat": "flake-compat_2", - "lowdown-src": "lowdown-src", + "libgit2": "libgit2", "nixpkgs": "nixpkgs", "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1696259154, - "narHash": "sha256-WNmifcTsN9aG1ONkv+l2BC4sHZZxtNKy0keqBHXXQ7w=", + "lastModified": 1712161137, + "narHash": "sha256-ObaVDDPtnOeIE0t7m4OVk5G+OS6d9qYh+ktK67Fe/zE=", "owner": "NixOS", "repo": "nix", - "rev": "f5f4de6a550327b4b1a06123c2e450f1b92c73b6", + "rev": "355cbc482f33f5b07a6bc0d72be862b1ccdb99dd", "type": "github" }, "original": { "owner": "NixOS", + "ref": "2.21.2", "repo": "nix", - "rev": "f5f4de6a550327b4b1a06123c2e450f1b92c73b6", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1705033721, - "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=", + "lastModified": 1715106579, + "narHash": "sha256-gZMgKEGiK6YrwGBiccZ1gemiUwjsZ1Zv49KYOgmX2fY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea", + "rev": "8be0d8a1ed4f96d99b09aa616e2afd47acc3da89", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05-small", + "ref": "release-23.11", "repo": "nixpkgs", "type": "github" } @@ -146,17 +146,17 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697059129, - "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", + "lastModified": 1714635257, + "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" } }, @@ -172,11 +172,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1696050837, - "narHash": "sha256-2K3Aq4gjPZBDnkAMJaMA4ElE+BNbmrqtSBWtt9kPGaM=", + "lastModified": 1714501997, + "narHash": "sha256-g31zfxwUFzkPgX0Q8sZLcrqGmOxwjEZ/iqJjNx4fEGo=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "0840038f02daec6ba3238f05d8caa037d28701a0", + "rev": "49e502b277a8126a9ad10c802d1aaa3ef1a280ef", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0d8ee19c0..bf1eddf10 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,10 @@ description = "Experimental Nix Installer"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/5e4c2ada4fcd54b99d56d7bd62f384511a7e2593"; + nixpkgs.url = "github:NixOS/nixpkgs/63c3a29ca82437c87573e4c6919b09a24ea61b0f"; fenix = { - url = "github:nix-community/fenix/9ccae1754eec0341b640d5705302ac0923d22875"; + url = "github:nix-community/fenix/73124e1356bde9411b163d636b39fe4804b7ca45"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -15,7 +15,7 @@ }; nix = { - url = "github:NixOS/nix/f5f4de6a550327b4b1a06123c2e450f1b92c73b6"; + url = "github:NixOS/nix/2.21.2"; # Omitting `inputs.nixpkgs.follows = "nixpkgs";` on purpose }; @@ -55,6 +55,11 @@ ] ++ nixpkgs.lib.optionals (system == "aarch64-linux") [ targets.aarch64-unknown-linux-musl.stable.rust-std ]); + + nixTarballForSystem = system: let + version = inputs.nix.packages.${system}.nix.version; + in "${inputs.nix.hydraJobs.binaryTarball.${system}}/nix-${version}-${system}.tar.xz"; + in { overlays.default = final: prev: @@ -66,7 +71,7 @@ }; sharedAttrs = { pname = "nix-installer"; - version = "0.14.0"; + version = "0.19.0"; src = builtins.path { name = "nix-installer-source"; path = self; @@ -87,6 +92,8 @@ RUSTFLAGS = "--cfg tokio_unstable"; cargoTestOptions = f: f ++ [ "--all" ]; + NIX_INSTALLER_TARBALL_PATH = nixTarballForSystem final.stdenv.system; + override = { preBuild ? "", ... }: { preBuild = preBuild + '' # logRun "cargo clippy --all-targets --all-features -- -D warnings" @@ -130,6 +137,7 @@ name = "nix-install-shell"; RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; + NIX_INSTALLER_TARBALL_PATH = nixTarballForSystem system; nativeBuildInputs = with pkgs; [ ]; buildInputs = with pkgs; [ @@ -205,15 +213,16 @@ }); hydraJobs = { - build = forAllSystems ({ system, pkgs, ... }: self.packages.${system}.default); # vm-test = import ./nix/tests/vm-test { # inherit forSystem; - # inherit (nix.hydraJobs) binaryTarball; # inherit (nixpkgs) lib; + + # binaryTarball = nix.tarballs_indirect; # }; # container-test = import ./nix/tests/container-test { # inherit forSystem; - # inherit (nix.hydraJobs) binaryTarball; + + # binaryTarball = nix.tarballs_indirect; # }; }; }; diff --git a/nix-installer.sh b/nix-installer.sh index 302f3a36a..e22e62197 100755 --- a/nix-installer.sh +++ b/nix-installer.sh @@ -11,7 +11,7 @@ # It runs on Unix shells like {a,ba,da,k,z}sh. It uses the common `local` # extension. Note: Most shells limit `local` to 1 var per line, contra bash. -# This script is based off https://github.com/rust-lang/rustup/blob/8f6b53628ad996ad86f9c6225fa500cddf860905/rustup-init.sh +# This script is based off https://github.com/rust-lang/rustup/blob/f8d7b3baba7a63237cb2b82ef49a68a37dd0633c/rustup-init.sh if [ "$KSH_VERSION" = 'Version JM 93t+ 2010-03-05' ]; then # The version of ksh93 that ships with many illumos systems does not @@ -143,10 +143,30 @@ get_architecture() { fi fi - if [ "$_ostype" = Darwin ] && [ "$_cputype" = i386 ]; then - # Darwin `uname -m` lies - if sysctl hw.optional.x86_64 | grep -q ': 1'; then - _cputype=x86_64 + if [ "$_ostype" = Darwin ]; then + # Darwin `uname -m` can lie due to Rosetta shenanigans. If you manage to + # invoke a native shell binary and then a native uname binary, you can + # get the real answer, but that's hard to ensure, so instead we use + # `sysctl` (which doesn't lie) to check for the actual architecture. + if [ "$_cputype" = i386 ]; then + # Handling i386 compatibility mode in older macOS versions (<10.15) + # running on x86_64-based Macs. + # Starting from 10.15, macOS explicitly bans all i386 binaries from running. + # See: + + # Avoid `sysctl: unknown oid` stderr output and/or non-zero exit code. + if sysctl hw.optional.x86_64 2> /dev/null || true | grep -q ': 1'; then + _cputype=x86_64 + fi + elif [ "$_cputype" = x86_64 ]; then + # Handling x86-64 compatibility mode (a.k.a. Rosetta 2) + # in newer macOS versions (>=11) running on arm64-based Macs. + # Rosetta 2 is built exclusively for x86-64 and cannot run i386 binaries. + + # Avoid `sysctl: unknown oid` stderr output and/or non-zero exit code. + if sysctl hw.optional.arm64 2> /dev/null || true | grep -q ': 1'; then + _cputype=arm64 + fi fi fi diff --git a/src/action/base/create_or_insert_into_file.rs b/src/action/base/create_or_insert_into_file.rs index cf0e23749..96162a60f 100644 --- a/src/action/base/create_or_insert_into_file.rs +++ b/src/action/base/create_or_insert_into_file.rs @@ -208,6 +208,7 @@ impl Action for CreateOrInsertIntoFile { } let mut temp_file = OpenOptions::new() .create(true) + .truncate(true) .write(true) // If the file is created, ensure that it has harmless // permissions regardless of whether the mode will be diff --git a/src/action/base/create_or_merge_nix_config.rs b/src/action/base/create_or_merge_nix_config.rs index 2610c334f..ec4f7a352 100644 --- a/src/action/base/create_or_merge_nix_config.rs +++ b/src/action/base/create_or_merge_nix_config.rs @@ -258,6 +258,7 @@ impl Action for CreateOrMergeNixConfig { } let mut temp_file = OpenOptions::new() .create(true) + .truncate(true) .write(true) // If the file is created, ensure that it has harmless // permissions regardless of whether the mode will be @@ -369,7 +370,7 @@ impl Action for CreateOrMergeNixConfig { new_config.push_str(name); new_config.push_str(" = "); - if let Some(merged_value) = merged_nix_config.settings_mut().remove(name) { + if let Some(merged_value) = merged_nix_config.settings_mut().swap_remove(name) { new_config.push_str(&merged_value); new_config.push(' '); } else { @@ -390,7 +391,7 @@ impl Action for CreateOrMergeNixConfig { }; if let Some(to_remove) = to_remove { - existing_nix_config.settings_mut().remove(&to_remove); + existing_nix_config.settings_mut().swap_remove(&to_remove); } } @@ -412,7 +413,7 @@ impl Action for CreateOrMergeNixConfig { new_config .push_str("# Generated by https://github.com/NixOS/experimental-nix-installer.\n"); new_config.push_str("# See `/nix/nix-installer --version` for the version details.\n"); - new_config.push_str("\n"); + new_config.push('\n'); for (name, value) in merged_nix_config.settings() { new_config.push_str(name); diff --git a/src/action/base/create_user.rs b/src/action/base/create_user.rs index f857f225f..1043876ef 100644 --- a/src/action/base/create_user.rs +++ b/src/action/base/create_user.rs @@ -237,6 +237,7 @@ impl Action for CreateUser { .args([ "--home", "/var/empty", + "-H", // Don't create a home. "--gecos", comment, "--ingroup", diff --git a/src/action/base/fetch_and_unpack_nix.rs b/src/action/base/fetch_and_unpack_nix.rs index 280982300..60a6b866a 100644 --- a/src/action/base/fetch_and_unpack_nix.rs +++ b/src/action/base/fetch_and_unpack_nix.rs @@ -15,7 +15,7 @@ Fetch a URL to the given path */ #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)] pub struct FetchAndUnpackNix { - url_or_path: UrlOrPath, + url_or_path: Option, dest: PathBuf, proxy: Option, ssl_cert_file: Option, @@ -24,7 +24,7 @@ pub struct FetchAndUnpackNix { impl FetchAndUnpackNix { #[tracing::instrument(level = "debug", skip_all)] pub async fn plan( - url_or_path: UrlOrPath, + url_or_path: Option, dest: PathBuf, proxy: Option, ssl_cert_file: Option, @@ -32,7 +32,7 @@ impl FetchAndUnpackNix { // TODO(@hoverbear): Check URL exists? // TODO(@hoverbear): Check tempdir exists - if let UrlOrPath::Url(url) = &url_or_path { + if let Some(UrlOrPath::Url(url)) = &url_or_path { match url.scheme() { "https" | "http" | "file" => (), _ => return Err(Self::error(ActionErrorKind::UnknownUrlScheme)), @@ -67,14 +67,21 @@ impl Action for FetchAndUnpackNix { ActionTag("fetch_and_unpack_nix") } fn tracing_synopsis(&self) -> String { - format!("Fetch `{}` to `{}`", self.url_or_path, self.dest.display()) + if let Some(ref url_or_path) = self.url_or_path { + format!("Fetch `{}` to `{}`", url_or_path, self.dest.display()) + } else { + format!( + "Extract the bundled Nix (originally from {})", + crate::settings::NIX_TARBALL_PATH + ) + } } fn tracing_span(&self) -> Span { let span = span!( tracing::Level::DEBUG, "fetch_and_unpack_nix", - url_or_path = tracing::field::display(&self.url_or_path), + url_or_path = self.url_or_path.as_ref().map(tracing::field::display), proxy = tracing::field::Empty, ssl_cert_file = tracing::field::Empty, dest = tracing::field::display(self.dest.display()), @@ -98,7 +105,8 @@ impl Action for FetchAndUnpackNix { #[tracing::instrument(level = "debug", skip_all)] async fn execute(&mut self) -> Result<(), ActionError> { let bytes = match &self.url_or_path { - UrlOrPath::Url(url) => { + &None => Bytes::from(crate::settings::NIX_TARBALL), + Some(UrlOrPath::Url(url)) => { let bytes = match url.scheme() { "https" | "http" => { let mut buildable_client = reqwest::Client::builder(); @@ -144,7 +152,7 @@ impl Action for FetchAndUnpackNix { }; bytes }, - UrlOrPath::Path(path) => { + Some(UrlOrPath::Path(path)) => { let buf = tokio::fs::read(path) .await .map_err(|e| ActionErrorKind::Read(PathBuf::from(path), e)) diff --git a/src/action/common/configure_enterprise_edition_init_service.rs b/src/action/common/configure_enterprise_edition_init_service.rs new file mode 100644 index 000000000..ce3b87efb --- /dev/null +++ b/src/action/common/configure_enterprise_edition_init_service.rs @@ -0,0 +1,189 @@ +/// This file is unused but is kept around to avoid merge conflicts +use std::path::PathBuf; + +#[cfg(target_os = "macos")] +use serde::{Deserialize, Serialize}; +#[cfg(target_os = "macos")] +use tokio::io::AsyncWriteExt; +use tokio::process::Command; +use tracing::{span, Span}; + +use crate::action::{ActionError, ActionErrorKind, ActionTag, StatefulAction}; +use crate::execute_command; + +use crate::action::{Action, ActionDescription}; + +#[cfg(target_os = "macos")] +const DARWIN_ENTERPRISE_EDITION_DAEMON_DEST: &str = + "/Library/LaunchDaemons/systems.determinate.nix-daemon.plist"; +/** +Configure the init to run the Nix daemon +*/ +#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)] +pub struct ConfigureEnterpriseEditionInitService { + start_daemon: bool, +} + +impl ConfigureEnterpriseEditionInitService { + #[tracing::instrument(level = "debug", skip_all)] + pub async fn plan(start_daemon: bool) -> Result, ActionError> { + Ok(Self { start_daemon }.into()) + } +} + +#[async_trait::async_trait] +#[typetag::serde(name = "configure_enterprise_edition_init_service")] +impl Action for ConfigureEnterpriseEditionInitService { + fn action_tag() -> ActionTag { + ActionTag("configure_enterprise_edition_init_service") + } + fn tracing_synopsis(&self) -> String { + "Configure the Determinate Nix Enterprise Edition daemon related settings with launchctl" + .to_string() + } + + fn tracing_span(&self) -> Span { + span!( + tracing::Level::DEBUG, + "configure_enterprise_edition_init_service" + ) + } + + fn execute_description(&self) -> Vec { + let mut explanation = vec![format!("Create `{DARWIN_ENTERPRISE_EDITION_DAEMON_DEST}`")]; + if self.start_daemon { + explanation.push(format!( + "Run `launchctl load {DARWIN_ENTERPRISE_EDITION_DAEMON_DEST}`" + )); + } + + vec![ActionDescription::new(self.tracing_synopsis(), explanation)] + } + + #[tracing::instrument(level = "debug", skip_all)] + async fn execute(&mut self) -> Result<(), ActionError> { + let Self { start_daemon } = self; + + let daemon_file = DARWIN_ENTERPRISE_EDITION_DAEMON_DEST; + let domain = "system"; + let service = "systems.determinate.nix-daemon"; + + let generated_plist = generate_plist(); + + let mut options = tokio::fs::OpenOptions::new(); + options.create(true).write(true).read(true); + + let mut file = options + .open(&daemon_file) + .await + .map_err(|e| Self::error(ActionErrorKind::Open(PathBuf::from(daemon_file), e)))?; + + let mut buf = Vec::new(); + plist::to_writer_xml(&mut buf, &generated_plist).map_err(Self::error)?; + file.write_all(&buf) + .await + .map_err(|e| Self::error(ActionErrorKind::Write(PathBuf::from(daemon_file), e)))?; + + execute_command( + Command::new("launchctl") + .process_group(0) + .args(["load", "-w"]) + .arg(daemon_file) + .stdin(std::process::Stdio::null()), + ) + .await + .map_err(Self::error)?; + + let is_disabled = crate::action::macos::service_is_disabled(domain, service) + .await + .map_err(Self::error)?; + if is_disabled { + execute_command( + Command::new("launchctl") + .process_group(0) + .arg("enable") + .arg(&format!("{domain}/{service}")) + .stdin(std::process::Stdio::null()), + ) + .await + .map_err(Self::error)?; + } + + if *start_daemon { + execute_command( + Command::new("launchctl") + .process_group(0) + .arg("kickstart") + .arg("-k") + .arg(&format!("{domain}/{service}")) + .stdin(std::process::Stdio::null()), + ) + .await + .map_err(Self::error)?; + } + + Ok(()) + } + + fn revert_description(&self) -> Vec { + vec![ActionDescription::new( + "Unconfigure Nix daemon related settings with launchctl".to_string(), + vec![format!( + "Run `launchctl unload {DARWIN_ENTERPRISE_EDITION_DAEMON_DEST}`" + )], + )] + } + + #[tracing::instrument(level = "debug", skip_all)] + async fn revert(&mut self) -> Result<(), ActionError> { + execute_command( + Command::new("launchctl") + .process_group(0) + .arg("unload") + .arg(DARWIN_ENTERPRISE_EDITION_DAEMON_DEST), + ) + .await + .map_err(Self::error)?; + + Ok(()) + } +} + +#[non_exhaustive] +#[derive(Debug, thiserror::Error)] +pub enum ConfigureEnterpriseEditionNixDaemonServiceError {} + +#[cfg(target_os = "macos")] +#[derive(Deserialize, Clone, Debug, Serialize, PartialEq)] +#[serde(rename_all = "PascalCase")] +pub struct DeterminateNixDaemonPlist { + label: String, + program: String, + keep_alive: bool, + run_at_load: bool, + standard_error_path: String, + standard_out_path: String, + soft_resource_limits: ResourceLimits, +} + +#[cfg(target_os = "macos")] +#[derive(Deserialize, Clone, Debug, Serialize, PartialEq)] +#[serde(rename_all = "PascalCase")] +pub struct ResourceLimits { + number_of_files: usize, +} + +#[cfg(target_os = "macos")] +fn generate_plist() -> DeterminateNixDaemonPlist { + DeterminateNixDaemonPlist { + keep_alive: true, + run_at_load: true, + label: "systems.determinate.nix-daemon".into(), + program: "/usr/local/bin/determinate-nix-ee".into(), + standard_error_path: "/var/log/determinate-nix-daemon.log".into(), + standard_out_path: "/var/log/determinate-nix-daemon.log".into(), + soft_resource_limits: ResourceLimits { + number_of_files: 1048576, + }, + } +} diff --git a/src/action/common/configure_init_service.rs b/src/action/common/configure_init_service.rs index 1997abccf..3abee5436 100644 --- a/src/action/common/configure_init_service.rs +++ b/src/action/common/configure_init_service.rs @@ -1,6 +1,9 @@ #[cfg(target_os = "linux")] use std::path::Path; use std::path::PathBuf; + +#[cfg(target_os = "macos")] +use serde::{Deserialize, Serialize}; use tokio::process::Command; use tracing::{span, Span}; @@ -79,10 +82,14 @@ impl ConfigureInitService { }, #[cfg(target_os = "linux")] InitSystem::Systemd => { - // If /run/systemd/system exists, we can be reasonably sure the machine is booted - // with systemd: https://www.freedesktop.org/software/systemd/man/sd_booted.html - if !Path::new("/run/systemd/system").exists() { - return Err(Self::error(ActionErrorKind::SystemdMissing)); + // If `no_start_daemon` is set, then we don't require a running systemd, + // so we don't need to check if `/run/systemd/system` exists. + if start_daemon { + // If /run/systemd/system exists, we can be reasonably sure the machine is booted + // with systemd: https://www.freedesktop.org/software/systemd/man/sd_booted.html + if !Path::new("/run/systemd/system").exists() { + return Err(Self::error(ActionErrorKind::SystemdMissing)); + } } if which::which("systemctl").is_err() { @@ -126,7 +133,7 @@ impl Action for ConfigureInitService { } fn tracing_span(&self) -> Span { - span!(tracing::Level::DEBUG, "configure_init_service",) + span!(tracing::Level::DEBUG, "configure_init_service") } fn execute_description(&self) -> Vec { @@ -135,7 +142,7 @@ impl Action for ConfigureInitService { #[cfg(target_os = "linux")] InitSystem::Systemd => { let mut explanation = vec![ - "Run `systemd-tempfiles --create --prefix=/nix/var/nix`".to_string(), + "Run `systemd-tmpfiles --create --prefix=/nix/var/nix`".to_string(), format!("Symlink `{SERVICE_SRC}` to `{SERVICE_DEST}`"), format!("Symlink `{SOCKET_SRC}` to `{SOCKET_DEST}`"), "Run `systemctl daemon-reload`".to_string(), @@ -148,7 +155,7 @@ impl Action for ConfigureInitService { #[cfg(target_os = "macos")] InitSystem::Launchd => { let mut explanation = vec![format!( - "Copy `{DARWIN_NIX_DAEMON_SOURCE}` to `DARWIN_NIX_DAEMON_DEST`" + "Copy `{DARWIN_NIX_DAEMON_SOURCE}` to `{DARWIN_NIX_DAEMON_DEST}`" )]; if self.start_daemon { explanation.push(format!("Run `launchctl load {DARWIN_NIX_DAEMON_DEST}`")); @@ -168,30 +175,29 @@ impl Action for ConfigureInitService { match init { #[cfg(target_os = "macos")] InitSystem::Launchd => { + let daemon_file = DARWIN_NIX_DAEMON_DEST; + let domain = "system"; + let service = "org.nixos.nix-daemon"; let src = std::path::Path::new(DARWIN_NIX_DAEMON_SOURCE); - tokio::fs::copy(src.clone(), DARWIN_NIX_DAEMON_DEST) - .await - .map_err(|e| { - Self::error(ActionErrorKind::Copy( - src.to_path_buf(), - PathBuf::from(DARWIN_NIX_DAEMON_DEST), - e, - )) - })?; + + tokio::fs::copy(src, daemon_file).await.map_err(|e| { + Self::error(ActionErrorKind::Copy( + src.to_path_buf(), + PathBuf::from(daemon_file), + e, + )) + })?; execute_command( Command::new("launchctl") .process_group(0) .args(["load", "-w"]) - .arg(DARWIN_NIX_DAEMON_DEST) + .arg(daemon_file) .stdin(std::process::Stdio::null()), ) .await .map_err(Self::error)?; - let domain = "system"; - let service = "org.nixos.nix-daemon"; - let is_disabled = crate::action::macos::service_is_disabled(domain, service) .await .map_err(Self::error)?; @@ -521,6 +527,26 @@ pub enum ConfigureNixDaemonServiceError { InitNotSupported, } +#[cfg(target_os = "macos")] +#[derive(Deserialize, Clone, Debug, Serialize, PartialEq)] +#[serde(rename_all = "PascalCase")] +pub struct DeterminateNixDaemonPlist { + label: String, + program: String, + keep_alive: bool, + run_at_load: bool, + standard_error_path: String, + standard_out_path: String, + soft_resource_limits: ResourceLimits, +} + +#[cfg(target_os = "macos")] +#[derive(Deserialize, Clone, Debug, Serialize, PartialEq)] +#[serde(rename_all = "PascalCase")] +pub struct ResourceLimits { + number_of_files: usize, +} + #[cfg(target_os = "linux")] async fn stop(unit: &str) -> Result<(), ActionErrorKind> { let mut command = Command::new("systemctl"); diff --git a/src/action/common/configure_shell_profile.rs b/src/action/common/configure_shell_profile.rs index d6fc90017..70c730032 100644 --- a/src/action/common/configure_shell_profile.rs +++ b/src/action/common/configure_shell_profile.rs @@ -44,25 +44,29 @@ impl ConfigureShellProfile { for profile_target in locations.bash.iter().chain(locations.zsh.iter()) { let profile_target_path = Path::new(profile_target); if let Some(parent) = profile_target_path.parent() { - if !parent.exists() { - create_directories.push( - CreateDirectory::plan(parent, None, None, 0o0755, false) - .await - .map_err(Self::error)?, + // Some tools (eg `nix-darwin`) create symlinks to these files, don't write to them if that's the case. + if !profile_target_path.is_symlink() { + if !parent.exists() { + create_directories.push( + CreateDirectory::plan(parent, None, None, 0o0755, false) + .await + .map_err(Self::error)?, + ); + } + + create_or_insert_files.push( + CreateOrInsertIntoFile::plan( + profile_target_path, + None, + None, + 0o644, + shell_buf.to_string(), + create_or_insert_into_file::Position::Beginning, + ) + .await + .map_err(Self::error)?, ); } - create_or_insert_files.push( - CreateOrInsertIntoFile::plan( - profile_target_path, - None, - None, - 0o644, - shell_buf.to_string(), - create_or_insert_into_file::Position::Beginning, - ) - .await - .map_err(Self::error)?, - ); } } @@ -88,23 +92,27 @@ impl ConfigureShellProfile { let mut profile_target = fish_prefix_path; profile_target.push(locations.fish.confd_suffix.clone()); - if let Some(conf_d) = profile_target.parent() { - create_directories.push( - CreateDirectory::plan(conf_d.to_path_buf(), None, None, 0o755, false).await?, + // Some tools (eg `nix-darwin`) create symlinks to these files, don't write to them if that's the case. + if !profile_target.is_symlink() { + if let Some(conf_d) = profile_target.parent() { + create_directories.push( + CreateDirectory::plan(conf_d.to_path_buf(), None, None, 0o755, false) + .await?, + ); + } + + create_or_insert_files.push( + CreateOrInsertIntoFile::plan( + profile_target, + None, + None, + 0o644, + fish_buf.to_string(), + create_or_insert_into_file::Position::Beginning, + ) + .await?, ); } - - create_or_insert_files.push( - CreateOrInsertIntoFile::plan( - profile_target, - None, - None, - 0o644, - fish_buf.to_string(), - create_or_insert_into_file::Position::Beginning, - ) - .await?, - ); } for fish_prefix in &locations.fish.vendor_confd_prefixes { let fish_prefix_path = PathBuf::from(fish_prefix); diff --git a/src/action/common/create_users_and_groups.rs b/src/action/common/create_users_and_groups.rs index 251c01903..6a10a5063 100644 --- a/src/action/common/create_users_and_groups.rs +++ b/src/action/common/create_users_and_groups.rs @@ -77,7 +77,7 @@ impl Action for CreateUsersAndGroups { } else { format!( "Create build users (UID {}-{}) and group (GID {})", - self.nix_build_user_id_base, + self.nix_build_user_id_base + 1, self.nix_build_user_id_base + self.nix_build_user_count, self.nix_build_group_id ) diff --git a/src/action/common/mod.rs b/src/action/common/mod.rs index 1ba5dcbae..1bc7ca45e 100644 --- a/src/action/common/mod.rs +++ b/src/action/common/mod.rs @@ -1,5 +1,7 @@ //! [`Action`](crate::action::Action)s which only call other base plugins +#[cfg(all(target_os = "macos", not(feature = "nix-community")))] +pub(crate) mod configure_enterprise_edition_init_service; pub(crate) mod configure_init_service; pub(crate) mod configure_nix; pub(crate) mod configure_shell_profile; @@ -10,6 +12,8 @@ pub(crate) mod place_nix_configuration; pub(crate) mod provision_nix; pub(crate) mod setup_channels; +#[cfg(all(target_os = "macos", not(feature = "nix-community")))] +pub use configure_enterprise_edition_init_service::ConfigureEnterpriseEditionInitService; pub use configure_init_service::{ConfigureInitService, ConfigureNixDaemonServiceError}; pub use configure_nix::ConfigureNix; pub use configure_shell_profile::ConfigureShellProfile; diff --git a/src/action/common/place_nix_configuration.rs b/src/action/common/place_nix_configuration.rs index 8c1da8b08..78843687e 100644 --- a/src/action/common/place_nix_configuration.rs +++ b/src/action/common/place_nix_configuration.rs @@ -133,6 +133,11 @@ impl PlaceNixConfiguration { "extra-nix-path".to_string(), "nixpkgs=flake:nixpkgs".to_string(), ); + + settings.insert( + "upgrade-nix-store-path-url".to_string(), + "https://install.determinate.systems/nix-upgrade/stable/universal".to_string(), + ); } let create_directory = CreateDirectory::plan(NIX_CONF_FOLDER, None, None, 0o0755, force) diff --git a/src/action/macos/configure_remote_building.rs b/src/action/macos/configure_remote_building.rs index 3d9e03690..81cadc46d 100644 --- a/src/action/macos/configure_remote_building.rs +++ b/src/action/macos/configure_remote_building.rs @@ -12,7 +12,7 @@ This enables remote building, which requires `ssh host nix` to work. */ #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)] pub struct ConfigureRemoteBuilding { - create_or_insert_into_file: StatefulAction, + create_or_insert_into_file: Option>, } impl ConfigureRemoteBuilding { @@ -29,16 +29,24 @@ fi "# ); - let create_or_insert_into_file = CreateOrInsertIntoFile::plan( - Path::new("/etc/zshenv"), - None, - None, - 0o644, - shell_buf.to_string(), - create_or_insert_into_file::Position::Beginning, - ) - .await - .map_err(Self::error)?; + let zshenv = Path::new("/etc/zshenv"); + + let create_or_insert_into_file = if !zshenv.is_symlink() { + Some( + CreateOrInsertIntoFile::plan( + zshenv, + None, + None, + 0o644, + shell_buf.to_string(), + create_or_insert_into_file::Position::Beginning, + ) + .await + .map_err(Self::error)?, + ) + } else { + None + }; Ok(Self { create_or_insert_into_file, @@ -63,7 +71,11 @@ impl Action for ConfigureRemoteBuilding { fn execute_description(&self) -> Vec { vec![ActionDescription::new( - self.tracing_synopsis(), + if self.create_or_insert_into_file.is_none() { + "Skipping configuring zsh to support using Nix in non-interactive shells, `/etc/zshenv` is a symlink".to_string() + } else { + self.tracing_synopsis() + }, vec!["Update `/etc/zshenv` to import Nix".to_string()], )] } @@ -71,11 +83,13 @@ impl Action for ConfigureRemoteBuilding { #[tracing::instrument(level = "debug", skip_all)] async fn execute(&mut self) -> Result<(), ActionError> { let span = tracing::Span::current().clone(); - self.create_or_insert_into_file - .try_execute() - .instrument(span) - .await - .map_err(Self::error)?; + if let Some(create_or_insert_into_file) = &mut self.create_or_insert_into_file { + create_or_insert_into_file + .try_execute() + .instrument(span) + .await + .map_err(Self::error)?; + } Ok(()) } @@ -89,7 +103,9 @@ impl Action for ConfigureRemoteBuilding { #[tracing::instrument(level = "debug", skip_all)] async fn revert(&mut self) -> Result<(), ActionError> { - self.create_or_insert_into_file.try_revert().await?; + if let Some(create_or_insert_into_file) = &mut self.create_or_insert_into_file { + create_or_insert_into_file.try_revert().await? + }; Ok(()) } diff --git a/src/action/macos/create_enterprise_edition_volume.rs b/src/action/macos/create_enterprise_edition_volume.rs new file mode 100644 index 000000000..c1fbc4908 --- /dev/null +++ b/src/action/macos/create_enterprise_edition_volume.rs @@ -0,0 +1,284 @@ +/// This file is unused but is kept around to avoid merge conflicts +use crate::action::{ + base::{create_or_insert_into_file, CreateOrInsertIntoFile}, + macos::{ + CreateApfsVolume, CreateSyntheticObjects, EnableOwnership, EncryptApfsVolume, + UnmountApfsVolume, + }, + Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction, +}; +use std::{ + path::{Path, PathBuf}, + time::Duration, +}; +use tokio::process::Command; +use tracing::{span, Span}; + +use super::create_fstab_entry::CreateFstabEntry; + +/// Create an APFS volume +#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)] +pub struct CreateEnterpriseEditionVolume { + disk: PathBuf, + name: String, + case_sensitive: bool, + create_or_append_synthetic_conf: StatefulAction, + create_synthetic_objects: StatefulAction, + unmount_volume: StatefulAction, + create_volume: StatefulAction, + create_fstab_entry: StatefulAction, + encrypt_volume: StatefulAction, + enable_ownership: StatefulAction, +} + +impl CreateEnterpriseEditionVolume { + #[tracing::instrument(level = "debug", skip_all)] + pub async fn plan( + disk: impl AsRef, + name: String, + case_sensitive: bool, + ) -> Result, ActionError> { + let disk = disk.as_ref(); + let create_or_append_synthetic_conf = CreateOrInsertIntoFile::plan( + "/etc/synthetic.conf", + None, + None, + None, + "nix\n".into(), /* The newline is required otherwise it segfaults */ + create_or_insert_into_file::Position::End, + ) + .await + .map_err(Self::error)?; + + let create_synthetic_objects = CreateSyntheticObjects::plan().await.map_err(Self::error)?; + + let unmount_volume = UnmountApfsVolume::plan(disk, name.clone()) + .await + .map_err(Self::error)?; + + let create_volume = CreateApfsVolume::plan(disk, name.clone(), case_sensitive) + .await + .map_err(Self::error)?; + + let create_fstab_entry = CreateFstabEntry::plan(name.clone(), &create_volume) + .await + .map_err(Self::error)?; + + let encrypt_volume = EncryptApfsVolume::plan(true, disk, &name, &create_volume).await?; + + let enable_ownership = EnableOwnership::plan("/nix").await.map_err(Self::error)?; + + Ok(Self { + disk: disk.to_path_buf(), + name, + case_sensitive, + create_or_append_synthetic_conf, + create_synthetic_objects, + unmount_volume, + create_volume, + create_fstab_entry, + encrypt_volume, + enable_ownership, + } + .into()) + } +} + +#[async_trait::async_trait] +#[typetag::serde(name = "create_apfs_enterprise_volume")] +impl Action for CreateEnterpriseEditionVolume { + fn action_tag() -> ActionTag { + ActionTag("create_enterprise_edition_volume") + } + fn tracing_synopsis(&self) -> String { + format!( + "Create an encrypted APFS volume `{name}` for Nix on `{disk}` and add it to `/etc/fstab` mounting on `/nix`", + name = self.name, + disk = self.disk.display(), + ) + } + + fn tracing_span(&self) -> Span { + span!( + tracing::Level::DEBUG, + "create_apfs_volume", + disk = tracing::field::display(self.disk.display()), + name = self.name + ) + } + + fn execute_description(&self) -> Vec { + let explanation = vec![ + self.create_or_append_synthetic_conf.tracing_synopsis(), + self.create_synthetic_objects.tracing_synopsis(), + self.unmount_volume.tracing_synopsis(), + self.create_volume.tracing_synopsis(), + self.create_fstab_entry.tracing_synopsis(), + self.encrypt_volume.tracing_synopsis(), + self.enable_ownership.tracing_synopsis(), + ]; + + vec![ActionDescription::new(self.tracing_synopsis(), explanation)] + } + + #[tracing::instrument(level = "debug", skip_all)] + async fn execute(&mut self) -> Result<(), ActionError> { + self.create_or_append_synthetic_conf + .try_execute() + .await + .map_err(Self::error)?; + self.create_synthetic_objects + .try_execute() + .await + .map_err(Self::error)?; + self.unmount_volume.try_execute().await.ok(); // We actually expect this may fail. + self.create_volume + .try_execute() + .await + .map_err(Self::error)?; + + let mut retry_tokens: usize = 50; + loop { + let mut command = Command::new("/usr/sbin/diskutil"); + command.args(["info", "-plist"]); + command.arg(&self.name); + command.stderr(std::process::Stdio::null()); + command.stdout(std::process::Stdio::null()); + tracing::trace!(%retry_tokens, command = ?command.as_std(), "Checking for Nix Store volume existence"); + let output = command + .output() + .await + .map_err(|e| ActionErrorKind::command(&command, e)) + .map_err(Self::error)?; + if output.status.success() { + break; + } else if retry_tokens == 0 { + return Err(Self::error(ActionErrorKind::command_output( + &command, output, + ))); + } else { + retry_tokens = retry_tokens.saturating_sub(1); + } + tokio::time::sleep(Duration::from_millis(100)).await; + } + + self.create_fstab_entry + .try_execute() + .await + .map_err(Self::error)?; + + self.encrypt_volume + .try_execute() + .await + .map_err(Self::error)?; + + let mut command = Command::new("/usr/local/bin/determinate-nix-ee"); + command.args(["--stop-after", "mount"]); + command.stderr(std::process::Stdio::piped()); + command.stdout(std::process::Stdio::piped()); + tracing::trace!(command = ?command.as_std(), "Mounting /nix"); + let output = command + .output() + .await + .map_err(|e| ActionErrorKind::command(&command, e)) + .map_err(Self::error)?; + if !output.status.success() { + return Err(Self::error(ActionErrorKind::command_output( + &command, output, + ))); + } + + let mut retry_tokens: usize = 50; + loop { + let mut command = Command::new("/usr/sbin/diskutil"); + command.args(["info", "/nix"]); + command.stderr(std::process::Stdio::null()); + command.stdout(std::process::Stdio::null()); + tracing::trace!(%retry_tokens, command = ?command.as_std(), "Checking for Nix Store mount path existence"); + let output = command + .output() + .await + .map_err(|e| ActionErrorKind::command(&command, e)) + .map_err(Self::error)?; + if output.status.success() { + break; + } else if retry_tokens == 0 { + return Err(Self::error(ActionErrorKind::command_output( + &command, output, + ))); + } else { + retry_tokens = retry_tokens.saturating_sub(1); + } + tokio::time::sleep(Duration::from_millis(100)).await; + } + + self.enable_ownership + .try_execute() + .await + .map_err(Self::error)?; + + Ok(()) + } + + fn revert_description(&self) -> Vec { + let explanation = vec![ + self.create_or_append_synthetic_conf.tracing_synopsis(), + self.create_synthetic_objects.tracing_synopsis(), + self.unmount_volume.tracing_synopsis(), + self.create_volume.tracing_synopsis(), + self.create_fstab_entry.tracing_synopsis(), + self.encrypt_volume.tracing_synopsis(), + self.enable_ownership.tracing_synopsis(), + ]; + + vec![ActionDescription::new( + format!( + "Remove the APFS volume `{}` on `{}`", + self.name, + self.disk.display() + ), + explanation, + )] + } + + #[tracing::instrument(level = "debug", skip_all)] + async fn revert(&mut self) -> Result<(), ActionError> { + let mut errors = vec![]; + + if let Err(err) = self.enable_ownership.try_revert().await { + errors.push(err) + }; + if let Err(err) = self.encrypt_volume.try_revert().await { + errors.push(err) + } + if let Err(err) = self.create_fstab_entry.try_revert().await { + errors.push(err) + } + + if let Err(err) = self.unmount_volume.try_revert().await { + errors.push(err) + } + if let Err(err) = self.create_volume.try_revert().await { + errors.push(err) + } + + // Purposefully not reversed + if let Err(err) = self.create_or_append_synthetic_conf.try_revert().await { + errors.push(err) + } + if let Err(err) = self.create_synthetic_objects.try_revert().await { + errors.push(err) + } + + if errors.is_empty() { + Ok(()) + } else if errors.len() == 1 { + Err(errors + .into_iter() + .next() + .expect("Expected 1 len Vec to have at least 1 item")) + } else { + Err(Self::error(ActionErrorKind::MultipleChildren(errors))) + } + } +} diff --git a/src/action/macos/create_fstab_entry.rs b/src/action/macos/create_fstab_entry.rs index 8eac22179..606f327eb 100644 --- a/src/action/macos/create_fstab_entry.rs +++ b/src/action/macos/create_fstab_entry.rs @@ -136,6 +136,7 @@ impl Action for CreateFstabEntry { let mut fstab = tokio::fs::OpenOptions::new() .create(true) + .truncate(false) .write(true) .read(true) .open(fstab_path) diff --git a/src/action/macos/create_nix_volume.rs b/src/action/macos/create_nix_volume.rs index 9c4fec5b1..e629a39d7 100644 --- a/src/action/macos/create_nix_volume.rs +++ b/src/action/macos/create_nix_volume.rs @@ -71,7 +71,7 @@ impl CreateNixVolume { .map_err(Self::error)?; let encrypt_volume = if encrypt { - Some(EncryptApfsVolume::plan(disk, &name, &create_volume).await?) + Some(EncryptApfsVolume::plan(false, disk, &name, &create_volume).await?) } else { None }; @@ -154,11 +154,9 @@ impl Action for CreateNixVolume { if let Some(encrypt_volume) = &self.encrypt_volume { explanation.push(encrypt_volume.tracing_synopsis()); } - explanation.append(&mut vec![ - self.setup_volume_daemon.tracing_synopsis(), - self.bootstrap_volume.tracing_synopsis(), - self.enable_ownership.tracing_synopsis(), - ]); + explanation.push(self.setup_volume_daemon.tracing_synopsis()); + explanation.push(self.bootstrap_volume.tracing_synopsis()); + explanation.push(self.enable_ownership.tracing_synopsis()); vec![ActionDescription::new(self.tracing_synopsis(), explanation)] } @@ -220,6 +218,7 @@ impl Action for CreateNixVolume { .try_execute() .await .map_err(Self::error)?; + self.kickstart_launchctl_service .try_execute() .await @@ -268,11 +267,9 @@ impl Action for CreateNixVolume { if let Some(encrypt_volume) = &self.encrypt_volume { explanation.push(encrypt_volume.tracing_synopsis()); } - explanation.append(&mut vec![ - self.setup_volume_daemon.tracing_synopsis(), - self.bootstrap_volume.tracing_synopsis(), - self.enable_ownership.tracing_synopsis(), - ]); + explanation.push(self.setup_volume_daemon.tracing_synopsis()); + explanation.push(self.bootstrap_volume.tracing_synopsis()); + explanation.push(self.enable_ownership.tracing_synopsis()); vec![ActionDescription::new( format!( @@ -293,13 +290,14 @@ impl Action for CreateNixVolume { }; if let Err(err) = self.kickstart_launchctl_service.try_revert().await { errors.push(err) - }; + } if let Err(err) = self.bootstrap_volume.try_revert().await { errors.push(err) - }; + } if let Err(err) = self.setup_volume_daemon.try_revert().await { errors.push(err) - }; + } + if let Some(encrypt_volume) = &mut self.encrypt_volume { if let Err(err) = encrypt_volume.try_revert().await { errors.push(err) diff --git a/src/action/macos/encrypt_apfs_volume.rs b/src/action/macos/encrypt_apfs_volume.rs index 78b8f005e..aa2f60ae9 100644 --- a/src/action/macos/encrypt_apfs_volume.rs +++ b/src/action/macos/encrypt_apfs_volume.rs @@ -21,6 +21,7 @@ Encrypt an APFS volume */ #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)] pub struct EncryptApfsVolume { + enterprise_edition: bool, disk: PathBuf, name: String, } @@ -28,6 +29,7 @@ pub struct EncryptApfsVolume { impl EncryptApfsVolume { #[tracing::instrument(level = "debug", skip_all)] pub async fn plan( + enterprise_edition: bool, disk: impl AsRef, name: impl AsRef, planned_create_apfs_volume: &StatefulAction, @@ -57,7 +59,11 @@ impl EncryptApfsVolume { // The user has a password matching what we would create. if planned_create_apfs_volume.state == ActionState::Completed { // We detected a created volume already, and a password exists, so we can keep using that and skip doing anything - return Ok(StatefulAction::completed(Self { name, disk })); + return Ok(StatefulAction::completed(Self { + enterprise_edition, + name, + disk, + })); } // Ask the user to remove it @@ -87,13 +93,21 @@ impl EncryptApfsVolume { EncryptApfsVolumeError::ExistingVolumeNotEncrypted(name, disk), )); } else { - return Ok(StatefulAction::completed(Self { disk, name })); + return Ok(StatefulAction::completed(Self { + enterprise_edition, + disk, + name, + })); } } } } - Ok(StatefulAction::uncompleted(Self { name, disk })) + Ok(StatefulAction::uncompleted(Self { + enterprise_edition, + name, + disk, + })) } } @@ -127,7 +141,11 @@ impl Action for EncryptApfsVolume { disk = %self.disk.display(), ))] async fn execute(&mut self) -> Result<(), ActionError> { - let Self { disk, name } = self; + let Self { + enterprise_edition, + disk, + name, + } = self; // Generate a random password. let password: String = { @@ -152,35 +170,38 @@ impl Action for EncryptApfsVolume { .map_err(Self::error)?; // Add the password to the user keychain so they can unlock it later. - execute_command( - Command::new("/usr/bin/security").process_group(0).args([ - "add-generic-password", - "-a", - name.as_str(), - "-s", - "Nix Store", - "-l", - format!("{} encryption password", disk_str).as_str(), - "-D", - "Encrypted volume password", - "-j", - format!( - "Added automatically by the Nix installer for use by {NIX_VOLUME_MOUNTD_DEST}" - ) + let mut cmd = Command::new("/usr/bin/security"); + cmd.process_group(0).args([ + "add-generic-password", + "-a", + name.as_str(), + "-s", + "Nix Store", + "-l", + format!("{} encryption password", disk_str).as_str(), + "-D", + "Encrypted volume password", + "-j", + format!("Added automatically by the Nix installer for use by {NIX_VOLUME_MOUNTD_DEST}") .as_str(), - "-w", - password.as_str(), - "-T", - "/System/Library/CoreServices/APFSUserAgent", - "-T", - "/System/Library/CoreServices/CSUserAgent", - "-T", - "/usr/bin/security", - "/Library/Keychains/System.keychain", - ]), - ) - .await - .map_err(Self::error)?; + "-w", + password.as_str(), + "-T", + "/System/Library/CoreServices/APFSUserAgent", + "-T", + "/System/Library/CoreServices/CSUserAgent", + "-T", + "/usr/bin/security", + ]); + + if *enterprise_edition { + cmd.args(["-T", "/usr/local/bin/determinate-nix-ee"]); + } + + cmd.arg("/Library/Keychains/System.keychain"); + + // Add the password to the user keychain so they can unlock it later. + execute_command(&mut cmd).await.map_err(Self::error)?; // Encrypt the mounted volume execute_command(Command::new("/usr/sbin/diskutil").process_group(0).args([ diff --git a/src/action/macos/mod.rs b/src/action/macos/mod.rs index 7ad01fb90..17aa3ad7d 100644 --- a/src/action/macos/mod.rs +++ b/src/action/macos/mod.rs @@ -4,6 +4,8 @@ pub(crate) mod bootstrap_launchctl_service; pub(crate) mod configure_remote_building; pub(crate) mod create_apfs_volume; +#[cfg(not(feature = "nix-community"))] +pub(crate) mod create_enterprise_edition_volume; pub(crate) mod create_fstab_entry; pub(crate) mod create_nix_hook_service; pub(crate) mod create_nix_volume; @@ -19,6 +21,8 @@ pub(crate) mod unmount_apfs_volume; pub use bootstrap_launchctl_service::BootstrapLaunchctlService; pub use configure_remote_building::ConfigureRemoteBuilding; pub use create_apfs_volume::CreateApfsVolume; +#[cfg(not(feature = "nix-community"))] +pub use create_enterprise_edition_volume::CreateEnterpriseEditionVolume; pub use create_nix_hook_service::CreateNixHookService; pub use create_nix_volume::{CreateNixVolume, NIX_VOLUME_MOUNTD_DEST}; pub use create_synthetic_objects::CreateSyntheticObjects; diff --git a/src/cli/arg/instrumentation.rs b/src/cli/arg/instrumentation.rs index 9a177b8bd..d4ecf652a 100644 --- a/src/cli/arg/instrumentation.rs +++ b/src/cli/arg/instrumentation.rs @@ -137,7 +137,7 @@ impl Instrumentation { _ => return Err(e).wrap_err_with(|| "parsing RUST_LOG directives"), } } - EnvFilter::try_new(&format!( + EnvFilter::try_new(format!( "{}={}", env!("CARGO_PKG_NAME").replace('-', "_"), self.log_level() diff --git a/src/cli/interaction.rs b/src/cli/interaction.rs index 9c56e6636..7960eae11 100644 --- a/src/cli/interaction.rs +++ b/src/cli/interaction.rs @@ -1,3 +1,4 @@ +use std::collections::HashMap; use std::io::{stdin, stdout, BufRead, Write}; use eyre::{eyre, WrapErr}; @@ -20,8 +21,16 @@ pub(crate) async fn prompt( currently_explaining: bool, ) -> eyre::Result { let stdout = stdout(); - let mut term = - term::terminfo::TerminfoTerminal::new(stdout).ok_or(eyre!("Couldn't get terminal"))?; + let terminfo = term::terminfo::TermInfo::from_env().unwrap_or_else(|_| { + tracing::warn!("Couldn't find terminfo, using empty fallback terminfo"); + term::terminfo::TermInfo { + names: vec![], + bools: HashMap::new(), + numbers: HashMap::new(), + strings: HashMap::new(), + } + }); + let mut term = term::terminfo::TerminfoTerminal::new_with_terminfo(stdout, terminfo); let with_confirm = format!( "\ {question}\n\ diff --git a/src/cli/subcommand/uninstall.rs b/src/cli/subcommand/uninstall.rs index fcbcc900a..6237a9463 100644 --- a/src/cli/subcommand/uninstall.rs +++ b/src/cli/subcommand/uninstall.rs @@ -90,7 +90,7 @@ impl CommandExecute for Uninstall { }) .collect() }; - let temp_exe = temp.join(&format!("nix-installer-{random_trailer}")); + let temp_exe = temp.join(format!("nix-installer-{random_trailer}")); tokio::fs::copy(¤t_exe, &temp_exe) .await .wrap_err("Copying nix-installer to tempdir")?; @@ -129,7 +129,7 @@ impl CommandExecute for Uninstall { format!( "\ Unable to parse plan, this plan was created by `nix-installer` version `{plan_version}`, this is `nix-installer` version `{current_version}`\n\ - To uninstall, either run `/nix/nix-installer uninstall` or `curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/{plan_version} | sh -s -- uninstall`\ + To uninstall, either run `/nix/nix-installer uninstall` or `curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v{plan_version} | sh -s -- uninstall`\ ").red().to_string() }); }, @@ -147,7 +147,7 @@ impl CommandExecute for Uninstall { \n\ Found existing plan in `{RECEIPT_LOCATION}` which was created by a version incompatible `nix-installer`.\n\ \n - To uninstall, either run `/nix/nix-installer uninstall` or `curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/${version} | sh -s -- uninstall`\n\ + To uninstall, either run `/nix/nix-installer uninstall` or `curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v${version} | sh -s -- uninstall`\n\ \n\ ").red() ); diff --git a/src/diagnostics.rs b/src/diagnostics.rs index 294f579b7..dbd86c8c7 100644 --- a/src/diagnostics.rs +++ b/src/diagnostics.rs @@ -261,7 +261,7 @@ pub fn diagnostic_endpoint_parser(input: &str) -> Result, Diagnostic "https" | "http" | "file" => Ok(Some(v)), _ => Err(DiagnosticError::UnknownUrlScheme), }, - Err(url_error) if url_error == url::ParseError::RelativeUrlWithoutBase => { + Err(url::ParseError::RelativeUrlWithoutBase) => { match Url::parse(&format!("file://{input}")) { Ok(v) => Ok(Some(v)), Err(file_error) => Err(file_error)?, diff --git a/src/os/darwin.rs b/src/os/darwin/diskutil.rs similarity index 100% rename from src/os/darwin.rs rename to src/os/darwin/diskutil.rs diff --git a/src/os/darwin/mod.rs b/src/os/darwin/mod.rs new file mode 100644 index 000000000..4f9e3f8aa --- /dev/null +++ b/src/os/darwin/mod.rs @@ -0,0 +1,3 @@ +pub mod diskutil; + +pub use diskutil::{DiskUtilApfsListOutput, DiskUtilInfoOutput}; diff --git a/src/planner/linux.rs b/src/planner/linux.rs index 21a2ba176..9fc348764 100644 --- a/src/planner/linux.rs +++ b/src/planner/linux.rs @@ -220,9 +220,9 @@ pub(crate) async fn check_nix_not_already_installed() -> Result<(), PlannerError pub(crate) fn check_systemd_active() -> Result<(), PlannerError> { if !Path::new("/run/systemd/system").exists() { if std::env::var("WSL_DISTRO_NAME").is_ok() { - return Err(LinuxErrorKind::Wsl2SystemdNotActive)?; + return Err(LinuxErrorKind::Wsl2SystemdNotActive.into()); } else { - return Err(LinuxErrorKind::SystemdNotActive)?; + return Err(LinuxErrorKind::SystemdNotActive.into()); } } diff --git a/src/planner/macos.rs b/src/planner/macos/mod.rs similarity index 82% rename from src/planner/macos.rs rename to src/planner/macos/mod.rs index a35a91a5f..352b14244 100644 --- a/src/planner/macos.rs +++ b/src/planner/macos/mod.rs @@ -8,6 +8,9 @@ use which::which; use super::ShellProfileLocations; use crate::planner::HasExpectedErrors; +mod profile_queries; +mod profiles; + use crate::{ action::{ base::RemoveDirectory, @@ -110,6 +113,9 @@ impl Planner for Macos { }, }; + // The encrypt variable isn't used in the enterprise edition since we have our own plan step for it, + // however this match accounts for enterprise edition so the receipt indicates encrypt: true. + // This is a goofy thing to do, but it is in an attempt to make a more globally coherent plan / receipt. let encrypt = match self.encrypt { Some(choice) => choice, None => { @@ -135,13 +141,14 @@ impl Planner for Macos { CreateNixVolume::plan( root_disk.unwrap(), /* We just ensured it was populated */ self.volume_label.clone(), - false, + self.case_sensitive, encrypt, ) .await .map_err(PlannerError::Action)? .boxed(), ); + plan.push( ProvisionNix::plan(&self.settings) .await @@ -259,6 +266,7 @@ impl Planner for Macos { } async fn pre_install_check(&self) -> Result<(), PlannerError> { + check_suis().await?; check_not_running_in_rosetta()?; Ok(()) @@ -314,17 +322,67 @@ fn check_not_running_in_rosetta() -> Result<(), PlannerError> { Ok(()) } +async fn check_suis() -> Result<(), PlannerError> { + let policies: profiles::Policies = match profiles::load().await { + Ok(pol) => pol, + Err(e) => { + tracing::warn!( + "Skipping SystemUIServer checks: failed to load profile data: {:?}", + e + ); + return Ok(()); + }, + }; + + let blocks: Vec<_> = profile_queries::blocks_internal_mounting(&policies) + .into_iter() + .map(|blocking_policy| blocking_policy.display()) + .collect(); + + let error: String = match &blocks[..] { + [] => { + return Ok(()); + }, + [block] => format!( + "The following macOS configuration profile includes a 'Restrictions - Media' policy, which interferes with the Nix Store volume:\n\n{}\n\nSee https://determinate.systems/solutions/macos-internal-disk-policy", + block + ), + blocks => { + format!( + "The following macOS configuration profiles include a 'Restrictions - Media' policy, which interferes with the Nix Store volume:\n\n{}\n\nSee https://determinate.systems/solutions/macos-internal-disk-policy", + blocks.join("\n\n") + ) + }, + }; + + Err(MacosError::BlockedBySystemUIServerPolicy(error)) + .map_err(|e| PlannerError::Custom(Box::new(e))) +} + +#[cfg(not(feature = "nix-community"))] +async fn check_enterprise_edition_available() -> Result<(), PlannerError> { + tokio::fs::metadata("/usr/local/bin/determinate-nix-ee") + .await + .map_err(|_| PlannerError::EnterpriseEditionUnavailable)?; + + Ok(()) +} + #[non_exhaustive] #[derive(thiserror::Error, Debug)] pub enum MacosError { #[error("`nix-darwin` installation detected, it must be removed before uninstalling Nix. Please refer to https://github.com/LnL7/nix-darwin#uninstalling for instructions how to uninstall `nix-darwin`.")] UninstallNixDarwin, + + #[error("{0}")] + BlockedBySystemUIServerPolicy(String), } impl HasExpectedErrors for MacosError { fn expected<'a>(&'a self) -> Option> { match self { this @ MacosError::UninstallNixDarwin => Some(Box::new(this)), + this @ MacosError::BlockedBySystemUIServerPolicy(_) => Some(Box::new(this)), } } } diff --git a/src/planner/macos/profile.sample.block.plist b/src/planner/macos/profile.sample.block.plist new file mode 100644 index 000000000..97abe5a98 --- /dev/null +++ b/src/planner/macos/profile.sample.block.plist @@ -0,0 +1,58 @@ + + + + + + foo + + + + ProfileDescription + The description + ProfileDisplayName + Don't allow mounting internal devices + ProfileIdentifier + MyProfile.6F6670A3-65AC-4EA4-8665-91F8FCE289AB + ProfileInstallDate + 2024-04-22 14:12:42 +0000 + ProfileType + Configuration + ProfileUUID + 6F6670A3-65AC-4EA4-8665-91F8FCE289AB + ProfileVersion + 1 + + + ProfileItems + + + + PayloadType + com.apple.systemuiserver + + PayloadContent + + mount-controls + + harddisk-internal + + + deny + + + + + + + + + diff --git a/src/planner/macos/profile.sample.unknown.plist b/src/planner/macos/profile.sample.unknown.plist new file mode 100644 index 000000000..571f94ef2 --- /dev/null +++ b/src/planner/macos/profile.sample.unknown.plist @@ -0,0 +1,49 @@ + + + + + _computerlevel + + + ProfileDescription + + ProfileDisplayName + macOS Software Update Policy: Mandatory Minor Upgrades + ProfileIdentifier + com.example + ProfileInstallDate + 2024-04-22 00:00:00 +0000 + ProfileItems + + + PayloadContent + + AllowPreReleaseInstallation + + AutomaticCheckEnabled + + + PayloadIdentifier + abc123 + PayloadType + com.apple.SoftwareUpdate + PayloadUUID + def456 + PayloadVersion + 1 + + + ProfileRemovalDisallowed + true + ProfileType + Configuration + ProfileUUID + F7972F85-2A4D-4609-A4BB-02CB0C34A3F8 + ProfileVerificationState + verified + ProfileVersion + 1 + + + + diff --git a/src/planner/macos/profile_queries.rs b/src/planner/macos/profile_queries.rs new file mode 100644 index 000000000..36fa23803 --- /dev/null +++ b/src/planner/macos/profile_queries.rs @@ -0,0 +1,137 @@ +use crate::planner::macos::profiles::{ + HardDiskInternalOpts, MountControls, Policies, Profile, ProfileItem, SystemUIServer, Target, +}; + +struct TargetProfileItem<'a> { + target: &'a Target, + profile: &'a Profile, + item: &'a ProfileItem, +} + +pub struct TargetProfileHardDiskInternalOpts<'a> { + pub target: &'a Target, + pub profile: &'a Profile, + pub opts: &'a [HardDiskInternalOpts], +} + +impl TargetProfileHardDiskInternalOpts<'_> { + pub fn display(&self) -> String { + let owner = match self.target { + crate::planner::macos::profiles::Target::Computer => { + "A computer-wide profile".to_string() + }, + crate::planner::macos::profiles::Target::User(u) => format!("A profile owned by {u}"), + }; + + let desc = [ + ("Name", &self.profile.profile_display_name), + ( + "Version", + &self.profile.profile_version.map(|v| v.to_string()), + ), + ("Description", &self.profile.profile_description), + ("ID", &self.profile.profile_identifier), + ("UUID", &self.profile.profile_uuid), + ("Installation Date", &self.profile.profile_install_date), + ] + .into_iter() + .filter_map(|(k, v)| Some((k, (*v).as_ref()?))) + .map(|(key, val)| format!(" * {}: {}", key, val)) + .collect::>() + .join("\n"); + + format!("{owner}:\n{}\n", desc) + } +} + +fn flatten(policies: &Policies) -> impl Iterator { + policies + .iter() + .flat_map(|(target, profiles): (&Target, &Vec)| { + profiles.iter().map(move |profile| (target, profile)) + }) + .flat_map(|(target, profile): (&Target, &Profile)| { + profile + .profile_items + .iter() + .map(move |item| TargetProfileItem { + target, + profile, + item, + }) + }) +} + +pub fn blocks_internal_mounting(policies: &Policies) -> Vec { + flatten(policies) + .filter_map(move |target_profile_item| { + let ProfileItem::SystemUIServer(system_ui_server) = target_profile_item.item else { + return None; + }; + let SystemUIServer { + mount_controls: Some(mount_controls), + } = system_ui_server + else { + return None; + }; + + let MountControls { harddisk_internal } = mount_controls; + + return Some(TargetProfileHardDiskInternalOpts { + target: target_profile_item.target, + profile: target_profile_item.profile, + opts: &harddisk_internal, + }); + }) + .filter(|TargetProfileHardDiskInternalOpts { opts, .. }| { + opts.iter().any(|x| { + [ + HardDiskInternalOpts::ReadOnly, + HardDiskInternalOpts::Deny, + HardDiskInternalOpts::Eject, + ] + .contains(x) + }) + }) + .collect() +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn generate_error() { + let parsed: Policies = plist::from_reader(std::io::Cursor::new(include_str!( + "./profile.sample.block.plist" + ))) + .unwrap(); + + let blocks = blocks_internal_mounting(&parsed); + let err = &blocks[0]; + + assert_eq!( + r#"A profile owned by foo: + * Name: Don't allow mounting internal devices + * Version: 1 + * Description: The description + * ID: MyProfile.6F6670A3-65AC-4EA4-8665-91F8FCE289AB + * UUID: 6F6670A3-65AC-4EA4-8665-91F8FCE289AB + * Installation Date: 2024-04-22 14:12:42 +0000"# + .trim() + .to_string(), + err.display().trim() + ); + } + + #[test] + fn no_error() { + let parsed: Policies = plist::from_reader(std::io::Cursor::new(include_str!( + "./profile.sample.unknown.plist" + ))) + .unwrap(); + + let blocks = blocks_internal_mounting(&parsed); + assert!(blocks.is_empty()); + } +} diff --git a/src/planner/macos/profiles.rs b/src/planner/macos/profiles.rs new file mode 100644 index 000000000..6e7ad864b --- /dev/null +++ b/src/planner/macos/profiles.rs @@ -0,0 +1,162 @@ +use std::collections::HashMap; + +use crate::execute_command; + +#[derive(thiserror::Error, Debug)] +pub enum LoadError { + #[error("Profile plist parsing error: {0}")] + Parse(#[from] plist::Error), + + #[error("Profile discovery error: {0}")] + ProfileListing(#[from] crate::ActionErrorKind), +} + +pub async fn load() -> Result { + let buf = execute_command( + tokio::process::Command::new("/usr/bin/profiles") + // "prints all configuration profiles to console" + .arg("-P") + // "path to output XML plist file (for -P, -L, -C). Use 'stdout' to send information to the console." + // NOTE(grahamc): `stdout` doesn't output XML formatting, but `stdout-xml` does + .args(["-o", "stdout-xml"]) + .stdin(std::process::Stdio::null()), + ) + .await? + .stdout; + + Ok(plist::from_reader(std::io::Cursor::new(buf))?) +} + +pub type Policies = HashMap>; + +#[derive(serde::Deserialize, serde::Serialize, Clone, Debug, Eq, PartialEq, Hash)] +pub enum Target { + #[serde(rename(deserialize = "_computerlevel"))] + Computer, + #[serde(untagged)] + User(String), +} + +#[derive(serde::Deserialize, Clone, Debug, PartialEq, Eq)] +#[serde(rename_all = "PascalCase")] +pub struct Profile { + pub profile_description: Option, + pub profile_display_name: Option, + pub profile_identifier: Option, + pub profile_install_date: Option, + #[serde(rename = "ProfileUUID")] + pub profile_uuid: Option, + pub profile_version: Option, + + #[serde(default)] + pub profile_items: Vec, +} + +#[derive(serde::Deserialize, Clone, Debug, PartialEq, Eq)] +#[serde(tag = "PayloadType", content = "PayloadContent")] +pub enum ProfileItem { + #[serde(rename = "com.apple.systemuiserver")] + SystemUIServer(SystemUIServer), + + #[serde(untagged)] + Unknown(UnknownProfileItem), +} + +#[derive(serde::Deserialize, Clone, Debug, PartialEq)] +#[serde(rename_all = "PascalCase")] +pub struct UnknownProfileItem { + payload_type: String, + payload_content: plist::Value, +} + +impl std::cmp::Eq for UnknownProfileItem {} + +#[derive(serde::Deserialize, Clone, Debug, PartialEq, Eq)] +#[serde(rename_all = "kebab-case")] +pub struct SystemUIServer { + pub mount_controls: Option, +} + +#[derive(serde::Deserialize, Clone, Debug, PartialEq, Eq)] +#[serde(rename_all = "kebab-case")] +pub struct MountControls { + #[serde(default)] + pub harddisk_internal: Vec, +} + +#[derive(serde::Deserialize, Clone, Debug, PartialEq, Eq)] +#[serde(rename_all = "kebab-case")] +pub enum HardDiskInternalOpts { + Authenticate, + ReadOnly, + Deny, + Eject, +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn try_parse_blocking_policy() { + let parsed: Policies = plist::from_reader(std::io::Cursor::new(include_str!( + "./profile.sample.block.plist" + ))) + .unwrap(); + assert_eq!( + Policies::from([( + Target::User("foo".into()), + vec![Profile { + profile_description: Some("The description".into()), + profile_display_name: Some("Don't allow mounting internal devices".into()), + profile_identifier: Some( + "MyProfile.6F6670A3-65AC-4EA4-8665-91F8FCE289AB".into() + ), + profile_install_date: Some("2024-04-22 14:12:42 +0000".into()), + profile_uuid: Some("6F6670A3-65AC-4EA4-8665-91F8FCE289AB".into()), + profile_version: Some(1), + profile_items: vec![ProfileItem::SystemUIServer(SystemUIServer { + mount_controls: Some(MountControls { + harddisk_internal: vec![HardDiskInternalOpts::Deny], + }) + })], + }] + )]), + parsed + ); + } + + #[test] + fn try_parse_unknown() { + let parsed: Policies = plist::from_reader(std::io::Cursor::new(include_str!( + "./profile.sample.unknown.plist" + ))) + .unwrap(); + + assert_eq!( + Policies::from([( + Target::Computer, + vec![Profile { + profile_description: Some("".into()), + profile_display_name: Some( + "macOS Software Update Policy: Mandatory Minor Upgrades".into() + ), + profile_identifier: Some("com.example".into()), + profile_install_date: Some("2024-04-22 00:00:00 +0000".into()), + profile_uuid: Some("F7972F85-2A4D-4609-A4BB-02CB0C34A3F8".into()), + profile_version: Some(1), + profile_items: vec![ProfileItem::Unknown(UnknownProfileItem { + payload_type: "com.apple.SoftwareUpdate".into(), + payload_content: plist::Value::Dictionary({ + let mut dict = plist::dictionary::Dictionary::new(); + dict.insert("AllowPreReleaseInstallation".into(), false.into()); + dict.insert("AutomaticCheckEnabled".into(), true.into()); + dict + }) + })], + }] + )]), + parsed + ); + } +} diff --git a/src/planner/mod.rs b/src/planner/mod.rs index 97e72503f..3d7765453 100644 --- a/src/planner/mod.rs +++ b/src/planner/mod.rs @@ -415,6 +415,8 @@ pub enum PlannerError { Sysctl(#[from] sysctl::SysctlError), #[error("Detected that this process is running under Rosetta, using Nix in Rosetta is not supported (Please open an issue with your use case)")] RosettaDetected, + #[error("Determinate Nix Enterprise Edition is not available. See: https://determinate.systems/enterprise")] + EnterpriseEditionUnavailable, /// A Linux SELinux related error #[error("Unable to install on an SELinux system without common SELinux tooling, the binaries `restorecon`, and `semodule` are required")] SelinuxRequirements, @@ -447,6 +449,7 @@ impl HasExpectedErrors for PlannerError { PlannerError::Plist(_) => None, PlannerError::Sysctl(_) => None, this @ PlannerError::RosettaDetected => Some(Box::new(this)), + this @ PlannerError::EnterpriseEditionUnavailable => Some(Box::new(this)), PlannerError::OsRelease(_) => None, PlannerError::Utf8(_) => None, PlannerError::SelinuxRequirements => Some(Box::new(self)), diff --git a/src/settings.rs b/src/settings.rs index a59e3aad3..b7c7904ba 100644 --- a/src/settings.rs +++ b/src/settings.rs @@ -11,21 +11,11 @@ use url::Url; pub const SCRATCH_DIR: &str = "/nix/temp-install-dir"; -/// Default [`nix_package_url`](CommonSettings::nix_package_url) for Linux x86_64 -pub const NIX_X64_64_LINUX_URL: &str = - "https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-x86_64-linux.tar.xz"; -/// Default [`nix_package_url`](CommonSettings::nix_package_url) for Linux x86 (32 bit) -pub const NIX_I686_LINUX_URL: &str = - "https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-i686-linux.tar.xz"; -/// Default [`nix_package_url`](CommonSettings::nix_package_url) for Linux aarch64 -pub const NIX_AARCH64_LINUX_URL: &str = - "https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-aarch64-linux.tar.xz"; -/// Default [`nix_package_url`](CommonSettings::nix_package_url) for Darwin x86_64 -pub const NIX_X64_64_DARWIN_URL: &str = - "https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-x86_64-darwin.tar.xz"; -/// Default [`nix_package_url`](CommonSettings::nix_package_url) for Darwin aarch64 -pub const NIX_AARCH64_DARWIN_URL: &str = - "https://releases.nixos.org/nix/nix-2.18.1/nix-2.18.1-aarch64-darwin.tar.xz"; +pub const NIX_TARBALL_PATH: &str = env!("NIX_INSTALLER_TARBALL_PATH"); +/// The NIX_INSTALLER_TARBALL_PATH environment variable should point to a target-appropriate +/// Nix installation tarball, like nix-2.21.2-aarch64-darwin.tar.xz. The contents are embedded +/// in the resulting binary. +pub const NIX_TARBALL: &[u8] = include_bytes!(env!("NIX_INSTALLER_TARBALL_PATH")); #[derive(Debug, serde::Deserialize, serde::Serialize, Clone, Copy, PartialEq, Eq)] #[cfg_attr(feature = "cli", derive(clap::ValueEnum))] @@ -145,39 +135,9 @@ pub struct CommonSettings { /// The Nix package URL #[cfg_attr( feature = "cli", - clap(long, env = "NIX_INSTALLER_NIX_PACKAGE_URL", global = true, value_parser = clap::value_parser!(UrlOrPath)) + clap(long, env = "NIX_INSTALLER_NIX_PACKAGE_URL", global = true, value_parser = clap::value_parser!(UrlOrPath), default_value = None) )] - #[cfg_attr( - all(target_os = "macos", target_arch = "x86_64", feature = "cli"), - clap( - default_value = NIX_X64_64_DARWIN_URL, - ) - )] - #[cfg_attr( - all(target_os = "macos", target_arch = "aarch64", feature = "cli"), - clap( - default_value = NIX_AARCH64_DARWIN_URL, - ) - )] - #[cfg_attr( - all(target_os = "linux", target_arch = "x86_64", feature = "cli"), - clap( - default_value = NIX_X64_64_LINUX_URL, - ) - )] - #[cfg_attr( - all(target_os = "linux", target_arch = "x86", feature = "cli"), - clap( - default_value = NIX_I686_LINUX_URL, - ) - )] - #[cfg_attr( - all(target_os = "linux", target_arch = "aarch64", feature = "cli"), - clap( - default_value = NIX_AARCH64_LINUX_URL, - ) - )] - pub nix_package_url: UrlOrPath, + pub nix_package_url: Option, /// The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` #[cfg_attr(feature = "cli", clap(long, env = "NIX_INSTALLER_PROXY"))] @@ -263,7 +223,6 @@ pub struct CommonSettings { impl CommonSettings { /// The default settings for the given Architecture & Operating System pub async fn default() -> Result { - let url; let nix_build_user_prefix; let nix_build_user_id_base; let nix_build_user_count; @@ -272,21 +231,18 @@ impl CommonSettings { match (Architecture::host(), OperatingSystem::host()) { #[cfg(target_os = "linux")] (Architecture::X86_64, OperatingSystem::Linux) => { - url = NIX_X64_64_LINUX_URL; nix_build_user_prefix = "nixbld"; nix_build_user_id_base = 30000; nix_build_user_count = 32; }, #[cfg(target_os = "linux")] (Architecture::X86_32(_), OperatingSystem::Linux) => { - url = NIX_I686_LINUX_URL; nix_build_user_prefix = "nixbld"; nix_build_user_id_base = 30000; nix_build_user_count = 32; }, #[cfg(target_os = "linux")] (Architecture::Aarch64(_), OperatingSystem::Linux) => { - url = NIX_AARCH64_LINUX_URL; nix_build_user_prefix = "nixbld"; nix_build_user_id_base = 30000; nix_build_user_count = 32; @@ -294,7 +250,6 @@ impl CommonSettings { #[cfg(target_os = "macos")] (Architecture::X86_64, OperatingSystem::MacOSX { .. }) | (Architecture::X86_64, OperatingSystem::Darwin) => { - url = NIX_X64_64_DARWIN_URL; nix_build_user_prefix = "_nixbld"; nix_build_user_id_base = 300; nix_build_user_count = 32; @@ -302,7 +257,6 @@ impl CommonSettings { #[cfg(target_os = "macos")] (Architecture::Aarch64(_), OperatingSystem::MacOSX { .. }) | (Architecture::Aarch64(_), OperatingSystem::Darwin) => { - url = NIX_AARCH64_DARWIN_URL; nix_build_user_prefix = "_nixbld"; nix_build_user_id_base = 300; nix_build_user_count = 32; @@ -321,7 +275,7 @@ impl CommonSettings { nix_build_user_id_base, nix_build_user_count, nix_build_user_prefix: nix_build_user_prefix.to_string(), - nix_package_url: url.parse()?, + nix_package_url: None, proxy: Default::default(), extra_conf: Default::default(), force: false, diff --git a/tests/fixtures/linux/linux.json b/tests/fixtures/linux/linux.json index 062dec3cc..a300bb358 100644 --- a/tests/fixtures/linux/linux.json +++ b/tests/fixtures/linux/linux.json @@ -1,5 +1,5 @@ { - "version": "0.14.0", + "version": "0.19.0", "actions": [ { "action": { @@ -405,7 +405,8 @@ "action": "configure_init_service", "init": "Systemd", "start_daemon": true, - "ssl_cert_file": null + "ssl_cert_file": null, + "enterprise_edition": false }, "state": "Uncompleted" }, @@ -442,7 +443,7 @@ } }, "diagnostic_data": { - "version": "0.14.0", + "version": "0.19.0", "planner": "linux", "configured_settings": [], "os_name": "Ubuntu", diff --git a/tests/fixtures/linux/steam-deck.json b/tests/fixtures/linux/steam-deck.json index a05aefb9e..ca9a20803 100644 --- a/tests/fixtures/linux/steam-deck.json +++ b/tests/fixtures/linux/steam-deck.json @@ -1,5 +1,5 @@ { - "version": "0.14.0", + "version": "0.19.0", "actions": [ { "action": { @@ -380,7 +380,8 @@ "action": "configure_init_service", "init": "Systemd", "start_daemon": true, - "ssl_cert_file": null + "ssl_cert_file": null, + "enterprise_edition": false }, "state": "Uncompleted" }, @@ -422,7 +423,7 @@ } }, "diagnostic_data": { - "version": "0.14.0", + "version": "0.19.0", "planner": "steam-deck", "configured_settings": [], "os_name": "Ubuntu", diff --git a/tests/fixtures/macos/macos.json b/tests/fixtures/macos/macos.json index e45889102..bf72e7432 100644 --- a/tests/fixtures/macos/macos.json +++ b/tests/fixtures/macos/macos.json @@ -1,5 +1,5 @@ { - "version": "0.14.0", + "version": "0.19.0", "actions": [ { "action": { @@ -8,6 +8,7 @@ "name": "Nix Store", "case_sensitive": false, "encrypt": false, + "enterprise_edition": false, "create_or_append_synthetic_conf": { "action": { "path": "/etc/synthetic.conf", @@ -416,7 +417,8 @@ "action": "configure_init_service", "init": "Launchd", "start_daemon": true, - "ssl_cert_file": null + "ssl_cert_file": null, + "enterprise_edition": false }, "state": "Uncompleted" }, @@ -447,13 +449,14 @@ "add_channel": true, "diagnostic_endpoint": "https://install.determinate.systems/nix/diagnostic" }, + "enterprise_edition": false, "encrypt": null, "case_sensitive": false, "volume_label": "Nix Store", "root_disk": "disk3" }, "diagnostic_data": { - "version": "0.14.0", + "version": "0.19.0", "planner": "macos", "configured_settings": [], "os_name": "unknown",