about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2023-11-28 r/7086 feat(tvix/store/pathinfosvc/nix_http): allow configuring pubkeysFlorian Klink1-6/+28
This allows setitng the trusted-public-keys URL parameter to a (whitespace-separated) list of public keys. NARInfo files retrieved need to contain a valid signature. Change-Id: Ifd6580b723cbae3182e9cadfa54f1ca2b41d6599 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10153 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-28 r/7085 feat(tvix/store/pathinfosvc): add signature verificationFlorian Klink1-1/+33
Introduce an Option<Vec<narinfo::PubKey>>, configurable with a `set_public_keys` method. If set, this configures NixHTTPPathInfoService to validate signatures. Change-Id: I157c5e13c41fc9bfd40b0655381fb4cf33900868 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10152 Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-11-28 r/7084 feat(nix-compat/narinfo): add PubKey::verify(fp, sig)Florian Klink1-0/+32
This makes it easy for each PubKey to check if a given Signature is correct for a given fingerprint. Change-Id: I56e6211d133f74f390fd1ae3ae799eef12221904 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10151 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-28 r/7083 feat(nix-compat/narinfo): add PubKeyFlorian Klink2-0/+119
This represents a ed25519 public key and "name". These are normally passed in the `trusted-public-keys` Nix config option, and consist of a name and base64-encoded ed25519 pubkey, separated by a `:`. Change-Id: I9ab4b3e0e5821805ea6faf2499626630fc5a3f0a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10150 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-28 r/7082 refactor(nix-compat/narinfo/signature): rename Error typeFlorian Klink2-9/+7
Just call this Error, we can infer from the package what error this is. Change-Id: I5df25d2873ec739c49c08804f35562c84c222e06 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10149 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-28 r/7081 feat(tvix/store/pathinfosvc/nix_http): check Nar{Size,Hash} matchesFlorian Klink1-13/+84
Ensure the initially communicated NarHash/NarSize from the NarInfo matches what we read, and don't return a PathInfo message if there's a mismatch. Also move the buffering layer around a bit. Change-Id: I68c60ecfaf0f9cd5edacea648437ecb0c9729251 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10148 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-28 r/7080 fix(tvix/store/fs): don't panic on PathInfoService errorFlorian Klink1-11/+9
An error in the PathInfoService request can appear in case the underlying request returns an error. We shouldn't panic and bork the fuse mount, but instead return an IO error. Change-Id: I2daeae629e1627d06adcd7b82ddb76c50c602212 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10154 Tested-by: BuildkiteCI Reviewed-by: Connor Brewster <cbrewster@hey.com>
2023-11-28 r/7079 refactor(tazjin/emacs): move global-mode-line info into tab-barVincent Ambo3-39/+7
This removes the wonky hack with detecting the bottom right window, and gives me saner, unified handling of this display in the tab bar (of which there is only one!) Change-Id: Id21c6b2472d0c89fc4d000a10a9e90d2ddba86b6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10165 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-27 r/7078 chore(ops): move from gerrit-queue to gerrit-autosubmitVincent Ambo5-57/+46
Enables the new autosubmit bot, albeit without rebase functionality (this will be a separate change). Change-Id: Ia42a4f08c0edca5e6cc8bf4770ec24dbf16a5db7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10132 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-11-27 r/7077 feat(ops/gerrit-autosubmit): init simple gerrit autosubmitterVincent Ambo5-0/+515
Adds a small Rust program that connects to the Gerrit API and uses a simple algorithm to figure out which changes should be submitted, and submits them: * it fetches all changes the Gerrit query API considers submittable (i.e. all requirements fulfilled), and that have the `Autosubmit` label set * it filters these changes down to those that are _actually_ submittable (in Gerrit API terms: that have an active Submit button) * it filters out those that would submit ancestors that are *not* marked with the `Autosubmit` label * it submits the longest chain After that it just loops. There is no rebasing logic yet for when it "runs out" of submittable changes, but it will not be difficult to add. Relates to b/333. Change-Id: Ib91ecf2c45b178e8c64ff7b2174d617d4c45efe2 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10131 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: ezemtsov <eugene.zemtsov@gmail.com> Autosubmit: tazjin <tazjin@tvl.su>
2023-11-27 r/7076 chore(3p/sources): bump channels & overlays (2023-11-27)Vincent Ambo4-23/+25
* picked avrdude from stable channel * removed override for texlive, as the upstream fix is merged * picked awscli2 from stable channel * bump tdlib to 1.8.21 (new minimum for telega.el) * tvix/turbofetch: switch to nixpkgs-native mechanism for CARGO_MANIFEST_LINKS (whatever that is) Change-Id: Ic695721b5ca750b89d21cab7a257e1db682b23c0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10083 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su>
2023-11-27 r/7075 fix(nix-compat/narinfo/signature): validate name fieldFlorian Klink1-2/+15
We should restrict this to alphanumeric mostly, and we definitely don't want newlines. Not entirely sure about the exact additionally allowed characters outside of alphanumeric, but this can always be extended further. Change-Id: I1357e79e553f2df2fa97792889f63f0f35d50ed5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10147 Reviewed-by: edef <edef@edef.eu> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-11-27 r/7074 fix(nix-compat/narinfo): don't panic trying to parse signaturesFlorian Klink1-6/+13
BASE64.decode_mut panics if we're passing data that has the wrong size. Do the size check first and error out there. Also update the error, and talk about b64-encoded sizes. Change-Id: I290f80a37d48526a30bf1df9d1d9fe34865008eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/10146 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de>
2023-11-27 r/7073 refactor(nix-compat): use ed25519_dalek::SIGNATURE_LENGTHFlorian Klink1-8/+9
No need to hardcode magic numbers here, we have a constant for that. Change-Id: I67b671c0c4bb7c3bfb001e9c36499f31873ee717 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10145 Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-26 r/7072 feat(tazjin/emacs): i3-style jumping back&forth for tab-bar-modeVincent Ambo1-1/+15
Change-Id: I19cab91646241edc38a58bf5546c9dd8161abeb0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10130 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-26 r/7071 fix(ops/modules/irccat): recursively merge config attribute setsterni1-1/+1
`lib.types.attrs` is deprecated in favor of `lib.types.attrsOf lib.types.anything` because it doesn't merge attribute sets /recursively/. `attrsOf` and `anything` do, the former is used to ensure that the top value is an attribute set as expected by irccat. Change-Id: I2a9d943a06c8f99f7d6d20c9944288e854924bff Reviewed-on: https://cl.tvl.fyi/c/depot/+/10129 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-11-26 r/7070 feat(sterni/ingeborg): enable btrfs auto scrubsterni4-26/+28
While we are at it, rename disk-checkup.nix to btrfs-auto-scrub.nix and move it into //ops/modules. I originally wanted to have additionally disk health related services in that module, but the btrfs scrub functionality is nicely self-contained and reusable, so I think it makes sense to have this in a more central location. Change-Id: Iabdd62838eef009540ca71abafd921afda2a9b47 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10128 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-11-25 r/7069 feat(sterni/machines/ingeborg): boot-strapsterni3-0/+153
Network configuration and initrd setup is basically the same as with edwin, but we are using md for Software RAID this time as well as LVM over two partitions with LUKS: - sda2 <-- RAID1 --> sdb2 (boot-raid) └ boot partition, ext4 (encrypted-container-raid) - sda3 <-- RAID1 --> sdb3 └ LUKS container └ Volume Group vgmain ├ Logical Volume vgmain/swap │ └ swap └ Logical Volume vgmain/root └ btrfs So we no longer rely on btrfs raid1 due to question marks over its reliability (I personally did not have any problems though). This also means that we have less LUKS containers we need to unlock when booting (kind of neglible improvement). The biggest improvement is that we have redundancy for the swap, so a disk failure shouldn't cause memory corruption/loss. Change-Id: I14f065b659857415917d9a60a7ec019e687f8d1c Reviewed-on: https://cl.tvl.fyi/c/depot/+/10127 Tested-by: BuildkiteCI Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2023-11-25 r/7068 chore(sterni/edwin): allow 10G of logs (there's enough space)sterni1-1/+1
Change-Id: I576107047d8213e718e720d3a7a1dcc1dff39122 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10126 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-11-25 r/7067 refactor(sterni/edwin): move generic settings into modulesterni2-64/+81
These settings would also be applied to a machine that'd replace edwin, so it's useful to have them outside edwin's default.nix. Change-Id: I4e8f464118a103645e53909a87c6ee4446022fa3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10125 Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
2023-11-25 r/7066 feat(users/flokli/archivist): initFlorian Klink2-0/+29
This introduces a new structure, as activities are moved to a separate AWS Account for reasons (tm). Change-Id: Ic310eca2dc0d4ee81bae8944238b26910067336a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10124 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-11-25 r/7065 refactor(tvix/eval): use `or_default` helper in entry APIVincent Ambo1-3/+1
This fixes a future clippy lint. Change-Id: Ic830e94ef23595580c1037f10878c76bbb546dd9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10110 Tested-by: BuildkiteCI Reviewed-by: Adam Joseph <adam@westernsemico.com>
2023-11-25 r/7064 fix(tvix): ensure PartialOrd/Ord agree for StorePath & NixStringVincent Ambo2-2/+2
This fixes a *future* clippy lint: https://rust-lang.github.io/rust-clippy/master/index.html#/incorrect_partial_ord_impl_on_ord_type In essence, because the implementation of *both* Ord and PartialOrd implies that ordering is not partial, all results of PartialOrd should simply be those of Ord. This is to avoid subtle bugs in future refactorings. Change-Id: I8fc6694010208752dd47746a2aaaeca0c788d574 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10109 Tested-by: BuildkiteCI Reviewed-by: flokli <flokli@flokli.de>
2023-11-25 r/7063 fix(whitby): disable gerrit-queue due to b/333Vincent Ambo1-1/+2
Change-Id: I53084dcf033b8e7b2b7188fbef0a8d1ce15ceb83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10123 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-25 r/7062 chore(tazjin/emacs): remove all workspace related functionalityVincent Ambo2-191/+1
This removes everything related to workspaces, as well as the current RandR configuration, creating a (cleaner) slate for switching to tabs. This was supposed to be committed earlier, but got broken by clbot (see b/333). Change-Id: I2d110bca0d6629a505699210f0aba12882f83d48 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10115 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-25 r/7061 feat(tazjin/emacs): initial tab-bar-mode configurationVincent Ambo2-3/+23
Sets up tab-bar-mode for EXWM, and adds simple initial configuration and shortcuts to make it behave sanely. I had to assign tab switching shortcuts myself, as the EXWM input key stuff doesn't work correctly with the built-in way of setting these shortcuts in tab-bar-mode. Change-Id: Icd96f03ae7bd2bd5f7c2d59f9aca7a1ca2e7f788 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10116 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2023-11-25 r/7060 feat(tazjin/emacs): dynamically assign EXWM workspaces to monitorsVincent Ambo1-2/+37
Adds an `exwm-assign-workspaces` function that automatically creates and assigns workspaces to each currently connected monitor. The first workspace (index 0) is always on the primary monitor. This function should be idempotent and can be called at any point to synchronise X outputs and what EXWM is displaying on them. This works because tabs are disconnected from workspaces completely, so I don't have to care about what's going on on other workspaces anymore. Still missing: * functions to connect/disconnect outputs * switching to other outputs from within emacs commands (i.e. without the mouse) Change-Id: I7c24aa1b45218fe35de6939e799852b5d11d1272 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10119 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-25 r/7059 fix(3p/exwm): re-enable chromium focus workaroundVincent Ambo1-3/+3
This seems to actually sort of work with tab-bar-mode. Change-Id: I7b12b69ec7413ce9b9e1650d8629db8aca8a1796 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10117 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-25 r/7058 feat(tazjin/emacs): add a monitor focus switch shortcutVincent Ambo1-0/+14
This one is a bit stupid because I couldn't figure out a way to determine the active workspace. It's definitely possible (either through some XCB calls, or through state management in screen change hooks), but for now this is fine. Change-Id: I5e4c531b248caa0021664bad9dc196bef60cfbac Reviewed-on: https://cl.tvl.fyi/c/depot/+/10122 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su>
2023-11-25 r/7057 fix(tazjin/emacs): pick new primary monitor when disabling currentVincent Ambo1-3/+15
By default, this will be the (only) remaining monitor. In N>2 situations, ask the user. Change-Id: Id68fcf60d56d0414d1072b8ffeef72c608678f52 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10121 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-25 r/7056 feat(tazjin/emacs): add interactive commands for configuring screensVincent Ambo1-0/+52
Uses a bunch of weird xrandr invocations and completing reads to configure screens the way I want. Note that this has a known bug where disconnecting a primary screen will *not* make one of the remaining screens primary. Change-Id: Ide5322df446685cc4740d4ddd7b6ca8682375050 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10120 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-25 r/7055 refactor(tvix/eval): add ThunkRepr::is_forced()Adam Joseph1-5/+9
Change-Id: I4eab5c81fb82337da06327248845cd2f3a4490d3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10038 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Autosubmit: Adam Joseph <adam@westernsemico.com>
2023-11-25 r/7054 feat(tvix/eval): add Thunk::unwrap_or_clone()Adam Joseph1-1/+34
This commit adds Thunk::unwrap_or_clone(), which uses Rc::try_unwrap() to avoid cloning the Value out of a an Rc which has only one strong reference. Change-Id: Icacefe0c823dcddf046d90c0c5cd5ed59fe976d4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10037 Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: Adam Joseph <adam@westernsemico.com> Tested-by: BuildkiteCI
2023-11-24 r/7053 fix(tvix/castore): correctly flag unreachable codesterni1-1/+1
Change-Id: Id09afa4b77c3c70fb5695f253f6df4aa88b61e19 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10113 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-24 r/7052 docs(tvix/eval): optimization potential for inherit (from) exprssterni1-0/+19
Change-Id: Ibddaa111a5b7a86c42dbe153ae8e53f9a5601a54 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10112 Tested-by: BuildkiteCI Reviewed-by: Adam Joseph <adam@westernsemico.com>
2023-11-22 r/7051 feat(tvix/store): add as_narinfo() for PathInfoFlorian Klink2-2/+106
This allows seeing a PathInfo as a nix_compat::narinfo::NarInfo<'_>. It doesn't allocate any new data, but the NarInfo<'_> view allows us to access things like signature verification, or rendering out (alternations of this) as strings. Change-Id: Id0d8d7feeb626ee02c3d8a4932f24ace77022619 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10108 Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-22 r/7050 feat(nix-compat/narinfo/signature): add new() constructorFlorian Klink1-0/+5
This is useful when creating a new Signature struct where the individual elements are already parsed. Change-Id: Ie33c66287641951e7a030aaa1e7ff0a86b2628ac Reviewed-on: https://cl.tvl.fyi/c/depot/+/10111 Reviewed-by: edef <edef@edef.eu> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-22 r/7049 refactor(tvix/store): impl From<&nar_info::Ca> for nixhash::CAHashFlorian Klink1-0/+62
Change-Id: I637a4cff5a5ca29c4d86e0b76a2f20f8741f5628 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10107 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: edef <edef@edef.eu> Tested-by: BuildkiteCI
2023-11-22 r/7048 refactor(tvix/store): impl From<nixhash::CAHash> for nar_info::CaFlorian Klink1-16/+25
Change-Id: Iaa68044d3b469f15a932aa3b59548505eaa6b8bb Reviewed-on: https://cl.tvl.fyi/c/depot/+/10106 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: edef <edef@edef.eu> Tested-by: BuildkiteCI
2023-11-22 r/7047 refactor(tvix/nix-compat): move from_name_and_digest to StorePathRefFlorian Klink2-13/+11
We can simply use .to_owned() on that thing afterwards if we want to construct an owned StorePath. Change-Id: I0f3e2e4434b99ee522f2a7dbfa391e13a987479c Reviewed-on: https://cl.tvl.fyi/c/depot/+/10105 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: edef <edef@edef.eu> Tested-by: BuildkiteCI
2023-11-22 r/7046 feat(nix-compat/narinfo): drop .drv from Narinfo.deriver fieldFlorian Klink2-16/+16
We always know this needs to end with a .drv, and fail parsing if it doesn't, so there's no need to hang onto these 4 bytes. This will make it much easier to synthesize a NarInfo<'_> later on from a PathInfo proto, because we don't have to make this ".drv" appear out of thin air. Change-Id: Id95e7fd937d7c9a420a39b5a4bab73985640ca3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/10084 Tested-by: BuildkiteCI Reviewed-by: edef <edef@edef.eu> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de>
2023-11-22 r/7045 refactor(tvix/nix-compat): cleanup parse_{ca,hash} and fmt structsFlorian Klink6-97/+83
These were used to format to and parse from strings. Move this to the CAHash and NixHash structs directly, and be explicit in the name about which encoding for digests is used. For output path calculation, nix encodes the nixpaths in hex, but for writing out NARInfos, it's using nixbase32. Change-Id: Ia585a76a3811b2609e7ce259fda66a29403b7e07 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10079 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de>
2023-11-22 r/7044 fix(3p/exwm): fix EXWM build with depot sourcesVincent Ambo3-4/+16
Something changed in the machinery and broke the overriding. I didn't notice this, as a I was temporarily using an unpatched EXWM. Change-Id: I1a4e8ea63bd116d86a430e680c2b631474e9a0fe Reviewed-on: https://cl.tvl.fyi/c/depot/+/10047 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
2023-11-19 r/7043 feat(tvix/nix-compat/narinfo): add fingerprintFlorian Klink2-0/+64
This adds support to compute the fingerprint string, which is what's ed25519-signed in binary caches. Change-Id: I8947239c609896acfd7261f110450014bedf465a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10080 Reviewed-by: raitobezarius <tvl@lahfa.xyz> Autosubmit: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
2023-11-19 r/7042 feat(tvix/nix-compat): add narinfo::Signature::verifyFlorian Klink6-211/+1388
This adds support for verifying signatures found in NARInfo files. This still needs to be hooked together with the nix+http[s] backend. Change-Id: Ic1c8ddbdecfb05cefca2492808388b0f7f3f2637 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10081 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-11-19 r/7041 chore(third_party/nixpkgs): add more patches to crate2nixFlorian Klink2-0/+56
Change-Id: I2c2c3d4722a69a1ce5a4f144d0c450d88f40856a Reviewed-on: https://cl.tvl.fyi/c/depot/+/10082 Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz> Tested-by: BuildkiteCI
2023-11-19 r/7040 refactor(nix-compat/narinfo): move signature into separate fileFlorian Klink2-52/+59
Change-Id: Ic257475e2afebf059c5317c1cc5b04ba63d5d318 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10078 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2023-11-19 r/7039 refactor(tvix/nix-compat): move narinfo into separate modFlorian Klink1-2/+4
Change-Id: Id85f979e46946da0345483cbbc6de3dd29c94c63 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10077 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2023-11-19 r/7038 feat(tvix/store/pathinfoservice): implement NixHTTPPathInfoServiceFlorian Klink6-10/+1043
NixHTTPPathInfoService acts as a bridge in between the Nix HTTP Binary cache protocol provided by Nix binary caches such as cache.nixos.org, and the Tvix Store Model. It implements the [PathInfoService] trait in an interesting way: Every [PathInfoService::get] fetches the .narinfo and referred NAR file, inserting components into a [BlobService] and [DirectoryService], then returning a [PathInfo] struct with the root. Due to this being quite a costly operation, clients are expected to layer this service with store composition, so they're only ingested once. The client is expected to be (indirectly) using the same [BlobService] and [DirectoryService], so able to fetch referred Directories and Blobs. [PathInfoService::put] and [PathInfoService::nar] are not implemented and return an error if called. This behaves very similar to the nar-bridge-pathinfo code in nar-bridge, except it's now in Rust. Change-Id: Ia03d4fed9d0657965d100299af97cd917a03f2f0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10069 Tested-by: BuildkiteCI Autosubmit: flokli <flokli@flokli.de> Reviewed-by: raitobezarius <tvl@lahfa.xyz>
2023-11-19 r/7037 refactor(tvix/castore/blobservice): rm AsyncBufRead from BlobReaderFlorian Klink1-4/+1
There's no need to already require this to be buffered here. Change-Id: Ib9a11b194e0754d87ab8d2ef0b8cb0f4edc01229 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10074 Tested-by: BuildkiteCI Reviewed-by: raitobezarius <tvl@lahfa.xyz>