packages feed

cachix 0.5.0 → 0.5.1

raw patch · 7 files changed

+45/−44 lines, 7 filesdep ~servant-auth-client

Dependency ranges changed: servant-auth-client

Files

CHANGELOG.md view
@@ -7,6 +7,13 @@  ## Unreleased +## [0.5.1] - 2020-11-09++### Fixed++- Regression: use auth token when using signing key with private caches +- Configure netrc even if cachix config doesn't exist+ ## [0.5.0] - 2020-11-06  ### Added
cachix.cabal view
@@ -1,6 +1,6 @@ cabal-version:      2.2 name:               cachix-version: 0.5.0+version: 0.5.1 license:            Apache-2.0 license-file:       LICENSE copyright:          2018 Domen Kožar@@ -151,11 +151,12 @@     Spec    build-depends:-    , base        >=4.7 && <5+    , base                 >=4.7 && <5     , cachix     , cachix-api     , directory     , here     , hspec     , protolude+    , servant-auth-client     , temporary
src/Cachix/Client/Config.hs view
@@ -112,13 +112,15 @@ noAuthTokenError :: Text noAuthTokenError =   [iTrim|-Start by visiting https://app.cachix.org and either:+Start by visiting https://app.cachix.org and create a personal/cache auth token. +To configure the token:+ a) Via environment variable:   $ export CACHIX_AUTH_TOKEN=<token...> -b) Running:+b) Via configuration file:  $ cachix authtoken <token...>   |]
src/Cachix/Client/InstallationMode.hs view
@@ -218,13 +218,11 @@ addPrivateBinaryCacheNetRC :: Maybe Config -> BinaryCache.BinaryCache -> NixConf.NixConfLoc -> IO FilePath addPrivateBinaryCacheNetRC maybeConfig bc nixconf = do   filename <- (`replaceFileName` "netrc") <$> NixConf.getFilename nixconf-  case maybeConfig of-    Nothing -> throwIO $ NoConfig Config.noAuthTokenError-    Just config -> do-      let netrcfile = fromMaybe filename Nothing -- TODO: get netrc from nixconf-      NetRc.add config [bc] netrcfile-      putErrText $ "Configured private read access credentials in " <> toS filename-      pure filename+  authToken <- Config.getAuthTokenRequired maybeConfig+  let netrcfile = fromMaybe filename Nothing -- TODO: get netrc from nixconf+  NetRc.add authToken [bc] netrcfile+  putErrText $ "Configured private read access credentials in " <> toS filename+  pure filename  isTrustedUser :: [Text] -> IO Bool isTrustedUser users = do
src/Cachix/Client/NetRc.hs view
@@ -5,8 +5,6 @@ where  import Cachix.API.Error (escalateAs)-import Cachix.Client.Config (Config)-import qualified Cachix.Client.Config as Config import Cachix.Client.Exception (CachixException (NetRcParseError)) import qualified Cachix.Types.BinaryCache as BinaryCache import qualified Data.ByteString as BS@@ -22,32 +20,31 @@ --   Makes sure there are no duplicate entries (using domain as a key). --   If file under filename doesn't exist it's created. add ::-  Config ->+  Token ->   [BinaryCache.BinaryCache] ->   FilePath ->   IO ()-add config binarycaches filename = do+add cachixAuthToken binarycaches filename = do   doesExist <- doesFileExist filename-  cachixAuthToken <- Config.getAuthTokenRequired (Just config)   netrc <-     if doesExist       then BS.readFile filename >>= parse       else return $ NetRc [] []   createDirectoryIfMissing True (takeDirectory filename)-  BS.writeFile filename $ netRcToByteString $ uniqueAppend cachixAuthToken netrc+  BS.writeFile filename $ netRcToByteString $ uniqueAppend netrc   where     parse :: ByteString -> IO NetRc     parse contents = escalateAs (NetRcParseError . show) $ parseNetRc filename contents     -- O(n^2) but who cares?-    uniqueAppend :: Token -> NetRc -> NetRc-    uniqueAppend cachixAuthToken (NetRc hosts macdefs) =+    uniqueAppend :: NetRc -> NetRc+    uniqueAppend (NetRc hosts macdefs) =       let f :: NetRcHost -> NetRcHost -> Bool           f x y = nrhName x == nrhName y-       in NetRc (nubBy f (new cachixAuthToken ++ hosts)) macdefs-    new :: Token -> [NetRcHost]-    new cachixAuthToken = map (mkHost cachixAuthToken) $ filter (not . BinaryCache.isPublic) binarycaches-    mkHost :: Token -> BinaryCache.BinaryCache -> NetRcHost-    mkHost cachixAuthToken bc =+       in NetRc (nubBy f (new ++ hosts)) macdefs+    new :: [NetRcHost]+    new = map mkHost $ filter (not . BinaryCache.isPublic) binarycaches+    mkHost :: BinaryCache.BinaryCache -> NetRcHost+    mkHost bc =       NetRcHost         { nrhName = toS $ stripPrefix "http://" $ stripPrefix "https://" (BinaryCache.uri bc),           nrhLogin = "",
src/Cachix/Client/Push.hs view
@@ -60,7 +60,7 @@  data PushSecret   = PushToken Token-  | PushSigningKey SigningKey+  | PushSigningKey Token SigningKey  data PushCache   = PushCache@@ -120,7 +120,7 @@ getCacheAuthToken :: PushCache -> Token getCacheAuthToken cache = case pushCacheSecret cache of   PushToken token -> token-  PushSigningKey _ -> Token ""+  PushSigningKey token _ -> token  uploadStorePath ::   (MonadMask m, MonadIO m) =>@@ -193,7 +193,7 @@       let fp = fingerprint storePath narHash narSize references           (sig, authToken) = case pushCacheSecret cache of             PushToken token -> (Nothing, token)-            PushSigningKey signKey -> (Just $ toS $ B64.encode $ unSignature $ dsign (signingSecretKey signKey) fp, Token "")+            PushSigningKey token signKey -> (Just $ toS $ B64.encode $ unSignature $ dsign (signingSecretKey signKey) fp, token)           nic =             Api.NarInfoCreate               { Api.cStoreHash = storeHash,@@ -282,20 +282,19 @@   -- | Secret key or exception   IO PushSecret findPushSecret config name = do-  maybeEnvSK <- lookupEnv "CACHIX_SIGNING_KEY"-  -- we reverse list of caches to prioritize keys added as last-  let matches c = filter (\bc -> Config.name bc == name) $ reverse $ Config.binaryCaches c-      maybeBCSK = case config of+  maybeSigningKeyEnv <- toS <<$>> lookupEnv "CACHIX_SIGNING_KEY"+  maybeAuthToken <- Config.getAuthTokenMaybe config+  let maybeSigningKeyConfig = case config of         Nothing -> Nothing-        Just c -> Config.secretKey <$> head (matches c)-  case maybeBCSK <|> toS <$> maybeEnvSK of-    Just signingKey -> escalateAs FatalError $ PushSigningKey <$> parseSigningKeyLenient signingKey-    Nothing -> do-      authtoken <- Config.getAuthTokenMaybe config-      case authtoken of-        Just at -> return $ PushToken at-        Nothing -> throwIO $ NoSigningKey msg+        Just cfg -> Config.secretKey <$> head (getBinaryCache cfg)+  case maybeSigningKeyEnv <|> maybeSigningKeyConfig of+    Just signingKey -> escalateAs FatalError $ PushSigningKey (fromMaybe (Token "") maybeAuthToken) <$> parseSigningKeyLenient signingKey+    Nothing -> case maybeAuthToken of+      Just authToken -> return $ PushToken authToken+      Nothing -> throwIO $ NoSigningKey msg   where+    -- we reverse list of caches to prioritize keys added as last+    getBinaryCache c = filter (\bc -> Config.name bc == name) $ reverse $ Config.binaryCaches c     msg :: Text     msg =       [iTrim|
test/NetRcSpec.hs view
@@ -1,10 +1,10 @@ module NetRcSpec where -import Cachix.Client.Config (Config, mkConfig) import qualified Cachix.Client.NetRc as NetRc import Cachix.Types.BinaryCache (BinaryCache (..)) import Cachix.Types.Permission (Permission (..)) import Protolude+import Servant.Auth.Client (Token (..)) import System.Directory (copyFile) import System.IO.Temp (withSystemTempFile) import Test.Hspec@@ -31,16 +31,13 @@       permission = Read     } -config :: Config-config = mkConfig "token123"- -- TODO: poor man's golden tests, use https://github.com/stackbuilders/hspec-golden test :: [BinaryCache] -> Text -> Expectation test caches goldenName = withSystemTempFile "hspec-netrc" $ \filepath _ -> do   let input = "test/data/" <> toS goldenName <> ".input"       output = "test/data/" <> toS goldenName <> ".output"   copyFile input filepath-  NetRc.add config caches filepath+  NetRc.add (Token "token123") caches filepath   real <- readFile filepath   expected <- readFile output   real `shouldBe` expected