Commit Graph

66 Commits

Author SHA1 Message Date
Raito Bezarius eba963b6f1 tool/shared: make clippy happy
- implements a trivial Default for Roots
- implements a FromStr for OsRelease
2023-09-14 11:55:09 +02:00
Raito Bezarius fd188a0e32 tool/shared: make constraints less concrete and drop lockfile
In a library, a lockfile is not really needed per se
and we should avoid creating duplicate dependencies
as much as possible.
2023-09-14 11:55:09 +02:00
Raito Bezarius 923567d08a systemd-tool: make integration test pass 2023-09-14 11:55:09 +02:00
Raito Bezarius 8029449cba tool: split systemd into a new crate and make tool into a lib-only crate
This is necessary to make integration testing specific to the backend.
2023-09-14 11:55:09 +02:00
Raito Bezarius efe7b40f5c lzbt: abstraction for multiple backends
This generates `lzbt-systemd` binary instead of `lzbt`
which is using a special systemd-specific entrypoint.

This is part of the effort to enable multiple backends.
2023-09-14 11:55:09 +02:00
tilpner 3895c94eb5
tool: only sync ESP filesystem 2023-08-17 21:23:33 +02:00
renovate[bot] 9cceec4008 fix(deps): update all dependencies 2023-07-20 01:27:43 +02:00
renovate[bot] 3cae2f1c63
fix(deps): update all dependencies 2023-06-05 02:00:30 +00:00
renovate[bot] f1d199d0b4
fix(deps): update rust crate log to 0.4.18 2023-05-29 01:38:08 +00:00
nikstur 30ddfcd2ce tool: improve command error messages 2023-05-24 00:17:11 +02:00
renovate[bot] 5ecd73cdac
fix(deps): update all dependencies 2023-05-22 02:56:28 +00:00
Raito Bezarius 77f1279406 tool(bootspec): remove boilerplate with newest bootspec 2023-05-20 19:41:31 +02:00
Raito Bezarius 39cda9e457 tool: bump crate to 0.3.0 2023-05-18 19:03:37 +02:00
nikstur 65dbe44999 stub: format with rustfmt 2023-05-17 21:40:03 +02:00
renovate[bot] 7378e06257
fix(deps): update all dependencies 2023-05-08 01:30:03 +00:00
renovate[bot] 008e7a65fd
fix(deps): update all dependencies 2023-05-01 02:39:28 +00:00
Raito Bezarius 4ef6957f88 feat: enable synthesis support
Bootspec has a mechanism called synthesis where you can synthesize
bootspecs if they are not present based on the generation link only.

This is useful for "vanilla bootspec" which does not contain any
extensions, as this is what we do right now.

If we need extensions, we can also implement our synthesis mechanism on
the top of it.

Enabling synthesis gives us the superpower to support non-bootspec
users. :-)
2023-04-29 22:55:39 +02:00
Raito Bezarius 9fe979d2d6 tests: adopt bootspec v1 format 2023-04-29 15:21:38 +02:00
Raito Bezarius 48ff4cb7c4 tool: adopt bootspec 0.1.0 2023-04-29 15:21:38 +02:00
nikstur 06edad2e83 tool: improve log message about malformed gens
Tells the user which generations are malformed and how to remove them.
2023-04-27 00:33:45 +02:00
nikstur 09e12eb559 tool: disable gc in the presence of malformed gens
Disable GC if there are any malformed gens to avoid catastrophic failure
when there are upstream changes to NixOS that are not handled in lzbt.
2023-04-24 22:03:14 +02:00
nikstur 1b27ddd753
Merge pull request #159 from nix-community/renovate/all
fix(deps): update rust crate clap to 4.2.4
2023-04-24 14:03:04 +02:00
Janne Heß c22352ca20
tool: Use mtime of the symlink rather than the target
When using the target, this will always result in a timestamp from 1970
because the symlink points to the store.
2023-04-24 11:57:34 +02:00
Janne Heß 979d25ee13
Revert "Merge pull request #139 from adtya/built_on_date"
This reverts commit d751d13b0a, reversing
changes made to 7c55847aaf.
2023-04-24 11:48:46 +02:00
renovate[bot] 2ecd951de1
fix(deps): update rust crate clap to 4.2.4 2023-04-24 01:08:24 +00:00
nikstur 8efc061e1d tool: add comment for log level of malformed gens
The message about malformed generatiosn should semantically be a
warning. However, since users might have hundres of old and thus
malformed generations and can do little about it, this should remain a
debug message. This way the user is not spammed with no-op warnings
while still enabling debugging.
2023-04-23 23:28:21 +02:00
nikstur 68d1928e3d Revert "tool: don't silently ignore generations"
This reverts commit 4f182704e0.
2023-04-23 23:27:32 +02:00
Julian Stecklina 4f182704e0 tool: don't silently ignore generations 2023-04-23 15:20:49 +02:00
Julian Stecklina be458e3385 tool: avoid creating unbootable system
lzbt currently happily nukes all boot entries, if it can't parse any
bootspecs. With the upcoming incompatible bootspec change, this might
be a problem that's worth avoiding. :)

I changed lzbt to fail hard in case, it can't generate any boot
items.
2023-04-23 15:17:32 +02:00
renovate[bot] b25e1b77d2
chore(deps): update all dependencies 2023-04-17 01:25:18 +00:00
renovate[bot] 51017c0f40
fix(deps): update all dependencies 2023-04-09 20:27:07 +00:00
Julian Stecklina 5d3fbf10a6
Merge pull request #142 from Myaats/master
tool: drop buggy condition for when to sign
2023-04-09 22:20:46 +02:00
Mats 223ab53d55 tool: drop buggy condition for when to sign 2023-03-30 23:53:24 +02:00
Adithya Nair 97874a2002
propagate error instead of unwrapping in tests 2023-03-22 11:19:12 +05:30
Adithya Nair 6a342a49a9
propagate error instead of unwrapping 2023-03-22 01:25:17 +05:30
Adithya Nair e033a2fcaf
replace mtime with birth time 2023-03-21 23:47:33 +05:30
renovate[bot] 9bbbae3168
fix(deps): update all dependencies 2023-03-20 09:25:02 +00:00
renovate[bot] dfa6c3db1f
chore(deps): lock file maintenance 2023-03-20 01:57:17 +00:00
renovate[bot] eed59b4d16
fix(deps): update all dependencies 2023-03-13 00:45:02 +00:00
nikstur 721b584940 tool: fine tune a few log messages 2023-03-06 00:52:46 +01:00
nikstur c8522e02b4 Merge pull request #122 from nix-community/renovate/all
fix(deps): update all dependencies
2023-02-28 22:20:33 +01:00
renovate[bot] e321ad1626
fix(deps): update all dependencies 2023-02-27 02:01:48 +00:00
Julian Stecklina cbccd64c57 tool: make file installation deterministic
Due to the use of hash maps, the order of file installation was not
deterministic. I've changed the code the use BTreeMaps instead, which
makes this deterministic. While I was here, I tried to simplify the
code a bit.
2023-02-25 20:42:08 +01:00
nikstur 32950b7708 tool: fix typos 2023-02-24 01:29:15 +01:00
nikstur 75a19cd818 tool: correctly sort generation links
To correctly overwrite existing initrd with newer secrets (from newer
generations), the links need to be sorted from oldest generation to
newest.
2023-02-24 00:32:14 +01:00
nikstur 1d21d7bdd8 tool: add install tests
Add a few integration tests for installing files, e.g. overwriting
signed and unsigned files.
2023-02-24 00:04:00 +01:00
nikstur 362205c2ec tool: check file hashes before copying
To minimize writes to the ESP but still find necessary changes, compare
the hashes of the files on the ESP with the "expected" hashes. Only copy
and overwrite already existing files if the hashes don't match. This
ensures a working-as-expected state on the ESP as opposed to previously
where already existing files were just ignored.
2023-02-24 00:04:00 +01:00
nikstur 06b9cdc69e tool: move file_hash() to utils module 2023-02-24 00:04:00 +01:00
nikstur 3a3ad7c40d tool: write all generation artifacts at once
Previously, generations were installed one after another. Now all
artifacts (kernels, initrd etc.) are first collected and then installed.
This way the writes to the ESP are reduced as duplicate paths are
already removed in the collection phase.
2023-02-24 00:04:00 +01:00
nikstur df6b1b07f7 tool: use random names for secure tempfiles
Using random names for tempfiles makes handling them easier. It reduces
the amount of noise in the code because no custom name needs to be
provided for each tempfile. The names were not really useful in any
case.

It also does not burden the developer with ensuring uniqueness of names.
This is relevant when files for multiple generations need to be stored
in the same directory (e.g. because they need to be accessed after
handling one generation).

Out of an abundance of caution, 32 random alphanumeric characters are
chosen for each filename. The tempfile crate, in comparison, only
chooses 8. 32 characters should be enough to avoid collisions, even
if the PRNG is not of cryptographic quality.
2023-02-21 00:13:40 +01:00