gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 07:40:30 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore: format everything

Browse Source 
This implicates a change from nixpkgs-fmt to nixfmt. Nixfmt will become
the new standard on nix formatting, sanctioned by the nixpkgs. To verify
that these changes are purely in whitespace, but not semantic:

git diff --ignore-all-space -w HEAD^!

That will only show newline changes, make the diffing somewhat easier.

Signed-off-by: wucke13 <wucke13+github@gmail.com>
This commit is contained in:
wucke13
2025-04-13 12:57:57 +02:00
committed by Karolin Varner
parent a45812b2cd
commit 22b980a61f
17 changed files with 558 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@@ -90,7 +90,6 @@ criterion = "0.5.1"
allocator-api2-tests = "0.2.15" allocator-api2-tests = "0.2.15"
procspawn = { version = "1.0.1", features = ["test-support"] } procspawn = { version = "1.0.1", features = ["test-support"] }
#Broker dependencies (might need cleanup or changes) #Broker dependencies (might need cleanup or changes)
wireguard-uapi = { version = "3.0.0", features = ["xplatform"] } wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }
command-fds = "0.2.3" command-fds = "0.2.3"

16
deny.toml
View File

@@ -24,11 +24,7 @@ feature-depth = 1
[advisories] [advisories]
# A list of advisory IDs to ignore. Note that ignored advisories will still # A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered. # output a note when they are encountered.
ignore = [ ignore = ["RUSTSEC-2024-0370", "RUSTSEC-2024-0436", "RUSTSEC-2023-0089"]
"RUSTSEC-2024-0370",
"RUSTSEC-2024-0436",
"RUSTSEC-2023-0089",
]
# If this is true, then cargo deny will use the git executable to fetch advisory database. # If this is true, then cargo deny will use the git executable to fetch advisory database.
# If this is false, then it uses a built-in git library. # If this is false, then it uses a built-in git library.
# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support. # Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
@@ -94,15 +90,11 @@ workspace-default-features = "allow"
# on a crate-by-crate basis if desired. # on a crate-by-crate basis if desired.
external-default-features = "allow" external-default-features = "allow"
# List of crates that are allowed. Use with care! # List of crates that are allowed. Use with care!
allow = [ allow = []
]
# List of crates to deny # List of crates to deny
deny = [ deny = []
]
skip-tree = [ skip-tree = []
]
# This section is considered when running `cargo deny check sources`. # This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here: # More documentation about the 'sources' section can be found here:

56
flake.nix
View File

@@ -15,22 +15,27 @@
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, flake-utils, nix-vm-test, treefmt-nix, ... }@inputs: outputs =
{
self,
nixpkgs,
flake-utils,
nix-vm-test,
treefmt-nix,
...
}@inputs:
nixpkgs.lib.foldl (a: b: nixpkgs.lib.recursiveUpdate a b) { } [ nixpkgs.lib.foldl (a: b: nixpkgs.lib.recursiveUpdate a b) { } [
# #
### Export the overlay.nix from this flake ### ### Export the overlay.nix from this flake ###
# #
{ { overlays.default = import ./overlay.nix; }
overlays.default = import ./overlay.nix;
}
# #
### Actual Rosenpass Package and Docker Container Images ### ### Actual Rosenpass Package and Docker Container Images ###
# #
(flake-utils.lib.eachSystem [ (flake-utils.lib.eachSystem
[
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
@@ -40,7 +45,8 @@
"aarch64-darwin" "aarch64-darwin"
# "x86_64-windows" # "x86_64-windows"
] ]
(system: (
system:
let let
# normal nixpkgs # normal nixpkgs
pkgs = import nixpkgs { pkgs = import nixpkgs {
@@ -51,7 +57,8 @@
}; };
in in
{ {
packages = { packages =
{
default = pkgs.rosenpass; default = pkgs.rosenpass;
rosenpass = pkgs.rosenpass; rosenpass = pkgs.rosenpass;
rosenpass-oci-image = pkgs.rosenpass-oci-image; rosenpass-oci-image = pkgs.rosenpass-oci-image;
@@ -60,8 +67,7 @@
release-package = pkgs.release-package; release-package = pkgs.release-package;
# for good measure, we also offer to cross compile to Linux on Arm # for good measure, we also offer to cross compile to Linux on Arm
aarch64-linux-rosenpass-static = aarch64-linux-rosenpass-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass;
pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass;
aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp; aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp;
} }
// //
@@ -72,13 +78,19 @@
rp-static = pkgs.pkgsStatic.rp; rp-static = pkgs.pkgsStatic.rp;
}); });
} }
)) )
)
# #
### Linux specifics ### ### Linux specifics ###
# #
(flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system: (flake-utils.lib.eachSystem
[
"x86_64-linux"
"aarch64-linux"
]
(
system:
let let
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
@@ -111,7 +123,6 @@
packages.proverif-patched = pkgs.proverif-patched; packages.proverif-patched = pkgs.proverif-patched;
packages.proof-proverif = pkgs.proof-proverif; packages.proof-proverif = pkgs.proof-proverif;
# #
### Devshells ### ### Devshells ###
# #
@@ -153,19 +164,24 @@
]; ];
}; };
checks =
checks = { {
systemd-rosenpass = pkgs.testers.runNixOSTest ./tests/systemd/rosenpass.nix; systemd-rosenpass = pkgs.testers.runNixOSTest ./tests/systemd/rosenpass.nix;
systemd-rp = pkgs.testers.runNixOSTest ./tests/systemd/rp.nix; systemd-rp = pkgs.testers.runNixOSTest ./tests/systemd/rp.nix;
formatting = treefmtEval.config.build.check self; formatting = treefmtEval.config.build.check self;
} // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/legacy-distro-packaging.nix { }
// pkgs.lib.optionalAttrs (system == "x86_64-linux") (
import ./tests/legacy-distro-packaging.nix {
inherit pkgs; inherit pkgs;
rosenpass-deb = self.packages.${system}.package-deb; rosenpass-deb = self.packages.${system}.package-deb;
rosenpass-rpm = self.packages.${system}.package-rpm; rosenpass-rpm = self.packages.${system}.package-rpm;
}); }
);
# for `nix fmt` # for `nix fmt`
formatter = treefmtEval.config.build.wrapper; formatter = treefmtEval.config.build.wrapper;
})) }
)
)
]; ];
} }

6
overlay.nix
View File

@@ -1,6 +1,5 @@
final: prev: { final: prev: {
# #
### Actual rosenpass software ### ### Actual rosenpass software ###
# #
@@ -27,7 +26,10 @@ final: prev: {
"marzipan(/marzipan.awk)?" "marzipan(/marzipan.awk)?"
"analysis(/.*)?" "analysis(/.*)?"
]; ];
nativeBuildInputs = [ final.proverif final.graphviz ]; nativeBuildInputs = [
final.proverif
final.graphviz
];
CRYPTOVERIF_LIB = final.proverif-patched + "/lib/cryptoverif.pvl"; CRYPTOVERIF_LIB = final.proverif-patched + "/lib/cryptoverif.pvl";
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out

6
pkgs/package-deb.nix
View File

@@ -1,4 +1,8 @@
{ runCommand, dpkg, rosenpass }: {
runCommand,
dpkg,
rosenpass,
}:
let let
inherit (rosenpass) version; inherit (rosenpass) version;

13
pkgs/package-rpm.nix
View File

@@ -1,12 +1,15 @@
{ lib, system, runCommand, rosenpass, rpm }: {
lib,
system,
runCommand,
rosenpass,
rpm,
}:
let let
splitVersion = lib.strings.splitString "-" rosenpass.version; splitVersion = lib.strings.splitString "-" rosenpass.version;
version = builtins.head splitVersion; version = builtins.head splitVersion;
release = release = if builtins.length splitVersion != 2 then "release" else builtins.elemAt splitVersion 1;
if builtins.length splitVersion != 2
then "release"
else builtins.elemAt splitVersion 1;
arch = builtins.head (builtins.split "-" system); arch = builtins.head (builtins.split "-" system);
in in

23
pkgs/release-package.nix
View File

@@ -1,21 +1,24 @@
{ lib, stdenvNoCC, runCommandNoCC, pkgsStatic, rosenpass, rosenpass-oci-image, rp } @ args: {
lib,
stdenvNoCC,
runCommandNoCC,
pkgsStatic,
rosenpass,
rosenpass-oci-image,
rp,
}@args:
let let
version = rosenpass.version; version = rosenpass.version;
# select static packages on Linux, default packages otherwise # select static packages on Linux, default packages otherwise
package = package = if stdenvNoCC.hostPlatform.isLinux then pkgsStatic.rosenpass else args.rosenpass;
if stdenvNoCC.hostPlatform.isLinux then rp = if stdenvNoCC.hostPlatform.isLinux then pkgsStatic.rp else args.rp;
pkgsStatic.rosenpass
else args.rosenpass;
rp =
if stdenvNoCC.hostPlatform.isLinux then
pkgsStatic.rp
else args.rp;
oci-image = oci-image =
if stdenvNoCC.hostPlatform.isLinux then if stdenvNoCC.hostPlatform.isLinux then
pkgsStatic.rosenpass-oci-image pkgsStatic.rosenpass-oci-image
else args.rosenpass-oci-image; else
args.rosenpass-oci-image;
in in
runCommandNoCC "lace-result" { } '' runCommandNoCC "lace-result" { } ''
mkdir {bin,$out} mkdir {bin,$out}

6
pkgs/rosenpass-oci-image.nix
View File

@@ -1,4 +1,8 @@
{ dockerTools, buildEnv, rosenpass }: {
dockerTools,
buildEnv,
rosenpass,
}:
dockerTools.buildImage { dockerTools.buildImage {
name = rosenpass.name + "-oci"; name = rosenpass.name + "-oci";

44
pkgs/rosenpass.nix
View File

@@ -1,4 +1,13 @@
{ lib, stdenv, rustPlatform, cmake, mandoc, removeReferencesTo, bash, package ? "rosenpass" }: {
lib,
stdenv,
rustPlatform,
cmake,
mandoc,
removeReferencesTo,
bash,
package ? "rosenpass",
}:
let let
# whether we want to build a statically linked binary # whether we want to build a statically linked binary
@@ -17,13 +26,18 @@ let
"toml" "toml"
]; ];
# Files to explicitly include # Files to explicitly include
files = [ files = [ "to/README.md" ];
"to/README.md"
];
src = ../.; src = ../.;
filter = (path: type: scoped rec { filter = (
inherit (lib) any id removePrefix hasSuffix; path: type:
scoped rec {
inherit (lib)
any
id
removePrefix
hasSuffix
;
anyof = (any id); anyof = (any id);
basename = baseNameOf (toString path); basename = baseNameOf (toString path);
@@ -34,7 +48,8 @@ let
(any (ext: hasSuffix ".${ext}" basename) extensions) (any (ext: hasSuffix ".${ext}" basename) extensions)
(any (file: file == relative) files) (any (file: file == relative) files)
]; ];
}); }
);
result = lib.sources.cleanSourceWith { inherit src filter; }; result = lib.sources.cleanSourceWith { inherit src filter; };
}; };
@@ -47,8 +62,14 @@ rustPlatform.buildRustPackage {
version = cargoToml.package.version; version = cargoToml.package.version;
inherit src; inherit src;
cargoBuildOptions = [ "--package" package ]; cargoBuildOptions = [
cargoTestOptions = [ "--package" package ]; "--package"
package
];
cargoTestOptions = [
"--package"
package
];
doCheck = true; doCheck = true;
@@ -81,7 +102,10 @@ rustPlatform.buildRustPackage {
meta = { meta = {
inherit (cargoToml.package) description homepage; inherit (cargoToml.package) description homepage;
license = with lib.licenses; [ mit asl20 ]; license = with lib.licenses; [
mit
asl20
];
maintainers = [ lib.maintainers.wucke13 ]; maintainers = [ lib.maintainers.wucke13 ];
platforms = lib.platforms.all; platforms = lib.platforms.all;
}; };

55
pkgs/whitepaper.nix
View File

@@ -1,13 +1,52 @@
{ stdenvNoCC, texlive, ncurses, python3Packages, which }: {
stdenvNoCC,
texlive,
ncurses,
python3Packages,
which,
}:
let let
customTexLiveSetup = (texlive.combine { customTexLiveSetup = (
inherit (texlive) acmart amsfonts biber biblatex biblatex-software texlive.combine {
biblatex-trad ccicons csquotes csvsimple doclicense eso-pic fancyvrb inherit (texlive)
fontspec gitinfo2 gobble ifmtarg koma-script latexmk lm lualatex-math acmart
markdown mathtools minted noto nunito paralist pgf scheme-basic soul amsfonts
unicode-math upquote xifthen xkeyval xurl; biber
}); biblatex
biblatex-software
biblatex-trad
ccicons
csquotes
csvsimple
doclicense
eso-pic
fancyvrb
fontspec
gitinfo2
gobble
ifmtarg
koma-script
latexmk
lm
lualatex-math
markdown
mathtools
minted
noto
nunito
paralist
pgf
scheme-basic
soul
unicode-math
upquote
xifthen
xkeyval
xurl
;
}
);
in in
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
name = "whitepaper"; name = "whitepaper";

15
tests/legacy-distro-packaging.nix
View File

@@ -1,4 +1,8 @@
{ pkgs, rosenpass-deb, rosenpass-rpm }: {
pkgs,
rosenpass-deb,
rosenpass-rpm,
}:
let let
wg-deb = pkgs.fetchurl { wg-deb = pkgs.fetchurl {
@@ -23,7 +27,14 @@ let
cp ${./prepare-test.sh} $out/prepare-test.sh cp ${./prepare-test.sh} $out/prepare-test.sh
''; '';
test = { tester, installPrefix, suffix, source }: (tester { test =
{
tester,
installPrefix,
suffix,
source,
}:
(tester {
sharedDirs.share = { sharedDirs.share = {
inherit source; inherit source;
target = "/mnt/share"; target = "/mnt/share";

58
tests/systemd/rosenpass.nix
View File

@@ -32,23 +32,27 @@ let
public_key = "/etc/rosenpass/rp0/pqpk"; public_key = "/etc/rosenpass/rp0/pqpk";
secret_key = "/run/credentials/rosenpass@rp0.service/pqsk"; secret_key = "/run/credentials/rosenpass@rp0.service/pqsk";
verbosity = "Verbose"; verbosity = "Verbose";
peers = [{ peers = [
{
device = "rp0"; device = "rp0";
peer = client.wg.public; peer = client.wg.public;
public_key = "/etc/rosenpass/rp0/peers/client/pqpk"; public_key = "/etc/rosenpass/rp0/peers/client/pqpk";
}]; }
];
}; };
client_config = { client_config = {
listen = [ ]; listen = [ ];
public_key = "/etc/rosenpass/rp0/pqpk"; public_key = "/etc/rosenpass/rp0/pqpk";
secret_key = "/run/credentials/rosenpass@rp0.service/pqsk"; secret_key = "/run/credentials/rosenpass@rp0.service/pqsk";
verbosity = "Verbose"; verbosity = "Verbose";
peers = [{ peers = [
{
device = "rp0"; device = "rp0";
peer = server.wg.public; peer = server.wg.public;
public_key = "/etc/rosenpass/rp0/peers/server/pqpk"; public_key = "/etc/rosenpass/rp0/peers/server/pqpk";
endpoint = "${server.ip4}:9999"; endpoint = "${server.ip4}:9999";
}]; }
];
}; };
config = pkgs.runCommand "config" { } '' config = pkgs.runCommand "config" { } ''
@@ -62,7 +66,15 @@ in
nodes = nodes =
let let
shared = peer: { config, modulesPath, pkgs, ... }: { shared =
peer:
{
config,
modulesPath,
pkgs,
...
}:
{
# Need to work around a problem in recent systemd changes. # Need to work around a problem in recent systemd changes.
# It won't be necessary in other distros (for which the systemd file was designed), this is NixOS specific # It won't be necessary in other distros (for which the systemd file was designed), this is NixOS specific
# https://github.com/NixOS/nixpkgs/issues/258371#issuecomment-1925672767 # https://github.com/NixOS/nixpkgs/issues/258371#issuecomment-1925672767
@@ -80,32 +92,45 @@ in
networking.wireguard = { networking.wireguard = {
enable = true; enable = true;
interfaces.rp0 = { interfaces.rp0 = {
ips = [ "${peer.wg.ip4}/32" "${peer.wg.ip6}/128" ]; ips = [
"${peer.wg.ip4}/32"
"${peer.wg.ip6}/128"
];
privateKeyFile = "/etc/wireguard/wgsk"; privateKeyFile = "/etc/wireguard/wgsk";
}; };
}; };
environment.etc."wireguard/wgsk".text = peer.wg.secret; environment.etc."wireguard/wgsk".text = peer.wg.secret;
networking.interfaces.eth1 = { networking.interfaces.eth1 = {
ipv4.addresses = [{ ipv4.addresses = [
{
address = peer.ip4; address = peer.ip4;
prefixLength = 24; prefixLength = 24;
}]; }
ipv6.addresses = [{ ];
ipv6.addresses = [
{
address = peer.ip6; address = peer.ip6;
prefixLength = 64; prefixLength = 64;
}]; }
];
}; };
}; };
in in
{ {
server = { server = {
imports = [ (shared server) ]; imports = [ (shared server) ];
networking.firewall.allowedUDPPorts = [ 9999 server.wg.listen ]; networking.firewall.allowedUDPPorts = [
9999
server.wg.listen
];
networking.wireguard.interfaces.rp0 = { networking.wireguard.interfaces.rp0 = {
listenPort = server.wg.listen; listenPort = server.wg.listen;
peers = [ peers = [
{ {
allowedIPs = [ client.wg.ip4 client.wg.ip6 ]; allowedIPs = [
client.wg.ip4
client.wg.ip6
];
publicKey = client.wg.public; publicKey = client.wg.public;
} }
]; ];
@@ -116,7 +141,10 @@ in
networking.wireguard.interfaces.rp0 = { networking.wireguard.interfaces.rp0 = {
peers = [ peers = [
{ {
allowedIPs = [ "10.23.42.0/24" "fc00::/64" ]; allowedIPs = [
"10.23.42.0/24"
"fc00::/64"
];
publicKey = server.wg.public; publicKey = server.wg.public;
endpoint = "${server.ip4}:${toString server.wg.listen}"; endpoint = "${server.ip4}:${toString server.wg.listen}";
} }
@@ -124,7 +152,9 @@ in
}; };
}; };
}; };
testScript = { ... }: '' testScript =
{ ... }:
''
from os import system from os import system
rosenpass = "${pkgs.rosenpass}/bin/rosenpass" rosenpass = "${pkgs.rosenpass}/bin/rosenpass"

43
tests/systemd/rp.nix
View File

@@ -24,21 +24,25 @@ let
verbose = true; verbose = true;
dev = "test-rp-device0"; dev = "test-rp-device0";
ip = "fc00::1/64"; ip = "fc00::1/64";
peers = [{ peers = [
{
public_keys_dir = "/etc/rosenpass/test-rp-device0/peers/client"; public_keys_dir = "/etc/rosenpass/test-rp-device0/peers/client";
allowed_ips = "fc00::2"; allowed_ips = "fc00::2";
}]; }
];
}; };
client_config = { client_config = {
private_keys_dir = "/run/credentials/rp@test-rp-device0.service"; private_keys_dir = "/run/credentials/rp@test-rp-device0.service";
verbose = true; verbose = true;
dev = "test-rp-device0"; dev = "test-rp-device0";
ip = "fc00::2/128"; ip = "fc00::2/128";
peers = [{ peers = [
{
public_keys_dir = "/etc/rosenpass/test-rp-device0/peers/server"; public_keys_dir = "/etc/rosenpass/test-rp-device0/peers/server";
endpoint = "${server.ip4}:9999"; endpoint = "${server.ip4}:9999";
allowed_ips = "fc00::/64"; allowed_ips = "fc00::/64";
}]; }
];
}; };
config = pkgs.runCommand "config" { } '' config = pkgs.runCommand "config" { } ''
@@ -52,7 +56,15 @@ in
nodes = nodes =
let let
shared = peer: { config, modulesPath, pkgs, ... }: { shared =
peer:
{
config,
modulesPath,
pkgs,
...
}:
{
# Need to work around a problem in recent systemd changes. # Need to work around a problem in recent systemd changes.
# It won't be necessary in other distros (for which the systemd file was designed), this is NixOS specific # It won't be necessary in other distros (for which the systemd file was designed), this is NixOS specific
# https://github.com/NixOS/nixpkgs/issues/258371#issuecomment-1925672767 # https://github.com/NixOS/nixpkgs/issues/258371#issuecomment-1925672767
@@ -69,27 +81,36 @@ in
]; ];
environment.systemPackages = [ pkgs.wireguard-tools ]; environment.systemPackages = [ pkgs.wireguard-tools ];
networking.interfaces.eth1 = { networking.interfaces.eth1 = {
ipv4.addresses = [{ ipv4.addresses = [
{
address = peer.ip4; address = peer.ip4;
prefixLength = 24; prefixLength = 24;
}]; }
ipv6.addresses = [{ ];
ipv6.addresses = [
{
address = peer.ip6; address = peer.ip6;
prefixLength = 64; prefixLength = 64;
}]; }
];
}; };
}; };
in in
{ {
server = { server = {
imports = [ (shared server) ]; imports = [ (shared server) ];
networking.firewall.allowedUDPPorts = [ 9999 server.wg.listen ]; networking.firewall.allowedUDPPorts = [
9999
server.wg.listen
];
}; };
client = { client = {
imports = [ (shared client) ]; imports = [ (shared client) ];
}; };
}; };
testScript = { ... }: '' testScript =
{ ... }:
''
from os import system from os import system
rp = "${pkgs.rosenpass}/bin/rp" rp = "${pkgs.rosenpass}/bin/rp"

4
treefmt.nix
View File

@@ -17,9 +17,7 @@
"*.yaml" "*.yaml"
"*.yml" "*.yml"
]; ];
excludes = [ excludes = [ "supply-chain/*" ];
"supply-chain/*"
];
settings = { settings = {
plugins = [ plugins = [
"${pkgs.nodePackages.prettier-plugin-toml}/lib/node_modules/prettier-plugin-toml/lib/index.js" "${pkgs.nodePackages.prettier-plugin-toml}/lib/node_modules/prettier-plugin-toml/lib/index.js"

1
util/Cargo.toml
View File

@@ -25,6 +25,5 @@ mio = { workspace = true }
tempfile = { workspace = true } tempfile = { workspace = true }
uds = { workspace = true, optional = true, features = ["mio_1xx"] } uds = { workspace = true, optional = true, features = ["mio_1xx"] }
[features] [features]
experiment_file_descriptor_passing = ["uds"] experiment_file_descriptor_passing = ["uds"]