gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 07:40:30 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore: format everything

Browse Source 
This implicates a change from nixpkgs-fmt to nixfmt. Nixfmt will become
the new standard on nix formatting, sanctioned by the nixpkgs. To verify
that these changes are purely in whitespace, but not semantic:

git diff --ignore-all-space -w HEAD^!

That will only show newline changes, make the diffing somewhat easier.

Signed-off-by: wucke13 <wucke13+github@gmail.com>
This commit is contained in:
wucke13
2025-04-13 12:57:57 +02:00
committed by Karolin Varner
parent a45812b2cd
commit 22b980a61f
17 changed files with 558 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@@ -90,7 +90,6 @@ criterion = "0.5.1"
allocator-api2-tests = "0.2.15"
procspawn = { version = "1.0.1", features = ["test-support"] }
#Broker dependencies (might need cleanup or changes)
wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }
command-fds = "0.2.3"

16
deny.toml
View File

@@ -24,11 +24,7 @@ feature-depth = 1
[advisories]
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
ignore = [
"RUSTSEC-2024-0370",
"RUSTSEC-2024-0436",
"RUSTSEC-2023-0089",
]
ignore = ["RUSTSEC-2024-0370", "RUSTSEC-2024-0436", "RUSTSEC-2023-0089"]
# If this is true, then cargo deny will use the git executable to fetch advisory database.
# If this is false, then it uses a built-in git library.
# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
@@ -94,15 +90,11 @@ workspace-default-features = "allow"
# on a crate-by-crate basis if desired.
external-default-features = "allow"
# List of crates that are allowed. Use with care!
allow = [
]
allow = []
# List of crates to deny
deny = [
]
deny = []
skip-tree = [
]
skip-tree = []
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:

56
flake.nix
View File

@@ -15,22 +15,27 @@
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, flake-utils, nix-vm-test, treefmt-nix, ... }@inputs:
outputs =
{
self,
nixpkgs,
flake-utils,
nix-vm-test,
treefmt-nix,
...
}@inputs:
nixpkgs.lib.foldl (a: b: nixpkgs.lib.recursiveUpdate a b) { } [
#
### Export the overlay.nix from this flake ###
#
{
overlays.default = import ./overlay.nix;
}
{ overlays.default = import ./overlay.nix; }
#
### Actual Rosenpass Package and Docker Container Images ###
#
(flake-utils.lib.eachSystem [
(flake-utils.lib.eachSystem
[
"x86_64-linux"
"aarch64-linux"
@@ -40,7 +45,8 @@
"aarch64-darwin"
# "x86_64-windows"
]
(system:
(
system:
let
# normal nixpkgs
pkgs = import nixpkgs {
@@ -51,7 +57,8 @@
};
in
{
packages = {
packages =
{
default = pkgs.rosenpass;
rosenpass = pkgs.rosenpass;
rosenpass-oci-image = pkgs.rosenpass-oci-image;
@@ -60,8 +67,7 @@
release-package = pkgs.release-package;
# for good measure, we also offer to cross compile to Linux on Arm
aarch64-linux-rosenpass-static =
pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass;
aarch64-linux-rosenpass-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass;
aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp;
}
//
@@ -72,13 +78,19 @@
rp-static = pkgs.pkgsStatic.rp;
});
}
))
)
)
#
### Linux specifics ###
#
(flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system:
(flake-utils.lib.eachSystem
[
"x86_64-linux"
"aarch64-linux"
]
(
system:
let
pkgs = import nixpkgs {
inherit system;
@@ -111,7 +123,6 @@
packages.proverif-patched = pkgs.proverif-patched;
packages.proof-proverif = pkgs.proof-proverif;
#
### Devshells ###
#
@@ -153,19 +164,24 @@
];
};
checks = {
checks =
{
systemd-rosenpass = pkgs.testers.runNixOSTest ./tests/systemd/rosenpass.nix;
systemd-rp = pkgs.testers.runNixOSTest ./tests/systemd/rp.nix;
formatting = treefmtEval.config.build.check self;
} // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/legacy-distro-packaging.nix {
}
// pkgs.lib.optionalAttrs (system == "x86_64-linux") (
import ./tests/legacy-distro-packaging.nix {
inherit pkgs;
rosenpass-deb = self.packages.${system}.package-deb;
rosenpass-rpm = self.packages.${system}.package-rpm;
});
}
);
# for `nix fmt`
formatter = treefmtEval.config.build.wrapper;
}))
}
)
)
];
}

6
overlay.nix
View File

@@ -1,6 +1,5 @@
final: prev: {
#
### Actual rosenpass software ###
#
@@ -27,7 +26,10 @@ final: prev: {
"marzipan(/marzipan.awk)?"
"analysis(/.*)?"
];
nativeBuildInputs = [ final.proverif final.graphviz ];
nativeBuildInputs = [
final.proverif
final.graphviz
];
CRYPTOVERIF_LIB = final.proverif-patched + "/lib/cryptoverif.pvl";
installPhase = ''
mkdir -p $out

6
pkgs/package-deb.nix
View File

@@ -1,4 +1,8 @@
{ runCommand, dpkg, rosenpass }:
{
runCommand,
dpkg,
rosenpass,
}:
let
inherit (rosenpass) version;

13
pkgs/package-rpm.nix
View File

@@ -1,12 +1,15 @@
{ lib, system, runCommand, rosenpass, rpm }:
{
lib,
system,
runCommand,
rosenpass,
rpm,
}:
let
splitVersion = lib.strings.splitString "-" rosenpass.version;
version = builtins.head splitVersion;
release =
if builtins.length splitVersion != 2
then "release"
else builtins.elemAt splitVersion 1;
release = if builtins.length splitVersion != 2 then "release" else builtins.elemAt splitVersion 1;
arch = builtins.head (builtins.split "-" system);
in

23
pkgs/release-package.nix
View File

@@ -1,21 +1,24 @@
{ lib, stdenvNoCC, runCommandNoCC, pkgsStatic, rosenpass, rosenpass-oci-image, rp } @ args:
{
lib,
stdenvNoCC,
runCommandNoCC,
pkgsStatic,
rosenpass,
rosenpass-oci-image,
rp,
}@args:
let
version = rosenpass.version;
# select static packages on Linux, default packages otherwise
package =
if stdenvNoCC.hostPlatform.isLinux then
pkgsStatic.rosenpass
else args.rosenpass;
rp =
if stdenvNoCC.hostPlatform.isLinux then
pkgsStatic.rp
else args.rp;
package = if stdenvNoCC.hostPlatform.isLinux then pkgsStatic.rosenpass else args.rosenpass;
rp = if stdenvNoCC.hostPlatform.isLinux then pkgsStatic.rp else args.rp;
oci-image =
if stdenvNoCC.hostPlatform.isLinux then
pkgsStatic.rosenpass-oci-image
else args.rosenpass-oci-image;
else
args.rosenpass-oci-image;
in
runCommandNoCC "lace-result" { } ''
mkdir {bin,$out}

6
pkgs/rosenpass-oci-image.nix
View File

@@ -1,4 +1,8 @@
{ dockerTools, buildEnv, rosenpass }:
{
dockerTools,
buildEnv,
rosenpass,
}:
dockerTools.buildImage {
name = rosenpass.name + "-oci";

44
pkgs/rosenpass.nix
View File

@@ -1,4 +1,13 @@
{ lib, stdenv, rustPlatform, cmake, mandoc, removeReferencesTo, bash, package ? "rosenpass" }:
{
lib,
stdenv,
rustPlatform,
cmake,
mandoc,
removeReferencesTo,
bash,
package ? "rosenpass",
}:
let
# whether we want to build a statically linked binary
@@ -17,13 +26,18 @@ let
"toml"
];
# Files to explicitly include
files = [
"to/README.md"
];
files = [ "to/README.md" ];
src = ../.;
filter = (path: type: scoped rec {
inherit (lib) any id removePrefix hasSuffix;
filter = (
path: type:
scoped rec {
inherit (lib)
any
id
removePrefix
hasSuffix
;
anyof = (any id);
basename = baseNameOf (toString path);
@@ -34,7 +48,8 @@ let
(any (ext: hasSuffix ".${ext}" basename) extensions)
(any (file: file == relative) files)
];
});
}
);
result = lib.sources.cleanSourceWith { inherit src filter; };
};
@@ -47,8 +62,14 @@ rustPlatform.buildRustPackage {
version = cargoToml.package.version;
inherit src;
cargoBuildOptions = [ "--package" package ];
cargoTestOptions = [ "--package" package ];
cargoBuildOptions = [
"--package"
package
];
cargoTestOptions = [
"--package"
package
];
doCheck = true;
@@ -81,7 +102,10 @@ rustPlatform.buildRustPackage {
meta = {
inherit (cargoToml.package) description homepage;
license = with lib.licenses; [ mit asl20 ];
license = with lib.licenses; [
mit
asl20
];
maintainers = [ lib.maintainers.wucke13 ];
platforms = lib.platforms.all;
};

55
pkgs/whitepaper.nix
View File

@@ -1,13 +1,52 @@
{ stdenvNoCC, texlive, ncurses, python3Packages, which }:
{
stdenvNoCC,
texlive,
ncurses,
python3Packages,
which,
}:
let
customTexLiveSetup = (texlive.combine {
inherit (texlive) acmart amsfonts biber biblatex biblatex-software
biblatex-trad ccicons csquotes csvsimple doclicense eso-pic fancyvrb
fontspec gitinfo2 gobble ifmtarg koma-script latexmk lm lualatex-math
markdown mathtools minted noto nunito paralist pgf scheme-basic soul
unicode-math upquote xifthen xkeyval xurl;
});
customTexLiveSetup = (
texlive.combine {
inherit (texlive)
acmart
amsfonts
biber
biblatex
biblatex-software
biblatex-trad
ccicons
csquotes
csvsimple
doclicense
eso-pic
fancyvrb
fontspec
gitinfo2
gobble
ifmtarg
koma-script
latexmk
lm
lualatex-math
markdown
mathtools
minted
noto
nunito
paralist
pgf
scheme-basic
soul
unicode-math
upquote
xifthen
xkeyval
xurl
;
}
);
in
stdenvNoCC.mkDerivation {
name = "whitepaper";

15
tests/legacy-distro-packaging.nix
View File

@@ -1,4 +1,8 @@
{ pkgs, rosenpass-deb, rosenpass-rpm }:
{
pkgs,
rosenpass-deb,
rosenpass-rpm,
}:
let
wg-deb = pkgs.fetchurl {
@@ -23,7 +27,14 @@ let
cp ${./prepare-test.sh} $out/prepare-test.sh
'';
test = { tester, installPrefix, suffix, source }: (tester {
test =
{
tester,
installPrefix,
suffix,
source,
}:
(tester {
sharedDirs.share = {
inherit source;
target = "/mnt/share";

58
tests/systemd/rosenpass.nix
View File

@@ -32,23 +32,27 @@ let
public_key = "/etc/rosenpass/rp0/pqpk";
secret_key = "/run/credentials/rosenpass@rp0.service/pqsk";
verbosity = "Verbose";
peers = [{
peers = [
{
device = "rp0";
peer = client.wg.public;
public_key = "/etc/rosenpass/rp0/peers/client/pqpk";
}];
}
];
};
client_config = {
listen = [ ];
public_key = "/etc/rosenpass/rp0/pqpk";
secret_key = "/run/credentials/rosenpass@rp0.service/pqsk";
verbosity = "Verbose";
peers = [{
peers = [
{
device = "rp0";
peer = server.wg.public;
public_key = "/etc/rosenpass/rp0/peers/server/pqpk";
endpoint = "${server.ip4}:9999";
}];
}
];
};
config = pkgs.runCommand "config" { } ''
@@ -62,7 +66,15 @@ in
nodes =
let
shared = peer: { config, modulesPath, pkgs, ... }: {
shared =
peer:
{
config,
modulesPath,
pkgs,
...
}:
{
# Need to work around a problem in recent systemd changes.
# It won't be necessary in other distros (for which the systemd file was designed), this is NixOS specific
# https://github.com/NixOS/nixpkgs/issues/258371#issuecomment-1925672767
@@ -80,32 +92,45 @@ in
networking.wireguard = {
enable = true;
interfaces.rp0 = {
ips = [ "${peer.wg.ip4}/32" "${peer.wg.ip6}/128" ];
ips = [
"${peer.wg.ip4}/32"
"${peer.wg.ip6}/128"
];
privateKeyFile = "/etc/wireguard/wgsk";
};
};
environment.etc."wireguard/wgsk".text = peer.wg.secret;
networking.interfaces.eth1 = {
ipv4.addresses = [{
ipv4.addresses = [
{
address = peer.ip4;
prefixLength = 24;
}];
ipv6.addresses = [{
}
];
ipv6.addresses = [
{
address = peer.ip6;
prefixLength = 64;
}];
}
];
};
};
in
{
server = {
imports = [ (shared server) ];
networking.firewall.allowedUDPPorts = [ 9999 server.wg.listen ];
networking.firewall.allowedUDPPorts = [
9999
server.wg.listen
];
networking.wireguard.interfaces.rp0 = {
listenPort = server.wg.listen;
peers = [
{
allowedIPs = [ client.wg.ip4 client.wg.ip6 ];
allowedIPs = [
client.wg.ip4
client.wg.ip6
];
publicKey = client.wg.public;
}
];
@@ -116,7 +141,10 @@ in
networking.wireguard.interfaces.rp0 = {
peers = [
{
allowedIPs = [ "10.23.42.0/24" "fc00::/64" ];
allowedIPs = [
"10.23.42.0/24"
"fc00::/64"
];
publicKey = server.wg.public;
endpoint = "${server.ip4}:${toString server.wg.listen}";
}
@@ -124,7 +152,9 @@ in
};
};
};
testScript = { ... }: ''
testScript =
{ ... }:
''
from os import system
rosenpass = "${pkgs.rosenpass}/bin/rosenpass"

43
tests/systemd/rp.nix
View File

@@ -24,21 +24,25 @@ let
verbose = true;
dev = "test-rp-device0";
ip = "fc00::1/64";
peers = [{
peers = [
{
public_keys_dir = "/etc/rosenpass/test-rp-device0/peers/client";
allowed_ips = "fc00::2";
}];
}
];
};
client_config = {
private_keys_dir = "/run/credentials/rp@test-rp-device0.service";
verbose = true;
dev = "test-rp-device0";
ip = "fc00::2/128";
peers = [{
peers = [
{
public_keys_dir = "/etc/rosenpass/test-rp-device0/peers/server";
endpoint = "${server.ip4}:9999";
allowed_ips = "fc00::/64";
}];
}
];
};
config = pkgs.runCommand "config" { } ''
@@ -52,7 +56,15 @@ in
nodes =
let
shared = peer: { config, modulesPath, pkgs, ... }: {
shared =
peer:
{
config,
modulesPath,
pkgs,
...
}:
{
# Need to work around a problem in recent systemd changes.
# It won't be necessary in other distros (for which the systemd file was designed), this is NixOS specific
# https://github.com/NixOS/nixpkgs/issues/258371#issuecomment-1925672767
@@ -69,27 +81,36 @@ in
];
environment.systemPackages = [ pkgs.wireguard-tools ];
networking.interfaces.eth1 = {
ipv4.addresses = [{
ipv4.addresses = [
{
address = peer.ip4;
prefixLength = 24;
}];
ipv6.addresses = [{
}
];
ipv6.addresses = [
{
address = peer.ip6;
prefixLength = 64;
}];
}
];
};
};
in
{
server = {
imports = [ (shared server) ];
networking.firewall.allowedUDPPorts = [ 9999 server.wg.listen ];
networking.firewall.allowedUDPPorts = [
9999
server.wg.listen
];
};
client = {
imports = [ (shared client) ];
};
};
testScript = { ... }: ''
testScript =
{ ... }:
''
from os import system
rp = "${pkgs.rosenpass}/bin/rp"

4
treefmt.nix
View File

@@ -17,9 +17,7 @@
"*.yaml"
"*.yml"
];
excludes = [
"supply-chain/*"
];
excludes = [ "supply-chain/*" ];
settings = {
plugins = [
"${pkgs.nodePackages.prettier-plugin-toml}/lib/node_modules/prettier-plugin-toml/lib/index.js"

1
util/Cargo.toml
View File

@@ -25,6 +25,5 @@ mio = { workspace = true }
tempfile = { workspace = true }
uds = { workspace = true, optional = true, features = ["mio_1xx"] }
[features]
experiment_file_descriptor_passing = ["uds"]