From 1496f45fe28aea02b2055efff1667ef915e490d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 8 Dec 2023 15:00:11 +0100 Subject: [PATCH] prefix nixpkgs# explicitly in nix_shell This makes the function usage less confusing (you can now tell from the call side what are flags and what is passed to nix-shell) and allows to use different flakes to download packages. --- pkgs/clan-cli/clan_cli/flakes/create.py | 14 ++++++++------ pkgs/clan-cli/clan_cli/git.py | 6 +++--- pkgs/clan-cli/clan_cli/machines/install.py | 2 +- pkgs/clan-cli/clan_cli/nix.py | 15 +++++++-------- pkgs/clan-cli/clan_cli/secrets/import_sops.py | 2 +- pkgs/clan-cli/clan_cli/secrets/sops.py | 13 +++++++------ pkgs/clan-cli/clan_cli/secrets/sops_generate.py | 2 +- pkgs/clan-cli/clan_cli/secrets/upload.py | 2 +- pkgs/clan-cli/clan_cli/ssh/cli.py | 6 +++--- pkgs/clan-cli/clan_cli/vms/run.py | 8 ++++---- pkgs/clan-cli/tests/conftest.py | 6 +++--- .../clan-cli/tests/test_secrets_password_store.py | 8 ++++++-- 12 files changed, 45 insertions(+), 39 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/flakes/create.py b/pkgs/clan-cli/clan_cli/flakes/create.py index b5a2154ab..f208c0dd0 100644 --- a/pkgs/clan-cli/clan_cli/flakes/create.py +++ b/pkgs/clan-cli/clan_cli/flakes/create.py @@ -26,28 +26,30 @@ async def create_flake(directory: Path, url: str) -> dict[str, CmdOut]: out = await run(command, cwd=directory) response["flake init"] = out - command = nix_shell(["git"], ["git", "init"]) + command = nix_shell(["nixpkgs#git"], ["git", "init"]) out = await run(command, cwd=directory) response["git init"] = out - command = nix_shell(["git"], ["git", "add", "."]) + command = nix_shell(["nixpkgs#git"], ["git", "add", "."]) out = await run(command, cwd=directory) response["git add"] = out - # command = nix_shell(["git"], ["git", "config", "init.defaultBranch", "main"]) + # command = nix_shell(["nixpkgs#git"], ["git", "config", "init.defaultBranch", "main"]) # out = await run(command, cwd=directory) # response["git config"] = out - command = nix_shell(["git"], ["git", "config", "user.name", "clan-tool"]) + command = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "clan-tool"]) out = await run(command, cwd=directory) response["git config"] = out - command = nix_shell(["git"], ["git", "config", "user.email", "clan@example.com"]) + command = nix_shell( + ["nixpkgs#git"], ["git", "config", "user.email", "clan@example.com"] + ) out = await run(command, cwd=directory) response["git config"] = out # TODO: Find out why this fails on Johannes machine - # command = nix_shell(["git"], ["git", "commit", "-a", "-m", "Initial commit"]) + # command = nix_shell(["nixpkgs#git"], ["git", "commit", "-a", "-m", "Initial commit"]) # out = await run(command, cwd=directory) # response["git commit"] = out diff --git a/pkgs/clan-cli/clan_cli/git.py b/pkgs/clan-cli/clan_cli/git.py index 60d8f5852..126f8587d 100644 --- a/pkgs/clan-cli/clan_cli/git.py +++ b/pkgs/clan-cli/clan_cli/git.py @@ -38,7 +38,7 @@ def _commit_file_to_git(repo_dir: Path, file_path: Path, commit_message: str) -> :raises ClanError: If the file is not in the git repository. """ cmd = nix_shell( - ["git"], + ["nixpkgs#git"], ["git", "-C", str(repo_dir), "add", str(file_path)], ) # add the file to the git index @@ -51,7 +51,7 @@ def _commit_file_to_git(repo_dir: Path, file_path: Path, commit_message: str) -> # check if there is a diff cmd = nix_shell( - ["git"], + ["nixpkgs#git"], ["git", "-C", str(repo_dir), "diff", "--cached", "--exit-code", str(file_path)], ) result = subprocess.run(cmd, cwd=repo_dir) @@ -61,7 +61,7 @@ def _commit_file_to_git(repo_dir: Path, file_path: Path, commit_message: str) -> # commit only that file cmd = nix_shell( - ["git"], + ["nixpkgs#git"], [ "git", "-C", diff --git a/pkgs/clan-cli/clan_cli/machines/install.py b/pkgs/clan-cli/clan_cli/machines/install.py index fc036fa99..75559618f 100644 --- a/pkgs/clan-cli/clan_cli/machines/install.py +++ b/pkgs/clan-cli/clan_cli/machines/install.py @@ -28,7 +28,7 @@ def install_nixos(machine: Machine) -> None: subprocess.run( nix_shell( - ["nixos-anywhere"], + ["nixpkgs#nixos-anywhere"], [ "nixos-anywhere", "-f", diff --git a/pkgs/clan-cli/clan_cli/nix.py b/pkgs/clan-cli/clan_cli/nix.py index b6ee3677c..6e64e0535 100644 --- a/pkgs/clan-cli/clan_cli/nix.py +++ b/pkgs/clan-cli/clan_cli/nix.py @@ -88,16 +88,15 @@ def nix_shell(packages: list[str], cmd: list[str]) -> list[str]: # in our tests we just make sure we have all the packages if os.environ.get("IN_NIX_SANDBOX"): return cmd - wrapped_packages = [f"nixpkgs#{p}" for p in packages] - return ( - nix_command( + return [ + *nix_command( [ "shell", "--inputs-from", f"{nixpkgs_flake()!s}", ] - ) - + wrapped_packages - + ["-c"] - + cmd - ) + ), + *packages, + "-c", + *cmd, + ] diff --git a/pkgs/clan-cli/clan_cli/secrets/import_sops.py b/pkgs/clan-cli/clan_cli/secrets/import_sops.py index 1d0d511ea..82ae7737e 100644 --- a/pkgs/clan-cli/clan_cli/secrets/import_sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/import_sops.py @@ -22,7 +22,7 @@ def import_sops(args: argparse.Namespace) -> None: if args.input_type: cmd += ["--input-type", args.input_type] cmd += ["--output-type", "json", "--decrypt", args.sops_file] - cmd = nix_shell(["sops"], cmd) + cmd = nix_shell(["nixpkgs#sops"], cmd) try: res = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE) except subprocess.CalledProcessError as e: diff --git a/pkgs/clan-cli/clan_cli/secrets/sops.py b/pkgs/clan-cli/clan_cli/secrets/sops.py index c23f08f2c..5f4493ac9 100644 --- a/pkgs/clan-cli/clan_cli/secrets/sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/sops.py @@ -21,7 +21,7 @@ class SopsKey: def get_public_key(privkey: str) -> str: - cmd = nix_shell(["age"], ["age-keygen", "-y"]) + cmd = nix_shell(["nixpkgs#age"], ["age-keygen", "-y"]) try: res = subprocess.run( cmd, input=privkey, stdout=subprocess.PIPE, text=True, check=True @@ -34,7 +34,7 @@ def get_public_key(privkey: str) -> str: def generate_private_key() -> tuple[str, str]: - cmd = nix_shell(["age"], ["age-keygen"]) + cmd = nix_shell(["nixpkgs#age"], ["age-keygen"]) try: proc = subprocess.run(cmd, check=True, stdout=subprocess.PIPE, text=True) res = proc.stdout.strip() @@ -119,7 +119,7 @@ def sops_manifest(keys: list[str]) -> Iterator[Path]: def update_keys(secret_path: Path, keys: list[str]) -> None: with sops_manifest(keys) as manifest: cmd = nix_shell( - ["sops"], + ["nixpkgs#sops"], [ "sops", "--config", @@ -146,7 +146,7 @@ def encrypt_file( if not content: args = ["sops", "--config", str(manifest)] args.extend([str(secret_path)]) - cmd = nix_shell(["sops"], args) + cmd = nix_shell(["nixpkgs#sops"], args) p = subprocess.run(cmd) # returns 200 if the file is changed if p.returncode != 0 and p.returncode != 200: @@ -166,7 +166,7 @@ def encrypt_file( # we pass an empty manifest to pick up existing configuration of the user args = ["sops", "--config", str(manifest)] args.extend(["-i", "--encrypt", str(f.name)]) - cmd = nix_shell(["sops"], args) + cmd = nix_shell(["nixpkgs#sops"], args) subprocess.run(cmd, check=True) # atomic copy of the encrypted file with NamedTemporaryFile(dir=folder, delete=False) as f2: @@ -182,7 +182,8 @@ def encrypt_file( def decrypt_file(secret_path: Path) -> str: with sops_manifest([]) as manifest: cmd = nix_shell( - ["sops"], ["sops", "--config", str(manifest), "--decrypt", str(secret_path)] + ["nixpkgs#sops"], + ["sops", "--config", str(manifest), "--decrypt", str(secret_path)], ) res = subprocess.run(cmd, stdout=subprocess.PIPE, text=True) if res.returncode != 0: diff --git a/pkgs/clan-cli/clan_cli/secrets/sops_generate.py b/pkgs/clan-cli/clan_cli/secrets/sops_generate.py index c99a7a3b9..405ab994a 100644 --- a/pkgs/clan-cli/clan_cli/secrets/sops_generate.py +++ b/pkgs/clan-cli/clan_cli/secrets/sops_generate.py @@ -61,7 +61,7 @@ export secrets={shlex.quote(str(secrets_dir))} {generator} """ try: - cmd = nix_shell(["bash"], ["bash", "-c", text]) + cmd = nix_shell(["nixpkgs#bash"], ["bash", "-c", text]) subprocess.run(cmd, check=True) except subprocess.CalledProcessError: msg = "failed to the following command:\n" diff --git a/pkgs/clan-cli/clan_cli/secrets/upload.py b/pkgs/clan-cli/clan_cli/secrets/upload.py index 8250d3e10..a4cacf138 100644 --- a/pkgs/clan-cli/clan_cli/secrets/upload.py +++ b/pkgs/clan-cli/clan_cli/secrets/upload.py @@ -21,7 +21,7 @@ def upload_secrets(machine: Machine) -> None: ssh_cmd = host.ssh_cmd() subprocess.run( nix_shell( - ["rsync"], + ["nixpkgs#rsync"], [ "rsync", "-e", diff --git a/pkgs/clan-cli/clan_cli/ssh/cli.py b/pkgs/clan-cli/clan_cli/ssh/cli.py index b46766fc9..fe97d6082 100644 --- a/pkgs/clan-cli/clan_cli/ssh/cli.py +++ b/pkgs/clan-cli/clan_cli/ssh/cli.py @@ -11,10 +11,10 @@ def ssh( password: str | None = None, ssh_args: list[str] = [], ) -> None: - packages = ["tor", "openssh"] + packages = ["nixpkgs#tor", "nixpkgs#openssh"] password_args = [] if password: - packages.append("sshpass") + packages.append("nixpkgs#sshpass") password_args = [ "sshpass", "-p", @@ -37,7 +37,7 @@ def qrcode_scan(picture_file: str) -> str: return ( subprocess.run( nix_shell( - ["zbar"], + ["nixpkgs#zbar"], [ "zbarimg", "--quiet", diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index b05652e34..1fdbb526c 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -189,7 +189,7 @@ def generate_secrets( def prepare_disk(tmpdir: Path, log_fd: IO[str] | None) -> Path: disk_img = tmpdir / "disk.img" cmd = nix_shell( - ["qemu"], + ["nixpkgs#qemu"], [ "qemu-img", "create", @@ -211,7 +211,7 @@ def prepare_disk(tmpdir: Path, log_fd: IO[str] | None) -> Path: ) cmd = nix_shell( - ["e2fsprogs"], + ["nixpkgs#e2fsprogs"], [ "mkfs.ext4", "-L", @@ -269,11 +269,11 @@ def run_vm( if vm.wayland: packages = ["git+https://git.clan.lol/clan/clan-core.git#qemu-wayland"] else: - packages = ["qemu"] + packages = ["nixpkgs#qemu"] env = os.environ.copy() if vm.graphics and not vm.wayland: - packages.append("virt-viewer") + packages.append("nixpkgs#virt-viewer") remote_viewer_mimetypes = module_root() / "vms" / "mimetypes" env[ "XDG_DATA_DIRS" diff --git a/pkgs/clan-cli/tests/conftest.py b/pkgs/clan-cli/tests/conftest.py index c3c11e75e..8cfdde305 100644 --- a/pkgs/clan-cli/tests/conftest.py +++ b/pkgs/clan-cli/tests/conftest.py @@ -26,12 +26,12 @@ pytest_plugins = [ @pytest.fixture def git_repo(tmp_path: Path) -> Path: # initialize a git repository - cmd = nix_shell(["git"], ["git", "init"]) + cmd = nix_shell(["nixpkgs#git"], ["git", "init"]) subprocess.run(cmd, cwd=tmp_path, check=True) # set user.name and user.email - cmd = nix_shell(["git"], ["git", "config", "user.name", "test"]) + cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "test"]) subprocess.run(cmd, cwd=tmp_path, check=True) - cmd = nix_shell(["git"], ["git", "config", "user.email", "test@test.test"]) + cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"]) subprocess.run(cmd, cwd=tmp_path, check=True) # return the path to the git repository return tmp_path diff --git a/pkgs/clan-cli/tests/test_secrets_password_store.py b/pkgs/clan-cli/tests/test_secrets_password_store.py index 3e32278c5..ac9fc49ad 100644 --- a/pkgs/clan-cli/tests/test_secrets_password_store.py +++ b/pkgs/clan-cli/tests/test_secrets_password_store.py @@ -35,10 +35,14 @@ def test_upload_secret( ) cli = Cli() subprocess.run( - nix_shell(["gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]), + nix_shell( + ["nixpkgs#gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)] + ), check=True, ) - subprocess.run(nix_shell(["pass"], ["pass", "init", "test@local"]), check=True) + subprocess.run( + nix_shell(["nixpkgs#pass"], ["pass", "init", "test@local"]), check=True + ) cli.run(["secrets", "generate", "vm1"]) network_id = machine_get_fact( test_flake_with_core_and_pass.path, "vm1", "zerotier-network-id"