Merge pull request 'cli: use nix_shell also in ssh.py' (#25) from zerotier into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/25

pkgs/clan-cli/.envrc

@@ -1 +1,2 @@
-use nix
+# Because we depend on nixpkgs sources, uploading to builders takes a long time
+use flake .#clan --builders ''

pkgs/clan-cli/clan_cli/nix.py

@@ -1,10 +1,9 @@
 import os
 
-CLAN_NIXPKGS = os.environ.get("CLAN_NIXPKGS")
-
 
 def nix_shell(packages: list[str], cmd: list[str]) -> list[str]:
+    nixpkgs = os.environ.get("CLAN_NIXPKGS")
     # in unittest we will have all binaries provided
-    if CLAN_NIXPKGS is None:
+    if nixpkgs is None:
         return cmd
-    return ["nix", "shell", "-f", CLAN_NIXPKGS] + packages + ["-c"] + cmd
+    return ["nix", "shell", "-f", nixpkgs] + packages + ["-c"] + cmd

pkgs/clan-cli/clan_cli/ssh.py

@@ -3,6 +3,8 @@ import json
 import subprocess
 from typing import Optional
 
+from .nix import nix_shell
+
 
 def ssh(
     host: str,
@@ -10,15 +12,10 @@ def ssh(
     password: Optional[str] = None,
     ssh_args: list[str] = [],
 ) -> None:
-    nix_shell_args = []
+    packages = ["tor", "openssh"]
     password_args = []
     if password:
-        nix_shell_args = [
+        packages.append("sshpass")
-            "nix",
-            "shell",
-            "nixpkgs#sshpass",
-            "-c",
-        ]
         password_args = [
             "sshpass",
             "-p",
@@ -32,23 +29,22 @@ def ssh(
         "StrictHostKeyChecking=no",
         f"{user}@{host}",
     ]
-    cmd = nix_shell_args + ["torify"] + password_args + _ssh_args
+    cmd = nix_shell(packages, ["torify"] + password_args + _ssh_args)
     subprocess.run(cmd)
 
 
 def qrcode_scan(pictureFile: str) -> str:
     return (
         subprocess.run(
-            [
+            nix_shell(
-                "nix",
+                ["zbar"],
-                "shell",
+                [
-                "nixpkgs#zbar",
+                    "zbarimg",
-                "-c",
+                    "--quiet",
-                "zbarimg",
+                    "--raw",
-                "--quiet",
+                    pictureFile,
-                "--raw",
+                ],
-                pictureFile,
+            ),
-            ],
             stdout=subprocess.PIPE,
             check=True,
         )

pkgs/clan-cli/default.nix

@@ -1,11 +1,11 @@
-{ pkgs ? import <nixpkgs> { }
+{ pkgs
-, lib ? pkgs.lib
+, lib
-, python3 ? pkgs.python3
+, python3
-, ruff ? pkgs.ruff
+, ruff
-, runCommand ? pkgs.runCommand
+, runCommand
-, installShellFiles ? pkgs.installShellFiles
+, installShellFiles
-, zerotierone ? pkgs.zerotierone
+, zerotierone
-, bubblewrap ? pkgs.bubblewrap
+, bubblewrap
 }:
 let
   pyproject = builtins.fromTOML (builtins.readFile ./pyproject.toml);

pkgs/clan-cli/flake-module.nix

@@ -4,9 +4,11 @@
       pyproject = builtins.fromTOML (builtins.readFile ./pyproject.toml);
       name = pyproject.project.name;
       package = pkgs.callPackage ./default.nix { };
+      shell = pkgs.callPackage ./shell.nix { };
     in
     {
       packages.${name} = package;
+      devShells.${name} = shell;
       packages.default = package;
       checks = package.tests;
     };

pkgs/clan-cli/shell.nix

@@ -1,13 +1,7 @@
-{ pkgs ? import <nixpkgs> { }
+{ pkgs }:
-,
-}:
 let
-  lib = pkgs.lib;
+  package = pkgs.callPackage ./default.nix { };
-  python3 = pkgs.python3;
+  pythonWithDeps = pkgs.python3.withPackages (
-  package = import ./default.nix {
-    inherit lib python3;
-  };
-  pythonWithDeps = python3.withPackages (
     ps:
     package.propagatedBuildInputs
     ++ package.devDependencies
@@ -18,39 +12,38 @@ let
   checkScript = pkgs.writeScriptBin "check" ''
     nix build -f . tests -L "$@"
   '';
-  devShell = pkgs.mkShell {
-    packages = [
-      pkgs.ruff
-      pythonWithDeps
-    ];
-    # sets up an editable install and add enty points to $PATH
-    CLAN_NIXPKGS = pkgs.path;
-    shellHook = ''
-      tmp_path=$(realpath ./.pythonenv)
-      repo_root=$(realpath .)
-      rm -rf $tmp_path
-      mkdir -p "$tmp_path/${pythonWithDeps.sitePackages}"
-
-      ${pythonWithDeps.interpreter} -m pip install \
-        --quiet \
-        --disable-pip-version-check \
-        --no-index \
-        --no-build-isolation \
-        --prefix "$tmp_path" \
-        --editable $repo_root
-
-      export PATH="$tmp_path/bin:${checkScript}/bin:$PATH"
-      export PYTHONPATH="$repo_root:$tmp_path/${pythonWithDeps.sitePackages}"
-
-      export XDG_DATA_DIRS="$tmp_path/share''${XDG_DATA_DIRS:+:$XDG_DATA_DIRS}"
-      export fish_complete_path="$tmp_path/share/fish/vendor_completions.d''${fish_complete_path:+:$fish_complete_path}"
-      mkdir -p \
-        $tmp_path/share/fish/vendor_completions.d \
-        $tmp_path/share/bash-completion/completions \
-        $tmp_path/share/zsh/site-functions
-      register-python-argcomplete --shell fish clan > $tmp_path/share/fish/vendor_completions.d/clan.fish
-      register-python-argcomplete --shell bash clan > $tmp_path/share/bash-completion/completions/clan
-    '';
-  };
 in
-devShell
+pkgs.mkShell {
+  packages = [
+    pkgs.ruff
+    pythonWithDeps
+  ];
+  # sets up an editable install and add enty points to $PATH
+  CLAN_NIXPKGS = pkgs.path;
+  shellHook = ''
+    tmp_path=$(realpath ./.pythonenv)
+    repo_root=$(realpath .)
+    rm -rf $tmp_path
+    mkdir -p "$tmp_path/${pythonWithDeps.sitePackages}"
+
+    ${pythonWithDeps.interpreter} -m pip install \
+      --quiet \
+      --disable-pip-version-check \
+      --no-index \
+      --no-build-isolation \
+      --prefix "$tmp_path" \
+      --editable $repo_root
+
+    export PATH="$tmp_path/bin:${checkScript}/bin:$PATH"
+    export PYTHONPATH="$repo_root:$tmp_path/${pythonWithDeps.sitePackages}"
+
+    export XDG_DATA_DIRS="$tmp_path/share''${XDG_DATA_DIRS:+:$XDG_DATA_DIRS}"
+    export fish_complete_path="$tmp_path/share/fish/vendor_completions.d''${fish_complete_path:+:$fish_complete_path}"
+    mkdir -p \
+      $tmp_path/share/fish/vendor_completions.d \
+      $tmp_path/share/bash-completion/completions \
+      $tmp_path/share/zsh/site-functions
+    register-python-argcomplete --shell fish clan > $tmp_path/share/fish/vendor_completions.d/clan.fish
+    register-python-argcomplete --shell bash clan > $tmp_path/share/bash-completion/completions/clan
+  '';
+}

pkgs/clan-cli/tests/test_clan_ssh.py

@@ -1,5 +1,7 @@
+import os
 import sys
-from typing import Union
+from contextlib import contextmanager
+from typing import Iterator, Union
 
 import pytest
 import pytest_subprocess.fake_process
@@ -18,45 +20,72 @@ def test_no_args(
     assert captured.err.startswith("usage:")
 
 
+@contextmanager
+def mock_env(**environ: str) -> Iterator[None]:
+    original_environ = dict(os.environ)
+    os.environ.update(environ)
+    try:
+        yield
+    finally:
+        os.environ.clear()
+        os.environ.update(original_environ)
+
+
 # using fp fixture from pytest-subprocess
 def test_ssh_no_pass(fp: pytest_subprocess.fake_process.FakeProcess) -> None:
-    host = "somehost"
+    with mock_env(CLAN_NIXPKGS="/mocked-nixpkgs"):
-    user = "user"
+        host = "somehost"
-    cmd: list[Union[str, utils.Any]] = [
+        user = "user"
-        "torify",
+        cmd: list[Union[str, utils.Any]] = [
-        "ssh",
+            "nix",
-        "-o",
+            "shell",
-        "UserKnownHostsFile=/dev/null",
+            "-f",
-        "-o",
+            "/mocked-nixpkgs",
-        "StrictHostKeyChecking=no",
+            "tor",
-        f"{user}@{host}",
+            "openssh",
-        fp.any(),
+            "-c",
-    ]
+            "torify",
-    fp.register(cmd)
+            "ssh",
-    clan_cli.ssh.ssh(
+            "-o",
-        host=host,
+            "UserKnownHostsFile=/dev/null",
-        user=user,
+            "-o",
-    )
+            "StrictHostKeyChecking=no",
-    assert fp.call_count(cmd) == 1
+            f"{user}@{host}",
+            fp.any(),
+        ]
+        fp.register(cmd)
+        clan_cli.ssh.ssh(
+            host=host,
+            user=user,
+        )
+        assert fp.call_count(cmd) == 1
 
 
 def test_ssh_with_pass(fp: pytest_subprocess.fake_process.FakeProcess) -> None:
-    host = "somehost"
+    with mock_env(CLAN_NIXPKGS="/mocked-nixpkgs"):
-    user = "user"
+        host = "somehost"
-    cmd: list[Union[str, utils.Any]] = [
+        user = "user"
-        "nix",
+        cmd: list[Union[str, utils.Any]] = [
-        "shell",
+            "nix",
-        "nixpkgs#sshpass",
+            "shell",
-        "-c",
+            "-f",
-        fp.any(),
+            "/mocked-nixpkgs",
-    ]
+            "tor",
-    fp.register(cmd)
+            "openssh",
-    clan_cli.ssh.ssh(
+            "sshpass",
-        host=host,
+            "-c",
-        user=user,
+            "torify",
-        password="XXX",
+            "sshpass",
-    )
+            "-p",
-    assert fp.call_count(cmd) == 1
+            fp.any(),
+        ]
+        fp.register(cmd)
+        clan_cli.ssh.ssh(
+            host=host,
+            user=user,
+            password="XXX",
+        )
+        assert fp.call_count(cmd) == 1
 
 
 def test_qrcode_scan(fp: pytest_subprocess.fake_process.FakeProcess) -> None: