diff --git a/pkgs/clan-cli/clan_cli/api/directory.py b/pkgs/clan-cli/clan_cli/api/directory.py index 6749cbb0b..cdd297ba6 100644 --- a/pkgs/clan-cli/clan_cli/api/directory.py +++ b/pkgs/clan-cli/clan_cli/api/directory.py @@ -6,7 +6,7 @@ from typing import Any, Literal from clan_cli.cmd import RunOpts from clan_cli.errors import ClanError -from clan_cli.nix import nix_shell, run_no_stdout +from clan_cli.nix import nix_shell_legacy, run_no_stdout from . import API @@ -126,7 +126,7 @@ def show_block_devices() -> Blockdevices: It must return a list of block devices. """ - cmd = nix_shell( + cmd = nix_shell_legacy( ["nixpkgs#util-linux"], [ "lsblk", diff --git a/pkgs/clan-cli/clan_cli/api/mdns_discovery.py b/pkgs/clan-cli/clan_cli/api/mdns_discovery.py index 64fc9cf8c..6f45734e0 100644 --- a/pkgs/clan-cli/clan_cli/api/mdns_discovery.py +++ b/pkgs/clan-cli/clan_cli/api/mdns_discovery.py @@ -3,7 +3,7 @@ import re from dataclasses import dataclass from clan_cli.cmd import run_no_stdout -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from . import API @@ -89,7 +89,7 @@ def parse_avahi_output(output: str) -> DNSInfo: @API.register def show_mdns() -> DNSInfo: - cmd = nix_shell( + cmd = nix_shell_legacy( ["nixpkgs#avahi"], [ "avahi-browse", diff --git a/pkgs/clan-cli/clan_cli/bwrap/__init__.py b/pkgs/clan-cli/clan_cli/bwrap/__init__.py index 48311fe4c..f733ba3d6 100644 --- a/pkgs/clan-cli/clan_cli/bwrap/__init__.py +++ b/pkgs/clan-cli/clan_cli/bwrap/__init__.py @@ -1,5 +1,5 @@ from clan_cli.cmd import run -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy _works: bool | None = None @@ -13,7 +13,7 @@ def bubblewrap_works() -> bool: def _bubblewrap_works() -> bool: # fmt: off - cmd = nix_shell( + cmd = nix_shell_legacy( [ "nixpkgs#bash", "nixpkgs#bubblewrap", diff --git a/pkgs/clan-cli/clan_cli/clan/create.py b/pkgs/clan-cli/clan_cli/clan/create.py index dc84dd90f..f311e38b3 100644 --- a/pkgs/clan-cli/clan_cli/clan/create.py +++ b/pkgs/clan-cli/clan_cli/clan/create.py @@ -9,7 +9,7 @@ from clan_cli.cmd import CmdOut, RunOpts, run from clan_cli.errors import ClanError from clan_cli.flake import Flake from clan_cli.inventory import Inventory, init_inventory -from clan_cli.nix import nix_command, nix_metadata, nix_shell +from clan_cli.nix import nix_command, nix_metadata, nix_shell_legacy from clan_cli.templates import ( InputPrio, TemplateName, @@ -41,7 +41,7 @@ class CreateOptions: def git_command(directory: Path, *args: str) -> list[str]: - return nix_shell(["nixpkgs#git"], ["git", "-C", str(directory), *args]) + return nix_shell_legacy(["nixpkgs#git"], ["git", "-C", str(directory), *args]) @API.register diff --git a/pkgs/clan-cli/clan_cli/facts/generate.py b/pkgs/clan-cli/clan_cli/facts/generate.py index be046117c..72511fe05 100644 --- a/pkgs/clan-cli/clan_cli/facts/generate.py +++ b/pkgs/clan-cli/clan_cli/facts/generate.py @@ -18,7 +18,7 @@ from clan_cli.errors import ClanError from clan_cli.git import commit_files from clan_cli.machines.inventory import get_all_machines, get_selected_machines from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from .check import check_secrets from .public_modules import FactStoreBase @@ -39,7 +39,7 @@ def read_multiline_input(prompt: str = "Finish with Ctrl-D") -> str: def bubblewrap_cmd(generator: str, facts_dir: Path, secrets_dir: Path) -> list[str]: # fmt: off - return nix_shell( + return nix_shell_legacy( [ "nixpkgs#bash", "nixpkgs#bubblewrap", diff --git a/pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py b/pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py index 2f6c5ae2d..47cf48a77 100644 --- a/pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py +++ b/pkgs/clan-cli/clan_cli/facts/secret_modules/password_store.py @@ -5,7 +5,7 @@ from typing import override from clan_cli.cmd import Log, RunOpts from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from . import SecretStoreBase @@ -18,7 +18,7 @@ class SecretStore(SecretStoreBase): self, service: str, name: str, value: bytes, groups: list[str] ) -> Path | None: subprocess.run( - nix_shell( + nix_shell_legacy( ["nixpkgs#pass"], ["pass", "insert", "-m", f"machines/{self.machine.name}/{name}"], ), @@ -29,7 +29,7 @@ class SecretStore(SecretStoreBase): def get(self, service: str, name: str) -> bytes: return subprocess.run( - nix_shell( + nix_shell_legacy( ["nixpkgs#pass"], ["pass", "show", f"machines/{self.machine.name}/{name}"], ), @@ -51,7 +51,7 @@ class SecretStore(SecretStoreBase): hashes = [] hashes.append( subprocess.run( - nix_shell( + nix_shell_legacy( ["nixpkgs#git"], [ "git", @@ -71,7 +71,7 @@ class SecretStore(SecretStoreBase): if symlink.is_symlink(): hashes.append( subprocess.run( - nix_shell( + nix_shell_legacy( ["nixpkgs#git"], [ "git", diff --git a/pkgs/clan-cli/clan_cli/flash/flash.py b/pkgs/clan-cli/clan_cli/flash/flash.py index 217ecf98d..51d2fc61c 100644 --- a/pkgs/clan-cli/clan_cli/flash/flash.py +++ b/pkgs/clan-cli/clan_cli/flash/flash.py @@ -13,7 +13,7 @@ from clan_cli.errors import ClanError from clan_cli.facts.generate import generate_facts from clan_cli.facts.secret_modules import SecretStoreBase from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from clan_cli.vars.generate import generate_vars from .automount import pause_automounting @@ -147,7 +147,7 @@ def flash_machine( disko_install.extend(["--option", "dry-run", "true"]) disko_install.extend(extra_args) - cmd = nix_shell( + cmd = nix_shell_legacy( ["nixpkgs#disko"], disko_install, ) diff --git a/pkgs/clan-cli/clan_cli/git.py b/pkgs/clan-cli/clan_cli/git.py index c721cf8b5..3d599faf8 100644 --- a/pkgs/clan-cli/clan_cli/git.py +++ b/pkgs/clan-cli/clan_cli/git.py @@ -4,7 +4,7 @@ from pathlib import Path from .cmd import Log, RunOpts, run from .errors import ClanError from .locked_open import locked_open -from .nix import run_cmd +from .nix import nix_shell def commit_file( @@ -72,7 +72,7 @@ def _commit_file_to_git( with locked_open(real_git_dir / "clan.lock", "w+"): for file_path in file_paths: - cmd = run_cmd( + cmd = nix_shell( ["git"], ["git", "-C", str(repo_dir), "add", "--", str(file_path)], ) @@ -87,7 +87,7 @@ def _commit_file_to_git( ) # check if there is a diff - cmd = run_cmd( + cmd = nix_shell( ["git"], ["git", "-C", str(repo_dir), "diff", "--cached", "--exit-code", "--"] + [str(file_path) for file_path in file_paths], @@ -98,7 +98,7 @@ def _commit_file_to_git( return # commit only that file - cmd = run_cmd( + cmd = nix_shell( ["git"], [ "git", diff --git a/pkgs/clan-cli/clan_cli/machines/hardware.py b/pkgs/clan-cli/clan_cli/machines/hardware.py index 6d3f95776..c69ac7279 100644 --- a/pkgs/clan-cli/clan_cli/machines/hardware.py +++ b/pkgs/clan-cli/clan_cli/machines/hardware.py @@ -13,7 +13,7 @@ from clan_cli.errors import ClanCmdError, ClanError from clan_cli.flake import Flake from clan_cli.git import commit_file from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_config, nix_eval, run_cmd +from clan_cli.nix import nix_config, nix_eval, nix_shell from .types import machine_name_type @@ -144,7 +144,7 @@ def generate_machine_hardware_info(opts: HardwareGenerateOptions) -> HardwareCon if opts.password: deps += ["sshpass"] - cmd = run_cmd( + cmd = nix_shell( deps, [ *(["sshpass", "-p", opts.password] if opts.password else []), diff --git a/pkgs/clan-cli/clan_cli/machines/install.py b/pkgs/clan-cli/clan_cli/machines/install.py index 3cbe07448..462986510 100644 --- a/pkgs/clan-cli/clan_cli/machines/install.py +++ b/pkgs/clan-cli/clan_cli/machines/install.py @@ -18,7 +18,7 @@ from clan_cli.errors import ClanError from clan_cli.facts.generate import generate_facts from clan_cli.machines.hardware import HardwareConfig from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from clan_cli.ssh.deploy_info import DeployInfo, find_reachable_host, ssh_command_parse from clan_cli.ssh.host_key import HostKeyCheck from clan_cli.vars.generate import generate_vars @@ -146,7 +146,7 @@ def install_machine(opts: InstallOptions) -> None: # cmd.append("--ssh-option") # cmd.append("ProxyCommand=nc -x 127.0.0.1:9050 -X 5 %h %p") run( - nix_shell( + nix_shell_legacy( [ "nixpkgs#nixos-anywhere", "nixpkgs#tor", @@ -157,7 +157,7 @@ def install_machine(opts: InstallOptions) -> None: ) else: run( - nix_shell( + nix_shell_legacy( ["nixpkgs#nixos-anywhere"], cmd, ), diff --git a/pkgs/clan-cli/clan_cli/machines/list.py b/pkgs/clan-cli/clan_cli/machines/list.py index f81d41755..c0ae9b875 100644 --- a/pkgs/clan-cli/clan_cli/machines/list.py +++ b/pkgs/clan-cli/clan_cli/machines/list.py @@ -20,7 +20,7 @@ from clan_cli.inventory import ( patch_inventory_with, ) from clan_cli.machines.hardware import HardwareConfig -from clan_cli.nix import nix_eval, nix_shell +from clan_cli.nix import nix_eval, nix_shell_legacy from clan_cli.tags import list_nixos_machines_by_tags log = logging.getLogger(__name__) @@ -126,7 +126,7 @@ def check_machine_online( timeout = opts.timeout if opts and opts.timeout else 20 - cmd = nix_shell( + cmd = nix_shell_legacy( ["nixpkgs#util-linux", *(["nixpkgs#openssh"] if hostname else [])], [ "ssh", diff --git a/pkgs/clan-cli/clan_cli/nix/__init__.py b/pkgs/clan-cli/clan_cli/nix/__init__.py index 2bf57c88e..72e63b4d4 100644 --- a/pkgs/clan-cli/clan_cli/nix/__init__.py +++ b/pkgs/clan-cli/clan_cli/nix/__init__.py @@ -105,8 +105,8 @@ def nix_metadata(flake_url: str | Path) -> dict[str, Any]: return data -# Deprecated: use run_cmd() instead -def nix_shell(packages: list[str], cmd: list[str]) -> list[str]: +# Deprecated: use nix_shell() instead +def nix_shell_legacy(packages: list[str], cmd: list[str]) -> list[str]: # we cannot use nix-shell inside the nix sandbox # in our tests we just make sure we have all the packages if ( @@ -124,46 +124,48 @@ def nix_shell(packages: list[str], cmd: list[str]) -> list[str]: # lazy loads list of allowed and static programs -class Programs: - allowed_programs: set[str] | None = None - static_programs: set[str] | None = None +class Packages: + allowed_packages: set[str] | None = None + static_packages: set[str] | None = None @classmethod - def ensure_allowed(cls: type["Programs"], program: str) -> None: - if cls.allowed_programs is None: - with (Path(__file__).parent / "allowed-programs.json").open() as f: - cls.allowed_programs = allowed_programs = set(json.load(f)) + def ensure_allowed(cls: type["Packages"], package: str) -> None: + if cls.allowed_packages is None: + with (Path(__file__).parent / "allowed-packages.json").open() as f: + cls.allowed_packages = allowed_packages = set(json.load(f)) else: - allowed_programs = cls.allowed_programs + allowed_packages = cls.allowed_packages - if program not in allowed_programs: - msg = f"Program not allowed: '{program}', allowed programs are:\n{'\n'.join(allowed_programs)}" + if package not in allowed_packages: + msg = f"Package not allowed: '{package}', allowed packages are:\n{'\n'.join(allowed_packages)}" raise ClanError(msg) @classmethod - def is_static(cls: type["Programs"], program: str) -> bool: + def is_provided(cls: type["Packages"], program: str) -> bool: """ - Determines if a program is statically shipped with this clan distribution + Determines if a program is shipped with the clan package. """ - if cls.static_programs is None: - cls.static_programs = set( - os.environ.get("CLAN_STATIC_PROGRAMS", "").split(":") + if cls.static_packages is None: + cls.static_packages = set( + os.environ.get("CLAN_PROVIDED_PACKAGES", "").split(":") ) - return program in cls.static_programs + return program in cls.static_packages -# Alternative implementation of nix_shell() to replace nix_shell() at some point +# Alternative implementation of nix_shell() to replace nix_shell_legacy() at some point # Features: -# - allow list for programs (need to be specified in allowed-programs.json) +# - allow list for programs (need to be specified in allowed-packages.json) # - be abe to compute a closure of all deps for testing # - build clan distributions that ship some or all packages (eg. clan-cli-full) -def run_cmd(programs: list[str], cmd: list[str]) -> list[str]: - for program in programs: - Programs.ensure_allowed(program) +def nix_shell(packages: list[str], cmd: list[str]) -> list[str]: + for program in packages: + Packages.ensure_allowed(program) if os.environ.get("IN_NIX_SANDBOX"): return cmd missing_packages = [ - f"nixpkgs#{program}" for program in programs if not Programs.is_static(program) + f"nixpkgs#{package}" + for package in packages + if not Packages.is_provided(package) ] if not missing_packages: return cmd diff --git a/pkgs/clan-cli/clan_cli/nix/allowed-programs.json b/pkgs/clan-cli/clan_cli/nix/allowed-packages.json similarity index 100% rename from pkgs/clan-cli/clan_cli/nix/allowed-programs.json rename to pkgs/clan-cli/clan_cli/nix/allowed-packages.json diff --git a/pkgs/clan-cli/clan_cli/secrets/import_sops.py b/pkgs/clan-cli/clan_cli/secrets/import_sops.py index de07fd07e..30fd110ee 100644 --- a/pkgs/clan-cli/clan_cli/secrets/import_sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/import_sops.py @@ -11,7 +11,7 @@ from clan_cli.completions import ( complete_users, ) from clan_cli.errors import ClanError -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from .secrets import encrypt_secret, sops_secrets_folder @@ -30,7 +30,7 @@ def import_sops(args: argparse.Namespace) -> None: if args.input_type: cmd += ["--input-type", args.input_type] cmd += ["--output-type", "json", "--decrypt", args.sops_file] - cmd = nix_shell(["nixpkgs#sops", "nixpkgs#gnupg"], cmd) + cmd = nix_shell_legacy(["nixpkgs#sops", "nixpkgs#gnupg"], cmd) res = run(cmd, RunOpts(error_msg=f"Could not import sops file {file}")) secrets = json.loads(res.stdout) diff --git a/pkgs/clan-cli/clan_cli/secrets/sops.py b/pkgs/clan-cli/clan_cli/secrets/sops.py index 29d29a861..6f0eefa10 100644 --- a/pkgs/clan-cli/clan_cli/secrets/sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/sops.py @@ -16,7 +16,7 @@ from clan_cli.api import API from clan_cli.cmd import Log, RunOpts, run from clan_cli.dirs import user_config_dir from clan_cli.errors import ClanError -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from .folders import sops_machines_folder, sops_users_folder @@ -233,7 +233,7 @@ def sops_run( raise ClanError(msg) sops_cmd.append(str(secret_path)) - cmd = nix_shell(["nixpkgs#sops", "nixpkgs#gnupg"], sops_cmd) + cmd = nix_shell_legacy(["nixpkgs#sops", "nixpkgs#gnupg"], sops_cmd) opts = ( dataclasses.replace(run_opts, env=environ) if run_opts @@ -249,7 +249,7 @@ def sops_run( def get_public_age_key(privkey: str) -> str: - cmd = nix_shell(["nixpkgs#age"], ["age-keygen", "-y"]) + cmd = nix_shell_legacy(["nixpkgs#age"], ["age-keygen", "-y"]) error_msg = "Failed to get public key for age private key. Is the key malformed?" res = run(cmd, RunOpts(input=privkey.encode(), error_msg=error_msg)) @@ -257,7 +257,7 @@ def get_public_age_key(privkey: str) -> str: def generate_private_key(out_file: Path | None = None) -> tuple[str, str]: - cmd = nix_shell(["nixpkgs#age"], ["age-keygen"]) + cmd = nix_shell_legacy(["nixpkgs#age"], ["age-keygen"]) try: proc = run(cmd) res = proc.stdout.strip() diff --git a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py index cccf6356b..338118d97 100644 --- a/pkgs/clan-cli/clan_cli/ssh/deploy_info.py +++ b/pkgs/clan-cli/clan_cli/ssh/deploy_info.py @@ -14,7 +14,7 @@ from clan_cli.completions import ( ) from clan_cli.errors import ClanError from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from clan_cli.ssh.host import Host, is_ssh_reachable from clan_cli.ssh.host_key import HostKeyCheck from clan_cli.ssh.parse import parse_deployment_address @@ -65,7 +65,7 @@ def find_reachable_host( def qrcode_scan(picture_file: Path) -> str: - cmd = nix_shell( + cmd = nix_shell_legacy( ["nixpkgs#zbar"], [ "zbarimg", diff --git a/pkgs/clan-cli/clan_cli/ssh/host.py b/pkgs/clan-cli/clan_cli/ssh/host.py index 0cebdd101..e1b8df550 100644 --- a/pkgs/clan-cli/clan_cli/ssh/host.py +++ b/pkgs/clan-cli/clan_cli/ssh/host.py @@ -12,7 +12,7 @@ from typing import Any from clan_cli.cmd import CmdOut, RunOpts, run from clan_cli.colors import AnsiColor from clan_cli.errors import ClanError -from clan_cli.nix import run_cmd +from clan_cli.nix import nix_shell from clan_cli.ssh.host_key import HostKeyCheck cmdlog = logging.getLogger(__name__) @@ -216,7 +216,7 @@ class Host: *ssh_opts, ] - return run_cmd(packages, cmd) + return nix_shell(packages, cmd) def connect_ssh_shell( self, *, password: str | None = None, tor_socks: bool = False diff --git a/pkgs/clan-cli/clan_cli/ssh/tor.py b/pkgs/clan-cli/clan_cli/ssh/tor.py index bfe4adbe4..a91fac6f1 100755 --- a/pkgs/clan-cli/clan_cli/ssh/tor.py +++ b/pkgs/clan-cli/clan_cli/ssh/tor.py @@ -10,7 +10,7 @@ from dataclasses import dataclass from clan_cli.async_run import AsyncRuntime from clan_cli.cmd import Log, RunOpts, run from clan_cli.errors import TorConnectionError, TorSocksError -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy log = logging.getLogger(__name__) @@ -117,7 +117,7 @@ def spawn_tor(runtime: AsyncRuntime) -> None: """Starts Tor process using nix-shell.""" cmd_args = ["tor", "--HardwareAccel", "1"] packages = ["nixpkgs#tor"] - cmd = nix_shell(packages, cmd_args) + cmd = nix_shell_legacy(packages, cmd_args) runtime.async_run(None, run, cmd, RunOpts(log=Log.BOTH)) log.debug("Attempting to start Tor") diff --git a/pkgs/clan-cli/clan_cli/tests/git_repo.py b/pkgs/clan-cli/clan_cli/tests/git_repo.py index ed8f94495..fa7b7d08f 100644 --- a/pkgs/clan-cli/clan_cli/tests/git_repo.py +++ b/pkgs/clan-cli/clan_cli/tests/git_repo.py @@ -2,19 +2,21 @@ import subprocess from pathlib import Path import pytest -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy # fixture for git_repo @pytest.fixture def git_repo(temp_dir: Path) -> Path: # initialize a git repository - cmd = nix_shell(["nixpkgs#git"], ["git", "init"]) + cmd = nix_shell_legacy(["nixpkgs#git"], ["git", "init"]) subprocess.run(cmd, cwd=temp_dir, check=True) # set user.name and user.email - cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "test"]) + cmd = nix_shell_legacy(["nixpkgs#git"], ["git", "config", "user.name", "test"]) subprocess.run(cmd, cwd=temp_dir, check=True) - cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"]) + cmd = nix_shell_legacy( + ["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"] + ) subprocess.run(cmd, cwd=temp_dir, check=True) # return the path to the git repository return temp_dir diff --git a/pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py b/pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py index ade387fc1..44ff26821 100644 --- a/pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py +++ b/pkgs/clan-cli/clan_cli/tests/test_secrets_password_store.py @@ -6,7 +6,7 @@ from clan_cli.facts.secret_modules.password_store import SecretStore from clan_cli.flake import Flake from clan_cli.machines.facts import machine_get_fact from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from clan_cli.ssh.host import Host from clan_cli.tests.fixtures_flakes import ClanFlake from clan_cli.tests.helpers import cli @@ -58,13 +58,13 @@ def test_upload_secret( """ ) subprocess.run( - nix_shell( + nix_shell_legacy( ["nixpkgs#gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)] ), check=True, ) subprocess.run( - nix_shell(["nixpkgs#pass"], ["pass", "init", "test@local"]), check=True + nix_shell_legacy(["nixpkgs#pass"], ["pass", "init", "test@local"]), check=True ) cli.run(["facts", "generate", "vm1", "--flake", str(flake.path)]) diff --git a/pkgs/clan-cli/clan_cli/vars/generate.py b/pkgs/clan-cli/clan_cli/vars/generate.py index d229a0ff4..6a82a541e 100644 --- a/pkgs/clan-cli/clan_cli/vars/generate.py +++ b/pkgs/clan-cli/clan_cli/vars/generate.py @@ -17,7 +17,7 @@ from clan_cli.completions import ( from clan_cli.errors import ClanError from clan_cli.git import commit_files from clan_cli.machines.inventory import get_all_machines, get_selected_machines -from clan_cli.nix import nix_config, nix_shell, nix_test_store +from clan_cli.nix import nix_config, nix_shell_legacy, nix_test_store from clan_cli.vars._types import StoreBase from .check import check_vars @@ -84,7 +84,7 @@ def bubblewrap_cmd(generator: str, tmpdir: Path) -> list[str]: test_store = nix_test_store() # fmt: off - return nix_shell( + return nix_shell_legacy( [ "nixpkgs#bash", "nixpkgs#bubblewrap", diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py index 6d5069e47..e38d55c5c 100644 --- a/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py +++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/password_store.py @@ -9,7 +9,7 @@ from tempfile import TemporaryDirectory from clan_cli.cmd import CmdOut, Log, RunOpts, run from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from clan_cli.ssh.upload import upload from clan_cli.vars._types import StoreBase from clan_cli.vars.generate import Generator, Var @@ -49,7 +49,9 @@ class SecretStore(StoreBase): return Path(self.entry_prefix) / self.rel_dir(generator, name) def _run_pass(self, *args: str, options: RunOpts | None = None) -> CmdOut: - cmd = nix_shell(packages=["nixpkgs#pass"], cmd=[self._store_backend, *args]) + cmd = nix_shell_legacy( + packages=["nixpkgs#pass"], cmd=[self._store_backend, *args] + ) return run(cmd, options) def _set( @@ -90,7 +92,7 @@ class SecretStore(StoreBase): hashes = [] hashes.append( run( - nix_shell( + nix_shell_legacy( ["nixpkgs#git"], [ "git", @@ -118,7 +120,7 @@ class SecretStore(StoreBase): if symlink.is_symlink(): hashes.append( run( - nix_shell( + nix_shell_legacy( ["nixpkgs#git"], [ "git", diff --git a/pkgs/clan-cli/clan_cli/vms/run.py b/pkgs/clan-cli/clan_cli/vms/run.py index b61dd5c87..4f69a4c60 100644 --- a/pkgs/clan-cli/clan_cli/vms/run.py +++ b/pkgs/clan-cli/clan_cli/vms/run.py @@ -19,7 +19,7 @@ from clan_cli.dirs import module_root, user_cache_dir, vm_state_dir from clan_cli.errors import ClanCmdError, ClanError from clan_cli.facts.generate import generate_facts from clan_cli.machines.machines import Machine -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy from clan_cli.qemu.qga import QgaSession from clan_cli.qemu.qmp import QEMUMonitorProtocol @@ -96,7 +96,7 @@ def prepare_disk( file_name: str = "disk.img", ) -> Path: disk_img = directory / file_name - cmd = nix_shell( + cmd = nix_shell_legacy( ["nixpkgs#qemu"], [ "qemu-img", @@ -127,7 +127,7 @@ def start_vm( ) -> Iterator[subprocess.Popen]: env = os.environ.copy() env.update(extra_env) - cmd = nix_shell(packages, args) + cmd = nix_shell_legacy(packages, args) machine.debug(f"Starting VM with command: {cmd}") with subprocess.Popen( diff --git a/pkgs/clan-cli/clan_cli/vms/virtiofsd.py b/pkgs/clan-cli/clan_cli/vms/virtiofsd.py index a9d544103..38b185521 100644 --- a/pkgs/clan-cli/clan_cli/vms/virtiofsd.py +++ b/pkgs/clan-cli/clan_cli/vms/virtiofsd.py @@ -6,7 +6,7 @@ from collections.abc import Iterator from pathlib import Path from clan_cli.errors import ClanError -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy @contextlib.contextmanager @@ -14,7 +14,7 @@ def start_virtiofsd(socket_path: Path) -> Iterator[None]: sandbox = "namespace" if shutil.which("newuidmap") is None: sandbox = "none" - virtiofsd = nix_shell( + virtiofsd = nix_shell_legacy( ["nixpkgs#virtiofsd"], [ "virtiofsd", diff --git a/pkgs/clan-cli/clan_cli/vms/waypipe.py b/pkgs/clan-cli/clan_cli/vms/waypipe.py index 7a2ce2a14..4adf2597b 100644 --- a/pkgs/clan-cli/clan_cli/vms/waypipe.py +++ b/pkgs/clan-cli/clan_cli/vms/waypipe.py @@ -6,7 +6,7 @@ import time from collections.abc import Iterator from clan_cli.errors import ClanError -from clan_cli.nix import nix_shell +from clan_cli.nix import nix_shell_legacy VMADDR_CID_HYPERVISOR = 2 @@ -29,7 +29,7 @@ def start_waypipe(cid: int | None, title_prefix: str) -> Iterator[None]: if cid is None: yield return - waypipe = nix_shell( + waypipe = nix_shell_legacy( ["nixpkgs#waypipe"], [ "waypipe", diff --git a/pkgs/clan-cli/default.nix b/pkgs/clan-cli/default.nix index 042a23a90..0d80f1bdc 100644 --- a/pkgs/clan-cli/default.nix +++ b/pkgs/clan-cli/default.nix @@ -37,7 +37,7 @@ let # load nixpkgs runtime dependencies from a json file # This file represents an allow list at the same time that is checked by the run_cmd # implementation in nix.py - allDependencies = lib.importJSON ./clan_cli/nix/allowed-programs.json; + allDependencies = lib.importJSON ./clan_cli/nix/allowed-packages.json; generateRuntimeDependenciesMap = deps: lib.filterAttrs (_: pkg: !pkg.meta.unsupported or false) (lib.genAttrs deps (name: pkgs.${name})); @@ -109,7 +109,7 @@ pythonRuntime.pkgs.buildPythonApplication { clan-core-path "--set" - "CLAN_STATIC_PROGRAMS" + "CLAN_PROVIDED_PACKAGES" (lib.concatStringsSep ":" (lib.attrNames bundledRuntimeDependenciesMap)) ]; diff --git a/pkgs/clan-cli/flake-module.nix b/pkgs/clan-cli/flake-module.nix index cdd96d95b..f7bd869a9 100644 --- a/pkgs/clan-cli/flake-module.nix +++ b/pkgs/clan-cli/flake-module.nix @@ -146,7 +146,7 @@ clan-core-path = clanCoreWithVendoredDeps; templateDerivation = templateDerivation; pythonRuntime = pkgs.python3; - includedRuntimeDeps = lib.importJSON ./clan_cli/nix/allowed-programs.json; + includedRuntimeDeps = lib.importJSON ./clan_cli/nix/allowed-packages.json; }; clan-cli-docs = pkgs.stdenv.mkDerivation { name = "clan-cli-docs"; diff --git a/pkgs/clan-cli/pyproject.toml b/pkgs/clan-cli/pyproject.toml index 8e6492587..1fcfaf7fd 100644 --- a/pkgs/clan-cli/pyproject.toml +++ b/pkgs/clan-cli/pyproject.toml @@ -19,7 +19,7 @@ exclude = ["clan_cli.nixpkgs*", "result"] [tool.setuptools.package-data] clan_cli = [ - "**/allowed-programs.json", + "**/allowed-packages.json", "py.typed", "templates/**/*", "vms/mimetypes/**/*", diff --git a/pkgs/clan-cli/shell.nix b/pkgs/clan-cli/shell.nix index 15696a254..4f3a5dc82 100644 --- a/pkgs/clan-cli/shell.nix +++ b/pkgs/clan-cli/shell.nix @@ -25,7 +25,7 @@ mkShell { inputsFrom = [ self'.devShells.default ]; - CLAN_STATIC_PROGRAMS = lib.concatStringsSep ":" ( + CLAN_PROVIDED_PACKAGES = lib.concatStringsSep ":" ( lib.attrNames clan-cli-full.passthru.runtimeDependenciesMap );