Skip to content

nixos/radicle: fix support of absolute file paths for SSH keys#329731

Merged
Mic92 merged 1 commit intoNixOS:masterfrom
ju1m:radicle
Jul 26, 2024
Merged

nixos/radicle: fix support of absolute file paths for SSH keys#329731
Mic92 merged 1 commit intoNixOS:masterfrom
ju1m:radicle

Conversation

@ju1m
Copy link
Copy Markdown
Contributor

@ju1m ju1m commented Jul 24, 2024
edited
Loading

Description of changes

Following up on #314440 (comment)

Things done

  • Only support absolute paths for privateKeyFile by dropping str type.
  • Fix support of absolute path for publicKeyFile by using lib.types.path.check instead of builtins.isPath.
  • Rename publicKeyFile to publicKey since it supports both path and str types. I've not cluttered the file with a backward compatibility because services.radicle has never been in a stable release yet.
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jul 24, 2024
@ju1m ju1m mentioned this pull request Jul 24, 2024
Merged
18 tasks
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Jul 24, 2024
@lorenzleutgeb lorenzleutgeb added 0.kind: enhancement Add something new or improve an existing system. needs_merger 12.approvals: 2 This PR was reviewed and approved by two persons. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages. labels Jul 25, 2024
@Mic92 Mic92 merged commit cd8166e into NixOS:master Jul 26, 2024
@ju1m ju1m deleted the radicle branch July 26, 2024 22:57
@ju1m
Copy link
Copy Markdown
Contributor Author

ju1m commented Jul 26, 2024
edited
Loading

Oops, I should not have dropped the str type for privateKeyFile:

  • Only support absolute paths for privateKeyFile by dropping str type.

str is actually needed to use an encrypted privateKeyFile, as in:

$ ssh-keygen -t ed25519 -f radicle -N ""
$ systemd-creds encrypt --name radicle --with-key=auto radicle radicle.cred

And:

services.radicle.privateKeyFile = "radicle:${path/to/radicle.cred}"

Here the name of the credential appears as a prefix and thus privateKeyFile is no longer a path.

@ju1m ju1m mentioned this pull request Jul 26, 2024
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@dpc dpc dpc approved these changes

@lorenzleutgeb lorenzleutgeb lorenzleutgeb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

0.kind: enhancement Add something new or improve an existing system. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 12.approvals: 2 This PR was reviewed and approved by two persons. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ju1m @dpc @lorenzleutgeb @Mic92