From f26e888c41d28107de9dbc5b4e1553c1dfcf83db Mon Sep 17 00:00:00 2001 From: Roman Melnikov Date: Wed, 6 Sep 2023 14:54:22 +0200 Subject: [#201] Deduce profile directory during activation Problem: Since https://github.com/NixOS/nix/pull/5226 nix profiles for users are stored in 'XDG_STATE_HOME' or 'HOME' directory. However, 'deploy-rs' still expects profiles to be present in '/nix/var/nix/profiles/per-user'. As a result, an attempt to deploy a profile with newer nix may fail with an error about non-existing files. Solution: Instead of deducing the profile path prior to ssh'ing and actual activation, deduce the path to the profile during as a part of 'activate-rs' invocation. Now if the profile path is not specified explicitly as an attribute in profile within the deploy flake, the path to the profile is determined based on the user to which the profile belongs and on the values of 'XDG_STATE_HOME' and 'HOME' variables. Additionally, if the old profile directory (in '/nix/var/nix/profiles/per-user') for a given user already exists, it is used instead for the sake of backward compatibility. --- src/bin/activate.rs | 110 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 97 insertions(+), 13 deletions(-) (limited to 'src/bin/activate.rs') diff --git a/src/bin/activate.rs b/src/bin/activate.rs index bf03538..4a2760b 100644 --- a/src/bin/activate.rs +++ b/src/bin/activate.rs @@ -15,9 +15,10 @@ use tokio::time::timeout; use std::time::Duration; -use std::path::PathBuf; +use std::env; +use std::path::{Path, PathBuf}; -use notify::{RecommendedWatcher, RecursiveMode, Watcher, recommended_watcher}; +use notify::{recommended_watcher, RecommendedWatcher, RecursiveMode, Watcher}; use thiserror::Error; @@ -47,11 +48,24 @@ enum SubCommand { /// Activate a profile #[derive(Clap, Debug)] +#[clap(group( + clap::ArgGroup::new("profile") + .required(true) + .multiple(false) + .args(&["profile-path","profile-user"]) +))] struct ActivateOpts { /// The closure to activate closure: String, /// The profile path to install into - profile_path: String, + #[clap(long)] + profile_path: Option, + /// The profile user if explicit profile path is not specified + #[clap(long, requires = "profile-name")] + profile_user: Option, + /// The profile name + #[clap(long, requires = "profile-user")] + profile_name: Option, /// Maximum time to wait for confirmation after activation #[clap(long)] @@ -78,7 +92,7 @@ struct ActivateOpts { temp_path: PathBuf, } -/// Activate a profile +/// Wait for profile activation #[derive(Clap, Debug)] struct WaitOpts { /// The closure to wait for @@ -89,11 +103,18 @@ struct WaitOpts { temp_path: PathBuf, } -/// Activate a profile +/// Revoke profile activation #[derive(Clap, Debug)] struct RevokeOpts { - /// The profile path to revoke - profile_path: String, + /// The profile path to install into + #[clap(long)] + profile_path: Option, + /// The profile user if explicit profile path is not specified + #[clap(long, requires = "profile-name")] + profile_user: Option, + /// The profile name + #[clap(long, requires = "profile-user")] + profile_name: Option, } #[derive(Error, Debug)] @@ -315,8 +336,8 @@ pub async fn wait(temp_path: PathBuf, closure: String) -> Result<(), WaitError> // 'lock_path' may not exist yet when some other files are created in 'temp_path' // x is already supposed to be canonical path Ok(lock_path) if x == &lock_path => created.try_send(Ok(())), - _ => Ok (()) - } + _ => Ok(()), + }, _ => Ok(()), } } @@ -459,6 +480,61 @@ async fn revoke(profile_path: String) -> Result<(), DeactivateError> { Ok(()) } +#[derive(Error, Debug)] +pub enum GetProfilePathError { + #[error("Failed to deduce HOME directory for user {0}")] + NoUserHome(String), +} + +fn get_profile_path( + profile_path: Option, + profile_user: Option, + profile_name: Option, +) -> Result { + match (profile_path, profile_user, profile_name) { + (Some(profile_path), None, None) => Ok(profile_path), + (None, Some(profile_user), Some(profile_name)) => { + let nix_state_dir = env::var("NIX_STATE_DIR").unwrap_or("/nix/var/nix".to_string()); + // As per https://nixos.org/manual/nix/stable/command-ref/files/profiles#profiles + match &profile_user[..] { + "root" => { + match &profile_name[..] { + // NixOS system profile belongs to the root user, but isn't stored in the 'per-user/root' + "system" => Ok(format!("{}/profiles/system", nix_state_dir)), + _ => Ok(format!( + "{}/profiles/per-user/root/{}", + nix_state_dir, profile_name + )), + } + } + _ => { + let old_user_profiles_dir = + format!("{}/profiles/per-user/{}", nix_state_dir, profile_user); + // To stay backward compatible + if Path::new(&old_user_profiles_dir).exists() { + Ok(format!("{}/{}", old_user_profiles_dir, profile_name)) + } else { + // https://github.com/NixOS/nix/blob/2.17.0/src/libstore/profiles.cc#L308 + // This is basically the equivalent of calling 'dirs::state_dir()'. + // However, this function returns 'None' on macOS, while nix will actually + // check env variables, so we imitate nix implementation below instead of + // using 'dirs::state_dir()' directly. + let state_dir = env::var("XDG_STATE_HOME").or_else(|_| { + dirs::home_dir() + .map(|h| { + format!("{}/.local/state", h.as_path().display().to_string()) + }) + .ok_or(GetProfilePathError::NoUserHome(profile_user)) + })?; + Ok(format!("{}/nix/profiles/{}", state_dir, profile_name)) + } + } + } + } + _ => panic!("impossible"), + } +} + #[tokio::main] async fn main() -> Result<(), Box> { // Ensure that this process stays alive after the SSH connection dies @@ -483,7 +559,11 @@ async fn main() -> Result<(), Box> { let r = match opts.subcmd { SubCommand::Activate(activate_opts) => activate( - activate_opts.profile_path, + get_profile_path( + activate_opts.profile_path, + activate_opts.profile_user, + activate_opts.profile_name, + )?, activate_opts.closure, activate_opts.auto_rollback, activate_opts.temp_path, @@ -499,9 +579,13 @@ async fn main() -> Result<(), Box> { .await .map_err(|x| Box::new(x) as Box), - SubCommand::Revoke(revoke_opts) => revoke(revoke_opts.profile_path) - .await - .map_err(|x| Box::new(x) as Box), + SubCommand::Revoke(revoke_opts) => revoke(get_profile_path( + revoke_opts.profile_path, + revoke_opts.profile_user, + revoke_opts.profile_name, + )?) + .await + .map_err(|x| Box::new(x) as Box), }; match r { -- cgit v1.2.3