From a04951541a4d844ed6a758bd25e8243f0bee7af9 Mon Sep 17 00:00:00 2001 From: Charles Hall Date: Fri, 21 Mar 2025 15:22:14 -0700 Subject: [PATCH] don't check canonicalized paths while sandboxed Because the configured paths won't exist in the sandbox, so canonicalization would fail. --- nix/modules/default/default.nix | 2 +- src/cli.rs | 11 ++++++++--- src/cli/check_config.rs | 7 ++++--- src/cli/serve.rs | 2 +- src/config.rs | 27 ++++++++++++++++----------- 5 files changed, 30 insertions(+), 19 deletions(-) diff --git a/nix/modules/default/default.nix b/nix/modules/default/default.nix index 0402609e..92873a71 100644 --- a/nix/modules/default/default.nix +++ b/nix/modules/default/default.nix @@ -12,7 +12,7 @@ let cfg = config.services.grapevine; configFile = format.generate "config.toml" cfg.settings; validateConfig = file: pkgs.runCommand "grapevine-checked-config" {} '' - ${lib.getExe cfg.package} check-config -c ${lib.escapeShellArg file} + ${lib.getExe cfg.package} check-config -sc ${lib.escapeShellArg file} ln -s ${lib.escapeShellArg file} "$out" ''; format = pkgs.formats.toml {}; diff --git a/src/cli.rs b/src/cli.rs index 99641790..4f4c85cc 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -42,6 +42,13 @@ pub(crate) struct CheckConfigArgs { #[clap(flatten)] observability: ObservabilityArgs, + + /// Supply this option if the check is being performed in a sandbox. + /// + /// This causes certain checks that can only be run against the actual + /// installation to be skipped. + #[arg(long, short)] + sandboxed: bool, } /// Wrapper for the `--config` arg. @@ -96,9 +103,7 @@ impl Args { match self.command { Command::Serve(args) => serve::run(args).await?, - Command::CheckConfig(args) => { - check_config::run(args.config).await?; - } + Command::CheckConfig(args) => check_config::run(args).await?, } Ok(()) } diff --git a/src/cli/check_config.rs b/src/cli/check_config.rs index 9dd0dba3..943491bb 100644 --- a/src/cli/check_config.rs +++ b/src/cli/check_config.rs @@ -1,11 +1,12 @@ use tracing::info; -use crate::{cli::ConfigArg, config, error}; +use crate::{cli::CheckConfigArgs, config, error}; pub(crate) async fn run( - args: ConfigArg, + args: CheckConfigArgs, ) -> Result<(), error::CheckConfigCommand> { - let _config = config::load(args.config.as_ref()).await?; + let _config = + config::load(args.config.config.as_ref(), args.sandboxed).await?; info!("Configuration looks good"); Ok(()) } diff --git a/src/cli/serve.rs b/src/cli/serve.rs index bac85e48..d08807b6 100644 --- a/src/cli/serve.rs +++ b/src/cli/serve.rs @@ -70,7 +70,7 @@ use crate::{ pub(crate) async fn run(args: ServeArgs) -> Result<(), error::ServeCommand> { use error::ServeCommand as Error; - let config = config::load(args.config.config.as_ref()).await?; + let config = config::load(args.config.config.as_ref(), false).await?; rustls::crypto::ring::default_provider() .install_default() diff --git a/src/config.rs b/src/config.rs index 0c1f2e55..8f3b2116 100644 --- a/src/config.rs +++ b/src/config.rs @@ -514,7 +514,10 @@ fn search() -> Result { } /// Load the configuration from the given path or XDG Base Directories -pub(crate) async fn load

(path: Option

) -> Result +pub(crate) async fn load

( + path: Option

, + sandboxed: bool, +) -> Result where P: AsRef, { @@ -544,18 +547,20 @@ where return Err(Error::DatabaseMediaOverlap); } - let media_path = x - .path - .canonicalize() - .map_err(|e| Error::Canonicalize(e, x.path.clone()))?; + if !sandboxed { + let media_path = x + .path + .canonicalize() + .map_err(|e| Error::Canonicalize(e, x.path.clone()))?; - let database_path = - config.database.path.canonicalize().map_err(|e| { - Error::Canonicalize(e, config.database.path.clone()) - })?; + let database_path = + config.database.path.canonicalize().map_err(|e| { + Error::Canonicalize(e, config.database.path.clone()) + })?; - if overlap(&media_path, &database_path) { - return Err(Error::DatabaseMediaOverlap); + if overlap(&media_path, &database_path) { + return Err(Error::DatabaseMediaOverlap); + } } } }