backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-18 00:01:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

don't check canonicalized paths while sandboxed

Browse source 
Because the configured paths won't exist in the sandbox, so
canonicalization would fail.
This commit is contained in:
Charles Hall 2025-03-21 15:22:14 -07:00
parent 50583bc93e
commit a04951541a
No known key found for this signature in database
GPG key ID: 7B8E0645816E07CF
5 changed files with 30 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix/modules/default/default.nix
View file

@ -12,7 +12,7 @@ let
cfg = config.services.grapevine; cfg = config.services.grapevine;
configFile = format.generate "config.toml" cfg.settings; configFile = format.generate "config.toml" cfg.settings;
validateConfig = file: pkgs.runCommand "grapevine-checked-config" {} '' validateConfig = file: pkgs.runCommand "grapevine-checked-config" {} ''
${lib.getExe cfg.package} check-config -c ${lib.escapeShellArg file} ${lib.getExe cfg.package} check-config -sc ${lib.escapeShellArg file}
ln -s ${lib.escapeShellArg file} "$out" ln -s ${lib.escapeShellArg file} "$out"
''; '';
format = pkgs.formats.toml {}; format = pkgs.formats.toml {};

11
src/cli.rs
View file

@ -42,6 +42,13 @@ pub(crate) struct CheckConfigArgs {
#[clap(flatten)] #[clap(flatten)]
observability: ObservabilityArgs, observability: ObservabilityArgs,
/// Supply this option if the check is being performed in a sandbox.
///
/// This causes certain checks that can only be run against the actual
/// installation to be skipped.
#[arg(long, short)]
sandboxed: bool,
} }
/// Wrapper for the `--config` arg. /// Wrapper for the `--config` arg.
@ -96,9 +103,7 @@ impl Args {
match self.command { match self.command {
Command::Serve(args) => serve::run(args).await?, Command::Serve(args) => serve::run(args).await?,
Command::CheckConfig(args) => { Command::CheckConfig(args) => check_config::run(args).await?,
check_config::run(args.config).await?;
}
} }
Ok(()) Ok(())
} }

7
src/cli/check_config.rs
View file

@ -1,11 +1,12 @@
use tracing::info; use tracing::info;
use crate::{cli::ConfigArg, config, error}; use crate::{cli::CheckConfigArgs, config, error};
pub(crate) async fn run( pub(crate) async fn run(
args: ConfigArg, args: CheckConfigArgs,
) -> Result<(), error::CheckConfigCommand> { ) -> Result<(), error::CheckConfigCommand> {
let _config = config::load(args.config.as_ref()).await?; let _config =
config::load(args.config.config.as_ref(), args.sandboxed).await?;
info!("Configuration looks good"); info!("Configuration looks good");
Ok(()) Ok(())
} }

2
src/cli/serve.rs
View file

@ -70,7 +70,7 @@ use crate::{
pub(crate) async fn run(args: ServeArgs) -> Result<(), error::ServeCommand> { pub(crate) async fn run(args: ServeArgs) -> Result<(), error::ServeCommand> {
use error::ServeCommand as Error; use error::ServeCommand as Error;
let config = config::load(args.config.config.as_ref()).await?; let config = config::load(args.config.config.as_ref(), false).await?;
rustls::crypto::ring::default_provider() rustls::crypto::ring::default_provider()
.install_default() .install_default()

7
src/config.rs
View file

@ -514,7 +514,10 @@ fn search() -> Result<PathBuf, error::ConfigSearch> {
} }
/// Load the configuration from the given path or XDG Base Directories /// Load the configuration from the given path or XDG Base Directories
pub(crate) async fn load<P>(path: Option<P>) -> Result<Config, error::Config> pub(crate) async fn load<P>(
path: Option<P>,
sandboxed: bool,
) -> Result<Config, error::Config>
where where
P: AsRef<Path>, P: AsRef<Path>,
{ {
@ -544,6 +547,7 @@ where
return Err(Error::DatabaseMediaOverlap); return Err(Error::DatabaseMediaOverlap);
} }
if !sandboxed {
let media_path = x let media_path = x
.path .path
.canonicalize() .canonicalize()
@ -559,6 +563,7 @@ where
} }
} }
} }
}
Ok(config) Ok(config)
} }