Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix generator with dependencies without generator #67

Merged
merged 1 commit into from
Jan 25, 2025
Merged

Fix generator with dependencies without generator #67

merged 1 commit into from
Jan 25, 2025

Conversation

renesat
Copy link
Contributor

@renesat renesat commented Jan 14, 2025
edited
Loading

When trying to generate a secret using a secret without generator, an error occurred. And not the assert that was removed. The code was falling on stringsWithDeps.textClosureMap and I could not understand what the problem was. If add any generator - all fine.

After figuring it out, I first thought I could re-mark the assert, but I thought I could filter out the dependencies. This should not break the order of password generation, because filtered secrets have no dependencies.

Reproduce

Config:

{config, ...}: {
  age.secrets.secret-1 = {
    rekeyFile = ./secret-1.age;
  };

  age.secrets.secret-2 = {
    rekeyFile = ./secret-2.age;
    generator = {
      dependencies = [
        config.age.secrets.secret-1
      ];
      script = {
        pkgs,
        lib,
        decrypt,
        deps,
        ...
      }: ''
        ${decrypt} ${(lib.elemAt deps 0).file} \
          | ${pkgs.apacheHttpd}/bin/htpasswd -niBC 10 "user"
      '';
    };
  };
}
Log 
> agenix generate
Collecting information about hosts. This may take a while...
error:
       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:34:12:
           33|
           34|   strict = derivationStrict drvAttrs;
             |            ^
           35|

       … while evaluating derivation 'agenix-generate'
         whose name attribute is located at /nix/store/v0g0bxsd5gw6k0jz2855f8h7l1218925-source/pkgs/stdenv/generic/make-derivation.nix:375:7

       … while evaluating attribute 'text' of derivation 'agenix-generate'
         at /nix/store/v0g0bxsd5gw6k0jz2855f8h7l1218925-source/pkgs/build-support/trivial-builders/default.nix:102:17:
          101|       ({
          102|         inherit text executable checkPhase allowSubstitutes preferLocalBuild;
             |                 ^
          103|         passAsFile = [ "text" ]

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: attribute '"./secret-1.age"' missing
       at /nix/store/v0g0bxsd5gw6k0jz2855f8h7l1218925-source/lib/strings-with-deps.nix:143:71:
          142|           else if done ? ${entry} then f done (tail todo)
          143|           else f (done // listToAttrs [{name = entry; value = 1;}]) ([predefined.${entry}] ++ tail todo);
             |                                                                       ^
          144|     in (f {} arg).result;

@oddlama
Copy link
Owner

oddlama commented Jan 17, 2025

Good catch, thank you for fixing this!

@oddlama oddlama merged commit a1dcdd2 into oddlama:main Jan 25, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renesat @oddlama