diff --git a/client/src/client.rs b/client/src/client.rs index 83725ef..0f245cc 100644 --- a/client/src/client.rs +++ b/client/src/client.rs @@ -167,7 +167,7 @@ impl AdminClient { pub async fn watch(&self) -> anyhow::Result { use pb::admin::watch_item::Status; use pb::admin::WatchItem; - let (tx, rx) = async_channel::bounded::(10); + let (tx, rx) = async_channel::bounded(10); let (quittx, mut quitrx) = mpsc::channel(1); let mut watch = self diff --git a/client/src/endpoint.rs b/client/src/endpoint.rs index 02a5fd6..0bf3a40 100644 --- a/client/src/endpoint.rs +++ b/client/src/endpoint.rs @@ -1,4 +1,5 @@ use std::path::PathBuf; +use std::sync::Arc; use std::time::Duration; use anyhow::anyhow; @@ -40,11 +41,11 @@ impl TlsConfig { let client_identity = Identity::from_pem(client_cert, client_key); let tls_name = self .tls_name - .as_ref() + .as_deref() .ok_or_else(|| anyhow!("Missing TLS name"))?; Ok(ClientTlsConfig::new() .ca_certificate(ca) - .domain_name(tls_name.as_str()) + .domain_name(tls_name) .identity(client_identity)) } @@ -69,32 +70,20 @@ fn transport_config_to_url(ea: &EndpointAddress, with_tls: bool) -> String { } async fn connect_unix_socket(endpoint: Endpoint, path: &String) -> anyhow::Result { - let mut path = Some(path.to_owned()); + let path = Arc::new(path.to_owned()); let ch = endpoint .connect_with_connector(service_fn(move |_: Uri| { - let path = path.take(); - async move { - if let Some(path) = path { - // Connect to a Uds socket - Ok::<_, std::io::Error>(TokioIo::new(UnixStream::connect(path).await?)) - } else { - Err(std::io::Error::new( - std::io::ErrorKind::Other, - "Path already taken", - )) - } - } + let path = path.clone(); + async move { UnixStream::connect(path.as_ref()).await.map(TokioIo::new) } })) .await?; Ok(ch) } -async fn connect_vsock_socket(endpoint: Endpoint, vs: &VsockAddr) -> anyhow::Result { - let vs = vs.to_owned(); +async fn connect_vsock_socket(endpoint: Endpoint, vs: VsockAddr) -> anyhow::Result { let ch = endpoint .connect_with_connector(service_fn(move |_: Uri| async move { - let stream = VsockStream::connect(vs).await?; - Ok::<_, std::io::Error>(TokioIo::new(stream)) + VsockStream::connect(vs).await.map(TokioIo::new) })) .await?; Ok(ch) @@ -114,7 +103,7 @@ impl EndpointConfig { EndpointAddress::Tcp { .. } => endpoint.connect().await?, EndpointAddress::Unix(unix) => connect_unix_socket(endpoint, unix).await?, EndpointAddress::Abstract(abs) => connect_unix_socket(endpoint, abs).await?, - EndpointAddress::Vsock(vs) => connect_vsock_socket(endpoint, vs).await?, + EndpointAddress::Vsock(vs) => connect_vsock_socket(endpoint, *vs).await?, }; Ok(channel) } diff --git a/nixos/modules/appvm.nix b/nixos/modules/appvm.nix index d6d851f..6097bf9 100644 --- a/nixos/modules/appvm.nix +++ b/nixos/modules/appvm.nix @@ -179,12 +179,10 @@ in enable = true; extraConfig = '' polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.locale1.set-locale" && subject.user == "ghaf") { - return polkit.Result.YES; - } - }); - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.timedate1.set-timezone" && subject.user == "ghaf") { + if (( + action.id == "org.freedesktop.locale1.set-locale" || + action.id == "org.freedesktop.timedate1.set-timezone" + ) && subject.isInGroup("users")) { return polkit.Result.YES; } }); diff --git a/nixos/tests/admin.nix b/nixos/tests/admin.nix index 44f1b5c..439900f 100644 --- a/nixos/tests/admin.nix +++ b/nixos/tests/admin.nix @@ -299,6 +299,12 @@ in swaymsg("exec ssh -R /tmp/vsock:/tmp/vsock -f -N ${addrs.appvm}") time.sleep(5) # Give ssh some time to setup remote socket + with subtest("set locale and timezone"): + print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} set-locale en_US.UTF-8")) + adminvm.wait_for_file("/etc/locale-givc.conf") + print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} set-timezone UTC")) + adminvm.wait_for_file("/etc/timezone.conf") + with subtest("Clean run"): print(hostvm.succeed("${cli} --addr ${nodes.adminvm.config.givc.admin.addr} --port ${nodes.adminvm.config.givc.admin.port} --cacert ${nodes.hostvm.givc.host.tls.caCertPath} --cert ${nodes.hostvm.givc.host.tls.certPath} --key ${nodes.hostvm.givc.host.tls.keyPath} ${if tls then "" else "--notls"} --name ${nodes.adminvm.config.givc.admin.name} start foot")) time.sleep(10) # Give few seconds to application to spin up diff --git a/src/admin/server.rs b/src/admin/server.rs index 5faae1b..5b23354 100644 --- a/src/admin/server.rs +++ b/src/admin/server.rs @@ -223,7 +223,7 @@ impl AdminServiceImpl { error!("could not get status of unit {}: {}", &entry.name, err); self.handle_error(entry) .await - .with_context(|| "during handle error")? + .context("during handle error")? } Ok(status) => { let inactive = status.active_state != "active"; diff --git a/src/utils/naming.rs b/src/utils/naming.rs index f884b6e..f50de9b 100644 --- a/src/utils/naming.rs +++ b/src/utils/naming.rs @@ -27,7 +27,7 @@ pub fn parse_application_name(name: &str) -> anyhow::Result<(&str, i32)> { if let Some(name_no_suffix) = name.strip_suffix(".service") { if let Some((left, right)) = name_no_suffix.rsplit_once('@') { let num = right - .parse::() + .parse() .with_context(|| format!("While parsing number part of {name}"))?; return Ok((left, num)); }