├── .envrc ├── .gitignore ├── LICENSE ├── ReadMe.md ├── backend.nix ├── create_user ├── default.nix ├── fetch-from-cache.sh ├── flake.lock ├── flake.nix ├── pyproject.toml ├── rebuilder.sh ├── utils ├── Cargo.lock ├── Cargo.toml ├── default.nix ├── expose_apis.patch ├── nixos │ └── module.nix └── src │ ├── bin │ ├── build-hook.rs │ ├── copy-from-cache.rs │ └── diff-hook.rs │ └── lib.rs └── web ├── __init__.py ├── crud.py ├── db.py ├── models.py ├── nixos └── module.nix ├── schemas.py └── user_controller.py /.envrc: -------------------------------------------------------------------------------- 1 | use flake 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | __pycache__ 3 | hashes.db 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | EUROPEAN UNION PUBLIC LICENCE v. 1.2 2 | EUPL © the European Union 2007, 2016 3 | 4 | This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such use is covered by a right of the copyright holder of the Work). 5 | 6 | The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following notice immediately following the copyright notice for the Work: 7 | 8 | Licensed under the EUPL 9 | 10 | or has expressed by any other means his willingness to license under the EUPL. 11 | 12 | 1. Definitions 13 | In this Licence, the following terms have the following meaning: 14 | 15 | — ‘The Licence’: this Licence. 16 | 17 | — ‘The Original Work’: the work or software distributed or communicated by the Licensor under this Licence, available as Source Code and also as Executable Code as the case may be. 18 | 19 | — ‘Derivative Works’: the works or software that could be created by the Licensee, based upon the Original Work or modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in the country mentioned in Article 15. 20 | 21 | — ‘The Work’: the Original Work or its Derivative Works. 22 | 23 | — ‘The Source Code’: the human-readable form of the Work which is the most convenient for people to study and modify. 24 | 25 | — ‘The Executable Code’: any code which has generally been compiled and which is meant to be interpreted by a computer as a program. 26 | 27 | — ‘The Licensor’: the natural or legal person that distributes or communicates the Work under the Licence. 28 | 29 | — ‘Contributor(s)’: any natural or legal person who modifies the Work under the Licence, or otherwise contributes to the creation of a Derivative Work. 30 | 31 | — ‘The Licensee’ or ‘You’: any natural or legal person who makes any usage of the Work under the terms of the Licence. 32 | 33 | — ‘Distribution’ or ‘Communication’: any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential functionalities at the disposal of any other natural or legal person. 34 | 35 | 2. Scope of the rights granted by the Licence 36 | The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for the duration of copyright vested in the Original Work: 37 | 38 | — use the Work in any circumstance and for all usage, 39 | 40 | — reproduce the Work, 41 | 42 | — modify the Work, and make Derivative Works based upon the Work, 43 | 44 | — communicate to the public, including the right to make available or display the Work or copies thereof to the public and perform publicly, as the case may be, the Work, 45 | 46 | — distribute the Work or copies thereof, 47 | 48 | — lend and rent the Work or copies thereof, 49 | 50 | — sublicense rights in the Work or copies thereof. 51 | 52 | Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the applicable law permits so. 53 | 54 | In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed by law in order to make effective the licence of the economic rights here above listed. 55 | 56 | The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the extent necessary to make use of the rights granted on the Work under this Licence. 57 | 58 | 3. Communication of the Source Code 59 | The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to distribute or communicate the Work. 60 | 61 | 4. Limitations on copyright 62 | Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations thereto. 63 | 64 | 5. Obligations of the Licensee 65 | The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those obligations are the following: 66 | 67 | Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work to carry prominent notices stating that the Work has been modified and the date of modification. 68 | Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless the Original Work is expressly distributed only under this version of the Licence — for example by communicating ‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the Work or Derivative Work that alter or restrict the terms of the Licence. 69 | Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail. 70 | Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute or communicate the Work. 71 | Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the copyright notice. 72 | 6. Chain of Authorship 73 | The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence. 74 | 75 | Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or licensed to him/her and that he/she has the power and authority to grant the Licence. 76 | 77 | Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contri­ butions to the Work, under the terms of this Licence. 78 | 79 | 7. Disclaimer of Warranty 80 | The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work and may therefore contain defects or ‘bugs’ inherent to this type of development. 81 | 82 | For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this Licence. 83 | 84 | This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work. 85 | 86 | 8. Disclaimer of Liability 87 | Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, the Licensor will be liable under statutory product liability laws as far such laws apply to the Work. 88 | 89 | 9. Additional agreements 90 | While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by the fact You have accepted any warranty or additional liability. 91 | 92 | 10. Acceptance of the Licence 93 | The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms and conditions. 94 | 95 | Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution or Communication by You of the Work or copies thereof. 96 | 97 | 11. Information to the public 98 | In case of any Distribution or Communication of the Work by means of electronic communication by You (for example, by offering to download the Work from a remote location) the distribution channel or media (for example, a website) must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence and the way it may be accessible, concluded, stored and reproduced by the Licensee. 99 | 100 | 12. Termination of the Licence 101 | The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms of the Licence. 102 | 103 | Such a termination will not terminate the licences of any person who has received the Work from the Licensee under the Licence, provided such persons remain in full compliance with the Licence. 104 | 105 | 13. Miscellaneous 106 | Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the Work. 107 | 108 | If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid and enforceable. 109 | 110 | The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. New versions of the Licence will be published with a unique version number. 111 | 112 | All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take advantage of the linguistic version of their choice. 113 | 114 | 14. Jurisdiction 115 | Without prejudice to specific agreement between parties, 116 | 117 | — any litigation resulting from the interpretation of this License, arising between the European Union institutions, bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union, 118 | 119 | — any litigation arising between other parties and resulting from the interpretation of this License, will be subject to the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business. 120 | 121 | 15. Applicable Law 122 | Without prejudice to specific agreement between parties, 123 | 124 | — this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat, resides or has his registered office, 125 | 126 | — this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside a European Union Member State. 127 | 128 | Appendix 129 | ‘Compatible Licences’ according to Article 5 EUPL are: 130 | 131 | — GNU General Public License (GPL) v. 2, v. 3 132 | 133 | — GNU Affero General Public License (AGPL) v. 3 134 | 135 | — Open Software License (OSL) v. 2.1, v. 3.0 136 | 137 | — Eclipse Public License (EPL) v. 1.0 138 | 139 | — CeCILL v. 2.0, v. 2.1 140 | 141 | — Mozilla Public Licence (MPL) v. 2 142 | 143 | — GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 144 | 145 | — Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software 146 | 147 | — European Union Public Licence (EUPL) v. 1.1, v. 1.2 148 | 149 | — Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+) 150 | 151 | The European Commission may update this Appendix to later versions of the above licences without producing a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the covered Source Code from exclusive appropriation. 152 | 153 | All other changes or additions to this Appendix require the production of a new EUPL version. 154 | 155 | -------------------------------------------------------------------------------- /ReadMe.md: -------------------------------------------------------------------------------- 1 | lila 2 | =============================== 3 | ## Introduction 4 | 5 | This repository aims to give a set of tools that can be used to create a hash collection mechanism for Nix. 6 | A hash collection infrastructure is used to collect and compare build outputs from different trusted builders. 7 | 8 | This project is composed of two parts: 9 | 10 | 1) A post-build-hook, that his a software running after each of Nix builds and in charge to report the hashes of the outputs 11 | 2) A server to aggregate the results 12 | 13 | ## Howto's 14 | 15 | ### Keys 16 | 17 | Set up your keys with: 18 | 19 | - `nix key generate-secret --key-name username-hash-collection > secret.key` 20 | 21 | ### Server side 22 | 23 | #### Create a user 24 | 25 | Hashes reports are only allowed from trusted users, which are identified via a token. 26 | To generate a token run `./create_user "username"` 27 | 28 | #### Run the server 29 | 30 | Run the server with `uvicorn web:app --reload` 31 | 32 | ### Client side 33 | 34 | ```nix 35 | services.hash-collection = { 36 | enable = true; 37 | collection-url = "server url"; 38 | tokenFile = "/token/path"; 39 | secretKeyFile = "/secret/key/path"; 40 | }; 41 | ``` 42 | 43 | ### Reporting 44 | 45 | At the time of writing only reports on run-time closures are supported. 46 | Reporting is experimental and still expected to evolve, change, and 47 | grow support for build-time closures as well. 48 | 49 | #### Defining a report 50 | 51 | You define a report by uploading a JSON CycloneDX SBOM as produced by 52 | [nix-runtime-tree-to-sbom](https://codeberg.org/raboof/nix-runtime-tree-to-sbom): 53 | 54 | ``` 55 | $ nix-store -q --tree $(nix-build '' -A nixos.iso_gnome.x86_64-linux) > tree.txt 56 | $ cat tree.txt | ~/dev/nix-runtime-tree-to-sbom/tree-to-cyclonedx.py > sbom.cdx.json 57 | $ export HASH_COLLECTION_TOKEN=XYX # your token 58 | $ curl -X PUT --data @sbom.cdx.json "http://localhost:8000/reports/gnome-iso-runtime" -H "Content-Type: application/json" -H "Authorization: Bearer $HASH_COLLECTION_TOKEN" 59 | ``` 60 | 61 | #### Populating the report 62 | 63 | If you want to populate the report with hashes from different builders (e.g. from 64 | cache.nixos.org and from your own rebuilds), use separate tokens for the different 65 | sources. 66 | 67 | ##### With hashes from cache.nixos.org 68 | 69 | ``` 70 | $ nix shell .#utils 71 | $ export HASH_COLLECTION_TOKEN=XYX # your token for the cache.nixos.org import 72 | $ ./fetch-from-cache.sh 73 | ``` 74 | 75 | This script is still very much WIP, and will enter an infinite loop retrying failed fetches. 76 | 77 | ##### By rebuilding 78 | 79 | Make sure you have the post-build hook and diff hook configured as documented above. 80 | 81 | TODO you have to make sure all derivations are available for building on your system - 82 | is there a smart way to do that? 83 | 84 | ``` 85 | $ export HASH_COLLECTION_TOKEN=XYX # your token for the cache.nixos.org import 86 | $ ./rebuilder.sh 87 | ``` 88 | 89 | This script is still very much WIP, and will enter an infinite loop retrying failed fetches. 90 | You can run multiple rebuilders in parallel. 91 | 92 | ## Related projects 93 | 94 | * [nix-reproducible-builds-report](https://codeberg.org/raboof/nix-reproducible-builds-report/) aka `r13y`, which generates the reports at [https://reproducible.nixos.org](https://reproducible.nixos.org). Ideally the [reporting](https://github.com/JulienMalka/nix-hash-collection/issues/9) feature can eventually replace the reports there. 95 | * [rebuilderd](https://github.com/kpcyrd/rebuilderd) provides distribution-agnostic container-based rebuild infrastructure. There is some [preliminary Nix support](https://github.com/kpcyrd/rebuilderd/pull/142) but it is geared towards 'packages' rather than 'derivations' and that data model mismatch is somewhat awkward. 96 | * [trustix](https://github.com/nix-community/trustix) has somewhat similar goals, but is more ambitious: `nix-hash-collection` only aims for something simple in the short term, just basically CRUD collection of hashes and some simple scripts around it. `trustix` has a more elaborate design with multiple transparency logs that are self-hosted by the attesters, and aims to support more advanced use cases, such as showing the aggregating system is not 'lying by omission' and perhaps showing that submitters aren't providing contradicting statements. 97 | -------------------------------------------------------------------------------- /backend.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | buildPythonPackage, 4 | pydantic, 5 | fastapi, 6 | hatchling, 7 | sqlalchemy, 8 | }: 9 | 10 | buildPythonPackage { 11 | pname = "lila"; 12 | version = "unstable-2024-05-01"; 13 | pyproject = true; 14 | 15 | src = ./.; 16 | 17 | nativeBuildInputs = [ hatchling ]; 18 | 19 | propagatedBuildInputs = [ 20 | fastapi 21 | pydantic 22 | sqlalchemy 23 | ]; 24 | 25 | meta = with lib; { 26 | description = "Collect hashes of Nix build to test for reproducibility"; 27 | homepage = "https://github.com/JulienMalka/lila/"; 28 | license = licenses.eupl12; 29 | maintainers = with maintainers; [ 30 | julienmalka 31 | raboof 32 | ]; 33 | mainProgram = "lila"; 34 | platforms = platforms.all; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /create_user: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | from web import user_controller 4 | from sys import argv 5 | 6 | if len(argv) > 2: 7 | user_controller.create_user(argv[1], argv[2]) 8 | else: 9 | user_controller.create_user(argv[1]) 10 | 11 | -------------------------------------------------------------------------------- /default.nix: -------------------------------------------------------------------------------- 1 | (import 2 | ( 3 | let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in 4 | fetchTarball { 5 | url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; 6 | sha256 = lock.nodes.flake-compat.locked.narHash; 7 | } 8 | ) 9 | { src = ./.; } 10 | ).defaultNix 11 | -------------------------------------------------------------------------------- /fetch-from-cache.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | REPORT=$1 4 | export HASH_COLLECTION_SERVER=http://localhost:8000 5 | 6 | if [ "x" == "x$REPORT" ]; then 7 | echo "Usage: $0 " 8 | exit 1 9 | fi 10 | 11 | while true; do 12 | curl -H "Authorization: Bearer $HASH_COLLECTION_TOKEN" $HASH_COLLECTION_SERVER/reports/$REPORT/suggested | jq .[] | head -50 | tr -d \" | while read out 13 | do 14 | echo $out 15 | # TODO some/most of these can probably also be taken found in the 16 | # local cache (with a cache.nixos.org signature), so perhaps take them from there? 17 | copy-from-cache $out 18 | done 19 | done 20 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "devshell": { 4 | "inputs": { 5 | "flake-utils": "flake-utils_2", 6 | "nixpkgs": [ 7 | "queued-build-hook", 8 | "nixpkgs" 9 | ] 10 | }, 11 | "locked": { 12 | "lastModified": 1705332421, 13 | "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", 14 | "owner": "numtide", 15 | "repo": "devshell", 16 | "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", 17 | "type": "github" 18 | }, 19 | "original": { 20 | "owner": "numtide", 21 | "repo": "devshell", 22 | "type": "github" 23 | } 24 | }, 25 | "flake-compat": { 26 | "locked": { 27 | "lastModified": 1696426674, 28 | "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 29 | "owner": "edolstra", 30 | "repo": "flake-compat", 31 | "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 32 | "type": "github" 33 | }, 34 | "original": { 35 | "owner": "edolstra", 36 | "repo": "flake-compat", 37 | "type": "github" 38 | } 39 | }, 40 | "flake-compat_2": { 41 | "flake": false, 42 | "locked": { 43 | "lastModified": 1696426674, 44 | "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 45 | "owner": "edolstra", 46 | "repo": "flake-compat", 47 | "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 48 | "type": "github" 49 | }, 50 | "original": { 51 | "owner": "edolstra", 52 | "repo": "flake-compat", 53 | "type": "github" 54 | } 55 | }, 56 | "flake-utils": { 57 | "inputs": { 58 | "systems": "systems" 59 | }, 60 | "locked": { 61 | "lastModified": 1705309234, 62 | "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", 63 | "owner": "numtide", 64 | "repo": "flake-utils", 65 | "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", 66 | "type": "github" 67 | }, 68 | "original": { 69 | "owner": "numtide", 70 | "repo": "flake-utils", 71 | "type": "github" 72 | } 73 | }, 74 | "flake-utils_2": { 75 | "inputs": { 76 | "systems": "systems_2" 77 | }, 78 | "locked": { 79 | "lastModified": 1701680307, 80 | "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", 81 | "owner": "numtide", 82 | "repo": "flake-utils", 83 | "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", 84 | "type": "github" 85 | }, 86 | "original": { 87 | "owner": "numtide", 88 | "repo": "flake-utils", 89 | "type": "github" 90 | } 91 | }, 92 | "flake-utils_3": { 93 | "inputs": { 94 | "systems": "systems_3" 95 | }, 96 | "locked": { 97 | "lastModified": 1705309234, 98 | "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", 99 | "owner": "numtide", 100 | "repo": "flake-utils", 101 | "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", 102 | "type": "github" 103 | }, 104 | "original": { 105 | "owner": "numtide", 106 | "repo": "flake-utils", 107 | "type": "github" 108 | } 109 | }, 110 | "flake-utils_4": { 111 | "inputs": { 112 | "systems": "systems_4" 113 | }, 114 | "locked": { 115 | "lastModified": 1701680307, 116 | "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", 117 | "owner": "numtide", 118 | "repo": "flake-utils", 119 | "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", 120 | "type": "github" 121 | }, 122 | "original": { 123 | "owner": "numtide", 124 | "repo": "flake-utils", 125 | "type": "github" 126 | } 127 | }, 128 | "gitignore": { 129 | "inputs": { 130 | "nixpkgs": [ 131 | "queued-build-hook", 132 | "pre-commit-hooks", 133 | "nixpkgs" 134 | ] 135 | }, 136 | "locked": { 137 | "lastModified": 1703887061, 138 | "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", 139 | "owner": "hercules-ci", 140 | "repo": "gitignore.nix", 141 | "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", 142 | "type": "github" 143 | }, 144 | "original": { 145 | "owner": "hercules-ci", 146 | "repo": "gitignore.nix", 147 | "type": "github" 148 | } 149 | }, 150 | "nixpkgs": { 151 | "locked": { 152 | "lastModified": 1733940404, 153 | "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=", 154 | "owner": "nixos", 155 | "repo": "nixpkgs", 156 | "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713", 157 | "type": "github" 158 | }, 159 | "original": { 160 | "owner": "nixos", 161 | "ref": "nixos-unstable", 162 | "repo": "nixpkgs", 163 | "type": "github" 164 | } 165 | }, 166 | "nixpkgs-stable": { 167 | "locked": { 168 | "lastModified": 1704874635, 169 | "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", 170 | "owner": "NixOS", 171 | "repo": "nixpkgs", 172 | "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", 173 | "type": "github" 174 | }, 175 | "original": { 176 | "owner": "NixOS", 177 | "ref": "nixos-23.11", 178 | "repo": "nixpkgs", 179 | "type": "github" 180 | } 181 | }, 182 | "nixpkgs_2": { 183 | "locked": { 184 | "lastModified": 1708815994, 185 | "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", 186 | "owner": "NixOS", 187 | "repo": "nixpkgs", 188 | "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", 189 | "type": "github" 190 | }, 191 | "original": { 192 | "id": "nixpkgs", 193 | "ref": "nixpkgs-unstable", 194 | "type": "indirect" 195 | } 196 | }, 197 | "nixpkgs_3": { 198 | "locked": { 199 | "lastModified": 1704842529, 200 | "narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=", 201 | "owner": "NixOS", 202 | "repo": "nixpkgs", 203 | "rev": "eabe8d3eface69f5bb16c18f8662a702f50c20d5", 204 | "type": "github" 205 | }, 206 | "original": { 207 | "owner": "NixOS", 208 | "ref": "nixpkgs-unstable", 209 | "repo": "nixpkgs", 210 | "type": "github" 211 | } 212 | }, 213 | "pre-commit-hooks": { 214 | "inputs": { 215 | "flake-compat": "flake-compat_2", 216 | "flake-utils": "flake-utils_4", 217 | "gitignore": "gitignore", 218 | "nixpkgs": "nixpkgs_3", 219 | "nixpkgs-stable": "nixpkgs-stable" 220 | }, 221 | "locked": { 222 | "lastModified": 1708018599, 223 | "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", 224 | "owner": "cachix", 225 | "repo": "pre-commit-hooks.nix", 226 | "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", 227 | "type": "github" 228 | }, 229 | "original": { 230 | "owner": "cachix", 231 | "repo": "pre-commit-hooks.nix", 232 | "type": "github" 233 | } 234 | }, 235 | "queued-build-hook": { 236 | "inputs": { 237 | "devshell": "devshell", 238 | "flake-utils": "flake-utils_3", 239 | "nixpkgs": "nixpkgs_2", 240 | "pre-commit-hooks": "pre-commit-hooks", 241 | "treefmt-nix": "treefmt-nix" 242 | }, 243 | "locked": { 244 | "lastModified": 1708941860, 245 | "narHash": "sha256-U2U3hyXNI33gtkC1EK17AFa1dnAnbQGySCT51JBZXvI=", 246 | "owner": "JulienMalka", 247 | "repo": "queued-build-hook", 248 | "rev": "fce00ce379e69a4fb15bfbcb94bb4d99b7b95632", 249 | "type": "github" 250 | }, 251 | "original": { 252 | "owner": "JulienMalka", 253 | "ref": "postbuildscript", 254 | "repo": "queued-build-hook", 255 | "type": "github" 256 | } 257 | }, 258 | "root": { 259 | "inputs": { 260 | "flake-compat": "flake-compat", 261 | "flake-utils": "flake-utils", 262 | "nixpkgs": "nixpkgs", 263 | "queued-build-hook": "queued-build-hook" 264 | } 265 | }, 266 | "systems": { 267 | "locked": { 268 | "lastModified": 1681028828, 269 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 270 | "owner": "nix-systems", 271 | "repo": "default", 272 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 273 | "type": "github" 274 | }, 275 | "original": { 276 | "owner": "nix-systems", 277 | "repo": "default", 278 | "type": "github" 279 | } 280 | }, 281 | "systems_2": { 282 | "locked": { 283 | "lastModified": 1681028828, 284 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 285 | "owner": "nix-systems", 286 | "repo": "default", 287 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 288 | "type": "github" 289 | }, 290 | "original": { 291 | "owner": "nix-systems", 292 | "repo": "default", 293 | "type": "github" 294 | } 295 | }, 296 | "systems_3": { 297 | "locked": { 298 | "lastModified": 1681028828, 299 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 300 | "owner": "nix-systems", 301 | "repo": "default", 302 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 303 | "type": "github" 304 | }, 305 | "original": { 306 | "owner": "nix-systems", 307 | "repo": "default", 308 | "type": "github" 309 | } 310 | }, 311 | "systems_4": { 312 | "locked": { 313 | "lastModified": 1681028828, 314 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 315 | "owner": "nix-systems", 316 | "repo": "default", 317 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 318 | "type": "github" 319 | }, 320 | "original": { 321 | "owner": "nix-systems", 322 | "repo": "default", 323 | "type": "github" 324 | } 325 | }, 326 | "treefmt-nix": { 327 | "inputs": { 328 | "nixpkgs": [ 329 | "queued-build-hook", 330 | "nixpkgs" 331 | ] 332 | }, 333 | "locked": { 334 | "lastModified": 1708897213, 335 | "narHash": "sha256-QECZB+Hgz/2F/8lWvHNk05N6NU/rD9bWzuNn6Cv8oUk=", 336 | "owner": "numtide", 337 | "repo": "treefmt-nix", 338 | "rev": "e497a9ddecff769c2a7cbab51e1ed7a8501e7a3a", 339 | "type": "github" 340 | }, 341 | "original": { 342 | "owner": "numtide", 343 | "repo": "treefmt-nix", 344 | "type": "github" 345 | } 346 | } 347 | }, 348 | "root": "root", 349 | "version": 7 350 | } 351 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "Nix hash collection"; 3 | 4 | inputs = { 5 | nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 6 | flake-utils.url = "github:numtide/flake-utils"; 7 | flake-compat.url = "github:edolstra/flake-compat"; 8 | queued-build-hook.url = "github:JulienMalka/queued-build-hook/postbuildscript"; 9 | }; 10 | 11 | outputs = 12 | inputs@{ 13 | nixpkgs, 14 | flake-utils, 15 | queued-build-hook, 16 | ... 17 | }: 18 | 19 | (flake-utils.lib.eachSystem 20 | [ 21 | "x86_64-linux" 22 | "aarch64-linux" 23 | ] 24 | ( 25 | system: 26 | let 27 | pkgs = nixpkgs.legacyPackages.${system}; 28 | in 29 | rec { 30 | packages = rec { 31 | utils = pkgs.callPackage ./utils { }; 32 | web = pkgs.python3.pkgs.callPackage ./backend.nix { }; 33 | default = utils; 34 | }; 35 | 36 | checks.packages.utils = packages.utils; 37 | 38 | devShells.default = pkgs.mkShell { 39 | nativeBuildInputs = with pkgs; [ 40 | rustc 41 | cargo 42 | gcc 43 | pkg-config 44 | ]; 45 | buildInputs = [ 46 | (pkgs.python3.withPackages (ps: [ 47 | ps.fastapi 48 | ps.uvicorn 49 | ps.sqlalchemy 50 | ps.pydantic 51 | ])) 52 | pkgs.jq 53 | pkgs.rust-analyzer 54 | pkgs.openssl 55 | (pkgs.nixVersions.git.overrideAttrs(a: { 56 | # Should be generalized, documented, tested and upstreamed 57 | # similar to https://github.com/NixOS/nix/pull/12044 58 | patches = a.patches ++ [ ./utils/expose_apis.patch ]; 59 | # tests/functional/repl.sh.test is failing in CI 60 | doInstallCheck = system == "x86_64-linux"; 61 | })) 62 | pkgs.nlohmann_json 63 | pkgs.libsodium 64 | pkgs.boost 65 | pkgs.rustfmt 66 | ]; 67 | 68 | RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; 69 | }; 70 | } 71 | ) 72 | ) 73 | // { 74 | 75 | nixosModules.hash-collection = import ./utils/nixos/module.nix queued-build-hook.nixosModules.queued-build-hook; 76 | nixosModules.hash-collection-server = import ./web/nixos/module.nix; 77 | }; 78 | } 79 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = ["hatchling"] 3 | build-backend = "hatchling.build" 4 | 5 | [project] 6 | name = "lila" 7 | version = "0.1.0" 8 | authors = [ 9 | { name="Julien Malka", email="julien@malka.sh" }, 10 | ] 11 | description = "Track your Nix closures over time" 12 | readme = "ReadMe.md" 13 | requires-python = ">=3.11" 14 | classifiers = [ 15 | "Programming Language :: Python :: 3", 16 | "License :: OSI Approved :: European Union Public Licence 1.2 (EUPL 1.2)", 17 | "Framework :: FastAPI", 18 | ] 19 | dependencies = [ 20 | "sqlalchemy>=2.0.21", 21 | "pydantic>=1.10.12", 22 | "fastapi>=0.103.1", 23 | ] 24 | 25 | [project.urls] 26 | Homepage = "https://github.com/JulienMalka/lila" 27 | Issues = "https://github.com/JulienMalka/lila/issues" 28 | 29 | [tool.hatch.build.targets.wheel] 30 | only-include = [ "web" ] 31 | 32 | [tool.hatch.build.targets.wheel.sources] 33 | "web" = "lila" 34 | -------------------------------------------------------------------------------- /rebuilder.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | REPORT=$1 4 | 5 | if [ "x" == "x$REPORT" ]; then 6 | echo "Usage: $0 " 7 | exit 1 8 | fi 9 | 10 | while true; do 11 | curl -H "Authorization: Bearer $HASH_COLLECTION_TOKEN" http://localhost:8000/reports/$REPORT/suggested | jq .[] | head | tr -d \" | while read out 12 | do 13 | (nix derivation show $out || exit 1) | jq keys.[] | tr -d \" | while read drv 14 | do 15 | # TODO select the right output to rebuild? 16 | nix-build $drv --check 17 | done 18 | done 19 | done 20 | -------------------------------------------------------------------------------- /utils/Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "addr2line" 7 | version = "0.24.2" 8 | source = "registry+https://github.com/rust-lang/crates.io-index" 9 | checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" 10 | dependencies = [ 11 | "gimli", 12 | ] 13 | 14 | [[package]] 15 | name = "adler2" 16 | version = "2.0.0" 17 | source = "registry+https://github.com/rust-lang/crates.io-index" 18 | checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" 19 | 20 | [[package]] 21 | name = "aho-corasick" 22 | version = "1.1.3" 23 | source = "registry+https://github.com/rust-lang/crates.io-index" 24 | checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" 25 | dependencies = [ 26 | "memchr", 27 | ] 28 | 29 | [[package]] 30 | name = "autocfg" 31 | version = "1.4.0" 32 | source = "registry+https://github.com/rust-lang/crates.io-index" 33 | checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" 34 | 35 | [[package]] 36 | name = "backtrace" 37 | version = "0.3.74" 38 | source = "registry+https://github.com/rust-lang/crates.io-index" 39 | checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a" 40 | dependencies = [ 41 | "addr2line", 42 | "cfg-if", 43 | "libc", 44 | "miniz_oxide", 45 | "object", 46 | "rustc-demangle", 47 | "windows-targets 0.52.6", 48 | ] 49 | 50 | [[package]] 51 | name = "base64" 52 | version = "0.21.7" 53 | source = "registry+https://github.com/rust-lang/crates.io-index" 54 | checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" 55 | 56 | [[package]] 57 | name = "bitflags" 58 | version = "1.3.2" 59 | source = "registry+https://github.com/rust-lang/crates.io-index" 60 | checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" 61 | 62 | [[package]] 63 | name = "bitflags" 64 | version = "2.8.0" 65 | source = "registry+https://github.com/rust-lang/crates.io-index" 66 | checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36" 67 | 68 | [[package]] 69 | name = "bumpalo" 70 | version = "3.16.0" 71 | source = "registry+https://github.com/rust-lang/crates.io-index" 72 | checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" 73 | 74 | [[package]] 75 | name = "bytes" 76 | version = "1.9.0" 77 | source = "registry+https://github.com/rust-lang/crates.io-index" 78 | checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b" 79 | 80 | [[package]] 81 | name = "cc" 82 | version = "1.2.10" 83 | source = "registry+https://github.com/rust-lang/crates.io-index" 84 | checksum = "13208fcbb66eaeffe09b99fffbe1af420f00a7b35aa99ad683dfc1aa76145229" 85 | dependencies = [ 86 | "shlex", 87 | ] 88 | 89 | [[package]] 90 | name = "cfg-if" 91 | version = "1.0.0" 92 | source = "registry+https://github.com/rust-lang/crates.io-index" 93 | checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" 94 | 95 | [[package]] 96 | name = "core-foundation" 97 | version = "0.9.4" 98 | source = "registry+https://github.com/rust-lang/crates.io-index" 99 | checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" 100 | dependencies = [ 101 | "core-foundation-sys", 102 | "libc", 103 | ] 104 | 105 | [[package]] 106 | name = "core-foundation-sys" 107 | version = "0.8.7" 108 | source = "registry+https://github.com/rust-lang/crates.io-index" 109 | checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" 110 | 111 | [[package]] 112 | name = "displaydoc" 113 | version = "0.2.5" 114 | source = "registry+https://github.com/rust-lang/crates.io-index" 115 | checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" 116 | dependencies = [ 117 | "proc-macro2", 118 | "quote", 119 | "syn", 120 | ] 121 | 122 | [[package]] 123 | name = "encoding_rs" 124 | version = "0.8.35" 125 | source = "registry+https://github.com/rust-lang/crates.io-index" 126 | checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3" 127 | dependencies = [ 128 | "cfg-if", 129 | ] 130 | 131 | [[package]] 132 | name = "equivalent" 133 | version = "1.0.1" 134 | source = "registry+https://github.com/rust-lang/crates.io-index" 135 | checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" 136 | 137 | [[package]] 138 | name = "errno" 139 | version = "0.3.10" 140 | source = "registry+https://github.com/rust-lang/crates.io-index" 141 | checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d" 142 | dependencies = [ 143 | "libc", 144 | "windows-sys 0.59.0", 145 | ] 146 | 147 | [[package]] 148 | name = "fastrand" 149 | version = "2.3.0" 150 | source = "registry+https://github.com/rust-lang/crates.io-index" 151 | checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" 152 | 153 | [[package]] 154 | name = "fnv" 155 | version = "1.0.7" 156 | source = "registry+https://github.com/rust-lang/crates.io-index" 157 | checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" 158 | 159 | [[package]] 160 | name = "foreign-types" 161 | version = "0.3.2" 162 | source = "registry+https://github.com/rust-lang/crates.io-index" 163 | checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" 164 | dependencies = [ 165 | "foreign-types-shared", 166 | ] 167 | 168 | [[package]] 169 | name = "foreign-types-shared" 170 | version = "0.1.1" 171 | source = "registry+https://github.com/rust-lang/crates.io-index" 172 | checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" 173 | 174 | [[package]] 175 | name = "form_urlencoded" 176 | version = "1.2.1" 177 | source = "registry+https://github.com/rust-lang/crates.io-index" 178 | checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" 179 | dependencies = [ 180 | "percent-encoding", 181 | ] 182 | 183 | [[package]] 184 | name = "futures-channel" 185 | version = "0.3.31" 186 | source = "registry+https://github.com/rust-lang/crates.io-index" 187 | checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10" 188 | dependencies = [ 189 | "futures-core", 190 | ] 191 | 192 | [[package]] 193 | name = "futures-core" 194 | version = "0.3.31" 195 | source = "registry+https://github.com/rust-lang/crates.io-index" 196 | checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" 197 | 198 | [[package]] 199 | name = "futures-sink" 200 | version = "0.3.31" 201 | source = "registry+https://github.com/rust-lang/crates.io-index" 202 | checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7" 203 | 204 | [[package]] 205 | name = "futures-task" 206 | version = "0.3.31" 207 | source = "registry+https://github.com/rust-lang/crates.io-index" 208 | checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" 209 | 210 | [[package]] 211 | name = "futures-util" 212 | version = "0.3.31" 213 | source = "registry+https://github.com/rust-lang/crates.io-index" 214 | checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" 215 | dependencies = [ 216 | "futures-core", 217 | "futures-task", 218 | "pin-project-lite", 219 | "pin-utils", 220 | ] 221 | 222 | [[package]] 223 | name = "getrandom" 224 | version = "0.2.15" 225 | source = "registry+https://github.com/rust-lang/crates.io-index" 226 | checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" 227 | dependencies = [ 228 | "cfg-if", 229 | "libc", 230 | "wasi", 231 | ] 232 | 233 | [[package]] 234 | name = "gimli" 235 | version = "0.31.1" 236 | source = "registry+https://github.com/rust-lang/crates.io-index" 237 | checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" 238 | 239 | [[package]] 240 | name = "h2" 241 | version = "0.3.26" 242 | source = "registry+https://github.com/rust-lang/crates.io-index" 243 | checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" 244 | dependencies = [ 245 | "bytes", 246 | "fnv", 247 | "futures-core", 248 | "futures-sink", 249 | "futures-util", 250 | "http", 251 | "indexmap", 252 | "slab", 253 | "tokio", 254 | "tokio-util", 255 | "tracing", 256 | ] 257 | 258 | [[package]] 259 | name = "hashbrown" 260 | version = "0.15.2" 261 | source = "registry+https://github.com/rust-lang/crates.io-index" 262 | checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" 263 | 264 | [[package]] 265 | name = "http" 266 | version = "0.2.12" 267 | source = "registry+https://github.com/rust-lang/crates.io-index" 268 | checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" 269 | dependencies = [ 270 | "bytes", 271 | "fnv", 272 | "itoa", 273 | ] 274 | 275 | [[package]] 276 | name = "http-body" 277 | version = "0.4.6" 278 | source = "registry+https://github.com/rust-lang/crates.io-index" 279 | checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" 280 | dependencies = [ 281 | "bytes", 282 | "http", 283 | "pin-project-lite", 284 | ] 285 | 286 | [[package]] 287 | name = "httparse" 288 | version = "1.9.5" 289 | source = "registry+https://github.com/rust-lang/crates.io-index" 290 | checksum = "7d71d3574edd2771538b901e6549113b4006ece66150fb69c0fb6d9a2adae946" 291 | 292 | [[package]] 293 | name = "httpdate" 294 | version = "1.0.3" 295 | source = "registry+https://github.com/rust-lang/crates.io-index" 296 | checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" 297 | 298 | [[package]] 299 | name = "hyper" 300 | version = "0.14.32" 301 | source = "registry+https://github.com/rust-lang/crates.io-index" 302 | checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7" 303 | dependencies = [ 304 | "bytes", 305 | "futures-channel", 306 | "futures-core", 307 | "futures-util", 308 | "h2", 309 | "http", 310 | "http-body", 311 | "httparse", 312 | "httpdate", 313 | "itoa", 314 | "pin-project-lite", 315 | "socket2", 316 | "tokio", 317 | "tower-service", 318 | "tracing", 319 | "want", 320 | ] 321 | 322 | [[package]] 323 | name = "hyper-tls" 324 | version = "0.5.0" 325 | source = "registry+https://github.com/rust-lang/crates.io-index" 326 | checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" 327 | dependencies = [ 328 | "bytes", 329 | "hyper", 330 | "native-tls", 331 | "tokio", 332 | "tokio-native-tls", 333 | ] 334 | 335 | [[package]] 336 | name = "icu_collections" 337 | version = "1.5.0" 338 | source = "registry+https://github.com/rust-lang/crates.io-index" 339 | checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526" 340 | dependencies = [ 341 | "displaydoc", 342 | "yoke", 343 | "zerofrom", 344 | "zerovec", 345 | ] 346 | 347 | [[package]] 348 | name = "icu_locid" 349 | version = "1.5.0" 350 | source = "registry+https://github.com/rust-lang/crates.io-index" 351 | checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637" 352 | dependencies = [ 353 | "displaydoc", 354 | "litemap", 355 | "tinystr", 356 | "writeable", 357 | "zerovec", 358 | ] 359 | 360 | [[package]] 361 | name = "icu_locid_transform" 362 | version = "1.5.0" 363 | source = "registry+https://github.com/rust-lang/crates.io-index" 364 | checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e" 365 | dependencies = [ 366 | "displaydoc", 367 | "icu_locid", 368 | "icu_locid_transform_data", 369 | "icu_provider", 370 | "tinystr", 371 | "zerovec", 372 | ] 373 | 374 | [[package]] 375 | name = "icu_locid_transform_data" 376 | version = "1.5.0" 377 | source = "registry+https://github.com/rust-lang/crates.io-index" 378 | checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e" 379 | 380 | [[package]] 381 | name = "icu_normalizer" 382 | version = "1.5.0" 383 | source = "registry+https://github.com/rust-lang/crates.io-index" 384 | checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f" 385 | dependencies = [ 386 | "displaydoc", 387 | "icu_collections", 388 | "icu_normalizer_data", 389 | "icu_properties", 390 | "icu_provider", 391 | "smallvec", 392 | "utf16_iter", 393 | "utf8_iter", 394 | "write16", 395 | "zerovec", 396 | ] 397 | 398 | [[package]] 399 | name = "icu_normalizer_data" 400 | version = "1.5.0" 401 | source = "registry+https://github.com/rust-lang/crates.io-index" 402 | checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516" 403 | 404 | [[package]] 405 | name = "icu_properties" 406 | version = "1.5.1" 407 | source = "registry+https://github.com/rust-lang/crates.io-index" 408 | checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5" 409 | dependencies = [ 410 | "displaydoc", 411 | "icu_collections", 412 | "icu_locid_transform", 413 | "icu_properties_data", 414 | "icu_provider", 415 | "tinystr", 416 | "zerovec", 417 | ] 418 | 419 | [[package]] 420 | name = "icu_properties_data" 421 | version = "1.5.0" 422 | source = "registry+https://github.com/rust-lang/crates.io-index" 423 | checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569" 424 | 425 | [[package]] 426 | name = "icu_provider" 427 | version = "1.5.0" 428 | source = "registry+https://github.com/rust-lang/crates.io-index" 429 | checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9" 430 | dependencies = [ 431 | "displaydoc", 432 | "icu_locid", 433 | "icu_provider_macros", 434 | "stable_deref_trait", 435 | "tinystr", 436 | "writeable", 437 | "yoke", 438 | "zerofrom", 439 | "zerovec", 440 | ] 441 | 442 | [[package]] 443 | name = "icu_provider_macros" 444 | version = "1.5.0" 445 | source = "registry+https://github.com/rust-lang/crates.io-index" 446 | checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" 447 | dependencies = [ 448 | "proc-macro2", 449 | "quote", 450 | "syn", 451 | ] 452 | 453 | [[package]] 454 | name = "idna" 455 | version = "1.0.3" 456 | source = "registry+https://github.com/rust-lang/crates.io-index" 457 | checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e" 458 | dependencies = [ 459 | "idna_adapter", 460 | "smallvec", 461 | "utf8_iter", 462 | ] 463 | 464 | [[package]] 465 | name = "idna_adapter" 466 | version = "1.2.0" 467 | source = "registry+https://github.com/rust-lang/crates.io-index" 468 | checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71" 469 | dependencies = [ 470 | "icu_normalizer", 471 | "icu_properties", 472 | ] 473 | 474 | [[package]] 475 | name = "indexmap" 476 | version = "2.7.1" 477 | source = "registry+https://github.com/rust-lang/crates.io-index" 478 | checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652" 479 | dependencies = [ 480 | "equivalent", 481 | "hashbrown", 482 | ] 483 | 484 | [[package]] 485 | name = "ipnet" 486 | version = "2.11.0" 487 | source = "registry+https://github.com/rust-lang/crates.io-index" 488 | checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" 489 | 490 | [[package]] 491 | name = "itoa" 492 | version = "1.0.14" 493 | source = "registry+https://github.com/rust-lang/crates.io-index" 494 | checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674" 495 | 496 | [[package]] 497 | name = "js-sys" 498 | version = "0.3.77" 499 | source = "registry+https://github.com/rust-lang/crates.io-index" 500 | checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" 501 | dependencies = [ 502 | "once_cell", 503 | "wasm-bindgen", 504 | ] 505 | 506 | [[package]] 507 | name = "libc" 508 | version = "0.2.169" 509 | source = "registry+https://github.com/rust-lang/crates.io-index" 510 | checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" 511 | 512 | [[package]] 513 | name = "linux-raw-sys" 514 | version = "0.4.15" 515 | source = "registry+https://github.com/rust-lang/crates.io-index" 516 | checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" 517 | 518 | [[package]] 519 | name = "litemap" 520 | version = "0.7.4" 521 | source = "registry+https://github.com/rust-lang/crates.io-index" 522 | checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104" 523 | 524 | [[package]] 525 | name = "lock_api" 526 | version = "0.4.12" 527 | source = "registry+https://github.com/rust-lang/crates.io-index" 528 | checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" 529 | dependencies = [ 530 | "autocfg", 531 | "scopeguard", 532 | ] 533 | 534 | [[package]] 535 | name = "log" 536 | version = "0.4.25" 537 | source = "registry+https://github.com/rust-lang/crates.io-index" 538 | checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f" 539 | 540 | [[package]] 541 | name = "memchr" 542 | version = "2.7.4" 543 | source = "registry+https://github.com/rust-lang/crates.io-index" 544 | checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" 545 | 546 | [[package]] 547 | name = "mime" 548 | version = "0.3.17" 549 | source = "registry+https://github.com/rust-lang/crates.io-index" 550 | checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 551 | 552 | [[package]] 553 | name = "miniz_oxide" 554 | version = "0.8.3" 555 | source = "registry+https://github.com/rust-lang/crates.io-index" 556 | checksum = "b8402cab7aefae129c6977bb0ff1b8fd9a04eb5b51efc50a70bea51cda0c7924" 557 | dependencies = [ 558 | "adler2", 559 | ] 560 | 561 | [[package]] 562 | name = "mio" 563 | version = "1.0.3" 564 | source = "registry+https://github.com/rust-lang/crates.io-index" 565 | checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" 566 | dependencies = [ 567 | "libc", 568 | "wasi", 569 | "windows-sys 0.52.0", 570 | ] 571 | 572 | [[package]] 573 | name = "native-tls" 574 | version = "0.2.12" 575 | source = "registry+https://github.com/rust-lang/crates.io-index" 576 | checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466" 577 | dependencies = [ 578 | "libc", 579 | "log", 580 | "openssl", 581 | "openssl-probe", 582 | "openssl-sys", 583 | "schannel", 584 | "security-framework", 585 | "security-framework-sys", 586 | "tempfile", 587 | ] 588 | 589 | [[package]] 590 | name = "nix-hash-collection-utils" 591 | version = "0.1.0" 592 | dependencies = [ 593 | "libc", 594 | "regex", 595 | "reqwest", 596 | "serde", 597 | "tokio", 598 | ] 599 | 600 | [[package]] 601 | name = "object" 602 | version = "0.36.7" 603 | source = "registry+https://github.com/rust-lang/crates.io-index" 604 | checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" 605 | dependencies = [ 606 | "memchr", 607 | ] 608 | 609 | [[package]] 610 | name = "once_cell" 611 | version = "1.20.2" 612 | source = "registry+https://github.com/rust-lang/crates.io-index" 613 | checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" 614 | 615 | [[package]] 616 | name = "openssl" 617 | version = "0.10.68" 618 | source = "registry+https://github.com/rust-lang/crates.io-index" 619 | checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5" 620 | dependencies = [ 621 | "bitflags 2.8.0", 622 | "cfg-if", 623 | "foreign-types", 624 | "libc", 625 | "once_cell", 626 | "openssl-macros", 627 | "openssl-sys", 628 | ] 629 | 630 | [[package]] 631 | name = "openssl-macros" 632 | version = "0.1.1" 633 | source = "registry+https://github.com/rust-lang/crates.io-index" 634 | checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" 635 | dependencies = [ 636 | "proc-macro2", 637 | "quote", 638 | "syn", 639 | ] 640 | 641 | [[package]] 642 | name = "openssl-probe" 643 | version = "0.1.5" 644 | source = "registry+https://github.com/rust-lang/crates.io-index" 645 | checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" 646 | 647 | [[package]] 648 | name = "openssl-sys" 649 | version = "0.9.104" 650 | source = "registry+https://github.com/rust-lang/crates.io-index" 651 | checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741" 652 | dependencies = [ 653 | "cc", 654 | "libc", 655 | "pkg-config", 656 | "vcpkg", 657 | ] 658 | 659 | [[package]] 660 | name = "parking_lot" 661 | version = "0.12.3" 662 | source = "registry+https://github.com/rust-lang/crates.io-index" 663 | checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" 664 | dependencies = [ 665 | "lock_api", 666 | "parking_lot_core", 667 | ] 668 | 669 | [[package]] 670 | name = "parking_lot_core" 671 | version = "0.9.10" 672 | source = "registry+https://github.com/rust-lang/crates.io-index" 673 | checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" 674 | dependencies = [ 675 | "cfg-if", 676 | "libc", 677 | "redox_syscall", 678 | "smallvec", 679 | "windows-targets 0.52.6", 680 | ] 681 | 682 | [[package]] 683 | name = "percent-encoding" 684 | version = "2.3.1" 685 | source = "registry+https://github.com/rust-lang/crates.io-index" 686 | checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" 687 | 688 | [[package]] 689 | name = "pin-project-lite" 690 | version = "0.2.16" 691 | source = "registry+https://github.com/rust-lang/crates.io-index" 692 | checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b" 693 | 694 | [[package]] 695 | name = "pin-utils" 696 | version = "0.1.0" 697 | source = "registry+https://github.com/rust-lang/crates.io-index" 698 | checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" 699 | 700 | [[package]] 701 | name = "pkg-config" 702 | version = "0.3.31" 703 | source = "registry+https://github.com/rust-lang/crates.io-index" 704 | checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" 705 | 706 | [[package]] 707 | name = "proc-macro2" 708 | version = "1.0.93" 709 | source = "registry+https://github.com/rust-lang/crates.io-index" 710 | checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99" 711 | dependencies = [ 712 | "unicode-ident", 713 | ] 714 | 715 | [[package]] 716 | name = "quote" 717 | version = "1.0.38" 718 | source = "registry+https://github.com/rust-lang/crates.io-index" 719 | checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc" 720 | dependencies = [ 721 | "proc-macro2", 722 | ] 723 | 724 | [[package]] 725 | name = "redox_syscall" 726 | version = "0.5.8" 727 | source = "registry+https://github.com/rust-lang/crates.io-index" 728 | checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834" 729 | dependencies = [ 730 | "bitflags 2.8.0", 731 | ] 732 | 733 | [[package]] 734 | name = "regex" 735 | version = "1.11.1" 736 | source = "registry+https://github.com/rust-lang/crates.io-index" 737 | checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" 738 | dependencies = [ 739 | "aho-corasick", 740 | "memchr", 741 | "regex-automata", 742 | "regex-syntax", 743 | ] 744 | 745 | [[package]] 746 | name = "regex-automata" 747 | version = "0.4.9" 748 | source = "registry+https://github.com/rust-lang/crates.io-index" 749 | checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" 750 | dependencies = [ 751 | "aho-corasick", 752 | "memchr", 753 | "regex-syntax", 754 | ] 755 | 756 | [[package]] 757 | name = "regex-syntax" 758 | version = "0.8.5" 759 | source = "registry+https://github.com/rust-lang/crates.io-index" 760 | checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" 761 | 762 | [[package]] 763 | name = "reqwest" 764 | version = "0.11.27" 765 | source = "registry+https://github.com/rust-lang/crates.io-index" 766 | checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" 767 | dependencies = [ 768 | "base64", 769 | "bytes", 770 | "encoding_rs", 771 | "futures-core", 772 | "futures-util", 773 | "h2", 774 | "http", 775 | "http-body", 776 | "hyper", 777 | "hyper-tls", 778 | "ipnet", 779 | "js-sys", 780 | "log", 781 | "mime", 782 | "native-tls", 783 | "once_cell", 784 | "percent-encoding", 785 | "pin-project-lite", 786 | "rustls-pemfile", 787 | "serde", 788 | "serde_json", 789 | "serde_urlencoded", 790 | "sync_wrapper", 791 | "system-configuration", 792 | "tokio", 793 | "tokio-native-tls", 794 | "tower-service", 795 | "url", 796 | "wasm-bindgen", 797 | "wasm-bindgen-futures", 798 | "web-sys", 799 | "winreg", 800 | ] 801 | 802 | [[package]] 803 | name = "rustc-demangle" 804 | version = "0.1.24" 805 | source = "registry+https://github.com/rust-lang/crates.io-index" 806 | checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" 807 | 808 | [[package]] 809 | name = "rustix" 810 | version = "0.38.43" 811 | source = "registry+https://github.com/rust-lang/crates.io-index" 812 | checksum = "a78891ee6bf2340288408954ac787aa063d8e8817e9f53abb37c695c6d834ef6" 813 | dependencies = [ 814 | "bitflags 2.8.0", 815 | "errno", 816 | "libc", 817 | "linux-raw-sys", 818 | "windows-sys 0.59.0", 819 | ] 820 | 821 | [[package]] 822 | name = "rustls-pemfile" 823 | version = "1.0.4" 824 | source = "registry+https://github.com/rust-lang/crates.io-index" 825 | checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" 826 | dependencies = [ 827 | "base64", 828 | ] 829 | 830 | [[package]] 831 | name = "rustversion" 832 | version = "1.0.19" 833 | source = "registry+https://github.com/rust-lang/crates.io-index" 834 | checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4" 835 | 836 | [[package]] 837 | name = "ryu" 838 | version = "1.0.18" 839 | source = "registry+https://github.com/rust-lang/crates.io-index" 840 | checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" 841 | 842 | [[package]] 843 | name = "schannel" 844 | version = "0.1.27" 845 | source = "registry+https://github.com/rust-lang/crates.io-index" 846 | checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" 847 | dependencies = [ 848 | "windows-sys 0.59.0", 849 | ] 850 | 851 | [[package]] 852 | name = "scopeguard" 853 | version = "1.2.0" 854 | source = "registry+https://github.com/rust-lang/crates.io-index" 855 | checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" 856 | 857 | [[package]] 858 | name = "security-framework" 859 | version = "2.11.1" 860 | source = "registry+https://github.com/rust-lang/crates.io-index" 861 | checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" 862 | dependencies = [ 863 | "bitflags 2.8.0", 864 | "core-foundation", 865 | "core-foundation-sys", 866 | "libc", 867 | "security-framework-sys", 868 | ] 869 | 870 | [[package]] 871 | name = "security-framework-sys" 872 | version = "2.14.0" 873 | source = "registry+https://github.com/rust-lang/crates.io-index" 874 | checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" 875 | dependencies = [ 876 | "core-foundation-sys", 877 | "libc", 878 | ] 879 | 880 | [[package]] 881 | name = "serde" 882 | version = "1.0.217" 883 | source = "registry+https://github.com/rust-lang/crates.io-index" 884 | checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70" 885 | dependencies = [ 886 | "serde_derive", 887 | ] 888 | 889 | [[package]] 890 | name = "serde_derive" 891 | version = "1.0.217" 892 | source = "registry+https://github.com/rust-lang/crates.io-index" 893 | checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0" 894 | dependencies = [ 895 | "proc-macro2", 896 | "quote", 897 | "syn", 898 | ] 899 | 900 | [[package]] 901 | name = "serde_json" 902 | version = "1.0.137" 903 | source = "registry+https://github.com/rust-lang/crates.io-index" 904 | checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b" 905 | dependencies = [ 906 | "itoa", 907 | "memchr", 908 | "ryu", 909 | "serde", 910 | ] 911 | 912 | [[package]] 913 | name = "serde_urlencoded" 914 | version = "0.7.1" 915 | source = "registry+https://github.com/rust-lang/crates.io-index" 916 | checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" 917 | dependencies = [ 918 | "form_urlencoded", 919 | "itoa", 920 | "ryu", 921 | "serde", 922 | ] 923 | 924 | [[package]] 925 | name = "shlex" 926 | version = "1.3.0" 927 | source = "registry+https://github.com/rust-lang/crates.io-index" 928 | checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" 929 | 930 | [[package]] 931 | name = "signal-hook-registry" 932 | version = "1.4.2" 933 | source = "registry+https://github.com/rust-lang/crates.io-index" 934 | checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" 935 | dependencies = [ 936 | "libc", 937 | ] 938 | 939 | [[package]] 940 | name = "slab" 941 | version = "0.4.9" 942 | source = "registry+https://github.com/rust-lang/crates.io-index" 943 | checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" 944 | dependencies = [ 945 | "autocfg", 946 | ] 947 | 948 | [[package]] 949 | name = "smallvec" 950 | version = "1.13.2" 951 | source = "registry+https://github.com/rust-lang/crates.io-index" 952 | checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" 953 | 954 | [[package]] 955 | name = "socket2" 956 | version = "0.5.8" 957 | source = "registry+https://github.com/rust-lang/crates.io-index" 958 | checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8" 959 | dependencies = [ 960 | "libc", 961 | "windows-sys 0.52.0", 962 | ] 963 | 964 | [[package]] 965 | name = "stable_deref_trait" 966 | version = "1.2.0" 967 | source = "registry+https://github.com/rust-lang/crates.io-index" 968 | checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" 969 | 970 | [[package]] 971 | name = "syn" 972 | version = "2.0.96" 973 | source = "registry+https://github.com/rust-lang/crates.io-index" 974 | checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80" 975 | dependencies = [ 976 | "proc-macro2", 977 | "quote", 978 | "unicode-ident", 979 | ] 980 | 981 | [[package]] 982 | name = "sync_wrapper" 983 | version = "0.1.2" 984 | source = "registry+https://github.com/rust-lang/crates.io-index" 985 | checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" 986 | 987 | [[package]] 988 | name = "synstructure" 989 | version = "0.13.1" 990 | source = "registry+https://github.com/rust-lang/crates.io-index" 991 | checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" 992 | dependencies = [ 993 | "proc-macro2", 994 | "quote", 995 | "syn", 996 | ] 997 | 998 | [[package]] 999 | name = "system-configuration" 1000 | version = "0.5.1" 1001 | source = "registry+https://github.com/rust-lang/crates.io-index" 1002 | checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" 1003 | dependencies = [ 1004 | "bitflags 1.3.2", 1005 | "core-foundation", 1006 | "system-configuration-sys", 1007 | ] 1008 | 1009 | [[package]] 1010 | name = "system-configuration-sys" 1011 | version = "0.5.0" 1012 | source = "registry+https://github.com/rust-lang/crates.io-index" 1013 | checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" 1014 | dependencies = [ 1015 | "core-foundation-sys", 1016 | "libc", 1017 | ] 1018 | 1019 | [[package]] 1020 | name = "tempfile" 1021 | version = "3.15.0" 1022 | source = "registry+https://github.com/rust-lang/crates.io-index" 1023 | checksum = "9a8a559c81686f576e8cd0290cd2a24a2a9ad80c98b3478856500fcbd7acd704" 1024 | dependencies = [ 1025 | "cfg-if", 1026 | "fastrand", 1027 | "getrandom", 1028 | "once_cell", 1029 | "rustix", 1030 | "windows-sys 0.59.0", 1031 | ] 1032 | 1033 | [[package]] 1034 | name = "tinystr" 1035 | version = "0.7.6" 1036 | source = "registry+https://github.com/rust-lang/crates.io-index" 1037 | checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" 1038 | dependencies = [ 1039 | "displaydoc", 1040 | "zerovec", 1041 | ] 1042 | 1043 | [[package]] 1044 | name = "tokio" 1045 | version = "1.43.0" 1046 | source = "registry+https://github.com/rust-lang/crates.io-index" 1047 | checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e" 1048 | dependencies = [ 1049 | "backtrace", 1050 | "bytes", 1051 | "libc", 1052 | "mio", 1053 | "parking_lot", 1054 | "pin-project-lite", 1055 | "signal-hook-registry", 1056 | "socket2", 1057 | "tokio-macros", 1058 | "windows-sys 0.52.0", 1059 | ] 1060 | 1061 | [[package]] 1062 | name = "tokio-macros" 1063 | version = "2.5.0" 1064 | source = "registry+https://github.com/rust-lang/crates.io-index" 1065 | checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8" 1066 | dependencies = [ 1067 | "proc-macro2", 1068 | "quote", 1069 | "syn", 1070 | ] 1071 | 1072 | [[package]] 1073 | name = "tokio-native-tls" 1074 | version = "0.3.1" 1075 | source = "registry+https://github.com/rust-lang/crates.io-index" 1076 | checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" 1077 | dependencies = [ 1078 | "native-tls", 1079 | "tokio", 1080 | ] 1081 | 1082 | [[package]] 1083 | name = "tokio-util" 1084 | version = "0.7.13" 1085 | source = "registry+https://github.com/rust-lang/crates.io-index" 1086 | checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078" 1087 | dependencies = [ 1088 | "bytes", 1089 | "futures-core", 1090 | "futures-sink", 1091 | "pin-project-lite", 1092 | "tokio", 1093 | ] 1094 | 1095 | [[package]] 1096 | name = "tower-service" 1097 | version = "0.3.3" 1098 | source = "registry+https://github.com/rust-lang/crates.io-index" 1099 | checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" 1100 | 1101 | [[package]] 1102 | name = "tracing" 1103 | version = "0.1.41" 1104 | source = "registry+https://github.com/rust-lang/crates.io-index" 1105 | checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" 1106 | dependencies = [ 1107 | "pin-project-lite", 1108 | "tracing-core", 1109 | ] 1110 | 1111 | [[package]] 1112 | name = "tracing-core" 1113 | version = "0.1.33" 1114 | source = "registry+https://github.com/rust-lang/crates.io-index" 1115 | checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" 1116 | dependencies = [ 1117 | "once_cell", 1118 | ] 1119 | 1120 | [[package]] 1121 | name = "try-lock" 1122 | version = "0.2.5" 1123 | source = "registry+https://github.com/rust-lang/crates.io-index" 1124 | checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" 1125 | 1126 | [[package]] 1127 | name = "unicode-ident" 1128 | version = "1.0.14" 1129 | source = "registry+https://github.com/rust-lang/crates.io-index" 1130 | checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" 1131 | 1132 | [[package]] 1133 | name = "url" 1134 | version = "2.5.4" 1135 | source = "registry+https://github.com/rust-lang/crates.io-index" 1136 | checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60" 1137 | dependencies = [ 1138 | "form_urlencoded", 1139 | "idna", 1140 | "percent-encoding", 1141 | ] 1142 | 1143 | [[package]] 1144 | name = "utf16_iter" 1145 | version = "1.0.5" 1146 | source = "registry+https://github.com/rust-lang/crates.io-index" 1147 | checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246" 1148 | 1149 | [[package]] 1150 | name = "utf8_iter" 1151 | version = "1.0.4" 1152 | source = "registry+https://github.com/rust-lang/crates.io-index" 1153 | checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" 1154 | 1155 | [[package]] 1156 | name = "vcpkg" 1157 | version = "0.2.15" 1158 | source = "registry+https://github.com/rust-lang/crates.io-index" 1159 | checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" 1160 | 1161 | [[package]] 1162 | name = "want" 1163 | version = "0.3.1" 1164 | source = "registry+https://github.com/rust-lang/crates.io-index" 1165 | checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" 1166 | dependencies = [ 1167 | "try-lock", 1168 | ] 1169 | 1170 | [[package]] 1171 | name = "wasi" 1172 | version = "0.11.0+wasi-snapshot-preview1" 1173 | source = "registry+https://github.com/rust-lang/crates.io-index" 1174 | checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" 1175 | 1176 | [[package]] 1177 | name = "wasm-bindgen" 1178 | version = "0.2.100" 1179 | source = "registry+https://github.com/rust-lang/crates.io-index" 1180 | checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" 1181 | dependencies = [ 1182 | "cfg-if", 1183 | "once_cell", 1184 | "rustversion", 1185 | "wasm-bindgen-macro", 1186 | ] 1187 | 1188 | [[package]] 1189 | name = "wasm-bindgen-backend" 1190 | version = "0.2.100" 1191 | source = "registry+https://github.com/rust-lang/crates.io-index" 1192 | checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" 1193 | dependencies = [ 1194 | "bumpalo", 1195 | "log", 1196 | "proc-macro2", 1197 | "quote", 1198 | "syn", 1199 | "wasm-bindgen-shared", 1200 | ] 1201 | 1202 | [[package]] 1203 | name = "wasm-bindgen-futures" 1204 | version = "0.4.50" 1205 | source = "registry+https://github.com/rust-lang/crates.io-index" 1206 | checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61" 1207 | dependencies = [ 1208 | "cfg-if", 1209 | "js-sys", 1210 | "once_cell", 1211 | "wasm-bindgen", 1212 | "web-sys", 1213 | ] 1214 | 1215 | [[package]] 1216 | name = "wasm-bindgen-macro" 1217 | version = "0.2.100" 1218 | source = "registry+https://github.com/rust-lang/crates.io-index" 1219 | checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" 1220 | dependencies = [ 1221 | "quote", 1222 | "wasm-bindgen-macro-support", 1223 | ] 1224 | 1225 | [[package]] 1226 | name = "wasm-bindgen-macro-support" 1227 | version = "0.2.100" 1228 | source = "registry+https://github.com/rust-lang/crates.io-index" 1229 | checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" 1230 | dependencies = [ 1231 | "proc-macro2", 1232 | "quote", 1233 | "syn", 1234 | "wasm-bindgen-backend", 1235 | "wasm-bindgen-shared", 1236 | ] 1237 | 1238 | [[package]] 1239 | name = "wasm-bindgen-shared" 1240 | version = "0.2.100" 1241 | source = "registry+https://github.com/rust-lang/crates.io-index" 1242 | checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" 1243 | dependencies = [ 1244 | "unicode-ident", 1245 | ] 1246 | 1247 | [[package]] 1248 | name = "web-sys" 1249 | version = "0.3.77" 1250 | source = "registry+https://github.com/rust-lang/crates.io-index" 1251 | checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2" 1252 | dependencies = [ 1253 | "js-sys", 1254 | "wasm-bindgen", 1255 | ] 1256 | 1257 | [[package]] 1258 | name = "windows-sys" 1259 | version = "0.48.0" 1260 | source = "registry+https://github.com/rust-lang/crates.io-index" 1261 | checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" 1262 | dependencies = [ 1263 | "windows-targets 0.48.5", 1264 | ] 1265 | 1266 | [[package]] 1267 | name = "windows-sys" 1268 | version = "0.52.0" 1269 | source = "registry+https://github.com/rust-lang/crates.io-index" 1270 | checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" 1271 | dependencies = [ 1272 | "windows-targets 0.52.6", 1273 | ] 1274 | 1275 | [[package]] 1276 | name = "windows-sys" 1277 | version = "0.59.0" 1278 | source = "registry+https://github.com/rust-lang/crates.io-index" 1279 | checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" 1280 | dependencies = [ 1281 | "windows-targets 0.52.6", 1282 | ] 1283 | 1284 | [[package]] 1285 | name = "windows-targets" 1286 | version = "0.48.5" 1287 | source = "registry+https://github.com/rust-lang/crates.io-index" 1288 | checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" 1289 | dependencies = [ 1290 | "windows_aarch64_gnullvm 0.48.5", 1291 | "windows_aarch64_msvc 0.48.5", 1292 | "windows_i686_gnu 0.48.5", 1293 | "windows_i686_msvc 0.48.5", 1294 | "windows_x86_64_gnu 0.48.5", 1295 | "windows_x86_64_gnullvm 0.48.5", 1296 | "windows_x86_64_msvc 0.48.5", 1297 | ] 1298 | 1299 | [[package]] 1300 | name = "windows-targets" 1301 | version = "0.52.6" 1302 | source = "registry+https://github.com/rust-lang/crates.io-index" 1303 | checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" 1304 | dependencies = [ 1305 | "windows_aarch64_gnullvm 0.52.6", 1306 | "windows_aarch64_msvc 0.52.6", 1307 | "windows_i686_gnu 0.52.6", 1308 | "windows_i686_gnullvm", 1309 | "windows_i686_msvc 0.52.6", 1310 | "windows_x86_64_gnu 0.52.6", 1311 | "windows_x86_64_gnullvm 0.52.6", 1312 | "windows_x86_64_msvc 0.52.6", 1313 | ] 1314 | 1315 | [[package]] 1316 | name = "windows_aarch64_gnullvm" 1317 | version = "0.48.5" 1318 | source = "registry+https://github.com/rust-lang/crates.io-index" 1319 | checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" 1320 | 1321 | [[package]] 1322 | name = "windows_aarch64_gnullvm" 1323 | version = "0.52.6" 1324 | source = "registry+https://github.com/rust-lang/crates.io-index" 1325 | checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" 1326 | 1327 | [[package]] 1328 | name = "windows_aarch64_msvc" 1329 | version = "0.48.5" 1330 | source = "registry+https://github.com/rust-lang/crates.io-index" 1331 | checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" 1332 | 1333 | [[package]] 1334 | name = "windows_aarch64_msvc" 1335 | version = "0.52.6" 1336 | source = "registry+https://github.com/rust-lang/crates.io-index" 1337 | checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" 1338 | 1339 | [[package]] 1340 | name = "windows_i686_gnu" 1341 | version = "0.48.5" 1342 | source = "registry+https://github.com/rust-lang/crates.io-index" 1343 | checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" 1344 | 1345 | [[package]] 1346 | name = "windows_i686_gnu" 1347 | version = "0.52.6" 1348 | source = "registry+https://github.com/rust-lang/crates.io-index" 1349 | checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" 1350 | 1351 | [[package]] 1352 | name = "windows_i686_gnullvm" 1353 | version = "0.52.6" 1354 | source = "registry+https://github.com/rust-lang/crates.io-index" 1355 | checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" 1356 | 1357 | [[package]] 1358 | name = "windows_i686_msvc" 1359 | version = "0.48.5" 1360 | source = "registry+https://github.com/rust-lang/crates.io-index" 1361 | checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" 1362 | 1363 | [[package]] 1364 | name = "windows_i686_msvc" 1365 | version = "0.52.6" 1366 | source = "registry+https://github.com/rust-lang/crates.io-index" 1367 | checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" 1368 | 1369 | [[package]] 1370 | name = "windows_x86_64_gnu" 1371 | version = "0.48.5" 1372 | source = "registry+https://github.com/rust-lang/crates.io-index" 1373 | checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" 1374 | 1375 | [[package]] 1376 | name = "windows_x86_64_gnu" 1377 | version = "0.52.6" 1378 | source = "registry+https://github.com/rust-lang/crates.io-index" 1379 | checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" 1380 | 1381 | [[package]] 1382 | name = "windows_x86_64_gnullvm" 1383 | version = "0.48.5" 1384 | source = "registry+https://github.com/rust-lang/crates.io-index" 1385 | checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" 1386 | 1387 | [[package]] 1388 | name = "windows_x86_64_gnullvm" 1389 | version = "0.52.6" 1390 | source = "registry+https://github.com/rust-lang/crates.io-index" 1391 | checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" 1392 | 1393 | [[package]] 1394 | name = "windows_x86_64_msvc" 1395 | version = "0.48.5" 1396 | source = "registry+https://github.com/rust-lang/crates.io-index" 1397 | checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" 1398 | 1399 | [[package]] 1400 | name = "windows_x86_64_msvc" 1401 | version = "0.52.6" 1402 | source = "registry+https://github.com/rust-lang/crates.io-index" 1403 | checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" 1404 | 1405 | [[package]] 1406 | name = "winreg" 1407 | version = "0.50.0" 1408 | source = "registry+https://github.com/rust-lang/crates.io-index" 1409 | checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" 1410 | dependencies = [ 1411 | "cfg-if", 1412 | "windows-sys 0.48.0", 1413 | ] 1414 | 1415 | [[package]] 1416 | name = "write16" 1417 | version = "1.0.0" 1418 | source = "registry+https://github.com/rust-lang/crates.io-index" 1419 | checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936" 1420 | 1421 | [[package]] 1422 | name = "writeable" 1423 | version = "0.5.5" 1424 | source = "registry+https://github.com/rust-lang/crates.io-index" 1425 | checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" 1426 | 1427 | [[package]] 1428 | name = "yoke" 1429 | version = "0.7.5" 1430 | source = "registry+https://github.com/rust-lang/crates.io-index" 1431 | checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" 1432 | dependencies = [ 1433 | "serde", 1434 | "stable_deref_trait", 1435 | "yoke-derive", 1436 | "zerofrom", 1437 | ] 1438 | 1439 | [[package]] 1440 | name = "yoke-derive" 1441 | version = "0.7.5" 1442 | source = "registry+https://github.com/rust-lang/crates.io-index" 1443 | checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" 1444 | dependencies = [ 1445 | "proc-macro2", 1446 | "quote", 1447 | "syn", 1448 | "synstructure", 1449 | ] 1450 | 1451 | [[package]] 1452 | name = "zerofrom" 1453 | version = "0.1.5" 1454 | source = "registry+https://github.com/rust-lang/crates.io-index" 1455 | checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" 1456 | dependencies = [ 1457 | "zerofrom-derive", 1458 | ] 1459 | 1460 | [[package]] 1461 | name = "zerofrom-derive" 1462 | version = "0.1.5" 1463 | source = "registry+https://github.com/rust-lang/crates.io-index" 1464 | checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808" 1465 | dependencies = [ 1466 | "proc-macro2", 1467 | "quote", 1468 | "syn", 1469 | "synstructure", 1470 | ] 1471 | 1472 | [[package]] 1473 | name = "zerovec" 1474 | version = "0.10.4" 1475 | source = "registry+https://github.com/rust-lang/crates.io-index" 1476 | checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" 1477 | dependencies = [ 1478 | "yoke", 1479 | "zerofrom", 1480 | "zerovec-derive", 1481 | ] 1482 | 1483 | [[package]] 1484 | name = "zerovec-derive" 1485 | version = "0.10.3" 1486 | source = "registry+https://github.com/rust-lang/crates.io-index" 1487 | checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" 1488 | dependencies = [ 1489 | "proc-macro2", 1490 | "quote", 1491 | "syn", 1492 | ] 1493 | -------------------------------------------------------------------------------- /utils/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "nix-hash-collection-utils" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | libc = "0.2.169" 10 | reqwest = { version = "0.11", features = ["json"] } 11 | tokio = { version = "1", features = ["full"] } 12 | serde = { version = "1", features = ["derive"] } 13 | regex = "1" 14 | -------------------------------------------------------------------------------- /utils/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv, rustPlatform, pkg-config, openssl, nlohmann_json, boost, nixVersions, libsodium, ... }: 2 | 3 | rustPlatform.buildRustPackage rec { 4 | name = "nix-hash-collection-utils"; 5 | version = "0.1.0"; 6 | src = ./.; 7 | nativeBuildInputs = [ pkg-config ]; 8 | 9 | buildInputs = [ 10 | openssl 11 | (nixVersions.git.overrideAttrs(a: { 12 | # Should be generalized, documented, tested and upstreamed 13 | # similar to https://github.com/NixOS/nix/pull/12044 14 | patches = a.patches ++ [ ./expose_apis.patch ]; 15 | # tests/functional/repl.sh.test is failing in CI 16 | doInstallCheck = stdenv.hostPlatform.system == "x86_64-linux"; 17 | })) 18 | nlohmann_json 19 | libsodium 20 | boost 21 | ]; 22 | 23 | cargoLock = { 24 | lockFile = ./Cargo.lock; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /utils/expose_apis.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/libstore-c/nix_api_store.cc b/src/libstore-c/nix_api_store.cc 2 | index 79841ca49..226f8e00d 100644 3 | --- a/src/libstore-c/nix_api_store.cc 4 | +++ b/src/libstore-c/nix_api_store.cc 5 | @@ -135,6 +135,29 @@ void nix_store_path_name(const StorePath * store_path, nix_get_string_callback c 6 | callback(name.data(), name.size(), user_data); 7 | } 8 | 9 | +char * nix_store_path_nar_hash(const Store * store, const StorePath * store_path) 10 | +{ 11 | + std::string result = store->ptr->queryPathInfo(store_path->path)->narHash.to_string(nix::HashFormat::Nix32, true); 12 | + return strdup(result.c_str()); 13 | +} 14 | + 15 | +unsigned int nix_store_path_nar_size(const Store * store, const StorePath * store_path) 16 | +{ 17 | + return store->ptr->queryPathInfo(store_path->path)->narSize; 18 | +} 19 | + 20 | +char ** nix_store_path_references(const Store * store, const StorePath * store_path) 21 | +{ 22 | + nix::StorePathSet set = store->ptr->queryPathInfo(store_path->path)->references; 23 | + char ** result = (char**) calloc(set.size() + 1, sizeof(char*)); 24 | + int i = 0; 25 | + for (const nix::StorePath path : set) { 26 | + result[i] = strdup(store->ptr->printStorePath(path).c_str()); 27 | + i++; 28 | + } 29 | + return result; 30 | +} 31 | + 32 | void nix_store_path_free(StorePath * sp) 33 | { 34 | delete sp; 35 | diff --git a/src/libstore-c/nix_api_store.h b/src/libstore-c/nix_api_store.h 36 | index 4b2134457..fdcf39c81 100644 37 | --- a/src/libstore-c/nix_api_store.h 38 | +++ b/src/libstore-c/nix_api_store.h 39 | @@ -99,6 +99,10 @@ StorePath * nix_store_parse_path(nix_c_context * context, Store * store, const c 40 | */ 41 | void nix_store_path_name(const StorePath * store_path, nix_get_string_callback callback, void * user_data); 42 | 43 | +char * nix_store_path_nar_hash(const Store * store, const StorePath * store_path); 44 | +unsigned int nix_store_path_nar_size(const Store * store, const StorePath * store_path); 45 | +char ** nix_store_path_references(const Store * store, const StorePath * store_path); 46 | + 47 | /** 48 | * @brief Copy a StorePath 49 | * 50 | diff --git a/src/libutil-c/nix_api_util.cc b/src/libutil-c/nix_api_util.cc 51 | index 4f65a4c12..551d48dcf 100644 52 | --- a/src/libutil-c/nix_api_util.cc 53 | +++ b/src/libutil-c/nix_api_util.cc 54 | @@ -3,6 +3,10 @@ 55 | #include "error.hh" 56 | #include "nix_api_util_internal.h" 57 | #include "util.hh" 58 | +#include "source-path.hh" 59 | +#include "posix-source-accessor.hh" 60 | +#include "file-content-address.hh" 61 | +#include "signature/local-keys.hh" 62 | 63 | #include 64 | #include 65 | @@ -142,6 +146,17 @@ nix_err nix_err_code(const nix_c_context * read_context) 66 | return read_context->last_err_code; 67 | } 68 | 69 | +char * hash_path(const char * path) { 70 | + nix::Hash hash = nix::hashPath( 71 | + nix::PosixSourceAccessor::createAtRoot(path), 72 | + nix::FileIngestionMethod::NixArchive, 73 | + nix::HashAlgorithm::SHA256).first; 74 | + return strdup(hash.to_string(nix::HashFormat::Nix32, false).c_str()); 75 | +} 76 | + 77 | +char * sign_detached(const char * secret_key, const char * data) { 78 | + return strdup(nix::SecretKey(secret_key).signDetached(data).c_str()); 79 | +} 80 | // internal 81 | nix_err call_nix_get_string_callback(const std::string str, nix_get_string_callback callback, void * user_data) 82 | { 83 | diff --git a/src/libutil-c/nix_api_util.h b/src/libutil-c/nix_api_util.h 84 | index ad6f32859..c2140f2df 100644 85 | --- a/src/libutil-c/nix_api_util.h 86 | +++ b/src/libutil-c/nix_api_util.h 87 | @@ -293,6 +293,10 @@ nix_err nix_err_code(const nix_c_context * read_context); 88 | */ 89 | nix_err nix_set_err_msg(nix_c_context * context, nix_err err, const char * msg); 90 | 91 | +char * hash_path(const char * path); 92 | + 93 | +char * sign_detached(const char * secret_key, const char * data); 94 | + 95 | /** 96 | * @} 97 | */ 98 | -------------------------------------------------------------------------------- /utils/nixos/module.nix: -------------------------------------------------------------------------------- 1 | queued-build-hook-module: 2 | { config, lib, pkgs, ... }: 3 | let 4 | cfg = config.services.hash-collection; 5 | utils = pkgs.callPackage ../. { }; 6 | in 7 | with lib; 8 | { 9 | 10 | imports = [ queued-build-hook-module ]; 11 | 12 | options.services.hash-collection = { 13 | 14 | enable = mkEnableOption "hash-collection"; 15 | 16 | retryInterval = mkOption { 17 | description = mdDoc '' 18 | The number of seconds between attempts to run the hook for a package after an initial failure. 19 | ''; 20 | type = types.int; 21 | default = 1; 22 | }; 23 | 24 | retries = mkOption { 25 | description = mdDoc '' 26 | The maximum number of attempts that will be made to run the hook for a package before giving up and dropping the task altogether. 27 | ''; 28 | type = types.int; 29 | default = 5; 30 | }; 31 | 32 | concurrency = mkOption { 33 | description = mdDoc '' 34 | Sets the maximum number of tasks that can be executed simultaneously. 35 | By default it is set to 0 which means there is no limit to the number of tasks that can be run concurrently. 36 | ''; 37 | type = types.int; 38 | default = 0; 39 | }; 40 | 41 | collection-url = mkOption { 42 | description = mdDoc '' 43 | URL of the collection server 44 | ''; 45 | type = types.str; 46 | }; 47 | 48 | tokenFile = mkOption { 49 | description = mdDoc '' 50 | Path to your identification token 51 | ''; 52 | type = types.path; 53 | }; 54 | 55 | secretKeyFile = mkOption { 56 | description = mdDoc '' 57 | Path to your secret key for signing builds 58 | ''; 59 | type = types.path; 60 | }; 61 | }; 62 | 63 | config = mkIf cfg.enable { 64 | 65 | queued-build-hook = { 66 | inherit (cfg) retries concurrency retryInterval; 67 | enable = true; 68 | postBuildScript = "${utils}/bin/build-hook"; 69 | credentials = { 70 | HASH_COLLECTION_TOKEN = toString cfg.tokenFile; 71 | HASH_COLLECTION_SECRET_KEY = toString cfg.secretKeyFile; 72 | }; 73 | 74 | }; 75 | 76 | systemd.services.async-nix-post-build-hook.serviceConfig.Environment = [ 77 | "HASH_COLLECTION_SERVER=${cfg.collection-url}" 78 | ]; 79 | 80 | nix.settings = { 81 | diff-hook = pkgs.writeScript "hash-collection-diff-hook" '' 82 | #!/bin/sh 83 | export OUT_PATH=$1 84 | export REBUILD_PATH=$2 85 | export DRV_PATH=$3 86 | 87 | export HASH_COLLECTION_SERVER=${cfg.collection-url} 88 | export HASH_COLLECTION_TOKEN=$(cat ${toString cfg.tokenFile}) 89 | export HASH_COLLECTION_SECRET_KEY=$(cat ${toString cfg.secretKeyFile}) 90 | 91 | # redirect stderr to stdout, otherwise it appears to go missing? 92 | ${utils}/bin/diff-hook 2>&1 93 | ''; 94 | run-diff-hook = true; 95 | }; 96 | 97 | }; 98 | 99 | } 100 | -------------------------------------------------------------------------------- /utils/src/bin/build-hook.rs: -------------------------------------------------------------------------------- 1 | use nix_hash_collection_utils::*; 2 | use reqwest::Result; 3 | 4 | #[tokio::main] 5 | async fn main() -> Result<()> { 6 | let ctx = nix_init(); 7 | let token = read_env_var_or_panic("HASH_COLLECTION_TOKEN"); 8 | let secret_key = read_env_var_or_panic("HASH_COLLECTION_SECRET_KEY"); 9 | let collection_server = read_env_var_or_panic("HASH_COLLECTION_SERVER"); 10 | let out_paths = read_env_var_or_panic("OUT_PATHS"); 11 | let drv_path = read_env_var_or_panic("DRV_PATH"); 12 | let drv_ident = parse_drv_hash(&drv_path); 13 | 14 | println!( 15 | "Uploading hashes of build outputs for derivation {0} to {1}", 16 | drv_ident, collection_server 17 | ); 18 | 19 | let output_attestations: Vec<_> = out_paths 20 | .split(" ") 21 | .map(|path| -> OutputAttestation { 22 | let hash = nar_hash(ctx, path.to_string()); 23 | let size = nar_size(ctx, path.to_string()); 24 | let fingerprint = fingerprint(ctx, path, &hash, size); 25 | let signature = my_sign_detached(secret_key.as_str(), fingerprint); 26 | return OutputAttestation { 27 | output_path: path, 28 | output_hash: hash, 29 | output_sig: signature 30 | } 31 | }) 32 | .collect(); 33 | 34 | post(&collection_server, &token, &drv_ident, &output_attestations).await?; 35 | Ok(()) 36 | } 37 | -------------------------------------------------------------------------------- /utils/src/bin/copy-from-cache.rs: -------------------------------------------------------------------------------- 1 | use nix_hash_collection_utils::*; 2 | use regex::Regex; 3 | use reqwest::Result; 4 | use std::env; 5 | 6 | pub fn parse_store_path_hash(store_path: &str) -> &str { 7 | &store_path[11..43] 8 | } 9 | 10 | async fn fetch<'a>(out_path: &'a str) -> (String, OutputAttestation<'a>) { 11 | let hash = parse_store_path_hash(out_path); 12 | let response = reqwest::get(format!("https://cache.nixos.org/{0}.narinfo", hash)) 13 | .await.expect("Fetching the narinfo") 14 | .text() 15 | .await.expect("Fetching the response body"); 16 | 17 | if response == "404" { 18 | panic!("Metadata for [{0}] not found on cache.nixos.org", out_path); 19 | } 20 | 21 | // TODO Deriver is not populated for static inputs, and may be super useful: 22 | // the same output may have multiple derivers even for non-FOD derivations. 23 | // Should we make it optional in the data model / API as well? 24 | // https://github.com/JulienMalka/nix-hash-collection/issues/25 25 | let deriver = Regex::new(r"(?m)Deriver: (.*).drv").unwrap() 26 | .captures(&response) 27 | .expect(format!("Deriver not found in metadata for [{0}]", out_path).as_str()) 28 | .get(1).unwrap().as_str().to_owned(); 29 | let nar_hash = Regex::new(r"(?m)NarHash: (.*)").unwrap() 30 | .captures(&response) 31 | .expect(format!("NarHash not found in metadata for [{0}]", out_path).as_str()) 32 | .get(1).unwrap().as_str().to_owned(); 33 | let sig = Regex::new(r"(?m)Sig: (.*)").unwrap() 34 | .captures(&response) 35 | .expect(format!("Sig not found in metadata for [{0}]", out_path).as_str()) 36 | .get(1).unwrap().as_str().to_owned(); 37 | 38 | ( 39 | deriver, 40 | OutputAttestation { 41 | output_path: out_path, 42 | output_hash: nar_hash, 43 | output_sig: sig, 44 | } 45 | ) 46 | } 47 | 48 | #[tokio::main] 49 | async fn main() -> Result<()> { 50 | // TODO maybe move those to a config file? 51 | let token = read_env_var_or_panic("HASH_COLLECTION_TOKEN"); 52 | let collection_server = read_env_var_or_panic("HASH_COLLECTION_SERVER"); 53 | let args: Vec = env::args().collect(); 54 | let out_path = &args[1]; 55 | let (drv_ident, output) = fetch(&out_path).await; 56 | 57 | post(&collection_server, &token, &drv_ident, &Vec::from([output])).await?; 58 | Ok(()) 59 | } 60 | -------------------------------------------------------------------------------- /utils/src/bin/diff-hook.rs: -------------------------------------------------------------------------------- 1 | use nix_hash_collection_utils::*; 2 | use reqwest::Result; 3 | 4 | #[tokio::main] 5 | async fn main() -> Result<()> { 6 | let token = read_env_var_or_panic("HASH_COLLECTION_TOKEN"); 7 | let secret_key = read_env_var_or_panic("HASH_COLLECTION_SECRET_KEY"); 8 | let collection_server = read_env_var_or_panic("HASH_COLLECTION_SERVER"); 9 | let out_path = read_env_var_or_panic("OUT_PATH"); 10 | let rebuild_path = read_env_var_or_panic("REBUILD_PATH"); 11 | let drv_path = read_env_var_or_panic("DRV_PATH"); 12 | let drv_ident = parse_drv_hash(&drv_path); 13 | 14 | let hash = format!("sha256:{0}", my_hash_path(rebuild_path)); 15 | 16 | println!( 17 | "Uploading hash of build output for derivation {0} to {1}: {2}", 18 | drv_ident, collection_server, hash 19 | ); 20 | 21 | // Creating a signature requires a connection to the daemon, which 22 | // is not available when the hook is being run? 23 | let signature = "".to_string(); 24 | 25 | let output_attestations: Vec<_> = vec![ 26 | OutputAttestation { 27 | output_path: &out_path, 28 | output_hash: hash, 29 | output_sig: signature 30 | } 31 | ]; 32 | 33 | post(&collection_server, &token, &drv_ident, &output_attestations).await?; 34 | Ok(()) 35 | } 36 | -------------------------------------------------------------------------------- /utils/src/lib.rs: -------------------------------------------------------------------------------- 1 | use regex::Regex; 2 | use reqwest::Result; 3 | use serde::{Deserialize, Serialize}; 4 | use std::env; 5 | use std::ptr::null; 6 | use std::ptr::null_mut; 7 | use libc::c_char; 8 | use std::ffi::{CStr,CString}; 9 | 10 | // Should be moved to a standalone wrapper library such as 11 | // https://github.com/nixops4/nixops4/tree/main/rust/nix-util 12 | // when we do that we should also make other improvements such 13 | // as considering to use rust-bindgen etc, for now keep things 14 | // as simple as possible 15 | pub type err = ::std::os::raw::c_int; 16 | #[repr(C)] 17 | #[derive(Debug, Copy, Clone)] 18 | pub struct c_context { 19 | _unused: [u8; 0], 20 | } 21 | #[repr(C)] 22 | #[derive(Debug, Copy, Clone)] 23 | pub struct Store { 24 | _unused: [u8; 0], 25 | } 26 | #[repr(C)] 27 | #[derive(Debug, Copy, Clone)] 28 | pub struct StorePath { 29 | _unused: [u8; 0], 30 | } 31 | #[link(name = "nixstorec")] 32 | extern { 33 | fn nix_c_context_create() -> *mut c_context; 34 | fn nix_c_context_free() -> *mut c_context; 35 | 36 | fn nix_libstore_init(context: *mut c_context) -> err; 37 | fn nix_store_open( 38 | context: *mut c_context, 39 | uri: *const ::std::os::raw::c_char, 40 | params: *mut *mut *const ::std::os::raw::c_char, 41 | ) -> *mut Store; 42 | fn nix_store_parse_path( 43 | context: *mut c_context, 44 | store: *mut Store, 45 | path: *const c_char, 46 | ) -> *mut StorePath; 47 | fn nix_store_path_free(p: *mut StorePath); 48 | fn nix_store_free(store: *mut Store); 49 | fn nix_store_path_nar_hash(store: *mut Store, store_path: *const StorePath) -> *mut c_char; 50 | fn nix_store_path_nar_size(store: *mut Store, store_path: *const StorePath) -> u64; 51 | fn nix_store_path_references(store: *mut Store, store_path: *const StorePath) -> *mut *mut c_char; 52 | } 53 | #[link(name = "nixutilc")] 54 | extern { 55 | fn hash_path(input: *const c_char) -> *mut c_char; 56 | fn sign_detached(secret_key: *const c_char, data: *const c_char) -> *mut c_char; 57 | } 58 | 59 | #[derive(Debug, Copy, Clone)] 60 | pub struct Ctx { 61 | context: *mut c_context, 62 | store: *mut Store 63 | } 64 | pub fn nix_init() -> Ctx { 65 | unsafe { 66 | let ctx = nix_c_context_create(); 67 | nix_libstore_init(ctx); 68 | let store = nix_store_open(ctx, null(), null_mut()); 69 | return Ctx { context: ctx, store: store }; 70 | } 71 | } 72 | pub fn nar_hash(ctx: Ctx, path: String) -> String { 73 | unsafe { 74 | let cpath = CString::new(path).unwrap(); 75 | let path = nix_store_parse_path(ctx.context, ctx.store, cpath.as_ptr()); 76 | let hash = CStr::from_ptr(nix_store_path_nar_hash(ctx.store, path)); 77 | let res = String::from_utf8_lossy(hash.to_bytes()).to_string(); 78 | nix_store_path_free(path); 79 | return res; 80 | } 81 | } 82 | pub fn nar_size(ctx: Ctx, path: String) -> u64 { 83 | unsafe { 84 | let cpath = CString::new(path).unwrap(); 85 | let path = nix_store_parse_path(ctx.context, ctx.store, cpath.as_ptr()); 86 | let res = nix_store_path_nar_size(ctx.store, path); 87 | nix_store_path_free(path); 88 | return res; 89 | } 90 | } 91 | 92 | fn query_references(ctx: Ctx, path: &str) -> Vec { 93 | unsafe { 94 | let cpath = CString::new(path).unwrap(); 95 | let path = nix_store_parse_path(ctx.context, ctx.store, cpath.as_ptr()); 96 | let c_strs = nix_store_path_references(ctx.store, path); 97 | nix_store_path_free(path); 98 | 99 | let mut result = Vec::new(); 100 | if c_strs.is_null() { 101 | return result; 102 | } 103 | 104 | let mut i = 0; 105 | loop { 106 | let c_str = *c_strs.add(i); 107 | if c_str.is_null() { 108 | break; 109 | } 110 | 111 | let ref_path = CStr::from_ptr(c_str).to_string_lossy().into_owned(); 112 | result.push(ref_path); 113 | i += 1; 114 | } 115 | 116 | return result 117 | } 118 | } 119 | 120 | 121 | pub fn my_hash_path(input: String) -> String { 122 | let cstr = unsafe { 123 | let instr = CString::new(input).unwrap(); 124 | CStr::from_ptr(hash_path(instr.as_ptr())) 125 | }; 126 | return String::from_utf8_lossy(cstr.to_bytes()).to_string(); 127 | } 128 | 129 | pub fn my_sign_detached(secret_key: &str, data: String) -> String { 130 | let signature_cstr = unsafe { 131 | let secret_key_cstr = CString::new(secret_key).unwrap(); 132 | let data_cstr = CString::new(data).unwrap(); 133 | // TODO error handling (e.g. invalid key format) 134 | CStr::from_ptr(sign_detached(secret_key_cstr.as_ptr(), data_cstr.as_ptr())) 135 | }; 136 | return String::from_utf8_lossy(signature_cstr.to_bytes()).to_string(); 137 | } 138 | 139 | #[derive(Debug, Serialize, Deserialize)] 140 | pub struct OutputAttestation<'a> { 141 | pub output_path: &'a str, 142 | pub output_hash: String, 143 | pub output_sig: String, 144 | } 145 | 146 | pub fn read_env_var_or_panic(variable: &str) -> String { 147 | match env::var(variable) { 148 | Ok(v) => v, 149 | Err(_) => panic!("The {} variable is not set", variable), 150 | } 151 | } 152 | 153 | pub fn parse_drv_hash<'a>(drv_path: &'a str) -> &'a str { 154 | let re = Regex::new(r"\/nix\/store\/(.*)\.drv").unwrap(); 155 | re.captures(drv_path) 156 | .expect("Derivation path should be of the form /nix/store/???.drv") 157 | .get(1).unwrap().as_str() 158 | } 159 | 160 | pub fn fingerprint(ctx: Ctx, out_path: &str, nar_hash: &str, size: u64) -> String { 161 | // It is OK to take the references from the store, as those are determined 162 | // based on the derivation (not the build), and the 'security' part of the 163 | // fingerprint is the nar_hash anyway, not the other metadata elements: 164 | let references = query_references(ctx, out_path).join(","); 165 | let fingerprint = format!("1;{out_path};{nar_hash};{size};{references}").to_string(); 166 | return fingerprint; 167 | } 168 | 169 | pub async fn post(collection_server: &str, token: &str, drv_ident: &str, output_attestations: &Vec>) -> Result<()> { 170 | let client = reqwest::Client::new(); 171 | client 172 | .post(format!("{0}/attestation/{1}", collection_server, drv_ident)) 173 | .bearer_auth(token) 174 | .json(&output_attestations) 175 | .send() 176 | .await?; 177 | Ok(()) 178 | } 179 | -------------------------------------------------------------------------------- /web/__init__.py: -------------------------------------------------------------------------------- 1 | from collections import defaultdict 2 | import json 3 | import random 4 | import typing as t 5 | from fastapi import Depends, FastAPI, Header, HTTPException, Response 6 | from fastapi.security.http import HTTPAuthorizationCredentials, HTTPBearer 7 | from fastapi.middleware.cors import CORSMiddleware 8 | from sqlalchemy.orm import Session 9 | 10 | from . import models, schemas, crud, user_controller 11 | from .db import SessionLocal, engine 12 | 13 | models.Base.metadata.create_all(bind=engine) 14 | 15 | app = FastAPI() 16 | 17 | origins = [ 18 | "http://localhost:8000", 19 | ] 20 | 21 | app.add_middleware( 22 | CORSMiddleware, 23 | allow_origins=origins, 24 | allow_credentials=True, 25 | allow_methods=["*"], 26 | allow_headers=["*"], 27 | ) 28 | 29 | get_bearer_token = HTTPBearer(auto_error=False) 30 | 31 | async def get_token( 32 | auth: t.Optional[HTTPAuthorizationCredentials] = Depends(get_bearer_token), 33 | ) -> str: 34 | if auth is not None: 35 | return auth.credentials 36 | else: 37 | return "" 38 | 39 | 40 | 41 | def get_db(): 42 | db = SessionLocal() 43 | try: 44 | yield db 45 | finally: 46 | db.close() 47 | 48 | 49 | def create_user(username, token=None): 50 | if token is not None: 51 | user_controller.create_user(username, token) 52 | else: 53 | user_controller.create_user(username) 54 | 55 | 56 | 57 | def get_drv_recap_or_404(session, drv_hash, full) -> schemas.DerivationAttestation: 58 | drv = session.query(models.Derivation).filter_by(drv_hash=drv_hash).one_or_none() 59 | if drv is None: 60 | raise HTTPException(status_code=404, detail="Not found") 61 | 62 | attestations = drv.attestations 63 | if (full): 64 | return attestations; 65 | 66 | attestation_outputs = defaultdict(dict) 67 | for attestation in attestations: 68 | if attestation.output_hash not in attestation_outputs[attestation.output_path].keys(): 69 | attestation_outputs[attestation.output_path][attestation.output_hash] = 1 70 | else: 71 | attestation_outputs[attestation.output_path][attestation.output_hash] += 1 72 | 73 | return attestation_outputs 74 | 75 | @app.get("/derivations/") 76 | def get_derivations(db: Session = Depends(get_db)) -> schemas.DerivationList: 77 | return db.query(models.Derivation).all() 78 | 79 | @app.get("/derivations/{drv_hash}") 80 | def get_drv(drv_hash: str, 81 | full: bool = False, 82 | db: Session = Depends(get_db), 83 | ): 84 | return get_drv_recap_or_404(db, drv_hash, full) 85 | 86 | @app.get("/derivations/{drv_hash}") 87 | def get_drv_recap(drv_hash: str, db: Session = Depends(get_db)) -> schemas.DerivationAttestation: 88 | return get_drv_recap_or_404(db, drv_hash) 89 | 90 | # Suggested rebuilds 91 | @app.get("/reports/{name}/suggested") 92 | def derivations_suggested_for_rebuilding( 93 | name: str, 94 | token: str = Depends(get_token), 95 | db: Session = Depends(get_db), 96 | ): 97 | report = crud.report(db, name) 98 | if report == None: 99 | raise HTTPException(status_code=404, detail="Report not found") 100 | paths = report_out_paths(report) 101 | 102 | user = crud.get_user_with_token(db, token) 103 | suggestions = crud.suggest(db, paths, user) 104 | random.shuffle(suggestions) 105 | return suggestions[:50] 106 | 107 | @app.post("/attestation/{drv_hash}") 108 | def record_attestation( 109 | drv_hash: str, 110 | output_sha256_map: list[schemas.OutputHashPair], 111 | token: str = Depends(get_token), 112 | db: Session = Depends(get_db), 113 | ): 114 | user = crud.get_user_with_token(db, token) 115 | if user == None: 116 | raise HTTPException(status_code=401, detail="User not found") 117 | 118 | crud.create_attestation(db, drv_hash, output_sha256_map, user) 119 | return { 120 | "Attestation accepted" 121 | } 122 | 123 | @app.get("/attestations/by-output/{output_path}") 124 | def attestations_by_out(output_path: str, db: Session = Depends(get_db)): 125 | return db.query(models.Attestation).filter_by(output_path="/nix/store/"+output_path).all() 126 | 127 | def report_out_paths(report): 128 | paths = [] 129 | for component in report['components']: 130 | for prop in component['properties']: 131 | if prop['name'] == "nix:out_path": 132 | paths.append(prop['value']) 133 | return paths 134 | 135 | @app.get("/reports") 136 | def reports(db: Session = Depends(get_db)): 137 | reports = db.query(models.Report).all() 138 | names = [] 139 | for report in reports: 140 | names.append(report.name) 141 | return names 142 | 143 | def printtree(root, deps, results, cur_indent=0, seen=None): 144 | if seen is None: 145 | seen = {} 146 | if root in seen: 147 | return " " * cur_indent + "...\n" 148 | seen[root] = True; 149 | 150 | result = " " * cur_indent + root[11:]; 151 | if root in results: 152 | result = result + " " + results[root] + "\n" 153 | else: 154 | result = result + "\n" 155 | for dep in deps: 156 | if dep['ref'] == root and 'dependsOn' in dep: 157 | for d in dep['dependsOn']: 158 | result += printtree(d, deps, results, cur_indent+2, seen) 159 | #result = result + "\n " + d 160 | return result 161 | 162 | def htmltree(root, deps, results): 163 | def icon(result): 164 | if result == "No builds": 165 | return "❔ " 166 | elif result == "One build": 167 | return "❎ " 168 | elif result == "Partially reproduced": 169 | return "❕ " 170 | elif result == "Successfully reproduced": 171 | return "✅ " 172 | elif result == "Consistently nondeterministic": 173 | return "❌ " 174 | else: 175 | return "" 176 | def generatetree(root, seen): 177 | if root in seen: 178 | return f'...' 179 | seen[root] = True; 180 | 181 | result = f'' 182 | if root in results: 183 | result = result + f'' + icon(results[root]) + "" + root[44:] + " " 184 | else: 185 | result = result + root[44:] 186 | result = result + "\n" 187 | result = result + "
    " 188 | for dep in deps: 189 | if dep['ref'] == root and 'dependsOn' in dep: 190 | for d in dep['dependsOn']: 191 | result += f'
  • ' 192 | result += generatetree(d, seen) 193 | result += "
    • " 194 | result = result + "
" 195 | return result 196 | tree = generatetree(root, {}) 197 | return ''' 198 | 199 | 200 | 269 | 270 | ''' + f''' 271 | 272 |
    273 |
  • 274 | {tree} 275 |
    • 276 |
277 | 278 | 279 | ''' 280 | 281 | @app.get("/reports/{name}") 282 | def report( 283 | name: str, 284 | accept: t.Optional[str] = Header(default="*/*"), 285 | db: Session = Depends(get_db), 286 | ): 287 | report = crud.report(db, name) 288 | if report == None: 289 | raise HTTPException(status_code=404, detail="Report not found") 290 | 291 | if 'application/vnd.cyclonedx+json' in accept: 292 | return Response( 293 | content=json.dumps(report), 294 | media_type='application/vnd.cyclonedx+json') 295 | 296 | paths = report_out_paths(report) 297 | 298 | root = report['metadata']['component']['bom-ref'] 299 | results = crud.path_summaries(db, paths) 300 | 301 | if 'text/html' in accept: 302 | return Response( 303 | content=htmltree(root, report['dependencies'], results), 304 | media_type='text/html') 305 | else: 306 | return Response( 307 | content=printtree(root, report['dependencies'], results), 308 | media_type='text/plain') 309 | 310 | @app.put("/reports/{name}") 311 | def define_report( 312 | name: str, 313 | definition: schemas.ReportDefinition, 314 | token: str = Depends(get_token), 315 | db: Session = Depends(get_db), 316 | ): 317 | user = crud.get_user_with_token(db, token) 318 | if user == None: 319 | raise HTTPException(status_code=401, detail="User not found") 320 | crud.define_report(db, name, definition.root) 321 | return { 322 | "Report defined" 323 | } 324 | -------------------------------------------------------------------------------- /web/crud.py: -------------------------------------------------------------------------------- 1 | import json 2 | 3 | from sqlalchemy import distinct, func, select, values 4 | from sqlalchemy.dialects.sqlite import insert 5 | from sqlalchemy.orm import Session 6 | from sqlalchemy.sql.functions import user 7 | 8 | from . import models, schemas 9 | 10 | 11 | def create_attestation(db: Session, drv_hash: str, output_hash_map: list[schemas.OutputHashPair], user_id): 12 | derivation = db.query(models.Derivation).filter_by(drv_hash=drv_hash).first() 13 | if not derivation: 14 | derivation = models.Derivation(drv_hash=drv_hash) 15 | db.add(derivation) 16 | db.commit() 17 | for item in output_hash_map: 18 | db.execute( 19 | insert(models.Attestation) 20 | .values( 21 | { 22 | "output_path": item.output_path, 23 | "user_id": user_id, 24 | "drv_id": derivation.id, 25 | "output_hash": item.output_hash, 26 | "output_sig": item.output_sig, 27 | } 28 | )) 29 | db.commit() 30 | 31 | def report(db: Session, name: str): 32 | r = db.query(models.Report).filter_by(name=name).one_or_none() 33 | if r == None: 34 | return None 35 | return json.loads(r.definition) 36 | 37 | def suggest(db: Session, paths, user_id): 38 | # Derivations in the database might not match derivations on the rebuilder system. 39 | # TODO: can this happen only for FODs or also for other derivations? 40 | # TODO: Add enough metadata to the report so you know what to nix-instantiate to get all relevant drvs 41 | # TODO: don't suggest nodes that have already been rebuilt by the current user 42 | #stmt = select(models.Derivation.drv_hash, models.Attestation.output_path).join(models.Attestation).where(models.Attestation.output_path.in_(paths)).group_by(models.Attestation.output_path).having(func.count(models.Attestation.id) < 2) 43 | #suggestions = [] 44 | #for row in db.execute(stmt): 45 | # suggestions.append(row._mapping['drv_hash']) 46 | candidates = paths 47 | if user: 48 | for attestation in db.query(models.Attestation).filter(models.Attestation.output_path.in_(candidates)).filter_by(user_id=user_id).all(): 49 | if attestation.output_path in candidates: 50 | candidates.remove(attestation.output_path) 51 | # TODO don't consider attestations that have been built twice by the same user 52 | # as 'rebuilt' 53 | stmt = select(models.Attestation.output_path).where(models.Attestation.output_path.in_(candidates)).group_by(models.Attestation.output_path).having(func.count(models.Attestation.id) > 1) 54 | for row in db.execute(stmt): 55 | candidates.remove(row._mapping['output_path']) 56 | return candidates 57 | 58 | # TODO ideally this should take into account derivation paths as well as 59 | # output paths, as for example for a fixed-output derivation we'd want 60 | # to rebuild it with each different collection of inputs, not just once. 61 | # OTOH, it seems caches may also have different derivers for non-FODs? 62 | # To look into further: https://github.com/NixOS/nix/issues/7562 63 | def path_summaries(db: Session, paths): 64 | # TODO make sure multiple identical results from the same submitter 65 | # don't get counted as 'successfully reproduced' 66 | stmt = select(models.Attestation.output_path, func.count(models.Attestation.id), func.count(distinct(models.Attestation.output_hash))).where(models.Attestation.output_path.in_(paths)).group_by(models.Attestation.output_path) 67 | results = {} 68 | for output_path in paths: 69 | results[output_path] = "No builds" 70 | for result in db.execute(stmt): 71 | output_path = result._mapping['output_path'] 72 | n_results = result._mapping['count'] 73 | distinct_results = result._mapping['count_1'] 74 | if n_results == 1: 75 | results[output_path] = "One build" 76 | elif distinct_results == 1: 77 | results[output_path] = "Successfully reproduced" 78 | elif distinct_results < n_results: 79 | results[output_path] = "Partially reproduced" 80 | elif distinct_results == n_results: 81 | results[output_path] = "Consistently nondeterministic" 82 | return results 83 | 84 | def define_report(db: Session, name: str, definition: dict): 85 | db.execute( 86 | insert(models.Report).values({ 87 | "name": name, 88 | "definition": json.dumps(definition), 89 | })) 90 | db.commit() 91 | 92 | def get_user_with_token(db: Session, token_val: str): 93 | token = db.query(models.Token).filter_by(value=token_val).one_or_none() 94 | if token is None: 95 | return None 96 | return token.user_id 97 | -------------------------------------------------------------------------------- /web/db.py: -------------------------------------------------------------------------------- 1 | from sqlalchemy import create_engine 2 | from sqlalchemy.ext.declarative import declarative_base 3 | from sqlalchemy.orm import sessionmaker 4 | import os 5 | 6 | SQLALCHEMY_DATABASE_URL = os.environ.get( 7 | "SQLALCHEMY_DATABASE_URL", "sqlite:///./hashes.db" 8 | ) 9 | 10 | connect_args = {} 11 | if "sqlite" in SQLALCHEMY_DATABASE_URL: 12 | connect_args["check_same_thread"] = False 13 | 14 | 15 | 16 | engine = create_engine( 17 | SQLALCHEMY_DATABASE_URL, connect_args=connect_args 18 | ) 19 | SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine) 20 | 21 | Base = declarative_base() 22 | -------------------------------------------------------------------------------- /web/models.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | import random 3 | import string 4 | from typing import List 5 | 6 | from sqlalchemy import (Column, DateTime, ForeignKey, Integer, Table, 7 | UniqueConstraint, func) 8 | from sqlalchemy.orm import Mapped, mapped_column, relationship 9 | 10 | from .db import Base 11 | 12 | class Derivation(Base): 13 | __tablename__ = "derivations" 14 | 15 | id: Mapped[int] = mapped_column(primary_key=True) 16 | drv_hash: Mapped[str] = mapped_column(index=True) 17 | attestations: Mapped[List["Attestation"]] = relationship(back_populates="derivation") 18 | 19 | 20 | 21 | class User(Base): 22 | __tablename__ = "users" 23 | 24 | id: Mapped[int] = mapped_column(primary_key=True) 25 | name: Mapped[str] = mapped_column() 26 | tokens: Mapped[List["Token"]] = relationship(back_populates="user") 27 | 28 | def __init__(self, name): 29 | self.name = name 30 | self.tokens = [] 31 | 32 | @classmethod 33 | def create(cls, db, **kw): 34 | obj = cls(**kw) 35 | db.add(obj) 36 | db.commit() 37 | return obj 38 | 39 | 40 | class Token(Base): 41 | __tablename__ = "tokens" 42 | 43 | id: Mapped[int] = mapped_column(primary_key=True) 44 | value: Mapped[str] = mapped_column() 45 | valid: Mapped[bool] = mapped_column() 46 | user_id: Mapped[int] = mapped_column(ForeignKey("users.id")) 47 | user: Mapped["User"] = relationship(back_populates="tokens") 48 | 49 | def __init__(self, user, value = ""): 50 | if value == "": 51 | self.value = ''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase, k=30)) 52 | else: 53 | self.value = value 54 | self.user = user 55 | self.user_id = user.id 56 | self.valid = True 57 | 58 | @classmethod 59 | def create(cls, db, **kw): 60 | obj = cls(**kw) 61 | db.add(obj) 62 | db.commit() 63 | return obj 64 | 65 | 66 | class Attestation(Base): 67 | __tablename__ = "attestations" 68 | 69 | id: Mapped[int] = mapped_column(primary_key=True) 70 | output_path: Mapped[str] = mapped_column() 71 | user_id: Mapped[int] = mapped_column(ForeignKey("users.id")) 72 | drv_id: Mapped[str] = mapped_column(ForeignKey("derivations.id")) 73 | derivation: Mapped["Derivation"] = relationship(back_populates="attestations") 74 | output_hash: Mapped[str] = mapped_column() 75 | output_sig: Mapped[str] = mapped_column() 76 | 77 | class Report(Base): 78 | __tablename__ = "reports" 79 | id: Mapped[int] = mapped_column(primary_key=True) 80 | name: Mapped[str] = mapped_column() 81 | # For now we store the definition in a CycloneDX JSON blob, 82 | # later we might want to normalize it into its own database 83 | # structure. 84 | definition: Mapped[str] = mapped_column() 85 | -------------------------------------------------------------------------------- /web/nixos/module.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | lib, 5 | modulesPath, 6 | ... 7 | }: 8 | 9 | let 10 | inherit (lib) 11 | literalExpression 12 | mkDefault 13 | mkEnableOption 14 | mkIf 15 | mkOption 16 | optional 17 | ; 18 | 19 | inherit (lib.types) 20 | attrsOf 21 | nullOr 22 | package 23 | port 24 | str 25 | submodule 26 | ; 27 | 28 | cfg = config.services.lila; 29 | in 30 | 31 | { 32 | options.services.lila = { 33 | enable = mkEnableOption "Lila"; 34 | 35 | pythonEnv = mkOption { 36 | internal = true; 37 | visible = false; 38 | type = package; 39 | default = pkgs.python3.withPackages (ps: [ 40 | ps.lila 41 | ps.fastapi 42 | ps.uvicorn 43 | ps.psycopg2 44 | ps.pydantic 45 | ]); 46 | 47 | example = literalExpression '' 48 | pkgs.python3.withPackages (ps: [ 49 | ps.lila 50 | ps.uvicorn 51 | ps.psycopg2 52 | ]); 53 | ''; 54 | }; 55 | 56 | port = mkOption { 57 | type = nullOr port; 58 | default = 8007; 59 | description = "Port of the server (will be passed using --bind flag)"; 60 | }; 61 | 62 | settings = mkOption { 63 | type = 64 | 65 | submodule { 66 | freeformType = attrsOf str; 67 | options.SQLALCHEMY_DATABASE_URL = mkOption { description = "Database url"; }; 68 | }; 69 | description = "Settings to pass as environment variables"; 70 | }; 71 | 72 | domain = mkOption { 73 | type = str; 74 | description = "Hostname for reverse proxy config. To configure"; 75 | }; 76 | 77 | nginx = mkOption { 78 | type = nullOr ( 79 | submodule ( 80 | import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") { inherit config lib; } 81 | ) 82 | ); 83 | example = literalExpression '' 84 | { 85 | serverAliases = [ 86 | "lila.''${config.networking.domain}" 87 | ]; 88 | # To enable encryption and let let's encrypt take care of certificate 89 | forceSSL = true; 90 | enableACME = true; 91 | } 92 | ''; 93 | description = '' 94 | With this option, you can customize an nginx virtual host which already 95 | has sensible defaults for lila. If enabled, then by default, the 96 | serverName is ''${domain}, If this is set to null, no nginx virtualHost 97 | will be configured. 98 | ''; 99 | }; 100 | }; 101 | 102 | config = mkIf cfg.enable { 103 | 104 | nixpkgs.overlays = [ 105 | (self: super: { 106 | python3 = super.python3.override { 107 | packageOverrides = python-self: python-super: { 108 | lila = python-self.callPackage ../../backend.nix { }; 109 | }; 110 | }; 111 | }) 112 | ]; 113 | 114 | services = { 115 | postgresql = mkIf (lib.hasPrefix "postgresql" cfg.settings.SQLALCHEMY_DATABASE_URL) { 116 | enable = true; 117 | ensureUsers = [ 118 | { 119 | name = "lila"; 120 | ensureDBOwnership = true; 121 | } 122 | ]; 123 | ensureDatabases = [ "lila" ]; 124 | }; 125 | 126 | lila.settings.SQLALCHEMY_DATABASE_URL = mkDefault "postgresql+psycopg2:///lila?host=/run/postgresql"; 127 | 128 | nginx = mkIf (cfg.nginx != null) { 129 | enable = true; 130 | virtualHosts.${cfg.domain} = cfg.nginx; 131 | }; 132 | }; 133 | 134 | systemd.services.lila = { 135 | environment = cfg.settings; 136 | path = [ cfg.pythonEnv ]; 137 | script = "uvicorn lila:app --host 127.0.0.1 --port ${builtins.toString cfg.port}"; 138 | serviceConfig = { 139 | User = "lila"; 140 | DynamicUser = true; 141 | }; 142 | wantedBy = [ "multi-user.target" ]; 143 | wants = [ "postgresql.target" ]; 144 | after = [ 145 | "network.target" 146 | "postgresql.service" 147 | ]; 148 | }; 149 | }; 150 | } 151 | -------------------------------------------------------------------------------- /web/schemas.py: -------------------------------------------------------------------------------- 1 | from pydantic import BaseModel, RootModel 2 | from typing import Dict, List 3 | 4 | 5 | class OutputHashPair(BaseModel): 6 | output_path: str 7 | output_hash: str 8 | output_sig: str 9 | 10 | class Derivation(BaseModel): 11 | id: int 12 | drv_hash: str 13 | 14 | class DerivationList(RootModel): 15 | root: List[Derivation] 16 | model_config = { 17 | "json_schema_extra": { 18 | "examples": [ 19 | [ 20 | { 21 | "id": 1, 22 | "drv_hash": "wi7zzh67w2vv1m4vi3czv8iwbxaijs5r-htop-3.3.0" 23 | }, 24 | { 25 | "id": 2, 26 | "drv_hash": "qjnshgfgzidg198g9bm2ildqvlyaxaab-libidn2-2.3.7" 27 | }, 28 | { 29 | "id": 3, 30 | "drv_hash": "19xrcsw2p2hgnska18s7qflz6wpxpby3-curl-8.6.0" 31 | } 32 | ] 33 | ] 34 | } 35 | } 36 | 37 | 38 | 39 | 40 | class DerivationAttestation(RootModel): 41 | root: Dict[str, Dict[str, int]] 42 | model_config = { 43 | "json_schema_extra": { 44 | "examples": [ 45 | { 46 | "/nix/store/84wcm74cp3k2i504ggwkgf4ikdyk0y3m-curl-8.6.0": { 47 | "181hm4vvznw09jzxdraj8x46648fbbv7a3l9ngj7gp0i7idai2as": 3, 48 | "55d4c01fe39618b34cad5db1d212d9e6206c35da2ee4b5c798d3": 2 49 | }, 50 | "/nix/store/fh7vxc5xgiwl6z7vwq5c3lj84mpcs4br-curl-8.6.0-bin": { 51 | "19l03dn34mwlanws95w4apa6c52pm9b4xldbbd3kidaqybladjv6": 5 52 | }, 53 | "/nix/store/p7xwmisyjskm9kmy1nb356v9qqymrr3h-curl-8.6.0-man": { 54 | "1wf0j69qvy0glqn77janyh10m75qdy67vlb8vmgn97aq88g8r53g": 5 55 | } 56 | } 57 | ] 58 | } 59 | } 60 | 61 | class ReportDefinition(RootModel): 62 | root: dict 63 | 64 | -------------------------------------------------------------------------------- /web/user_controller.py: -------------------------------------------------------------------------------- 1 | from . import models 2 | from .db import SessionLocal, engine 3 | from sqlalchemy.orm import Session 4 | 5 | def get_db(): 6 | db = SessionLocal() 7 | try: 8 | yield db 9 | finally: 10 | db.close() 11 | 12 | 13 | db = SessionLocal() 14 | 15 | def create_user(name: str, token: str = ""): 16 | user = models.User.create(db, name=name) 17 | token = models.Token.create(db, user=user, value=token) 18 | print(f"Created user {name} with token {token.value}") 19 | 20 | 21 | --------------------------------------------------------------------------------