From 1b54d8cee0fcdfb6524ac9a519c698c7c7125880 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 10 Jan 2025 11:43:19 +0100 Subject: [PATCH] [remove] use nixpkgs with fixed libnvidia-container --- flake.lock | 18 ++++---- flake.nix | 2 +- internal/meshapi/meshapi.pb.go | 15 +++---- internal/meshapi/meshapi_grpc.pb.go | 30 +++++++++---- internal/userapi/userapi.pb.go | 68 +++++++++++++---------------- internal/userapi/userapi_grpc.pb.go | 36 ++++++++++----- 6 files changed, 94 insertions(+), 75 deletions(-) diff --git a/flake.lock b/flake.lock index 014e1044d5..b5a28a665b 100644 --- a/flake.lock +++ b/flake.lock @@ -20,16 +20,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734424634, - "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", - "owner": "NixOS", + "lastModified": 1736429215, + "narHash": "sha256-7Y1vjcANknoOfV6jBvx6fYzx+SGYzR8hyCDwD296qWY=", + "owner": "msanft", "repo": "nixpkgs", - "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", + "rev": "07db7b594ec3ee81bcd7e20cd43acab4659ed5d0", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "msanft", + "ref": "msanft/libnvidia-container/driver-bins", "repo": "nixpkgs", "type": "github" } @@ -63,11 +63,11 @@ ] }, "locked": { - "lastModified": 1734543842, - "narHash": "sha256-/QceWozrNg915Db9x/Ie5k67n9wKgGdTFng+Z1Qw0kE=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "76159fc74eeac0599c3618e3601ac2b980a29263", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 01dcbe9863..d84bc3d66a 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ # see https://github.com/renovatebot/renovate/issues/29721 and # https://github.com/renovatebot/renovate/blob/743fed0ec6ca5810e274571c83fa6d4f5213d4e7/lib/modules/manager/nix/extract.ts#L6. # We must keep the following string in the file for renovate to work: "github:NixOS/nixpkgs/nixpkgs-unstable" - url = "github:NixOS/nixpkgs?ref=nixos-unstable"; + url = "github:msanft/nixpkgs/msanft/libnvidia-container/driver-bins"; }; flake-utils = { url = "github:numtide/flake-utils"; diff --git a/internal/meshapi/meshapi.pb.go b/internal/meshapi/meshapi.pb.go index 5f1f2dc800..970fbe96af 100644 --- a/internal/meshapi/meshapi.pb.go +++ b/internal/meshapi/meshapi.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.28.3 +// protoc-gen-go v1.36.1 +// protoc v5.29.1 // source: meshapi.proto package meshapi @@ -21,9 +21,9 @@ const ( ) type NewMeshCertRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NewMeshCertRequest) Reset() { @@ -57,10 +57,7 @@ func (*NewMeshCertRequest) Descriptor() ([]byte, []int) { } type NewMeshCertResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // PEM-encoded certificate used by the workload as CA MeshCACert []byte `protobuf:"bytes,1,opt,name=MeshCACert,proto3" json:"MeshCACert,omitempty"` // Concatenated PEM-encoded certificates used by the workload certificate chain @@ -69,6 +66,8 @@ type NewMeshCertResponse struct { RootCACert []byte `protobuf:"bytes,3,opt,name=RootCACert,proto3" json:"RootCACert,omitempty"` // Raw byte slice which can be used to derive more secrets WorkloadSecret []byte `protobuf:"bytes,4,opt,name=WorkloadSecret,proto3" json:"WorkloadSecret,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NewMeshCertResponse) Reset() { diff --git a/internal/meshapi/meshapi_grpc.pb.go b/internal/meshapi/meshapi_grpc.pb.go index a906009d26..7129759a21 100644 --- a/internal/meshapi/meshapi_grpc.pb.go +++ b/internal/meshapi/meshapi_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.3.0 -// - protoc v5.28.3 +// - protoc-gen-go-grpc v1.5.1 +// - protoc v5.29.1 // source: meshapi.proto package meshapi @@ -15,8 +15,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 const ( MeshAPI_NewMeshCert_FullMethodName = "/meshapi.MeshAPI/NewMeshCert" @@ -38,8 +38,9 @@ func NewMeshAPIClient(cc grpc.ClientConnInterface) MeshAPIClient { } func (c *meshAPIClient) NewMeshCert(ctx context.Context, in *NewMeshCertRequest, opts ...grpc.CallOption) (*NewMeshCertResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(NewMeshCertResponse) - err := c.cc.Invoke(ctx, MeshAPI_NewMeshCert_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, MeshAPI_NewMeshCert_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -48,20 +49,24 @@ func (c *meshAPIClient) NewMeshCert(ctx context.Context, in *NewMeshCertRequest, // MeshAPIServer is the server API for MeshAPI service. // All implementations must embed UnimplementedMeshAPIServer -// for forward compatibility +// for forward compatibility. type MeshAPIServer interface { NewMeshCert(context.Context, *NewMeshCertRequest) (*NewMeshCertResponse, error) mustEmbedUnimplementedMeshAPIServer() } -// UnimplementedMeshAPIServer must be embedded to have forward compatible implementations. -type UnimplementedMeshAPIServer struct { -} +// UnimplementedMeshAPIServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedMeshAPIServer struct{} func (UnimplementedMeshAPIServer) NewMeshCert(context.Context, *NewMeshCertRequest) (*NewMeshCertResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method NewMeshCert not implemented") } func (UnimplementedMeshAPIServer) mustEmbedUnimplementedMeshAPIServer() {} +func (UnimplementedMeshAPIServer) testEmbeddedByValue() {} // UnsafeMeshAPIServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to MeshAPIServer will @@ -71,6 +76,13 @@ type UnsafeMeshAPIServer interface { } func RegisterMeshAPIServer(s grpc.ServiceRegistrar, srv MeshAPIServer) { + // If the following call pancis, it indicates UnimplementedMeshAPIServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&MeshAPI_ServiceDesc, srv) } diff --git a/internal/userapi/userapi.pb.go b/internal/userapi/userapi.pb.go index aa32f708a4..e81400d0d4 100644 --- a/internal/userapi/userapi.pb.go +++ b/internal/userapi/userapi.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.35.2 -// protoc v5.28.3 +// protoc-gen-go v1.36.1 +// protoc v5.29.1 // source: internal/userapi/userapi.proto package userapi @@ -21,12 +21,11 @@ const ( ) type SetManifestRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + Manifest []byte `protobuf:"bytes,1,opt,name=Manifest,proto3" json:"Manifest,omitempty"` + Policies [][]byte `protobuf:"bytes,2,rep,name=Policies,proto3" json:"Policies,omitempty"` unknownFields protoimpl.UnknownFields - - Manifest []byte `protobuf:"bytes,1,opt,name=Manifest,proto3" json:"Manifest,omitempty"` - Policies [][]byte `protobuf:"bytes,2,rep,name=Policies,proto3" json:"Policies,omitempty"` + sizeCache protoimpl.SizeCache } func (x *SetManifestRequest) Reset() { @@ -74,16 +73,15 @@ func (x *SetManifestRequest) GetPolicies() [][]byte { } type SetManifestResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // PEM-encoded certificate RootCA []byte `protobuf:"bytes,1,opt,name=RootCA,proto3" json:"RootCA,omitempty"` // PEM-encoded certificate MeshCA []byte `protobuf:"bytes,2,opt,name=MeshCA,proto3" json:"MeshCA,omitempty"` // Secret seed (share), encrypted with each of the recovery holders' public keys. SeedSharesDoc *SeedShareDocument `protobuf:"bytes,3,opt,name=SeedSharesDoc,proto3" json:"SeedSharesDoc,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SetManifestResponse) Reset() { @@ -138,12 +136,11 @@ func (x *SetManifestResponse) GetSeedSharesDoc() *SeedShareDocument { } type SeedShareDocument struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + SeedShares []*SeedShare `protobuf:"bytes,1,rep,name=SeedShares,proto3" json:"SeedShares,omitempty"` + Salt []byte `protobuf:"bytes,2,opt,name=salt,proto3" json:"salt,omitempty"` unknownFields protoimpl.UnknownFields - - SeedShares []*SeedShare `protobuf:"bytes,1,rep,name=SeedShares,proto3" json:"SeedShares,omitempty"` - Salt []byte `protobuf:"bytes,2,opt,name=salt,proto3" json:"salt,omitempty"` + sizeCache protoimpl.SizeCache } func (x *SeedShareDocument) Reset() { @@ -191,12 +188,11 @@ func (x *SeedShareDocument) GetSalt() []byte { } type SeedShare struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + PublicKey string `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"PublicKey,omitempty"` + EncryptedSeed []byte `protobuf:"bytes,2,opt,name=EncryptedSeed,proto3" json:"EncryptedSeed,omitempty"` unknownFields protoimpl.UnknownFields - - PublicKey string `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"PublicKey,omitempty"` - EncryptedSeed []byte `protobuf:"bytes,2,opt,name=EncryptedSeed,proto3" json:"EncryptedSeed,omitempty"` + sizeCache protoimpl.SizeCache } func (x *SeedShare) Reset() { @@ -244,9 +240,9 @@ func (x *SeedShare) GetEncryptedSeed() []byte { } type GetManifestsRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetManifestsRequest) Reset() { @@ -280,16 +276,15 @@ func (*GetManifestsRequest) Descriptor() ([]byte, []int) { } type GetManifestsResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Manifests [][]byte `protobuf:"bytes,1,rep,name=Manifests,proto3" json:"Manifests,omitempty"` - Policies [][]byte `protobuf:"bytes,2,rep,name=Policies,proto3" json:"Policies,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + Manifests [][]byte `protobuf:"bytes,1,rep,name=Manifests,proto3" json:"Manifests,omitempty"` + Policies [][]byte `protobuf:"bytes,2,rep,name=Policies,proto3" json:"Policies,omitempty"` // PEM-encoded certificate RootCA []byte `protobuf:"bytes,3,opt,name=RootCA,proto3" json:"RootCA,omitempty"` // PEM-encoded certificate - MeshCA []byte `protobuf:"bytes,4,opt,name=MeshCA,proto3" json:"MeshCA,omitempty"` + MeshCA []byte `protobuf:"bytes,4,opt,name=MeshCA,proto3" json:"MeshCA,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetManifestsResponse) Reset() { @@ -351,12 +346,11 @@ func (x *GetManifestsResponse) GetMeshCA() []byte { } type RecoverRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + Seed []byte `protobuf:"bytes,1,opt,name=Seed,proto3" json:"Seed,omitempty"` + Salt []byte `protobuf:"bytes,2,opt,name=Salt,proto3" json:"Salt,omitempty"` unknownFields protoimpl.UnknownFields - - Seed []byte `protobuf:"bytes,1,opt,name=Seed,proto3" json:"Seed,omitempty"` - Salt []byte `protobuf:"bytes,2,opt,name=Salt,proto3" json:"Salt,omitempty"` + sizeCache protoimpl.SizeCache } func (x *RecoverRequest) Reset() { @@ -404,9 +398,9 @@ func (x *RecoverRequest) GetSalt() []byte { } type RecoverResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *RecoverResponse) Reset() { diff --git a/internal/userapi/userapi_grpc.pb.go b/internal/userapi/userapi_grpc.pb.go index 31db91d1e7..8021d5ae86 100644 --- a/internal/userapi/userapi_grpc.pb.go +++ b/internal/userapi/userapi_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.3.0 -// - protoc v5.28.3 +// - protoc-gen-go-grpc v1.5.1 +// - protoc v5.29.1 // source: internal/userapi/userapi.proto package userapi @@ -15,8 +15,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 const ( UserAPI_SetManifest_FullMethodName = "/edgelesssys.contrast.userapi.UserAPI/SetManifest" @@ -42,8 +42,9 @@ func NewUserAPIClient(cc grpc.ClientConnInterface) UserAPIClient { } func (c *userAPIClient) SetManifest(ctx context.Context, in *SetManifestRequest, opts ...grpc.CallOption) (*SetManifestResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(SetManifestResponse) - err := c.cc.Invoke(ctx, UserAPI_SetManifest_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, UserAPI_SetManifest_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -51,8 +52,9 @@ func (c *userAPIClient) SetManifest(ctx context.Context, in *SetManifestRequest, } func (c *userAPIClient) GetManifests(ctx context.Context, in *GetManifestsRequest, opts ...grpc.CallOption) (*GetManifestsResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetManifestsResponse) - err := c.cc.Invoke(ctx, UserAPI_GetManifests_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, UserAPI_GetManifests_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -60,8 +62,9 @@ func (c *userAPIClient) GetManifests(ctx context.Context, in *GetManifestsReques } func (c *userAPIClient) Recover(ctx context.Context, in *RecoverRequest, opts ...grpc.CallOption) (*RecoverResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(RecoverResponse) - err := c.cc.Invoke(ctx, UserAPI_Recover_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, UserAPI_Recover_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -70,7 +73,7 @@ func (c *userAPIClient) Recover(ctx context.Context, in *RecoverRequest, opts .. // UserAPIServer is the server API for UserAPI service. // All implementations must embed UnimplementedUserAPIServer -// for forward compatibility +// for forward compatibility. type UserAPIServer interface { SetManifest(context.Context, *SetManifestRequest) (*SetManifestResponse, error) GetManifests(context.Context, *GetManifestsRequest) (*GetManifestsResponse, error) @@ -78,9 +81,12 @@ type UserAPIServer interface { mustEmbedUnimplementedUserAPIServer() } -// UnimplementedUserAPIServer must be embedded to have forward compatible implementations. -type UnimplementedUserAPIServer struct { -} +// UnimplementedUserAPIServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedUserAPIServer struct{} func (UnimplementedUserAPIServer) SetManifest(context.Context, *SetManifestRequest) (*SetManifestResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method SetManifest not implemented") @@ -92,6 +98,7 @@ func (UnimplementedUserAPIServer) Recover(context.Context, *RecoverRequest) (*Re return nil, status.Errorf(codes.Unimplemented, "method Recover not implemented") } func (UnimplementedUserAPIServer) mustEmbedUnimplementedUserAPIServer() {} +func (UnimplementedUserAPIServer) testEmbeddedByValue() {} // UnsafeUserAPIServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to UserAPIServer will @@ -101,6 +108,13 @@ type UnsafeUserAPIServer interface { } func RegisterUserAPIServer(s grpc.ServiceRegistrar, srv UserAPIServer) { + // If the following call pancis, it indicates UnimplementedUserAPIServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&UserAPI_ServiceDesc, srv) }