cry/nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make trapdoor purely safe

Browse source
This commit is contained in:
Emile Clark-Boman 2026-01-27 09:42:28 +10:00
parent ce75ed03b8
commit 02675a58d3
1 changed files with 53 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

79
nt/primitives/bootstrap/trapdoor.nix
View file

@ -1,8 +1,7 @@
{this, ...}: let {this, ...}: let
inherit inherit
(builtins) (builtins)
attrNames isAttrs
elem
isFunction isFunction
; ;
@ -10,7 +9,12 @@
(this.std) (this.std)
enfHasAttr enfHasAttr
enfHasAttrUnsafe enfHasAttrUnsafe
enfIsAttrs ;
inherit
(this.types)
Some
None
; ;
in rec { in rec {
masterkey = "_''traps''_"; masterkey = "_''traps''_";
@ -21,38 +25,61 @@ in rec {
assert enfHasAttr "default" decl "mkTrapdoorFn"; assert enfHasAttr "default" decl "mkTrapdoorFn";
assert enfHasAttrUnsafe "unlock" decl "mkTrapdoorFn"; assert enfHasAttrUnsafe "unlock" decl "mkTrapdoorFn";
# return trapdoor function # return trapdoor function
(x: let (x:
keys = attrNames decl.unlock; if key == masterkey
in then decl.unlock
if elem key keys else decl.default x);
then decl.unlock.${key}
else if key == masterkey
then keys
else decl.default);
mkTrapdoorSet = key: decl: mkTrapdoorSet = key: decl:
assert enfHasAttr "default" decl "mkTrapdoorSet"; assert enfHasAttr "default" decl "mkTrapdoorSet";
assert enfHasAttrUnsafe "unlock" decl "mkTrapdoorSet"; assert enfHasAttrUnsafe "unlock" decl "mkTrapdoorSet";
# return trapdoor set # return trapdoor set
let decl.default
keys = attrNames decl.unlock; // {
in ${masterkey} = decl.unlock;
decl.default };
// {
${key} = decl.unlock.${key};
${masterkey} = keys;
};
revealTrapdoors = openTrapdoor masterkey;
openTrapdoorFn = key: f: f key; # XXX: TODO: should we just remove all unsafe functions here?
# revealTrapdoorsUnsafe = openTrapdoorUnsafe masterkey;
#
# openTrapdoorFnUnsafe = key: T: (T masterkey).${key};
# openTrapdoorSetUnsafe = key: T: T.${masterkey}.${key};
#
# openTrapdoorUnsafe = key: T:
# if isFunction T
# then openTrapdoorFnUnsafe key T
# else openTrapdoorSetUnsafe key T;
openTrapdoorSet = key: xs: xs.${key}; isTrapdoorFnKey = key: T: isFunction T && (T masterkey) ? ${key};
isTrapdoorSetKey = key: T:
if T ? ${masterkey}
then T.${masterkey} ? ${key}
else false;
isTrapdoorKey = key: T:
if isAttrs T
then isTrapdoorSetKey key T
else isTrapdoorFnKey key T;
openTrapdoorFn = key: T: let
unlock = T masterkey;
in
if isFunction T && unlock ? ${key}
then Some unlock.${key}
else None;
openTrapdoorSet = key: T: let
unlock = T.${masterkey};
in
if T ? ${masterkey} && unlock ? ${key}
then Some unlock.${key}
else None;
# TODO: implement a function called enfIsTypeAny (for cases like this where it might be function or set)
openTrapdoor = key: T: openTrapdoor = key: T:
if isFunction T if isFunction T
then openTrapdoorFn key T then openTrapdoorFn key T
else else if isAttrs T
assert enfIsAttrs T "openTrapdoor"; then openTrapdoorSet key T
openTrapdoorSet key T; else None;
} }