Merge pull request #673 from obsidiansystems/release/0.7.0.0

v0.7.0.0

ChangeLog.md

@@ -2,6 +2,17 @@
 
 This project's release branch is `master`. This log is written from the perspective of the release branch: when changes hit `master`, they are considered released, and the date should reflect that release.
 
+## v0.7.0.0
+
+* Fully support HTTP [Range](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Range) requests on static assets to support Safari. ([#664](https://github.com/obsidiansystems/obelisk/pull/664))
+* Support non-EC2 deployments. ([#658](https://github.com/obsidiansystems/obelisk/pull/658))
+* Fix `ob deploy test android` to work. ([#645](https://github.com/obsidiansystems/obelisk/pull/645))
+* Fix vulnerability where Android deployments would leave signing keys in the nix store which is world readable. ([#645](https://github.com/obsidiansystems/obelisk/pull/645)) (Thanks to [kmicklas](https://github.com/kmicklas) for the report.)
+* Add `Obelisk.Backend.runBackendWith` to allow several customizations. ([#668](https://github.com/obsidiansystems/obelisk/pull/668), [#644](https://github.com/obsidiansystems/obelisk/pull/644))
+* Add `ob profile` command to run Obelisk projects with profiling. `ob profile` works like `ob run`, but instead of using `ghci`, it builds an executable that is built with profiling enabled. ([#654](https://github.com/obsidiansystems/obelisk/pull/654))
+* Obelisk's `default.nix` now exposes `mkAssets` function which is used to construct the assets served by an Obelisk application. ([#651](https://github.com/obsidiansystems/obelisk/pull/651))
+* Bump reflex-platform to v0.5.2.0. ([#671](https://github.com/obsidiansystems/obelisk/pull/671))
+
 ## v0.6.0.0 - 2020-02-21
 
 * Fix a bug in `Obelisk.Route.Frontend` where `routeLink`, `routeLinkDynAttr`, and `dynRouteLink` would not behave exactly like `<a href="...">` when run by JavaScript. These functions now scroll to the top of the page when the link is clicked. ([#540](https://github.com/obsidiansystems/obelisk/pull/540))

README.md

@@ -13,7 +13,9 @@ Obelisk provides an easy way to develop and deploy your [Reflex](https://github.
   - [Running over https](#running-over-https)
 - [Deploying](#deploying)
   - [Locally](#locally)
-  - [EC2](#ec2)
+  - [Default EC2 Deployment](#default-ec2-deployment)
+  - [Custom Non-EC2 Deployment](#custom-non-ec2-deployment)
+    - [VirtualBox Deployment](#virtualbox-deployment)
   - [From macOS](#from-macos)
   - [Deploying an updated version](#deploying-an-updated-version)
 - [Mobile](#mobile)
@@ -55,32 +57,32 @@ Obelisk provides an easy way to develop and deploy your [Reflex](https://github.
 
 When developing on obelisk itself you may launch `ghcid` for the corresponding project as follows. For example to launch ghcid for `lib/backend` project:
 
-```
+```bash
 nix-shell -A obeliskEnvs.obelisk-backend --run "cd lib/backend && ghcid -c 'cabal new-repl'"
 ```
 
 Or to launch ghcid for `lib/command` project:
 
-```
+```bash
 nix-shell -A obeliskEnvs.obelisk-command --run "cd lib/command && ghcid -c 'cabal new-repl'"
 ```
 
 To re-install `ob` from source do
-```
+```bash
 nix-env -f /path/to/obelisk -iA command
 ```
 
 Note that `ob` will defer to the version found in your project's `.obelisk/impl` directory. To update that version specifically:
 
-```shell
+```bash
 ob thunk unpack ./.obelisk/impl
 cd ./.obelisk/impl
 # apply your changes
 ```
 
 If you want to commit your changes, first push them to your fork of obelisk and then
 
-```shell
+```bash
 cd /your/project/root
 ob thunk pack .obelisk/impl
 git add .obelisk/impl
@@ -100,13 +102,13 @@ access to:
 
 To create a new Obelisk project, go to an empty directory and run:
 
-```
+```bash
 ob init
 ```
 
 Obelisk leverages ghcid to provide a live-reloading server that handles both frontend and backend. To run your Obelisk app and monitor the source for changes:
 
-```
+```bash
 ob run
 ```
 
@@ -165,7 +167,7 @@ project ./. ({ pkgs, ... }: {
 # ...
 ```
 
-### Running over https
+### Running over HTTPS
 
 To run your app locally over https, update the protocol in `config/common/route` to `https`, and then use `ob run` as normal.
 
@@ -177,22 +179,22 @@ Since Obelisk generates a self-signed certificate for running https, the browser
 
 Build everything:
 
-```
+```bash
 nix-build -A exe --no-out-link
 ```
 
 Copy the result to a new directory, add configuration, and run!
 
-```
+```bash
 mkdir test-app
 ln -s $(nix-build -A exe --no-out-link)/* test-app/
 cp -r config test-app
 (cd test-app && ./backend)
 ```
 
-### EC2
+### Default EC2 Deployment
 
-In this section we will demonstrate how to deploy your Obelisk app to an Amazon EC2 instance.
+In this section we will demonstrate how to deploy your Obelisk app to an Amazon EC2 instance. Obelisk deployments are configured for EC2 by default (see [Custom Non-EC2 Deployment](#custom-non-ec2-deployment)).
 
 First create a new EC2 instance:
 
@@ -219,7 +221,7 @@ ob deploy init \
   ~/code/myapp-deploy
 ```
 
-HTTPS is enabled by default; to disable https, pass `--disable-https` to the `ob deploy init` command above.
+HTTPS is enabled by default; to disable HTTPS pass `--disable-https` to the `ob deploy init` command above.
 
 This step will also require that you manually verify the authenticity of the host `$SERVER`. Obelisk will save the fingerprint in a deployment-specific configuration. **Obelisk deployments do *not* rely on the `known_hosts` of your local machine.** This is because, in the event that you need to switch from one deploy machine / bastion host to another, you want to be absolutely sure that you're still connecting to the machines you think you are, even if that deploy machine / bastion host has never connected to them before. Obelisk explicitly avoids a workflow that encourages people to accept host keys without checking them, since that could result in leaking production secrets to anyone who manages to MITM you, e.g. via DNS spoofing or cache poisoning. (Note that an active attack is a circumstance where you may need to quickly switch bastion hosts, e.g. because the attacker has taken one down or you have taken it down in case it was compromised. In this circumstance you might need to deploy to production to fix an exploit or rotate keys, etc.) When you run `ob deploy` later it will rely on the saved verification in this step.
 
@@ -234,6 +236,26 @@ ob deploy push
 
 At this point you are done. Your app will be accessible at `${ROUTE}`. The currently deployed version - the git commit hash of the source repo - can be found at `${ROUTE}/version`.
 
+### Custom Non-EC2 Deployment
+
+By default Obelisk deployments are configured for NixOS machines running on AWS EC2. To provide your own configuration, you need to write a custom `module.nix` in the deployment repository. This still requires that your server is running NixOS.
+
+`module.nix` must contain a Nix *function* that produces a [NixOS module function](https://nixos.org/nixos/manual/index.html#sec-writing-modules). The top-level function takes deployment configuration as arguments: `hostName`, `adminEmail`, `routeHost`, `enableHttps`, `version`, `exe`, `nixosPkgs`. Most of these are the values you specified during `ob deploy init` and are stored in the deployment repository. `version` is a `git` hash for the app that you're deploying. `exe` is the Linux build of the app (as seen in [Deploying Locally](#locally)). `nixosPkgs` is the package set used to construct the NixOS VM.
+
+The [VirtualBox Deployment](#virtualbox-deployment) section provides an example.
+
+#### VirtualBox Deployment
+
+Here's a `module.nix` that is configured for deployment to a VirtualBox VM (running NixOS):
+
+```nix
+{ nixosPkgs, ... }: {...}: {
+  imports = [ (nixosPkgs.path + /nixos/modules/virtualisation/virtualbox-image.nix) ];
+}
+```
+
+The `{...}:` and following is the [NixOS module](https://nixos.org/nixos/manual/index.html#sec-writing-modules) definition.
+
 ### From macOS
 
 Deploying from macOS requires some extra setup:
@@ -247,7 +269,7 @@ Running `ob deploy push` will give you additional setup instructions.
 
 If you'd like to deploy an updated version (with new commits) of your Obelisk app: simply go to the configuration directory, update the source thunk and push:
 
-```
+```bash
 cd ~/code/myapp-deploy
 ob deploy update
 ob deploy push
@@ -273,14 +295,14 @@ These versions will work out of the box but iOS SDKs prior to 11.3 should also w
 
 More recent Xcodes should also work, as long as one of the SDKs mentioned above has been used.
 To add another SDK to your current Xcode, [download](https://developer.apple.com/download/more/) the corresponding Xcode, extract it and copy its SDK folder next to the installed one, e.g.
-```
+```bash
 open -W Xcode_9.2.xip
 sudo cp -R Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.2.sdk
 ```
 
 
 You can verify that you have correct versions by running
-```
+```bash
 xcodebuild -showsdks
 ```
 
@@ -306,7 +328,7 @@ Ensure that `bundleIdentifier` matches the App ID of the development profile, or
 1. Connect the registered iPhone.
 1. Find your Apple Team ID in the [developer portal](https://developer.apple.com/account/#/membership).
 1. Run the deploy command with your Team ID:
-```
+```bash
 result-ios/bin/deploy [TEAM_ID]
 # or in debug mode via lldb:
 result-ios/bin/deploy [TEAM_ID] -d
@@ -316,7 +338,7 @@ result-ios/bin/deploy [TEAM_ID] -d
 1. Go to [developer portal - distribution profiles](https://developer.apple.com/account/ios/profile/production).
 Create and download a distribution profile.
 1. Run the package script with your TEAM ID and your distribution profile to create a `.ipa`:
-```
+```bash
 result-ios/bin/package [TEAM_ID] /path/to/output/.ipa /path/to/profile/file
 ```
 

all-builds.nix

@@ -3,10 +3,7 @@
     iosSdkVersion = "10.2";
   }
 , local-self ? import ./. self-args
-, supportedSystems ? [
-    "x86_64-linux"
-    "x86_64-darwin"
-  ]
+, supportedSystems ? [ builtins.currentSystem ]
 }:
 
 let
@@ -68,6 +65,7 @@ let
       iosSkeleton = (import ./skeleton { inherit obelisk; }).ios.frontend;
       nameSuffix = if profiling then "profiled" else "unprofiled";
       packages = {
+        skeletonProfiledObRun = skeleton.__unstable__.profiledObRun;
         inherit
           command
           serverSkeletonShell