Migrate to age-plugin 0.6

This commit is contained in:
Jack Grigg
2025-12-08 00:10:49 +00:00
parent 36290c74eb
commit 68e634c04e
3 changed files with 30 additions and 21 deletions
Generated
+18 -7
View File
@@ -29,8 +29,9 @@ dependencies = [
[[package]]
name = "age-core"
version = "0.10.0"
source = "git+https://github.com/str4d/rage.git?rev=baf277a749c839e49f93bffb58d36734ac94be83#baf277a749c839e49f93bffb58d36734ac94be83"
version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2bf6a89c984ca9d850913ece2da39e1d200563b0a94b002b253beee4c5acf99"
dependencies = [
"base64 0.21.7",
"chacha20poly1305",
@@ -39,15 +40,16 @@ dependencies = [
"io_tee",
"nom",
"rand",
"secrecy",
"secrecy 0.10.3",
"sha2",
"tempfile",
]
[[package]]
name = "age-plugin"
version = "0.5.0"
source = "git+https://github.com/str4d/rage.git?rev=baf277a749c839e49f93bffb58d36734ac94be83#baf277a749c839e49f93bffb58d36734ac94be83"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8a31f37914cf72cf36a1cd8ea9f24e5df20899e9348dd3d1c8273f4420ce493"
dependencies = [
"age-core",
"base64 0.21.7",
@@ -1018,7 +1020,7 @@ dependencies = [
"httpdate",
"itoa",
"pin-project-lite",
"socket2 0.4.10",
"socket2 0.5.7",
"tokio",
"tower-service",
"tracing",
@@ -2076,6 +2078,15 @@ dependencies = [
"zeroize",
]
[[package]]
name = "secrecy"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a"
dependencies = [
"zeroize",
]
[[package]]
name = "security-framework"
version = "2.11.1"
@@ -3026,7 +3037,7 @@ dependencies = [
"pcsc",
"rand_core",
"rsa",
"secrecy",
"secrecy 0.8.0",
"sha1",
"sha2",
"subtle",
+2 -6
View File
@@ -22,8 +22,8 @@ assets = [
]
[dependencies]
age-core = "0.10"
age-plugin = "0.5"
age-core = "0.11"
age-plugin = "0.6"
base64 = "0.21"
bech32 = "0.9"
console = { version = "0.15", default-features = false }
@@ -56,7 +56,3 @@ man = "0.3"
tempfile = "3"
test-with = "0.11"
which = "5"
[patch.crates-io]
age-core = { git = "https://github.com/str4d/rage.git", rev = "baf277a749c839e49f93bffb58d36734ac94be83" }
age-plugin = { git = "https://github.com/str4d/rage.git", rev = "baf277a749c839e49f93bffb58d36734ac94be83" }
+10 -8
View File
@@ -3,7 +3,7 @@
use age_core::{
format::{FileKey, FILE_KEY_BYTES},
primitives::{aead_decrypt, hkdf},
secrecy::{ExposeSecret, SecretString},
secrecy::{zeroize::Zeroize, ExposeSecret, SecretString},
};
use age_plugin::{identity, Callbacks};
use bech32::{ToBase32, Variant};
@@ -332,7 +332,7 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
.with_prompt(fl!("mgr-choose-new-pin"))
.with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch"))
.interact()
.map(|pin| Result::<_, Infallible>::Ok(SecretString::new(pin)))
.map(|pin| Result::<_, Infallible>::Ok(SecretString::from(pin)))
},
yubikey.serial(),
)?
@@ -747,12 +747,14 @@ impl Connection {
// A failure to decrypt is fatal, because we assume that we won't
// encounter 32-bit collisions on the key tag embedded in the header.
match aead_decrypt(&enc_key, FILE_KEY_BYTES, &line.encrypted_file_key) {
Ok(pt) => Ok(TryInto::<[u8; FILE_KEY_BYTES]>::try_into(&pt[..])
.unwrap()
.into()),
Err(_) => Err(()),
}
aead_decrypt(&enc_key, FILE_KEY_BYTES, &line.encrypted_file_key)
.map_err(|_| ())
.map(|mut pt| {
FileKey::init_with_mut(|file_key| {
file_key.copy_from_slice(&pt);
pt.zeroize();
})
})
}
/// Close this connection without resetting the YubiKey.