Merge tag 'v0.5.0' into detect-critical-extensions
This commit is contained in:
+65
-17
@@ -1,10 +1,13 @@
|
||||
name: CI checks
|
||||
|
||||
on: [push, pull_request]
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches: main
|
||||
|
||||
jobs:
|
||||
test:
|
||||
name: Test on ${{ matrix.name }}
|
||||
test-msrv:
|
||||
name: Test MSRV on ${{ matrix.name }}
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -22,37 +25,83 @@ jobs:
|
||||
os: macos-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install build dependencies
|
||||
run: sudo apt install ${{ matrix.build_deps }}
|
||||
if: matrix.build_deps != ''
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
id: stable-toolchain
|
||||
- name: Install test dependencies using latest stable Rust
|
||||
run: cargo +${{steps.stable-toolchain.outputs.name}} install rage
|
||||
- name: Run tests
|
||||
run: cargo test
|
||||
- name: Verify working directory is clean
|
||||
run: git diff --exit-code
|
||||
|
||||
test-latest:
|
||||
name: Test latest stable on ${{ matrix.name }}
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
name: [linux, windows, macos]
|
||||
include:
|
||||
- name: linux
|
||||
os: ubuntu-latest
|
||||
build_deps: >
|
||||
libpcsclite-dev
|
||||
|
||||
- name: windows
|
||||
os: windows-latest
|
||||
|
||||
- name: macos
|
||||
os: macos-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install build dependencies
|
||||
run: sudo apt install ${{ matrix.build_deps }}
|
||||
if: matrix.build_deps != ''
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
id: toolchain
|
||||
- run: rustup override set ${{steps.toolchain.outputs.name}}
|
||||
- name: Install test dependencies
|
||||
run: cargo install rage
|
||||
- run: cargo fetch
|
||||
- name: Build tests
|
||||
run: cargo build --verbose --tests
|
||||
- name: Remove lockfile to build with latest dependencies
|
||||
run: rm Cargo.lock
|
||||
- name: Run tests
|
||||
run: cargo test --verbose
|
||||
run: cargo test
|
||||
- name: Verify working directory is clean (excluding lockfile)
|
||||
run: git diff --exit-code ':!Cargo.lock'
|
||||
|
||||
codecov:
|
||||
name: Code coverage
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: xd009642/tarpaulin:develop-nightly
|
||||
options: --security-opt seccomp=unconfined
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install build dependencies
|
||||
run: sudo apt install libpcsclite-dev
|
||||
- name: Install coverage dependencies
|
||||
run: cargo install cargo-tarpaulin
|
||||
run: apt update && apt install -y libpcsclite-dev
|
||||
- name: Generate coverage report
|
||||
run: cargo tarpaulin --engine llvm --all-features --release --timeout 600 --out Xml
|
||||
run: >
|
||||
cargo tarpaulin
|
||||
--engine llvm
|
||||
--timeout 180
|
||||
--out xml
|
||||
- name: Upload coverage to Codecov
|
||||
uses: codecov/codecov-action@v3.1.1
|
||||
uses: codecov/codecov-action@v4.5.0
|
||||
with:
|
||||
fail_ci_if_error: true
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
|
||||
doc-links:
|
||||
name: Intra-doc links
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install build dependencies
|
||||
run: sudo apt install libpcsclite-dev
|
||||
- run: cargo fetch
|
||||
@@ -62,9 +111,8 @@ jobs:
|
||||
|
||||
fmt:
|
||||
name: Rustfmt
|
||||
timeout-minutes: 30
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Check formatting
|
||||
run: cargo fmt -- --check
|
||||
|
||||
@@ -6,10 +6,9 @@ on: pull_request
|
||||
jobs:
|
||||
clippy-beta:
|
||||
name: Clippy (beta)
|
||||
timeout-minutes: 30
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- uses: dtolnay/rust-toolchain@beta
|
||||
id: toolchain
|
||||
- run: rustup override set ${{steps.toolchain.outputs.name}}
|
||||
|
||||
@@ -6,10 +6,9 @@ on: pull_request
|
||||
jobs:
|
||||
clippy:
|
||||
name: Clippy (MSRV)
|
||||
timeout-minutes: 30
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install build dependencies
|
||||
run: sudo apt install libpcsclite-dev
|
||||
- name: Run clippy
|
||||
|
||||
@@ -24,7 +24,7 @@ jobs:
|
||||
- windows
|
||||
include:
|
||||
- name: linux
|
||||
os: ubuntu-18.04
|
||||
os: ubuntu-20.04
|
||||
build_deps: >
|
||||
libpcsclite-dev
|
||||
archive_name: age-plugin-yubikey.tar.gz
|
||||
@@ -48,11 +48,10 @@ jobs:
|
||||
asset_suffix: x86_64-darwin.tar.gz
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
override: true
|
||||
- uses: actions/checkout@v4
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
id: toolchain
|
||||
- run: rustup override set ${{steps.toolchain.outputs.name}}
|
||||
- name: Add target
|
||||
run: rustup target add ${{ matrix.target }}
|
||||
if: matrix.target != ''
|
||||
@@ -87,7 +86,7 @@ jobs:
|
||||
if: matrix.name == 'windows'
|
||||
|
||||
- name: Upload archive to release
|
||||
uses: svenstaro/upload-release-action@2.5.0
|
||||
uses: svenstaro/upload-release-action@2.6.1
|
||||
with:
|
||||
file: ${{ matrix.archive_name }}
|
||||
asset_name: age-plugin-yubikey-$tag-${{ matrix.asset_suffix }}
|
||||
@@ -96,7 +95,7 @@ jobs:
|
||||
|
||||
deb:
|
||||
name: Debian ${{ matrix.name }}
|
||||
runs-on: ubuntu-18.04
|
||||
runs-on: ubuntu-20.04
|
||||
strategy:
|
||||
matrix:
|
||||
name: [linux]
|
||||
@@ -107,11 +106,10 @@ jobs:
|
||||
libpcsclite-dev
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
toolchain: stable
|
||||
override: true
|
||||
- uses: actions/checkout@v4
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
id: toolchain
|
||||
- run: rustup override set ${{steps.toolchain.outputs.name}}
|
||||
- name: Add target
|
||||
run: rustup target add ${{ matrix.target }}
|
||||
- name: cargo install cargo-deb
|
||||
@@ -146,7 +144,7 @@ jobs:
|
||||
args: --package age-plugin-yubikey --no-build --target ${{ matrix.target }}
|
||||
|
||||
- name: Upload Debian package to release
|
||||
uses: svenstaro/upload-release-action@2.5.0
|
||||
uses: svenstaro/upload-release-action@2.6.1
|
||||
with:
|
||||
file: target/${{ matrix.target }}/debian/*.deb
|
||||
file_glob: true
|
||||
|
||||
@@ -14,6 +14,13 @@ to 0.3.0 are beta releases.
|
||||
critical extensions in its certificate, to ensure it doesn't misuse a newer
|
||||
identity type.
|
||||
|
||||
## [0.5.0] - 2024-08-04
|
||||
### Fixed
|
||||
- `age-plugin-yubikey` can now be compiled with Rust 1.80 and above.
|
||||
|
||||
### Changed
|
||||
- MSRV is now 1.67.0.
|
||||
|
||||
## [0.4.0] - 2023-04-09
|
||||
### Changed
|
||||
- MSRV is now 1.65.0.
|
||||
|
||||
Generated
+772
-670
File diff suppressed because it is too large
Load Diff
+12
-12
@@ -1,7 +1,7 @@
|
||||
[package]
|
||||
name = "age-plugin-yubikey"
|
||||
description = "YubiKey plugin for age clients"
|
||||
version = "0.4.1"
|
||||
version = "0.5.0"
|
||||
authors = ["Jack Grigg <thestr4d@gmail.com>"]
|
||||
repository = "https://github.com/str4d/age-plugin-yubikey"
|
||||
readme = "README.md"
|
||||
@@ -9,7 +9,7 @@ keywords = ["age", "cli", "encryption", "yubikey"]
|
||||
categories = ["command-line-utilities", "cryptography"]
|
||||
license = "MIT OR Apache-2.0"
|
||||
edition = "2021"
|
||||
rust-version = "1.65" # MSRV
|
||||
rust-version = "1.67" # MSRV
|
||||
|
||||
[package.metadata.deb]
|
||||
extended-description = """\
|
||||
@@ -22,12 +22,12 @@ assets = [
|
||||
]
|
||||
|
||||
[dependencies]
|
||||
age-core = "0.9"
|
||||
age-plugin = "0.4"
|
||||
age-core = "0.10"
|
||||
age-plugin = "0.5"
|
||||
base64 = "0.21"
|
||||
bech32 = "0.9"
|
||||
console = { version = "0.15", default-features = false }
|
||||
dialoguer = { version = "0.10", default-features = false, features = ["password"] }
|
||||
dialoguer = { version = "0.11", default-features = false, features = ["password"] }
|
||||
env_logger = "0.10"
|
||||
gumdrop = "0.8"
|
||||
hex = "0.4"
|
||||
@@ -36,23 +36,23 @@ p256 = { version = "0.13", features = ["ecdh"] }
|
||||
pcsc = "2.4"
|
||||
rand = "0.8"
|
||||
sha2 = "0.10"
|
||||
which = "4.1"
|
||||
which = "5"
|
||||
x509 = "0.2"
|
||||
x509-parser = "0.14"
|
||||
yubikey = { version = "=0.8.0-pre.0", features = ["untested"] }
|
||||
|
||||
# Translations
|
||||
i18n-embed = { version = "0.13", features = ["desktop-requester", "fluent-system"] }
|
||||
i18n-embed-fl = "0.6"
|
||||
i18n-embed = { version = "0.14", features = ["desktop-requester", "fluent-system"] }
|
||||
i18n-embed-fl = "0.8"
|
||||
lazy_static = "1"
|
||||
rust-embed = "6"
|
||||
rust-embed = "8"
|
||||
|
||||
# GnuPG coexistence
|
||||
sysinfo = "0.28"
|
||||
sysinfo = "0.29"
|
||||
|
||||
[dev-dependencies]
|
||||
flate2 = "1"
|
||||
man = "0.3"
|
||||
tempfile = "3"
|
||||
test-with = "0.9"
|
||||
which = "4"
|
||||
test-with = "0.11"
|
||||
which = "5"
|
||||
|
||||
@@ -8,8 +8,13 @@ which enables files to be encrypted to age identities stored on YubiKeys.
|
||||
|
||||
| Environment | CLI command |
|
||||
|-------------|-------------|
|
||||
| Cargo (Rust 1.65+) | `cargo install age-plugin-yubikey` |
|
||||
| Cargo (Rust 1.67+) | `cargo install age-plugin-yubikey` |
|
||||
| Homebrew (macOS or Linux) | `brew install age-plugin-yubikey` |
|
||||
| Arch Linux | `pacman -S age-plugin-yubikey` |
|
||||
| Debian | [Debian package](https://github.com/str4d/age-plugin-yubikey/releases) |
|
||||
| NixOS | Add to config:<br>`environment.systemPackages = [`<br>` pkgs.age-plugin-yubikey`<br>`];`<br>Or run `nix-env -i age-plugin-yubikey` |
|
||||
| Ubuntu 20.04+ | [Debian package](https://github.com/str4d/age-plugin-yubikey/releases) |
|
||||
| OpenBSD | `pkg_add age-plugin-yubikey` (security/age-plugin-yubikey) |
|
||||
|
||||
On Windows, Linux, and macOS, you can use the
|
||||
[pre-built binaries](https://github.com/str4d/age-plugin-yubikey/releases).
|
||||
@@ -24,8 +29,10 @@ is installed and running.
|
||||
| Environment | CLI command |
|
||||
|-------------|-------------|
|
||||
| Debian or Ubuntu | `sudo apt-get install pcscd` |
|
||||
| Fedora | `sudo dnf install pcsc-lite` |
|
||||
| OpenBSD | As ```root``` do:<br>`pkg_add pcsc-lite ccid`<br>`rcctl enable pcscd`<br>`rcctl start pcscd` |
|
||||
| FreeBSD | As ```root``` do:<br>`pkg install pcsc-lite libccid`<br>`service pcscd enable`<br>`service pcscd start` |
|
||||
| Arch | `sudo pacman -S pcsclite pcsc-tools yubikey-manager`<br>`sudo systemctl enable pcscd`<br>`sudo systemctl start pcscd`|
|
||||
|
||||
When installing via Cargo, you also need to ensure that the development headers
|
||||
for the `pcsc-lite` library are available, so that the `pcsc-sys` crate can be
|
||||
@@ -34,6 +41,7 @@ compiled.
|
||||
| Environment | CLI command |
|
||||
|-------------|-------------|
|
||||
| Debian or Ubuntu | `sudo apt-get install libpcsclite-dev` |
|
||||
| Fedora | `sudo dnf install pcsc-lite-devel` |
|
||||
|
||||
### Windows Subsystem for Linux (WSL)
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ use std::io::prelude::*;
|
||||
const MANPAGES_DIR: &str = "./target/manpages";
|
||||
|
||||
fn generate_manpage(page: String, name: &str) {
|
||||
let file = File::create(format!("{}/{}.1.gz", MANPAGES_DIR, name))
|
||||
let file = File::create(format!("{MANPAGES_DIR}/{name}.1.gz"))
|
||||
.expect("Should be able to open file in target directory");
|
||||
let mut encoder = GzEncoder::new(file, Compression::best());
|
||||
encoder
|
||||
|
||||
@@ -204,6 +204,7 @@ err-invalid-flag-tui = Flag '{$flag}' cannot be used with the interactive in
|
||||
err-invalid-pin-policy = Invalid PIN policy '{$policy}' (expected [{$expected}]).
|
||||
err-invalid-slot = Invalid slot '{$slot}' (expected number between 1 and 20).
|
||||
err-invalid-touch-policy = Invalid touch policy '{$policy}' (expected [{$expected}]).
|
||||
err-io-user = Failed to get input from user: {$err}
|
||||
err-io = Failed to set up {-yubikey}: {$err}
|
||||
err-multiple-commands = Only one of {-cmd-generate}, {-cmd-identity}, {-cmd-list}, {-cmd-list-all} can be specified.
|
||||
err-multiple-yubikeys = Multiple {-yubikeys} are plugged in. Use {-flag-serial} to select a single {-yubikey}.
|
||||
|
||||
+1
-1
@@ -1,3 +1,3 @@
|
||||
[toolchain]
|
||||
channel = "1.65.0"
|
||||
channel = "1.67.0"
|
||||
components = ["clippy", "rustfmt"]
|
||||
|
||||
@@ -15,6 +15,7 @@ macro_rules! wlnfl {
|
||||
|
||||
pub enum Error {
|
||||
CustomManagementKey,
|
||||
Dialog(dialoguer::Error),
|
||||
InvalidFlagCommand(String, String),
|
||||
InvalidFlagTui(String),
|
||||
InvalidPinPolicy(String),
|
||||
@@ -35,6 +36,12 @@ pub enum Error {
|
||||
YubiKey(yubikey::Error),
|
||||
}
|
||||
|
||||
impl From<dialoguer::Error> for Error {
|
||||
fn from(e: dialoguer::Error) -> Self {
|
||||
Error::Dialog(e)
|
||||
}
|
||||
}
|
||||
|
||||
impl From<io::Error> for Error {
|
||||
fn from(e: io::Error) -> Self {
|
||||
Error::Io(e)
|
||||
@@ -65,6 +72,7 @@ impl fmt::Debug for Error {
|
||||
url = CHANGE_MGMT_KEY_URL
|
||||
)?;
|
||||
}
|
||||
Error::Dialog(e) => wlnfl!(f, "err-io-user", err = e.to_string())?,
|
||||
Error::InvalidFlagCommand(flag, command) => wlnfl!(
|
||||
f,
|
||||
"err-invalid-flag-command",
|
||||
|
||||
+4
-4
@@ -278,10 +278,10 @@ pub(crate) fn disconnect_without_reset(yubikey: YubiKey) {
|
||||
let _ = yubikey.disconnect(pcsc::Disposition::LeaveCard);
|
||||
}
|
||||
|
||||
fn request_pin<E>(
|
||||
mut prompt: impl FnMut(Option<String>) -> io::Result<Result<SecretString, E>>,
|
||||
fn request_pin<E, E2>(
|
||||
mut prompt: impl FnMut(Option<String>) -> Result<Result<SecretString, E>, E2>,
|
||||
serial: Serial,
|
||||
) -> io::Result<Result<SecretString, E>> {
|
||||
) -> Result<Result<SecretString, E>, E2> {
|
||||
let mut prev_error = None;
|
||||
loop {
|
||||
prev_error = Some(match prompt(prev_error)? {
|
||||
@@ -330,7 +330,7 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
let pin = request_pin(
|
||||
|prev_error| {
|
||||
if let Some(err) = prev_error {
|
||||
eprintln!("{}", err);
|
||||
eprintln!("{err}");
|
||||
}
|
||||
Password::new()
|
||||
.with_prompt(fl!("mgr-choose-new-pin"))
|
||||
|
||||
+8
-14
@@ -296,8 +296,8 @@ fn list(flags: PluginFlags, all: bool) -> Result<(), Error> {
|
||||
flags,
|
||||
all,
|
||||
|_, recipient, metadata| {
|
||||
println!("{}", metadata);
|
||||
println!("{}", recipient);
|
||||
println!("{metadata}");
|
||||
println!("{recipient}");
|
||||
},
|
||||
)
|
||||
}
|
||||
@@ -329,8 +329,8 @@ fn main() -> Result<(), Error> {
|
||||
if let Some(state_machine) = opts.age_plugin {
|
||||
run_state_machine(
|
||||
&state_machine,
|
||||
plugin::RecipientPlugin::default,
|
||||
plugin::IdentityPlugin::default,
|
||||
Some(plugin::RecipientPlugin::default),
|
||||
Some(plugin::IdentityPlugin::default),
|
||||
)?;
|
||||
Ok(())
|
||||
} else if opts.version {
|
||||
@@ -411,9 +411,9 @@ fn main() -> Result<(), Error> {
|
||||
.validity()
|
||||
.not_before
|
||||
.to_rfc2822()
|
||||
.unwrap_or_else(|e| format!("Invalid date: {}", e));
|
||||
.unwrap_or_else(|e| format!("Invalid date: {e}"));
|
||||
|
||||
format!("{}, created: {}", name, created)
|
||||
format!("{name}, created: {created}")
|
||||
})
|
||||
})
|
||||
})
|
||||
@@ -631,14 +631,8 @@ fn main() -> Result<(), Error> {
|
||||
// If `rage` binary is installed, use it in examples. Otherwise default to `age`.
|
||||
let age_binary = which::which("rage").map(|_| "rage").unwrap_or("age");
|
||||
|
||||
let encrypt_usage = format!(
|
||||
"$ cat foo.txt | {} -r {} -o foo.txt.age",
|
||||
age_binary, recipient
|
||||
);
|
||||
let decrypt_usage = format!(
|
||||
"$ cat foo.txt.age | {} -d -i {} > foo.txt",
|
||||
age_binary, file_name
|
||||
);
|
||||
let encrypt_usage = format!("$ cat foo.txt | {age_binary} -r {recipient} -o foo.txt.age");
|
||||
let decrypt_usage = format!("$ cat foo.txt.age | {age_binary} -d -i {file_name} > foo.txt");
|
||||
let identity_usage = format!(
|
||||
"$ age-plugin-yubikey -i --serial {} --slot {} > {}",
|
||||
stub.serial,
|
||||
|
||||
+1
-1
@@ -177,7 +177,7 @@ impl Metadata {
|
||||
.validity()
|
||||
.not_before
|
||||
.to_rfc2822()
|
||||
.unwrap_or_else(|e| format!("Invalid date: {}", e)),
|
||||
.unwrap_or_else(|e| format!("Invalid date: {e}")),
|
||||
pin_policy,
|
||||
touch_policy,
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user