Merge remote-tracking branch 'gt/ctap-hid-fido2' into 0.3.0-alpha

chore: update naersk
chore: update deps
2024-03-03 19:41:19 +01:00 · 2024-02-11 19:37:12 +01:00 · 2023-12-17 13:53:14 +01:00 · 2023-10-02 11:55:56 +02:00
7 changed files with 180 additions and 118 deletions
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -0,0 +1,32 @@
 # This is a basic workflow to help you get started with Actions
 name: Current
 # Controls when the workflow will run
 on:
  schedule:
    - cron: '0 22 * * 6'
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v4
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Build Nix Package nixos-unstable
        run: nix build --override-input nixpkgs github:nixos/nixpkgs/nixos-unstable --show-trace
--- a/.github/workflows/locked.yml
+++ b/.github/workflows/locked.yml
@@ -0,0 +1,33 @@
 # This is a basic workflow to help you get started with Actions
 name: Locked
 # Controls when the workflow will run
 on:
  # Triggers the workflow on push or pull request events but only for the "master" branch
  push:
    branches: '*'
  pull_request:
    branches: '*'
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v4
      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
          cache: ${{ secrets.ATTIC_CACHE }}
          token: ${{ secrets.ATTIC_TOKEN }}
      - name: Build Nix Package
        run: nix build -j 10 --show-trace
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -67,7 +67,7 @@ checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "synstructure",
 ]
@@ -79,7 +79,7 @@ checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]
 [[package]]
@@ -122,11 +122,11 @@ checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"
 [[package]]
 name = "bindgen"
-version = "0.59.2"
+version = "0.68.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8"
+checksum = "726e4313eb6ec35d2730258ad4e15b547ee75d6afaa1361a922e78e59b7d8078"
 dependencies = [
- "bitflags",
+ "bitflags 2.4.2",
 "cexpr",
 "clang-sys",
 "lazy_static",
@@ -137,6 +137,7 @@ dependencies = [
 "regex",
 "rustc-hash",
 "shlex",
 "syn 2.0.52",
 ]
 [[package]]
@@ -145,6 +146,12 @@ version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 [[package]]
 name = "bitflags"
 version = "2.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf"
 [[package]]
 name = "block-padding"
 version = "0.3.2"
@@ -225,7 +232,7 @@ checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
 dependencies = [
 "ansi_term",
 "atty",
- "bitflags",
+ "bitflags 1.3.2",
 "strsim",
 "textwrap",
 "unicode-width",
@@ -302,7 +309,7 @@ checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]
 [[package]]
@@ -329,7 +336,7 @@ checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "synstructure",
 ]
@@ -379,9 +386,9 @@ checksum = "22030e2c5a68ec659fde1e949a745124b48e6fa8b045b7ed5bd1fe4ccc5c4e5d"
 [[package]]
 name = "glob"
-version = "0.3.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
+checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
 [[package]]
 name = "half"
@@ -475,20 +482,22 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 [[package]]
 name = "libc"
-version = "0.2.132"
+version = "0.2.153"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5"
+checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd"
 [[package]]
 name = "libcryptsetup-rs"
-version = "0.5.1"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fe68061beaa409d095b8010a37cb611685a627889aa29d79a0380c93ff89c13"
+checksum = "67dd3f8d51b4feb4acc765c063d45434fb7926fe979b20ee6f95dcd974b4dc0c"
 dependencies = [
 "bitflags 2.4.2",
 "either",
 "lazy_static",
 "libc",
 "libcryptsetup-rs-sys",
 "log",
 "pkg-config",
 "semver",
 "serde_json",
@@ -497,9 +506,9 @@ dependencies = [
 [[package]]
 name = "libcryptsetup-rs-sys"
-version = "0.2.1"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0af91b644699911c839309edbb8c8f6addd61e6b9553aa6d02ba71c37597afbe"
+checksum = "20fc299fd05078d353a895d940fc463d1008d94258fc8096c095467549324707"
 dependencies = [
 "bindgen",
 "cc",
@@ -519,12 +528,9 @@ dependencies = [
 [[package]]
 name = "log"
-version = "0.4.17"
+version = "0.4.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c"
 dependencies = [
 "cfg-if",
 ]
 [[package]]
 name = "memchr"
@@ -696,7 +702,7 @@ dependencies = [
 "proc-macro-error-attr",
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "version_check",
 ]
@@ -713,18 +719,18 @@ dependencies = [
 [[package]]
 name = "proc-macro2"
-version = "1.0.43"
+version = "1.0.78"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab"
+checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae"
 dependencies = [
 "unicode-ident",
 ]
 [[package]]
 name = "quote"
-version = "1.0.21"
+version = "1.0.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179"
+checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
 dependencies = [
 "proc-macro2",
 ]
@@ -832,7 +838,7 @@ checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]
 [[package]]
@@ -885,7 +891,7 @@ dependencies = [
 "proc-macro-error",
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]
 [[package]]
@@ -904,7 +910,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "rustversion",
- "syn",
+ "syn 1.0.99",
 ]
 [[package]]
@@ -918,6 +924,17 @@ dependencies = [
 "unicode-ident",
 ]
 [[package]]
 name = "syn"
 version = "2.0.52"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b699d15b36d1f02c3e7c69f8ffef53de37aefae075d8488d4ba1a7788d574a07"
 dependencies = [
 "proc-macro2",
 "quote",
 "unicode-ident",
 ]
 [[package]]
 name = "synstructure"
 version = "0.12.6"
@@ -926,7 +943,7 @@ checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "unicode-xid",
 ]
@@ -956,7 +973,7 @@ checksum = "f8b463991b4eab2d801e724172285ec4195c650e8ec79b149e6c2a8e6dd3f783"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]
 [[package]]
@@ -1061,7 +1078,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "wasm-bindgen-shared",
 ]
@@ -1083,7 +1100,7 @@ checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,21 +19,21 @@ ring = "0.16.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
 structopt = "0.3.2"
 libcryptsetup-rs = "0.9.1"
 serde_json = "1.0.51"
 serde_derive = "1.0.116"
 serde = "1.0.116"
 anyhow = "1.0.56"
 ctap-hid-fido2 = "3.4.1"
 libcryptsetup-rs = "0.5.1"
 [build-dependencies]
 hex = "0.3.2"
 ring = "0.16.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
-anyhow = "1.0.56"
+libcryptsetup-rs = "0.9.1"
 libcryptsetup-rs = "0.5.1"
 structopt = "0.3.2"
 anyhow = "1.0.56"
 [profile.release]
 lto = true
--- a/flake.lock
+++ b/flake.lock
@@ -7,26 +7,26 @@
        ]
      },
      "locked": {
-        "lastModified": 1639947939,
+        "lastModified": 1698420672,
-        "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=",
+        "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
-        "owner": "nmattia",
+        "owner": "nix-community",
        "repo": "naersk",
-        "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653",
+        "rev": "aeb58d5e8faead8980a807c840232697982d47b9",
        "type": "github"
      },
      "original": {
-        "owner": "nmattia",
+        "owner": "nix-community",
        "repo": "naersk",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1647282937,
+        "lastModified": 1705496572,
-        "narHash": "sha256-K8Oo6QyFCfiEWTRpQVfzcwI3YNMKlz6Tu8rr+o3rzRQ=",
+        "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "64fc73bd74f04d3e10cb4e70e1c65b92337e76db",
+        "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19",
        "type": "github"
      },
      "original": {
@@ -41,13 +41,31 @@
        "utils": "utils"
      }
    },
-    "utils": {
+    "systems": {
      "locked": {
-        "lastModified": 1644229661,
+        "lastModified": 1681028828,
-        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1705309234,
        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -4,47 +4,37 @@
  inputs = {
    utils.url = "github:numtide/flake-utils";
    naersk = {
-      url = "github:nmattia/naersk";
+      url = "github:nix-community/naersk";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-outputs = inputs @ { self, nixpkgs, utils, naersk, ... }:
+  outputs = { self, nixpkgs, utils, naersk }:
    let
-      root = inputs.source or self;
+      root = ./.;
-      pname = (builtins.fromTOML (builtins.readFile (root + "/Cargo.toml"))).package.name;
+      pname = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).package.name;
-      # toolchains: stable, beta, default(nightly)
+      forPkgs = pkgs:
      toolchain = pkgs: if inputs ? fenix then inputs.fenix.packages."${pkgs.system}".complete.toolchain 
                  else with pkgs; symlinkJoin { name = "rust-toolchain"; paths = [ rustc cargo ]; };
      forSystem = system:
        let
-        pkgs = nixpkgs.legacyPackages."${system}";
+          naersk-lib = naersk.lib."${pkgs.system}";
          buildInputs = with pkgs; [ cryptsetup cryptsetup.dev udev.dev ];
          nativeBuildInputs = with pkgs; [
            rustPlatform.bindgenHook
            pkg-config
            clang
          ];
        in
        rec {
          # `nix build`
-          packages.${pname} = (self.overlay pkgs pkgs).${pname};
+          packages.${pname} = naersk-lib.buildPackage {
-
+            inherit pname root buildInputs nativeBuildInputs;
-          packages.dockerImage = pkgs.runCommandLocal "docker-${pname}.tar.gz" {} "${apps.streamDockerImage.program} | gzip --fast > $out";
+          };
-
+          defaultPackage = packages.${pname};
          packages.default = packages.${pname};
          # `nix run`
          apps.${pname} = utils.lib.mkApp {
            drv = packages.${pname};
          };
-          
+          defaultApp = apps.${pname};
          # `nix run .#streamDockerImage | docker load`
          apps.streamDockerImage = utils.lib.mkApp {
            drv = with pkgs; dockerTools.streamLayeredImage {
              name = pname;
              tag = self.shortRev or "latest";
              config = {
                Entrypoint = apps.default.program;
              };
            };
            exePath = "";
          };
          apps.default = apps.${pname};
          # `nix flake check`
          checks = {
@@ -59,42 +49,15 @@ outputs = inputs @ { self, nixpkgs, utils, naersk, ... }:
          hydraJobs = checks // packages;
          # `nix develop`
-          devShell = pkgs.mkShell rec {
+          devShell = pkgs.mkShell {
-            RUST_SRC_PATH = "${if inputs ? fenix then "${toolchain pkgs}/lib/rustlib" else pkgs.rustPlatform.rustLibSrc}";
+            nativeBuildInputs = with pkgs; [ rustc cargo rustfmt nixpkgs-fmt ] ++ nativeBuildInputs;
-            nativeBuildInputs = with pkgs; [ (toolchain pkgs) cargo-edit rustfmt nixpkgs-fmt ] ++ packages.default.nativeBuildInputs;
+            inherit buildInputs;
-            inherit (packages.default) buildInputs LIBCLANG_PATH;
+          };
-            shellHook = ''
+        };
-              printf "Rust version:"
+      forSystem = system: forPkgs nixpkgs.legacyPackages."${system}";
-              rustc --version
+    in
-              printf "\nbuild inputs: ${pkgs.lib.concatStringsSep ", " (map (bi: bi.name) (buildInputs ++ nativeBuildInputs))}"
+    (utils.lib.eachSystem [ "aarch64-linux" "i686-linux" "x86_64-linux" ] forSystem) // {
-            '';
+      overlay = final: prev: (forPkgs final).packages;
    };
        };
    in
    (utils.lib.eachDefaultSystem forSystem) // {
      overlays.pinned = final: prev: (self.overlay final (import nixpkgs {
        inherit (final) localSystem;
      })).packages;
      overlay = final: prev:
        let
          naersk-lib = naersk.lib."${final.system}".override {
            rustc = toolchain prev;
            cargo = toolchain prev;
          };
          buildInputs = with prev; [ 
            udev cryptsetup.dev
          ];
          nativeBuildInputs = with prev; [
            pkg-config clang
          ];
        in
        {
          "${pname}" =
            naersk-lib.buildPackage {
              LIBCLANG_PATH = "${final.llvmPackages.libclang.lib}/lib";
              inherit pname root buildInputs nativeBuildInputs;
            };
        };
    };
 }
--- a/src/luks.rs
+++ b/src/luks.rs
@@ -1,9 +1,8 @@
 use crate::error::*;
-use libcryptsetup_rs::{
+use libcryptsetup_rs::consts::flags::CryptActivate;
-    CryptActivateFlag, CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo,
+use libcryptsetup_rs::consts::vals::{EncryptionFormat, KeyslotInfo};
-    EncryptionFormat, KeyslotInfo, TokenInput,
+use libcryptsetup_rs::{CryptDevice, CryptInit, CryptTokenInfo, TokenInput};
 };
 use std::collections::{HashMap, HashSet};
 use std::path::Path;
@@ -205,7 +204,7 @@ impl LuksDevice {
            None,
            None,
            old_secret,
-            CryptActivateFlags::empty(),
+            CryptActivate::empty(),
        )?;
        // slot should stay the same but better be safe than sorry
@@ -250,9 +249,9 @@ impl LuksDevice {
        dry_run: bool,
        allow_discard: bool,
    ) -> Fido2LuksResult<u32> {
-        let mut flags = CryptActivateFlags::empty();
+        let mut flags = CryptActivate::empty();
        if allow_discard {
-            flags = CryptActivateFlags::new(vec![CryptActivateFlag::AllowDiscards]);
+            flags = flags | CryptActivate::ALLOW_DISCARDS;
        }
        self.device
            .activate_handle()
Author	SHA1	Message	Date
shimun	acd4021e03	Merge remote-tracking branch 'gt/ctap-hid-fido2' into 0.3.0-alpha	2024-03-03 19:41:19 +01:00
shimun	238d877e2f	chore: update naersk	2024-02-11 19:37:12 +01:00
shimun	93e8a33c0e	chore: update deps	2023-12-17 13:53:14 +01:00
shimunn	fb60987468	build nix package	2023-10-02 11:55:56 +02:00