Merge remote-tracking branch 'gt/ctap-hid-fido2' into 0.3.0-alpha

chore: update naersk
chore: update deps
2024-03-03 19:41:19 +01:00 · 2024-02-11 19:37:12 +01:00 · 2023-12-17 13:53:14 +01:00 · 2023-10-02 11:55:56 +02:00
7 changed files with 180 additions and 118 deletions
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -0,0 +1,32 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Current
+
+# Controls when the workflow will run
+on:
+  schedule:
+    - cron: '0 22 * * 6'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v4
+      - name: Setup Attic cache
+        uses: ryanccn/attic-action@v0
+        with:
+          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+          cache: ${{ secrets.ATTIC_CACHE }}
+          token: ${{ secrets.ATTIC_TOKEN }}
+      - name: Build Nix Package nixos-unstable
+        run: nix build --override-input nixpkgs github:nixos/nixpkgs/nixos-unstable --show-trace
--- a/.github/workflows/locked.yml
+++ b/.github/workflows/locked.yml
@@ -0,0 +1,33 @@
+# This is a basic workflow to help you get started with Actions
+
+name: Locked
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "master" branch
+  push:
+    branches: '*'
+  pull_request:
+    branches: '*'
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v4
+      - name: Setup Attic cache
+        uses: ryanccn/attic-action@v0
+        with:
+          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+          cache: ${{ secrets.ATTIC_CACHE }}
+          token: ${{ secrets.ATTIC_TOKEN }}
+      - name: Build Nix Package
+        run: nix build -j 10 --show-trace
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -67,7 +67,7 @@ checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "synstructure",
 ]

@@ -79,7 +79,7 @@ checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]

 [[package]]
@@ -122,11 +122,11 @@ checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"

 [[package]]
 name = "bindgen"
-version = "0.59.2"
+version = "0.68.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bd2a9a458e8f4304c52c43ebb0cfbd520289f8379a52e329a38afda99bf8eb8"
+checksum = "726e4313eb6ec35d2730258ad4e15b547ee75d6afaa1361a922e78e59b7d8078"
 dependencies = [
- "bitflags",
+ "bitflags 2.4.2",
 "cexpr",
 "clang-sys",
 "lazy_static",
@@ -137,6 +137,7 @@ dependencies = [
 "regex",
 "rustc-hash",
 "shlex",
+ "syn 2.0.52",
 ]

 [[package]]
@@ -145,6 +146,12 @@ version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"

+[[package]]
+name = "bitflags"
+version = "2.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf"
+
 [[package]]
 name = "block-padding"
 version = "0.3.2"
@@ -225,7 +232,7 @@ checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c"
 dependencies = [
 "ansi_term",
 "atty",
- "bitflags",
+ "bitflags 1.3.2",
 "strsim",
 "textwrap",
 "unicode-width",
@@ -302,7 +309,7 @@ checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]

 [[package]]
@@ -329,7 +336,7 @@ checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "synstructure",
 ]

@@ -379,9 +386,9 @@ checksum = "22030e2c5a68ec659fde1e949a745124b48e6fa8b045b7ed5bd1fe4ccc5c4e5d"

 [[package]]
 name = "glob"
-version = "0.3.0"
+version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574"
+checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"

 [[package]]
 name = "half"
@@ -475,20 +482,22 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"

 [[package]]
 name = "libc"
-version = "0.2.132"
+version = "0.2.153"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8371e4e5341c3a96db127eb2465ac681ced4c433e01dd0e938adbef26ba93ba5"
+checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd"

 [[package]]
 name = "libcryptsetup-rs"
-version = "0.5.1"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fe68061beaa409d095b8010a37cb611685a627889aa29d79a0380c93ff89c13"
+checksum = "67dd3f8d51b4feb4acc765c063d45434fb7926fe979b20ee6f95dcd974b4dc0c"
 dependencies = [
+ "bitflags 2.4.2",
 "either",
 "lazy_static",
 "libc",
 "libcryptsetup-rs-sys",
+ "log",
 "pkg-config",
 "semver",
 "serde_json",
@@ -497,9 +506,9 @@ dependencies = [

 [[package]]
 name = "libcryptsetup-rs-sys"
-version = "0.2.1"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0af91b644699911c839309edbb8c8f6addd61e6b9553aa6d02ba71c37597afbe"
+checksum = "20fc299fd05078d353a895d940fc463d1008d94258fc8096c095467549324707"
 dependencies = [
 "bindgen",
 "cc",
@@ -519,12 +528,9 @@ dependencies = [

 [[package]]
 name = "log"
-version = "0.4.17"
+version = "0.4.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
-dependencies = [
- "cfg-if",
-]
+checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c"

 [[package]]
 name = "memchr"
@@ -696,7 +702,7 @@ dependencies = [
 "proc-macro-error-attr",
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "version_check",
 ]

@@ -713,18 +719,18 @@ dependencies = [

 [[package]]
 name = "proc-macro2"
-version = "1.0.43"
+version = "1.0.78"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a2ca2c61bc9f3d74d2886294ab7b9853abd9c1ad903a3ac7815c58989bb7bab"
+checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae"
 dependencies = [
 "unicode-ident",
 ]

 [[package]]
 name = "quote"
-version = "1.0.21"
+version = "1.0.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179"
+checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
 dependencies = [
 "proc-macro2",
 ]
@@ -832,7 +838,7 @@ checksum = "94ed3a816fb1d101812f83e789f888322c34e291f894f19590dc310963e87a00"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]

 [[package]]
@@ -885,7 +891,7 @@ dependencies = [
 "proc-macro-error",
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]

 [[package]]
@@ -904,7 +910,7 @@ dependencies = [
 "proc-macro2",
 "quote",
 "rustversion",
- "syn",
+ "syn 1.0.99",
 ]

 [[package]]
@@ -918,6 +924,17 @@ dependencies = [
 "unicode-ident",
 ]

+[[package]]
+name = "syn"
+version = "2.0.52"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b699d15b36d1f02c3e7c69f8ffef53de37aefae075d8488d4ba1a7788d574a07"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "synstructure"
 version = "0.12.6"
@@ -926,7 +943,7 @@ checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "unicode-xid",
 ]

@@ -956,7 +973,7 @@ checksum = "f8b463991b4eab2d801e724172285ec4195c650e8ec79b149e6c2a8e6dd3f783"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 ]

 [[package]]
@@ -1061,7 +1078,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "wasm-bindgen-shared",
 ]

@@ -1083,7 +1100,7 @@ checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn",
+ "syn 1.0.99",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,21 +19,21 @@ ring = "0.16.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
 structopt = "0.3.2"
+libcryptsetup-rs = "0.9.1"
 serde_json = "1.0.51"
 serde_derive = "1.0.116"
 serde = "1.0.116"
 anyhow = "1.0.56"
 ctap-hid-fido2 = "3.4.1"
-libcryptsetup-rs = "0.5.1"

 [build-dependencies]
 hex = "0.3.2"
 ring = "0.16.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
-anyhow = "1.0.56"
-libcryptsetup-rs = "0.5.1"
+libcryptsetup-rs = "0.9.1"
 structopt = "0.3.2"
+anyhow = "1.0.56"

 [profile.release]
 lto = true
--- a/flake.lock
+++ b/flake.lock
@@ -7,26 +7,26 @@
        ]
      },
      "locked": {
-        "lastModified": 1639947939,
-        "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=",
-        "owner": "nmattia",
+        "lastModified": 1698420672,
+        "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
+        "owner": "nix-community",
        "repo": "naersk",
-        "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653",
+        "rev": "aeb58d5e8faead8980a807c840232697982d47b9",
        "type": "github"
      },
      "original": {
-        "owner": "nmattia",
+        "owner": "nix-community",
        "repo": "naersk",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1647282937,
-        "narHash": "sha256-K8Oo6QyFCfiEWTRpQVfzcwI3YNMKlz6Tu8rr+o3rzRQ=",
+        "lastModified": 1705496572,
+        "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "64fc73bd74f04d3e10cb4e70e1c65b92337e76db",
+        "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19",
        "type": "github"
      },
      "original": {
@@ -41,13 +41,31 @@
        "utils": "utils"
      }
    },
-    "utils": {
+    "systems": {
      "locked": {
-        "lastModified": 1644229661,
-        "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -4,47 +4,37 @@
  inputs = {
    utils.url = "github:numtide/flake-utils";
    naersk = {
-      url = "github:nmattia/naersk";
+      url = "github:nix-community/naersk";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

-outputs = inputs @ { self, nixpkgs, utils, naersk, ... }:
+  outputs = { self, nixpkgs, utils, naersk }:
    let
-      root = inputs.source or self;
-      pname = (builtins.fromTOML (builtins.readFile (root + "/Cargo.toml"))).package.name;
-      # toolchains: stable, beta, default(nightly)
-      toolchain = pkgs: if inputs ? fenix then inputs.fenix.packages."${pkgs.system}".complete.toolchain 
-                  else with pkgs; symlinkJoin { name = "rust-toolchain"; paths = [ rustc cargo ]; };
-      forSystem = system:
+      root = ./.;
+      pname = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).package.name;
+      forPkgs = pkgs:
        let
-        pkgs = nixpkgs.legacyPackages."${system}";
+          naersk-lib = naersk.lib."${pkgs.system}";
+          buildInputs = with pkgs; [ cryptsetup cryptsetup.dev udev.dev ];
+          nativeBuildInputs = with pkgs; [
+            rustPlatform.bindgenHook
+            pkg-config
+            clang
+          ];
        in
        rec {
          # `nix build`
-          packages.${pname} = (self.overlay pkgs pkgs).${pname};
-
-          packages.dockerImage = pkgs.runCommandLocal "docker-${pname}.tar.gz" {} "${apps.streamDockerImage.program} | gzip --fast > $out";
-
-          packages.default = packages.${pname};
+          packages.${pname} = naersk-lib.buildPackage {
+            inherit pname root buildInputs nativeBuildInputs;
+          };
+          defaultPackage = packages.${pname};

          # `nix run`
          apps.${pname} = utils.lib.mkApp {
            drv = packages.${pname};
          };
-          
-          # `nix run .#streamDockerImage | docker load`
-          apps.streamDockerImage = utils.lib.mkApp {
-            drv = with pkgs; dockerTools.streamLayeredImage {
-              name = pname;
-              tag = self.shortRev or "latest";
-              config = {
-                Entrypoint = apps.default.program;
-              };
-            };
-            exePath = "";
-          };
-          apps.default = apps.${pname};
+          defaultApp = apps.${pname};

          # `nix flake check`
          checks = {
@@ -59,42 +49,15 @@ outputs = inputs @ { self, nixpkgs, utils, naersk, ... }:
          hydraJobs = checks // packages;

          # `nix develop`
-          devShell = pkgs.mkShell rec {
-            RUST_SRC_PATH = "${if inputs ? fenix then "${toolchain pkgs}/lib/rustlib" else pkgs.rustPlatform.rustLibSrc}";
-            nativeBuildInputs = with pkgs; [ (toolchain pkgs) cargo-edit rustfmt nixpkgs-fmt ] ++ packages.default.nativeBuildInputs;
-            inherit (packages.default) buildInputs LIBCLANG_PATH;
-            shellHook = ''
-              printf "Rust version:"
-              rustc --version
-              printf "\nbuild inputs: ${pkgs.lib.concatStringsSep ", " (map (bi: bi.name) (buildInputs ++ nativeBuildInputs))}"
-            '';
+          devShell = pkgs.mkShell {
+            nativeBuildInputs = with pkgs; [ rustc cargo rustfmt nixpkgs-fmt ] ++ nativeBuildInputs;
+            inherit buildInputs;
+          };
+        };
+      forSystem = system: forPkgs nixpkgs.legacyPackages."${system}";
+    in
+    (utils.lib.eachSystem [ "aarch64-linux" "i686-linux" "x86_64-linux" ] forSystem) // {
+      overlay = final: prev: (forPkgs final).packages;
    };

-        };
-    in
-    (utils.lib.eachDefaultSystem forSystem) // {
-      overlays.pinned = final: prev: (self.overlay final (import nixpkgs {
-        inherit (final) localSystem;
-      })).packages;
-      overlay = final: prev:
-        let
-          naersk-lib = naersk.lib."${final.system}".override {
-            rustc = toolchain prev;
-            cargo = toolchain prev;
-          };
-          buildInputs = with prev; [ 
-            udev cryptsetup.dev
-          ];
-          nativeBuildInputs = with prev; [
-            pkg-config clang
-          ];
-        in
-        {
-          "${pname}" =
-            naersk-lib.buildPackage {
-              LIBCLANG_PATH = "${final.llvmPackages.libclang.lib}/lib";
-              inherit pname root buildInputs nativeBuildInputs;
-            };
-        };
-    };
 }
--- a/src/luks.rs
+++ b/src/luks.rs
@@ -1,9 +1,8 @@
 use crate::error::*;

-use libcryptsetup_rs::{
-    CryptActivateFlag, CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo,
-    EncryptionFormat, KeyslotInfo, TokenInput,
-};
+use libcryptsetup_rs::consts::flags::CryptActivate;
+use libcryptsetup_rs::consts::vals::{EncryptionFormat, KeyslotInfo};
+use libcryptsetup_rs::{CryptDevice, CryptInit, CryptTokenInfo, TokenInput};
 use std::collections::{HashMap, HashSet};
 use std::path::Path;

@@ -205,7 +204,7 @@ impl LuksDevice {
            None,
            None,
            old_secret,
-            CryptActivateFlags::empty(),
+            CryptActivate::empty(),
        )?;

        // slot should stay the same but better be safe than sorry
@@ -250,9 +249,9 @@ impl LuksDevice {
        dry_run: bool,
        allow_discard: bool,
    ) -> Fido2LuksResult<u32> {
-        let mut flags = CryptActivateFlags::empty();
+        let mut flags = CryptActivate::empty();
        if allow_discard {
-            flags = CryptActivateFlags::new(vec![CryptActivateFlag::AllowDiscards]);
+            flags = flags | CryptActivate::ALLOW_DISCARDS;
        }
        self.device
            .activate_handle()
Author	SHA1	Message	Date
shimun	acd4021e03	Merge remote-tracking branch 'gt/ctap-hid-fido2' into 0.3.0-alpha	2024-03-03 19:41:19 +01:00
shimun	238d877e2f	chore: update naersk	2024-02-11 19:37:12 +01:00
shimun	93e8a33c0e	chore: update deps	2023-12-17 13:53:14 +01:00
shimunn	fb60987468	build nix package	2023-10-02 11:55:56 +02:00