From 55ca8a5ac7290d0d84073bea90ec0d2ea0d9ac0c Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Tue, 26 Nov 2024 17:02:56 +0100 Subject: [PATCH 01/13] feat: enhance cross-check workflow with additional target configurations and enable cross-compilation for specific platforms Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- .github/workflows/cross-ci.yml | 38 +++++++++++++++------------------- 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/.github/workflows/cross-ci.yml b/.github/workflows/cross-ci.yml index 53986bd..766c1ca 100644 --- a/.github/workflows/cross-ci.yml +++ b/.github/workflows/cross-ci.yml @@ -24,7 +24,7 @@ concurrency: jobs: cross-check: - name: Cross checking ${{ matrix.job.target }} + name: Cross checking ${{ matrix.job.target }} on ${{ matrix.rust }} runs-on: ${{ matrix.job.os }} strategy: fail-fast: false @@ -36,12 +36,11 @@ jobs: target: x86_64-pc-windows-msvc architecture: x86_64 use-cross: false - # Disabled for now, as aws-lc-sys needs bindgen-cli for manual build with CMake in cross - # - os: windows-latest - # os-name: windows - # target: x86_64-pc-windows-gnu - # architecture: x86_64 - # use-cross: false + - os: windows-latest + os-name: windows + target: x86_64-pc-windows-gnu + architecture: x86_64 + use-cross: false - os: macos-13 os-name: macos target: x86_64-apple-darwin @@ -51,7 +50,7 @@ jobs: os-name: macos target: aarch64-apple-darwin architecture: arm64 - use-cross: false + use-cross: true - os: ubuntu-latest os-name: linux target: x86_64-unknown-linux-gnu @@ -67,7 +66,6 @@ jobs: target: aarch64-unknown-linux-gnu architecture: arm64 use-cross: true - # Check because of Container images for rustic-rs - os: ubuntu-latest os-name: linux target: aarch64-unknown-linux-musl @@ -78,18 +76,16 @@ jobs: target: i686-unknown-linux-gnu architecture: i686 use-cross: true - # Disabled for now, as aws-lc-sys needs bindgen-cli for manual build with CMake in cross - # - os: ubuntu-latest - # os-name: netbsd - # target: x86_64-unknown-netbsd - # architecture: x86_64 - # use-cross: true - # Disabled for now, as aws-lc-sys needs bindgen-cli for manual build with CMake in cross - # - os: ubuntu-latest - # os-name: linux - # target: armv7-unknown-linux-gnueabihf - # architecture: armv7 - # use-cross: true + - os: ubuntu-latest + os-name: netbsd + target: x86_64-unknown-netbsd + architecture: x86_64 + use-cross: true + - os: ubuntu-latest + os-name: linux + target: armv7-unknown-linux-gnueabihf + architecture: armv7 + use-cross: true steps: - name: Checkout repository From 5579b05f6469405a8534bcb74777bce3339842b0 Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:30:19 +0100 Subject: [PATCH 02/13] chore(deps): add aws-lc-rs and aws-lc-sys to deny list due to build complexity and cross-compilation issues Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- deny.toml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/deny.toml b/deny.toml index 8642906..33f56c5 100644 --- a/deny.toml +++ b/deny.toml @@ -213,14 +213,8 @@ allow = [ ] # List of crates to deny deny = [ - - # Each entry the name of a crate and a version range. If version is - # not specified, all versions will be matched. - # { name = "ansi_term", version = "=0.11.0" }, - # - # Wrapper crates can optionally be specified to allow the crate when it - # is a direct dependency of the otherwise banned crate - # { name = "ansi_term", version = "=0.11.0", wrappers = [] }, + { crate = "aws-lc-rs", reason = "this crate introduces exorbitant build effort and breaks cross-compilation" }, + { crate = "aws-lc-sys", reason = "this crate introduces exorbitant build effort and breaks cross-compilation" }, ] # List of features to allow/deny From 5c0077a16b8ed46e6682c046393090f658ba1278 Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:46:45 +0100 Subject: [PATCH 03/13] feat: update deny.toml configuration with enhanced graph and output settings Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- deny.toml | 135 +++++++++++++++++++----------------------------------- 1 file changed, 48 insertions(+), 87 deletions(-) diff --git a/deny.toml b/deny.toml index 33f56c5..df949b0 100644 --- a/deny.toml +++ b/deny.toml @@ -11,6 +11,9 @@ # Root options +# The graph table configures how the dependency graph is constructed and thus +# which crates the checks are performed against +[graph] # If 1 or more target triples (and optionally, target_features) are specified, # only the specified targets will be checked when running `cargo deny check`. # This means, if a particular package is only ever used as a target specific @@ -20,10 +23,9 @@ # dependencies not shared by any other crates, would be ignored, as the target # list here is effectively saying which targets you are building for. targets = [ - # The triple can be any string, but only the target triples built in to # rustc (as of 1.40) can be checked against actual config expressions - # { triple = "x86_64-unknown-linux-musl" }, + # "x86_64-unknown-linux-musl", # You can also specify which target_features you promise are enabled for a # particular target. target_features are currently not validated against # the actual valid features supported by the target architecture. @@ -47,6 +49,9 @@ no-default-features = false # If set, these feature will be enabled when collecting metadata. If `--features` # is specified on the cmd line they will take precedence over this option. # features = [] + +# The output table provides options for how/if diagnostics are outputted +[output] # When outputting inclusion graphs in diagnostics that include features, this # option can be used to specify the depth at which feature edges will be added. # This option is included since the graphs can be quite large and the addition @@ -58,36 +63,20 @@ feature-depth = 1 # More documentation for the advisories section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html [advisories] -# The path where the advisory database is cloned/fetched into -db-path = "~/.cargo/advisory-db" +# The path where the advisory databases are cloned/fetched into +# db-path = "$CARGO_HOME/advisory-dbs" # The url(s) of the advisory databases to use -db-urls = ["https://github.com/rustsec/advisory-db"] -# The lint level for security vulnerabilities -vulnerability = "deny" -# The lint level for unmaintained crates -unmaintained = "warn" -# The lint level for crates that have been yanked from their source registry -yanked = "warn" -# The lint level for crates with security notices. Note that as of -# 2019-12-17 there are no security notice advisories in -# https://github.com/rustsec/advisory-db -notice = "warn" +# db-urls = ["https://github.com/rustsec/advisory-db"] # A list of advisory IDs to ignore. Note that ignored advisories will still # output a note when they are encountered. ignore = [ - - # "RUSTSEC-0000-0000", + # FIXME!: See https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643. + # There is no workaround available yet. + "RUSTSEC-2023-0071", + # { id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" }, + # "a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish + # { crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" }, ] -# Threshold for security vulnerabilities, any vulnerability with a CVSS score -# lower than the range specified will be ignored. Note that ignored advisories -# will still output a note when they are encountered. -# * None - CVSS Score 0.0 -# * Low - CVSS Score 0.1 - 3.9 -# * Medium - CVSS Score 4.0 - 6.9 -# * High - CVSS Score 7.0 - 8.9 -# * Critical - CVSS Score 9.0 - 10.0 -# severity-threshold = - # If this is true, then cargo deny will use the git executable to fetch advisory database. # If this is false, then it uses a built-in git library. # Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support. @@ -98,44 +87,20 @@ ignore = [ # More documentation for the licenses section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html [licenses] -# The lint level for crates which do not have a detectable license -unlicensed = "warn" # List of explicitly allowed licenses # See https://spdx.org/licenses/ for list of possible licenses # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. allow = [ - - # "MIT", - # "Apache-2.0", - # "Apache-2.0 WITH LLVM-exception", - # "ISC", - # "BSD-3-Clause", - # "CC0-1.0", - # "Unicode-DFS-2016", + "MIT", + "Apache-2.0", + "Apache-2.0 WITH LLVM-exception", + "ISC", + "BSD-3-Clause", + "Unicode-3.0", + "OpenSSL", + "MPL-2.0", + "CC0-1.0", ] -# List of explicitly disallowed licenses -# See https://spdx.org/licenses/ for list of possible licenses -# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. -deny = [ - - # "Nokia", -] -# Lint level for licenses considered copyleft -copyleft = "warn" -# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses -# * both - The license will be approved if it is both OSI-approved *AND* FSF -# * either - The license will be approved if it is either OSI-approved *OR* FSF -# * osi - The license will be approved if it is OSI approved -# * fsf - The license will be approved if it is FSF Free -# * osi-only - The license will be approved if it is OSI-approved *AND NOT* FSF -# * fsf-only - The license will be approved if it is FSF *AND NOT* OSI-approved -# * neither - This predicate is ignored and the default lint level is used -allow-osi-fsf-free = "either" -# Lint level used when no other predicates are matched -# 1. License isn't in the allow or deny lists -# 2. License isn't copyleft -# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither" -default = "deny" # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the # canonical license text of a valid SPDX license file. @@ -144,31 +109,28 @@ confidence-threshold = 0.8 # Allow 1 or more licenses on a per-crate basis, so that particular licenses # aren't accepted for every possible crate as with the normal allow list exceptions = [ - # Each entry is the crate and version constraint, and its specific allow # list - # { allow = ["Zlib"], name = "adler32", version = "*" }, + # { allow = ["Zlib"], crate = "adler32" }, ] # Some crates don't have (easily) machine readable licensing information, # adding a clarification entry for it allows you to manually specify the # licensing information -# [[licenses.clarify]] -# The name of the crate the clarification applies to -# name = "ring" -# The optional version constraint for the crate -# version = "*" +[[licenses.clarify]] +# The package spec the clarification applies to +crate = "ring" # The SPDX expression for the license requirements of the crate -# expression = "MIT AND ISC AND OpenSSL" +expression = "MIT AND ISC AND OpenSSL" # One or more files in the crate's source used as the "source of truth" for # the license expression. If the contents match, the clarification will be used # when running the license check, otherwise the clarification will be ignored # and the crate will be checked normally, which may produce warnings or errors # depending on the rest of your configuration -# license-files = [ -# Each entry is a crate relative path, and the (opaque) hash of its contents -# { path = "LICENSE", hash = 0xbd0eed23 } -# ] +license-files = [ + # Each entry is a crate relative path, and the (opaque) hash of its contents + { path = "LICENSE", hash = 0xbd0eed23 }, +] [licenses.private] # If true, ignores workspace crates that aren't published, or are only @@ -180,7 +142,6 @@ ignore = false # is only published to private registries, and ignore is true, the crate will # not have its license(s) checked registries = [ - # "https://sekretz.com/registry ] @@ -189,7 +150,7 @@ registries = [ # https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html [bans] # Lint level for when multiple versions of the same crate are detected -multiple-versions = "warn" +multiple-versions = "allow" # Lint level for when a crate version requirement is `*` wildcards = "allow" # The graph highlighting used when creating dotgraphs for crates @@ -208,8 +169,8 @@ workspace-default-features = "allow" external-default-features = "allow" # List of crates that are allowed. Use with care! allow = [ - - # { name = "ansi_term", version = "=0.11.0" }, + # "ansi_term@0.11.0", + # { crate = "ansi_term@0.11.0", reason = "you can specify a reason it is allowed" }, ] # List of crates to deny deny = [ @@ -221,7 +182,7 @@ deny = [ # Each entry the name of a crate and a version range. If version is # not specified, all versions will be matched. # [[bans.features]] -# name = "reqwest" +# crate = "reqwest" # Features to not allow # deny = ["json"] # Features to allow @@ -242,16 +203,16 @@ deny = [ # Certain crates/versions that will be skipped when doing duplicate detection. skip = [ - - # { name = "ansi_term", version = "=0.11.0" }, + # "ansi_term@0.11.0", + # { crate = "ansi_term@0.11.0", reason = "you can specify a reason why it can't be updated/removed" }, ] # Similarly to `skip` allows you to skip certain crates during duplicate # detection. Unlike skip, it also includes the entire tree of transitive # dependencies starting at the specified crate, up to a certain depth, which is # by default infinite. skip-tree = [ - - # { name = "ansi_term", version = "=0.11.0", depth = 20 }, + # "ansi_term@0.11.0", # will be skipped along with _all_ of its direct and transitive dependencies + # { crate = "ansi_term@0.11.0", depth = 20 }, ] # This section is considered when running `cargo deny check sources`. @@ -271,9 +232,9 @@ allow-registry = ["https://github.com/rust-lang/crates.io-index"] allow-git = [] [sources.allow-org] -# 1 or more github.com organizations to allow git sources for -github = ["rustic-rs"] -# 1 or more gitlab.com organizations to allow git sources for -gitlab = [""] -# 1 or more bitbucket.org organizations to allow git sources for -bitbucket = [""] +# github.com organizations to allow git sources for +github = [] +# gitlab.com organizations to allow git sources for +gitlab = [] +# bitbucket.org organizations to allow git sources for +bitbucket = [] From eddf3352fd0b30b824155984386a87791fe9468a Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:51:45 +0100 Subject: [PATCH 04/13] chore(deps): remove aws-lc-rs and aws-lc-sys from Cargo.lock and update axum-server feature for TLS using ring Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- Cargo.lock | 194 +---------------------------------------------------- Cargo.toml | 4 +- 2 files changed, 3 insertions(+), 195 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index be37c1e..b3fe484 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -190,32 +190,6 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" -[[package]] -name = "aws-lc-rs" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f47bb8cc16b669d267eeccf585aea077d0882f4777b1c1f740217885d6e6e5a3" -dependencies = [ - "aws-lc-sys", - "paste", - "zeroize", -] - -[[package]] -name = "aws-lc-sys" -version = "0.23.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2101df3813227bbaaaa0b04cd61c534c7954b22bd68d399b440be937dc63ff7" -dependencies = [ - "bindgen", - "cc", - "cmake", - "dunce", - "fs_extra", - "libc", - "paste", -] - [[package]] name = "axum" version = "0.7.9" @@ -412,29 +386,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "bindgen" -version = "0.69.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" -dependencies = [ - "bitflags 2.6.0", - "cexpr", - "clang-sys", - "itertools", - "lazy_static", - "lazycell", - "log", - "prettyplease", - "proc-macro2", - "quote", - "regex", - "rustc-hash", - "shlex", - "syn 2.0.89", - "which", -] - [[package]] name = "bitflags" version = "1.3.2" @@ -527,20 +478,9 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd9de9f2205d5ef3fd67e685b0df337994ddd4495e2a28d185500d0e1edfea47" dependencies = [ - "jobserver", - "libc", "shlex", ] -[[package]] -name = "cexpr" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" -dependencies = [ - "nom", -] - [[package]] name = "cfg-if" version = "1.0.0" @@ -581,17 +521,6 @@ dependencies = [ "inout", ] -[[package]] -name = "clang-sys" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" -dependencies = [ - "glob", - "libc", - "libloading", -] - [[package]] name = "clap" version = "4.5.21" @@ -633,15 +562,6 @@ version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7" -[[package]] -name = "cmake" -version = "0.1.52" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e" -dependencies = [ - "cc", -] - [[package]] name = "color-eyre" version = "0.6.3" @@ -815,24 +735,12 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" -[[package]] -name = "dunce" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" - [[package]] name = "dyn-clone" version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125" -[[package]] -name = "either" -version = "1.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" - [[package]] name = "encode_unicode" version = "0.3.6" @@ -913,12 +821,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "fs_extra" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" - [[package]] name = "fslock" version = "0.2.1" @@ -1158,15 +1060,6 @@ dependencies = [ "digest 0.9.0", ] -[[package]] -name = "home" -version = "0.5.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" -dependencies = [ - "windows-sys 0.52.0", -] - [[package]] name = "htpasswd-verify" version = "0.3.0" @@ -1360,30 +1253,12 @@ version = "1.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" -[[package]] -name = "itertools" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" -dependencies = [ - "either", -] - [[package]] name = "itoa" version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674" -[[package]] -name = "jobserver" -version = "0.1.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" -dependencies = [ - "libc", -] - [[package]] name = "js-sys" version = "0.3.72" @@ -1399,28 +1274,12 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" -[[package]] -name = "lazycell" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" - [[package]] name = "libc" version = "0.2.165" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcb4d3d38eab6c5239a362fa8bae48c03baf980a6e7079f063942d563ef3533e" -[[package]] -name = "libloading" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" -dependencies = [ - "cfg-if", - "windows-targets 0.52.6", -] - [[package]] name = "linked-hash-map" version = "0.5.6" @@ -1487,12 +1346,6 @@ version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" -[[package]] -name = "minimal-lexical" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" - [[package]] name = "miniz_oxide" version = "0.7.4" @@ -1552,16 +1405,6 @@ dependencies = [ "unicode-segmentation", ] -[[package]] -name = "nom" -version = "7.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" -dependencies = [ - "memchr", - "minimal-lexical", -] - [[package]] name = "normalize-line-endings" version = "0.3.0" @@ -1643,12 +1486,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "paste" -version = "1.0.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" - [[package]] name = "percent-encoding" version = "2.3.1" @@ -1781,16 +1618,6 @@ dependencies = [ "yansi", ] -[[package]] -name = "prettyplease" -version = "0.2.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033" -dependencies = [ - "proc-macro2", - "syn 2.0.89", -] - [[package]] name = "proc-macro-crate" version = "3.2.0" @@ -2055,12 +1882,6 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" -[[package]] -name = "rustc-hash" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" - [[package]] name = "rustc-serialize" version = "0.3.25" @@ -2146,9 +1967,9 @@ version = "0.23.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c9cc1d47e243d655ace55ed38201c19ae02c148ae56412ab8750e8f0166ab7f" dependencies = [ - "aws-lc-rs", "log", "once_cell", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -2176,7 +1997,6 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ - "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -3007,18 +2827,6 @@ version = "0.2.95" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d" -[[package]] -name = "which" -version = "4.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" -dependencies = [ - "either", - "home", - "once_cell", - "rustix", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/Cargo.toml b/Cargo.toml index b8de0d7..f56d511 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -46,7 +46,7 @@ axum-auth = "0.7" axum-extra = { version = "0.9", features = ["typed-header", "query", "async-read-body", "typed-routing", "erased-json"] } axum-macros = "0.4" axum-range = "0.4" -axum-server = { version = "0.7", features = ["tls-rustls"] } +axum-server = { version = "0.7", features = ["tls-rustls-no-provider"] } chrono = { version = "0.4.38", features = ["serde"] } clap = { version = "4", features = ["derive", "env", "wrap_help"] } conflate = "0.3.2" @@ -80,7 +80,7 @@ version = "0.8.1" [dependencies.rustls] version = "0.23.16" -features = ["logging", "std", "tls12"] +features = ["logging", "std", "ring", "tls12"] default-features = false [dev-dependencies] From 9dcb79519d61f60874a134dc1d85d22a45114b14 Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:52:17 +0100 Subject: [PATCH 05/13] chore(deps): update dependencies Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- Cargo.lock | 8 ++++---- Cargo.toml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b3fe484..940257a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1276,9 +1276,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.165" +version = "0.2.166" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcb4d3d38eab6c5239a362fa8bae48c03baf980a6e7079f063942d563ef3533e" +checksum = "c2ccc108bbc0b1331bd061864e7cd823c0cab660bbe6970e66e2c0614decde36" [[package]] name = "linked-hash-map" @@ -2614,9 +2614,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.27" +version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" +checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index f56d511..81db64e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,7 +49,7 @@ axum-range = "0.4" axum-server = { version = "0.7", features = ["tls-rustls-no-provider"] } chrono = { version = "0.4.38", features = ["serde"] } clap = { version = "4", features = ["derive", "env", "wrap_help"] } -conflate = "0.3.2" +conflate = "0.3.3" displaydoc = "0.2" # enum_dispatch = "0.3.12" futures = "0.3" @@ -79,7 +79,7 @@ version = "0.8.1" # features = ["gimli-backtrace"] [dependencies.rustls] -version = "0.23.16" +version = "0.23.17" features = ["logging", "std", "ring", "tls12"] default-features = false @@ -90,7 +90,7 @@ assert_cmd = "2" base64 = "0.22" dircmp = "0.2" insta = { version = "1", features = ["redactions", "toml"] } -once_cell = "1.2" +once_cell = "1.20" predicates = "3.1.2" pretty_assertions = "1" rstest = "0.23" From 997108cf90f2112137e71bc95f459c03f96a7dc8 Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 14:54:28 +0100 Subject: [PATCH 06/13] feat: enable cross-compilation for arm64 in release image workflow Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- .github/workflows/release-image.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml index 8712f47..200302c 100644 --- a/.github/workflows/release-image.yml +++ b/.github/workflows/release-image.yml @@ -21,8 +21,6 @@ jobs: with: context: containers push: true - # cross-compiling arm64 is currently not working - # platforms: linux/amd64,linux/arm64 - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 tags: ghcr.io/rustic-rs/rustic_server:latest,ghcr.io/rustic-rs/rustic_server:${{ github.ref_name }} build-args: RUSTIC_SERVER_VERSION=${{ github.ref_name }} From 2d8f9f8b77d7992e403fbf2e104907648d14575e Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:04:43 +0100 Subject: [PATCH 07/13] chore: remove pre-build steps for bindgen-cli in Cross.toml Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- Cross.toml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Cross.toml b/Cross.toml index 8368761..22dc462 100644 --- a/Cross.toml +++ b/Cross.toml @@ -9,13 +9,3 @@ pre-build = [ passthrough = [ "AWS_LC_SYS_PREBUILT_NASM=1", ] - -[target.x86_64-unknown-netbsd] -pre-build = [ - "cargo install --force --locked bindgen-cli", -] - -[target.armv7-unknown-linux-gnueabihf] -pre-build = [ - "cargo install --force --locked bindgen-cli", -] From daea964bc8ba166d3418d1005dd1c8e5d028168d Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:07:08 +0100 Subject: [PATCH 08/13] feat: add musl-tools dependency for aarch64 and x86_64 targets in dist-workspace.toml Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- dist-workspace.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/dist-workspace.toml b/dist-workspace.toml index 9216a6f..960cdd8 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -25,3 +25,4 @@ nasm = '*' # Required for building `aws-lc-sys` on Windows [dist.dependencies.apt] gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu", "aarch64-unknown-linux-musl"] } +musl-tools = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] } \ No newline at end of file From a7ab66265637e87f7e6dcbc5001c7351d42191ab Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:07:41 +0100 Subject: [PATCH 09/13] chore: fix formatting of musl-tools dependency in dist-workspace.toml Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- dist-workspace.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-workspace.toml b/dist-workspace.toml index 960cdd8..94dbbdd 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -25,4 +25,4 @@ nasm = '*' # Required for building `aws-lc-sys` on Windows [dist.dependencies.apt] gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu", "aarch64-unknown-linux-musl"] } -musl-tools = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] } \ No newline at end of file +musl-tools = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] } From 86e5f77eb01520d5e0f1764217a3c11609a45ab5 Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:16:39 +0100 Subject: [PATCH 10/13] feat: add Homebrew formula publishing to release workflow and update installers in dist-workspace.toml Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- .github/workflows/release.yml | 48 ++++++++++++++++++++++++++++++++++- dist-workspace.toml | 6 ++++- 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index acc0335..194075e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -270,14 +270,60 @@ jobs: gh release create "${{ needs.plan.outputs.tag }}" --target "$RELEASE_COMMIT" $PRERELEASE_FLAG --title "$ANNOUNCEMENT_TITLE" --notes-file "$RUNNER_TEMP/notes.txt" artifacts/* + publish-homebrew-formula: + needs: + - plan + - host + runs-on: "ubuntu-20.04" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PLAN: ${{ needs.plan.outputs.val }} + GITHUB_USER: "axo bot" + GITHUB_EMAIL: "admin+bot@axo.dev" + if: ${{ !fromJson(needs.plan.outputs.val).announcement_is_prerelease || fromJson(needs.plan.outputs.val).publish_prereleases }} + steps: + - uses: actions/checkout@v4 + with: + repository: "rustic-rs/homebrew-tap" + token: ${{ secrets.HOMEBREW_TAP_TOKEN }} + # So we have access to the formula + - name: Fetch homebrew formulae + uses: actions/download-artifact@v4 + with: + pattern: artifacts-* + path: Formula/ + merge-multiple: true + # This is extra complex because you can make your Formula name not match your app name + # so we need to find releases with a *.rb file, and publish with that filename. + - name: Commit formula files + run: | + git config --global user.name "${GITHUB_USER}" + git config --global user.email "${GITHUB_EMAIL}" + + for release in $(echo "$PLAN" | jq --compact-output '.releases[] | select([.artifacts[] | endswith(".rb")] | any)'); do + filename=$(echo "$release" | jq '.artifacts[] | select(endswith(".rb"))' --raw-output) + name=$(echo "$filename" | sed "s/\.rb$//") + version=$(echo "$release" | jq .app_version --raw-output) + + export PATH="/home/linuxbrew/.linuxbrew/bin:$PATH" + brew update + # We avoid reformatting user-provided data such as the app description and homepage. + brew style --except-cops FormulaAudit/Homepage,FormulaAudit/Desc,FormulaAuditStrict --fix "Formula/${filename}" || true + + git add "Formula/${filename}" + git commit -m "${name} ${version}" + done + git push + announce: needs: - plan - host + - publish-homebrew-formula # use "always() && ..." to allow us to wait for all publish jobs while # still allowing individual publish jobs to skip themselves (for prereleases). # "host" however must run to completion, no skipping allowed! - if: ${{ always() && needs.host.result == 'success' }} + if: ${{ always() && needs.host.result == 'success' && (needs.publish-homebrew-formula.result == 'skipped' || needs.publish-homebrew-formula.result == 'success') }} runs-on: "ubuntu-20.04" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/dist-workspace.toml b/dist-workspace.toml index 94dbbdd..f82608f 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -8,7 +8,7 @@ cargo-dist-version = "0.25.1" # CI backends to support ci = "github" # The installers to generate for each app -installers = ["shell", "powershell", "msi"] +installers = ["shell", "powershell", "homebrew", "msi"] # Target platforms to build apps for (Rust target-triple syntax) targets = ["aarch64-apple-darwin", "aarch64-unknown-linux-gnu", "aarch64-unknown-linux-musl", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu", "x86_64-unknown-linux-musl", "x86_64-pc-windows-msvc"] # Path that installers should place binaries in @@ -19,6 +19,10 @@ install-updater = true include = ["./config", "./USAGE.md", "./LICENSE"] # Which actions to run on pull requests pr-run-mode = "upload" +# A GitHub repo to push Homebrew formulas to +tap = "rustic-rs/homebrew-tap" +# Publish jobs to run in CI +publish-jobs = ["homebrew"] [dist.dependencies.chocolatey] nasm = '*' # Required for building `aws-lc-sys` on Windows From 94bb7f6ae6ec6e0bdf9119c0f3a76a44c7a8d6ff Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:21:31 +0100 Subject: [PATCH 11/13] feat: separate gcc-aarch64-linux-gnu and gcc-aarch64-linux-musl dependencies in dist-workspace.toml Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- dist-workspace.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dist-workspace.toml b/dist-workspace.toml index f82608f..1115ed1 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -28,5 +28,6 @@ publish-jobs = ["homebrew"] nasm = '*' # Required for building `aws-lc-sys` on Windows [dist.dependencies.apt] -gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu", "aarch64-unknown-linux-musl"] } +gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu"] } +gcc-aarch64-linux-musl = { version = '*', targets = ["aarch64-unknown-linux-musl"] } musl-tools = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] } From 19acd3a4efabdd4cc0c89f4c10db5a0df7ce78b9 Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:28:58 +0100 Subject: [PATCH 12/13] Revert "feat: separate gcc-aarch64-linux-gnu and gcc-aarch64-linux-musl dependencies in dist-workspace.toml" This reverts commit 94bb7f6ae6ec6e0bdf9119c0f3a76a44c7a8d6ff. --- dist-workspace.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dist-workspace.toml b/dist-workspace.toml index 1115ed1..f82608f 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -28,6 +28,5 @@ publish-jobs = ["homebrew"] nasm = '*' # Required for building `aws-lc-sys` on Windows [dist.dependencies.apt] -gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu"] } -gcc-aarch64-linux-musl = { version = '*', targets = ["aarch64-unknown-linux-musl"] } +gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu", "aarch64-unknown-linux-musl"] } musl-tools = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] } From c30eb95fdb078e2374c32825eac415dbd192cd6a Mon Sep 17 00:00:00 2001 From: simonsan <14062932+simonsan@users.noreply.github.com> Date: Wed, 27 Nov 2024 15:34:31 +0100 Subject: [PATCH 13/13] feat: add musl-dev dependency for aarch64 and x86_64 targets in dist-workspace.toml Signed-off-by: simonsan <14062932+simonsan@users.noreply.github.com> --- dist-workspace.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/dist-workspace.toml b/dist-workspace.toml index f82608f..1ddd8bd 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -30,3 +30,4 @@ nasm = '*' # Required for building `aws-lc-sys` on Windows [dist.dependencies.apt] gcc-aarch64-linux-gnu = { version = '*', targets = ["aarch64-unknown-linux-gnu", "aarch64-unknown-linux-musl"] } musl-tools = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] } +musl-dev = { version = '*', targets = ["aarch64-unknown-linux-musl", "x86_64-unknown-linux-musl"] }