From b031f79e1fdeaee396b3aa634952136119f52a9b Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 14 Dec 2020 20:58:39 +1300 Subject: [PATCH] switch to rustls, fix windows build --- .github/workflows/rust.yml | 2 +- Cargo.lock | 111 ++++++++++++++++++++++++++++++++++++- Cargo.toml | 5 +- README.md | 9 ++- 4 files changed, 117 insertions(+), 10 deletions(-) diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 2222fb47..7e12d128 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -64,7 +64,7 @@ jobs: - name: Copy / Rename utility run: | - cp target/${{ matrix.target }}/release/${{ matrix.output }} ${{ matrix.output }}-${{ matrix.target }} + cp target/${{ matrix.target }}/release/${{ matrix.output }} cargo-binstall-${{ matrix.target }} tar -czvf cargo-binstall-${{ matrix.target }}.tgz ${{ matrix.output }}-${{ matrix.target }} - name: Upload artifacts diff --git a/Cargo.lock b/Cargo.lock index a9b9ddae..1f962105 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -50,6 +50,12 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" +[[package]] +name = "base64" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff" + [[package]] name = "base64" version = "0.13.0" @@ -617,6 +623,22 @@ dependencies = [ "want", ] +[[package]] +name = "hyper-rustls" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37743cc83e8ee85eacfce90f2f4102030d9ff0a95244098d781e9bee4a90abb6" +dependencies = [ + "bytes", + "futures-util", + "hyper", + "log", + "rustls", + "tokio", + "tokio-rustls", + "webpki", +] + [[package]] name = "hyper-tls" version = "0.4.3" @@ -1173,7 +1195,7 @@ version = "0.10.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fb15d6255c792356a0f578d8a645c677904dc02e862bebe2ecc18e0c01b9a0ce" dependencies = [ - "base64", + "base64 0.13.0", "bytes", "encoding_rs", "futures-core", @@ -1181,6 +1203,7 @@ dependencies = [ "http", "http-body", "hyper", + "hyper-rustls", "hyper-tls", "ipnet", "js-sys", @@ -1191,31 +1214,62 @@ dependencies = [ "native-tls", "percent-encoding", "pin-project-lite 0.2.0", + "rustls", "serde", "serde_json", "serde_urlencoded", "tokio", + "tokio-rustls", "tokio-tls", "url", "wasm-bindgen", "wasm-bindgen-futures", "wasm-bindgen-test", "web-sys", + "webpki-roots", "winreg", ] +[[package]] +name = "ring" +version = "0.16.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "024a1e66fea74c66c66624ee5622a7ff0e4b73a13b4f5c326ddb50c708944226" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin", + "untrusted", + "web-sys", + "winapi 0.3.9", +] + [[package]] name = "rust-argon2" version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb" dependencies = [ - "base64", + "base64 0.13.0", "blake2b_simd", "constant_time_eq", "crossbeam-utils", ] +[[package]] +name = "rustls" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d1126dcf58e93cee7d098dbda643b5f92ed724f1f6a63007c1116eed6700c81" +dependencies = [ + "base64 0.12.3", + "log", + "ring", + "sct", + "webpki", +] + [[package]] name = "ryu" version = "1.0.5" @@ -1238,6 +1292,16 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea6a9290e3c9cf0f18145ef7ffa62d68ee0bf5fcd651017e586dc7fd5da448c2" +[[package]] +name = "sct" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3042af939fca8c3453b7af0f1c66e533a15a86169e39de2657310ade8f98d3c" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "security-framework" version = "2.0.0" @@ -1365,6 +1429,12 @@ dependencies = [ "winapi 0.3.9", ] +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + [[package]] name = "strsim" version = "0.8.0" @@ -1544,6 +1614,18 @@ dependencies = [ "syn", ] +[[package]] +name = "tokio-rustls" +version = "0.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e12831b255bcfa39dc0436b01e19fea231a37db570686c06ee72c423479f889a" +dependencies = [ + "futures-core", + "rustls", + "tokio", + "webpki", +] + [[package]] name = "tokio-tls" version = "0.3.1" @@ -1677,6 +1759,12 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "url" version = "2.2.0" @@ -1831,6 +1919,25 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki" +version = "0.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +name = "webpki-roots" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f20dea7535251981a9670857150d571846545088359b28e4951d350bdaf179f" +dependencies = [ + "webpki", +] + [[package]] name = "winapi" version = "0.2.8" diff --git a/Cargo.toml b/Cargo.toml index 828d6029..8c3e99a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,11 +1,12 @@ [package] name = "cargo-binstall" +description = "Rust binary package installer for CI integration" repository = "https://github.com/ryankurte/cargo-binutil" version = "0.1.0" authors = ["ryan "] edition = "2018" +license = "GPL-3.0" -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] crates_io_api = "0.6.1" @@ -16,7 +17,7 @@ log = "0.4.11" structopt = "0.3.21" simplelog = "0.8.0" anyhow = "1.0.35" -reqwest = "0.10.9" +reqwest = { version = "0.10.9", features = [ "rustls-tls" ] } tempdir = "0.3.7" flate2 = "1.0.19" tar = "0.4.30" diff --git a/README.md b/README.md index 00e3bbb0..ba1f8899 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Cargo B(inary) Install -A helper for distributing / installing pre-built binaries in a pseudo-distributed and maybe-one-day secure manner - +A helper for distributing / installing pre-built rust binaries in a pseudo-distributed and maybe-one-day secure manner. +This is part experiment, part solving a personal problem, and part hope that we can solve / never re-visit this. Good luck! ## Status @@ -15,8 +15,7 @@ A helper for distributing / installing pre-built binaries in a pseudo-distribute First you'll need to install `cargo-binstall` either via `cargo install cargo-binstall` (and it'll have to compile, sorry...), or by grabbing a pre-compiled version from the [releases](https://github.com/ryankurte/cargo-binstall/releases) page and putting that on your path. It's like there's a problem we're trying to solve? -If a project supports `binstall` you can then install binaries via `cargo binstall NAME` where `NAME` is the name of the crate. We hope the defaults will work without configuration in some cases, however, different projects have wildly different configurations so some further work may be required to support `binstall` in your project, see [Usage](#Usage) for details. - +If a project supports `binstall` you can then install binaries via `cargo binstall NAME` where `NAME` is the name of the crate. We hope the defaults will work without configuration in _some_ cases, however, different projects have wildly different configurations. You may need to add some cargo metadata to support `binstall` in your project, see [Usage](#Usage) for details. ## Features @@ -29,7 +28,7 @@ If a project supports `binstall` you can then install binaries via `cargo binsta - [x] Tgz - [x] Tar - [x] Bin -- Cryptography +- Security - [ ] Package signing - [ ] Package verification