* Revert "release: cargo-binstall v1.4.0 (#1397)"
This reverts commit 99e8256018.
* --allow-dirty on publish
* Remove private key file after generation
* Write public key file to bin crate and to package
* Upload public key file to release
* Sign our releases
* Use secrets instead of artifacts
* And the universal
* Apparently we can’t use secrets like that?
* Minor fixes to doc
* Private key requires untrusted comment
* Dogfood one deeper
* Add CLI options
* Add manifest types
* Thread signature policy through to fetchers
* Thread signing section through from metadata
* Implement signing validation
* Clippy
* Attempt testing
* Yes and
* Why
* fmt
* Update crates/bin/src/args.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Update crates/binstalk-fetchers/src/gh_crate_meta.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Update crates/bin/src/args.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Update crates/binstalk-fetchers/src/signing.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Update crates/binstalk-fetchers/src/signing.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Update crates/binstalk-fetchers/src/signing.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Update crates/binstalk-fetchers/src/signing.rs
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* fixes
* Finish feature
* Document
* Include all fields in the signing.file template
* Readme document
* Review fixes
* Fail on non-utf8 sig
* Thank goodness for tests
* Run test in ci
* Add rsign2 commands
* Log utf8 error
* Update e2e-tests/signing.sh
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `e2e-tests/signing.sh` MacOS CI failure
Move the tls cert creation into `signing.sh` and sleep for 10s to wait
for https server to start.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Refactor e2e-tests-signing files
- Use a tempdir generated by `mktemp` for all certificates-related
files
- Put other checked-in files into `e2e-tests/signing`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fixed `e2e-tests-signing` connection err in MacOS CI
Wait for server to start up by trying to connect to it.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `e2e-tests-signing` passing `-subj` to `openssl` on Windows
Use single quote instead of double quote to avoid automatic expansion
from bash
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `e2e-tests-signing` waiting for server to startup
Remove `timeout` since it is not supported on MacOS.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Try to fix windows CI by setting `MSYS_NO_PATHCONV=1` on `openssl` cmds
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fixed `e2e-tests-signing` on windows
By using double `//` for the value passed to option `-subj`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fixed infinite loop in `signing/wait-for-server` on Windows
Pass `--ssl-revoke-best-effort` to prevent schannel from checking ssl
revocation status.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Add cap on retry attempt in `signing/wait-for-server.sh`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Let `singing/server.py` print output to stderr
so that we can see the error message there.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix running `signing/server.py` on MacOS CI
use `python3` since macos-latest still has python2 installed and
`python` is a symlink to `python2` there.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Co-authored-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix `detect-targets` on ubuntu 20.04, glibc 2.31
Fixed#1375 and fixed#1378
glibc 2.31 does not support `--version`, so we need to detect and
fallback to passing an executable linked with that glibc to check if it
is indeed glibc.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix compilation faillure on ubuntu-20.04
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
Fixed#1353
Merge all dependabot configuration for cargo into one, with directory
setting to `/` so that it will check for dep updates for entire
workspace while also updating lockfile in PR.
To prevent it from opening too many PRs, it's configured to run on
every Saturday, after `upgrade-transitive-deps.yml` is run.
It will also group all dependencies into one PR to prevent opening too
many PRs.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* feat `detect-targets`: Improve support of non-std glibc/musl
Fixed#1329
- Refactor: Create `linux::detect_alternative_targets` to reuse code
from other targets
- Run `/lib/ld-linux-{cpu_arch}.so.1 --version` for checking glibc
support instead of running `ldd --version` since it could be non-std
glibc installation and does not provide
`/lib/ld-linux-{cpu_arch}.so.1`
- Check for non-std glibc and add fallback target
`{cpu_arch}-{distro_name}-linux-gnu{abi}`
- Add `{cpu_arch}-{distro_name}-linux-musl{abi}` fallback for musl
libc, specially for Alpine since it has a
`/lib/ld-musl-{cpu_arch}.so.1`
- For unknown libc flavor, check for the target provided before
fallback to musl
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* feat `detect-targets`: Support glibc on musl target
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* feat `detect-targets`: Unify `Libc::{Gnu, Musl}` checks
since we can't really tell if we are on gnu or musl
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* feat: Improve resolution logging
Fixed#1336
Log target of the pre-built binaries which will be installed.
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix args parsing: `quiet` & `verbose` cannot be set at the same time
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* feat: Implies `--log-level debug` if `--verbose` is set
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix GitHub token auto discovery
Fixed#1333
- Rm dep `gh-token` since it is broken and we can simply run
`gh auth token` in `cargo-binstall` instead.
- binstalk-downloader: Make sure GitHub token is at least 40B long
and other than the `_`, composes of only alphanumeric characters.
- Warn on failure to read `git/credential` files
- Optimize `try_from_home` to avoid heap allocation of `PathBuf`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Fix typo and clippy
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Simplify `is_valid_gh_token` & `is_ascii_alphanumeric` impl
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Improve err msg in `get_inner`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
* Improve err msg of `cargo_binstall::gh_token::get`
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
---------
Signed-off-by: Jiahao XU <Jiahao_XU@outlook.com>
