Commits · 405de6a8ec524a969404ad8e43b02e91a45d1b0d · Arch Linux / signstar · GitLab

Snippets Groups Projects

Due to an influx of spam, we have had to temporarily disable account registrations. Please write an email to accountsupport@archlinux.org, with your desired username, if you want to get access. Sorry for the inconvenience.

Nov 26, 2024

test(justfile): Add `test-readmes` recipe to test supported projects · 405de6a8

David Runge authored 4 months ago


Use a `test-readmes` recipe as bundled target for testing all README.md
based end-to-end integrations that are available.

Signed-off-by: David Runge <dvzrv@archlinux.org>

405de6a8

test(justfile): Adapt `test-readme` recipe for `signstar-configure-build` · 13d52e11

David Runge authored 5 months ago


Extend the `test-readme` recipe to allow running tangler in an Arch
Linux container.
Allow global overrides to container creation and running.
Add specific overrides when testing against `signstar-configure-build`
project, as here we need to test inside of a container.

Signed-off-by: David Runge <dvzrv@archlinux.org>

13d52e11

feat: Add build-time configuration tool for signstar host · 56f45a7f

David Runge authored 5 months ago

Add executable `signstar-configure-build` to create system users and
their integration for signstar hosts during build-time.
Users are created without a passphrase with the help of `useradd` and
unlocked using `usermod`.
User home directories are created in a dedicated directory with the help
of `tmpfiles.d`.
Afterwards, if available for the specific user mapping, SSH
configuration is created based on system-wide drop-ins, that define
which SSH keys are authorized for authentication and sets a command,
which is enforced upon login.

Fixes: archlinux/signstar#78


Signed-off-by: David Runge <dvzrv@archlinux.org>

56f45a7f

feat: Use `cargo nextest` for more test parallelism · 9106b583

Wiktor Kwapisiewicz authored 4 months ago


The `cargo test` command cannot parallelize across crates and it makes
tests slower than necessary:

```
$ time cargo test --all
...
real	0m8,449s
user	1m24,149s
sys	0m37,558s
```

Comparing with `nextest` the difference is clear:

```
$ time cargo nextest run --all
...
real	0m2,898s
user	0m5,922s
sys	0m2,079s
```

Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>

9106b583

chore(deps): Update dependencies and fix license ID · d36cbb3c
Wiktor Kwapisiewicz authored 4 months ago
```
Fixes: #107
Fixes: #108


Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
```
Verified

d36cbb3c

Nov 22, 2024
- fix(deps): update rust crate picky-asn1-x509 to 0.14.0 · e3a29176
  renovate authored 4 months ago
  
  Signed-off-by: renovate <renovate@archlinux.org>
  Verified
  
  e3a29176
Nov 20, 2024
- feat: Introduce `nethsm-tests` for easier integration testing · ebb0aa75
  Wiktor Kwapisiewicz authored 4 months ago
  
  Fixes: #98 Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  ebb0aa75
Nov 18, 2024
- ci: Split tangler and integration tests · d35cce29
  Wiktor Kwapisiewicz authored 4 months ago
  
  Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  d35cce29
- fix: Revert "fix: Use hardcoded known-good mkosi version" · 5c38e413
  Wiktor Kwapisiewicz authored 4 months ago
  
  This reverts commit ecc6e5d8. Fixes: #102 Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  5c38e413
Nov 14, 2024
- fix: Use hardcoded known-good mkosi version · ecc6e5d8
  Wiktor Kwapisiewicz authored 4 months ago
  
  See: #102 Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  ecc6e5d8
Nov 08, 2024
- chore(deps): update rust crate thiserror to v2 · 2e9283a7
  renovate authored 4 months ago and Wiktor Kwapisiewicz committed 4 months ago
  
  Signed-off-by: renovate <renovate@archlinux.org> Co-authored-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  2e9283a7
Nov 07, 2024
- docs: Use easier to understand `no_run` attribute · 91f717aa
  Wiktor Kwapisiewicz authored 4 months ago
  
  Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  91f717aa
Nov 05, 2024
- fix: Update `hashbrown` to avoid using yanked crate · f11d53e1
  Wiktor Kwapisiewicz authored 4 months ago
  
  Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  f11d53e1
Nov 03, 2024

fix(justfile): Check for the correct commands in `ci-publish` recipe · 5178feac

David Runge authored 5 months ago


Check for `cargo` and `mold` (`cargo-publish` does not exist and `git`
is not required).

Signed-off-by: David Runge <dvzrv@archlinux.org>

5178feac

chore(cargo): Move same-crate, feature-incompatible crates to workspace · 44b3d2ca

David Runge authored 5 months ago


Move dependencies that are used multiple times in the same crate, but
with differing features (i.e. ed25519-dalek, rsa) to the workspace
dependencies.

Signed-off-by: David Runge <dvzrv@archlinux.org>

44b3d2ca

chore(cargo): Move common dependencies to workspace dependencies · 488e38a4

David Runge authored 5 months ago


Move all dependencies, that are used by more than or equal to two crates
(i.e. chrono, nethsm, rand, serde, strum) to workspace dependencies.

Signed-off-by: David Runge <dvzrv@archlinux.org>

488e38a4

chore(cargo): Move shared dependencies to workspace dependencies · eb15e188

David Runge authored 5 months ago


Move dependencies shared by all crates (i.e. rstest, testdir, testresult
and thiserror) to the workspace dependencies.

Signed-off-by: David Runge <dvzrv@archlinux.org>

eb15e188

chore(cargo): Move package metadata to workspace · e3d2448d

David Runge authored 5 months ago


Move the authors, edition, homepage, license and repository metadata to
workspace metadata, as it is the same for all crates.

Signed-off-by: David Runge <dvzrv@archlinux.org>

e3d2448d

docs: Replace upstream reproducible-builds link with Arch Wiki link · 03425be9

David Runge authored 5 months ago


The reproducible-builds.org website has been unavailable several times,
breaking CI, so we switch to checking something more reliable: the Arch
Wiki.

Signed-off-by: David Runge <dvzrv@archlinux.org>

03425be9

feat(justfile): Add `ensure-command` recipe to check for needed commands · cceea83d

David Runge authored 5 months ago


Use the `ensure-command` recipe in other recipes to fail early if a
required command is not available.

Signed-off-by: David Runge <dvzrv@archlinux.org>

cceea83d

fix(justfile): Adjust `check-links` recipe to run on all files · 8bd39fce

David Runge authored 5 months ago


Run `lychee` on all files instead of selected ones.
Selecting specific files leads to the .gitignore not being honored and
users with an in-project target dir waste many cycles on checking links
in there.

Signed-off-by: David Runge <dvzrv@archlinux.org>

8bd39fce

feat(justfile): Also run clippy for all tests · d9b09c8c
David Runge authored 5 months ago
```
Signed-off-by: David Runge <dvzrv@archlinux.org>
```
Verified

d9b09c8c

feat(justfile): Use `docs` recipe in `test` recipe · dd91152c

David Runge authored 5 months ago


Use an inline script instead of a just script string in the `test`
recipe, as that is more readable.
Reuse the `docs` recipe in the `test` recipe to test docs in a more
standardized fashion.

Signed-off-by: David Runge <dvzrv@archlinux.org>

dd91152c

Nov 02, 2024

docs: Use correct link to upstream Error type in `nethsm_sdk::Message` · 349337a3
David Runge authored 5 months ago
```
Signed-off-by: David Runge <dvzrv@archlinux.org>
```
Verified

349337a3

feat(justfile): Add dedicated recipe for building documentation · 93afcf5a

David Runge authored 5 months ago


Add the `docs` recipe to build the Rust documentation of all crates.

Signed-off-by: David Runge <dvzrv@archlinux.org>

93afcf5a

feat: Add `HermeticParallelConfig` as hermetic, parallel configuration · bfc61b02

David Runge authored 6 months ago


Add `HermeticParallelConfig` as configuration file integration for a
passphrase-less, system-wide configuration file format, that tracks
parallel `NetHsm`s and `UserMapping`s across them.

Signed-off-by: David Runge <dvzrv@archlinux.org>

bfc61b02

feat!: Allow tracking inner error message in `config::Error::Load` · cb529e80

David Runge authored 5 months ago


Inner error messages are not represented by `confy::ConfyError`, so we
adapt `config::Error::Load` to also track the `String` representation
of the inner `Error` type, so that users of the library get meaningful
error messages on configuration loading issues.

Signed-off-by: David Runge <dvzrv@archlinux.org>

cb529e80

Oct 28, 2024
- feat: Add `UserMapping`, mapping system and NetHsm users and their roles · 610d1fcc
  David Runge authored 5 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  610d1fcc
- feat: Add `NetHsmMetricsUsers` for tracking metrics and operator users · 978c6828
  David Runge authored 5 months ago
  
  Add `NetHsmMetricsUsers` for tracking the `UserId` of a user in the Metrics role and a list of unique `UserId`s representing users in the Operator role. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  978c6828
- feat: Add `SystemWideUserId` for a guaranteed to be system-wide `UserId` · d54d83eb
  David Runge authored 5 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  d54d83eb
- feat: Add `AuthorizedKeyEntry` and `AuthorizedKeyEntryList` for SSH keys · 63cf7516
  David Runge authored 5 months ago
  
  Add `AuthorizedKeyEntry` and `AuthorizedKeyEntryList` for representing (lists of) SSH `authorized_keys` entries. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  63cf7516
- feat: Add `SystemUserId` as representation of a system user name · 4fe78f16
  David Runge authored 5 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  4fe78f16
- fix: Provide the config name from settings when loading a configuration · 07a98b46
  David Runge authored 6 months ago
  
  Instead of hardcoding the current default (defined by the `ConfigName` default), use the config name passed in by the `ConfigSettings` when creating a new `Config` object. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  07a98b46
- fix: Extend documentation for `ConfigInteractivity::NonInteractive` · 25b0f822
  David Runge authored 6 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  25b0f822
- feat: Derive `Copy` for `nethsm::UserRole` · 3b5eed55
  David Runge authored 5 months ago
  
  As the enum doesn't carry owned data, it is safe to make it `Copy`. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  3b5eed55
- fix: Return borrowed from `ConfigCredentials::get_passphrase` · 86bc44eb
  David Runge authored 5 months ago
  
  Instead of returning an owned type, return a borrowed type to let the consumer clone if needbe. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  86bc44eb
- feat: Implement `AsRef<str>` for `NamespaceId` to return string slice · 79aaabf5
  David Runge authored 5 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  79aaabf5
- refactor: Move `ConfigCredentials` to credentials module · 89f64b1d
  David Runge authored 6 months ago
  
  Move the `ConfigCredentials` struct to a dedicated credentials module, where more credentials related types will live in the future. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  89f64b1d
Oct 25, 2024
- fix: Properly truncate digests for ECDSA signing schemes · bdd4b5d0
  Wiktor Kwapisiewicz authored 5 months ago
  
  Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  bdd4b5d0
- fix: Make serde use `TryFrom<String>` for deserialization · e6c2d343
  Wiktor Kwapisiewicz authored 5 months ago
  
  Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  e6c2d343