Use Rust 1.81 on common container, stop using nightly features for fo…

…rmatting

Makefile

@@ -77,5 +77,5 @@ out/common/index.json: \
 	$(call build,common)
 
 out/.common-loaded: out/common/index.json
-	env -C ./out/common tar -cf - . | docker load
-	touch out/.common-loaded
+	cd ./out/common && tar -cf - . | docker load
+	touch ./out/.common-loaded

src/Makefile

@@ -152,8 +152,7 @@ clippy-fix:
 
 .PHONY: fmt
 fmt:
-	cargo +nightly version
-	cargo +nightly fmt
+	cargo fmt
 
 .PHONY: test
 test:

src/images/common/Containerfile

@@ -20,11 +20,11 @@ FROM stagex/musl-obstack:sx2024.03.0@sha256:4b6737815460908f666fa7a8e91138610d0a
 FROM stagex/openssl:sx2024.03.0@sha256:1a2f656ced34d1ade99279c5663fcf0ec4f6526bcc50142079ef8adc080be3a9 AS openssl
 FROM stagex/pcsc-lite:sx2024.03.0@sha256:e720e1795706c7c8c1db14bf730b10521e3ff42e4bed90addc590f7446aac8af AS pcsc-lite
 FROM stagex/pkgconf:sx2024.03.0@sha256:31ce4eddaf4e777ddb51f01923089f3321ec5272ca0aa834d475f644279209b8 AS pkgconf
-FROM stagex/rust:sx2024.03.0@sha256:fe22a0fcdb569cb70b8147378463fb6ff800e642be9d50542f8e25a38d90ec7f AS rust
+FROM stagex/rust:1.81.0@sha256:b7c834268a81bfcc473246995c55b47fe18414cc553e3293b6294fde4e579163 AS rust
 FROM stagex/zlib:sx2024.03.0@sha256:de8f56f3ece28b14d575329bead53fc5318962ae3cb8f161a2d69710f7ec51f4 AS zlib
 FROM stagex/make:4.4@sha256:df43f0cf3ac1ad91bf91baefb539e8df42c11b0954a6e2498322a5467deb81e3 AS make
 
-FROM scratch as base
+FROM scratch AS base
 ENV TARGET=x86_64-unknown-linux-musl
 ENV RUSTFLAGS="-C target-feature=+crt-static"
 ENV CARGOFLAGS="--locked --no-default-features --release --target ${TARGET}"

src/integration/src/bin/pivot_remote_tls.rs

@@ -58,9 +58,8 @@ impl RequestProcessor for Processor {
 				.unwrap();
 				let mut tls = rustls::Stream::new(&mut conn, &mut stream);
 
-				let http_request = format!(
-					"GET {path} HTTP/1.1\r\nHost: {host}\r\nConnection: close\r\n\r\n"
-				);
+				let http_request =
+					format!("GET {path} HTTP/1.1\r\nHost: {host}\r\nConnection: close\r\n\r\n");
 
 				tls.write_all(http_request.as_bytes()).unwrap();
 

src/qos_client/src/cli/mod.rs

@@ -499,11 +499,11 @@ impl Command {
 	}
 	fn display_type_token() -> Token {
 		Token::new(
-				DISPLAY_TYPE,
-				"The type contained in the file (manifest, manifest-envelope, genesis-output)."
-			)
-			.takes_value(true)
-			.required(true)
+			DISPLAY_TYPE,
+			"The type contained in the file (manifest, manifest-envelope, genesis-output).",
+		)
+		.takes_value(true)
+		.required(true)
 	}
 	fn dr_key_path_token() -> Token {
 		Token::new(DR_KEY_PATH, "Path to a DR key certificate")

src/qos_client/src/cli/services.rs

@@ -545,7 +545,10 @@ pub(crate) fn verify_genesis<P: AsRef<Path>>(
 	let genesis_output_path = namespace_dir.as_ref().join(GENESIS_OUTPUT_FILE);
 	let genesis_output = GenesisOutput::try_from_slice(
 		&fs::read(genesis_output_path).expect("Failed to read genesis output file"),
-	).expect("Failed to deserialize genesis output - check that qos_client and qos_core version line up");
+	)
+	.expect(
+		"Failed to deserialize genesis output - check that qos_client and qos_core version line up",
+	);
 
 	let master_seed_hex = fs::read_to_string(&master_seed_path)
 		.expect("Failed to read master seed to string");
@@ -1165,8 +1168,10 @@ pub(crate) fn get_attestation_doc<P: AsRef<Path>>(
 			}) => (document, manifest_envelope),
 			Ok(ProtocolMsg::LiveAttestationDocResponse {
 				nsm_response: _,
-				manifest_envelope: None
-			}) => panic!("ManifestEnvelope does not exist in enclave - likely waiting for boot instruction"),
+				manifest_envelope: None,
+			}) => panic!(
+				"ManifestEnvelope does not exist in enclave - likely waiting for boot instruction"
+			),
 			r => panic!("Unexpected response: {r:?}"),
 		};
 
@@ -1387,7 +1392,9 @@ where
 		approvers.sort();
 		let approvers = approvers.join("\n");
 
-		let prompt = format!("The following manifest set members approved:\n{approvers}\nIs this ok? (yes/no)");
+		let prompt = format!(
+			"The following manifest set members approved:\n{approvers}\nIs this ok? (yes/no)"
+		);
 
 		if !prompter.prompt_is_yes(&prompt) {
 			return false;
@@ -1897,15 +1904,12 @@ fn find_approvals<P: AsRef<Path>>(
 	boot_dir: P,
 	manifest: &Manifest,
 ) -> Vec<Approval> {
-	let approvals: Vec<_> =  find_file_paths(&boot_dir)
+	let approvals: Vec<_> = find_file_paths(&boot_dir)
 		.iter()
 		.filter_map(|path| {
 			let file_name = split_file_name(path);
 			// Only look at files with the approval extension
-			if file_name
-				.last()
-				.map_or(true, |s| s.as_str() != APPROVAL_EXT)
-			{
+			if file_name.last().map_or(true, |s| s.as_str() != APPROVAL_EXT) {
 				return None;
 			};
 
@@ -1916,7 +1920,8 @@ fn find_approvals<P: AsRef<Path>>(
 
 			assert!(
 				manifest.manifest_set.members.contains(&approval.member),
-				"Found approval from member ({:?}) not included in the Manifest Set", approval.member.alias
+				"Found approval from member ({:?}) not included in the Manifest Set",
+				approval.member.alias
 			);
 
 			let pub_key = P256Public::from_bytes(&approval.member.pub_key)
@@ -2563,10 +2568,7 @@ mod tests {
 			));
 
 			let output = String::from_utf8(vec_out).unwrap();
-			assert_eq!(
-				&output,
-				"Is this the correct namespace name: test-namespace? (yes/no)\n"
-			);
+			assert_eq!(&output, "Is this the correct namespace name: test-namespace? (yes/no)\n");
 		}
 
 		#[test]
@@ -2815,7 +2817,10 @@ mod tests {
 
 			let output = String::from_utf8(vec_out).unwrap();
 			let output: Vec<_> = output.trim().split('\n').collect();
-			assert_eq!(output.last().unwrap(), &"Does this AWS IAM role belong to the intended organization: pr3? (yes/no)");
+			assert_eq!(
+				output.last().unwrap(),
+				&"Does this AWS IAM role belong to the intended organization: pr3? (yes/no)"
+			);
 		}
 
 		#[test]

src/qos_core/src/parser.rs

@@ -27,9 +27,16 @@ impl fmt::Display for ParserError {
 	fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
 		match self {
 			Self::UnexpectedInput(u) => write!(f, "found {u}, which was not an expected argument"),
-			Self::DuplicateInput(i) => write!(f, "found argument {i} more then once, but only one instance was expected"),
-			Self::MutuallyExclusiveInput(y, z) => write!(f, "arguments {y} and {z} are mutually exclusive and cannot be used at the same time"),
-			Self::MissingValue(i) => write!(f, "found argument {i}, which requires a value, but no value was given"),
+			Self::DuplicateInput(i) => {
+				write!(f, "found argument {i} more then once, but only one instance was expected")
+			}
+			Self::MutuallyExclusiveInput(y, z) => write!(
+				f,
+				"arguments {y} and {z} are mutually exclusive and cannot be used at the same time"
+			),
+			Self::MissingValue(i) => {
+				write!(f, "found argument {i}, which requires a value, but no value was given")
+			}
 			Self::MissingInput(i) => write!(f, "argument {i} is required but was not found"),
 		}
 	}

src/qos_core/src/protocol/services/genesis.rs

@@ -139,21 +139,19 @@ pub(in crate::protocol) fn boot_genesis(
 	)
 	.map_err(|e| ProtocolError::QosCrypto(format!("{e:?}")))?;
 
-	let member_outputs: Result<Vec<_>, _> =
-		zip(shares, genesis_set.members.iter().cloned())
-			.map(|(share, share_set_member)| -> Result<GenesisMemberOutput, ProtocolError>{
-				// 1) encrypt the share to quorum key
-				let personal_pub = P256Public::from_bytes(&share_set_member.pub_key)?;
-				let encrypted_quorum_key_share =
-					personal_pub.encrypt(&share)?;
-
-				Ok(GenesisMemberOutput {
-					share_set_member,
-					encrypted_quorum_key_share,
-					share_hash: sha_512(&share),
-				})
+	let member_outputs: Result<Vec<_>, _> = zip(shares, genesis_set.members.iter().cloned())
+		.map(|(share, share_set_member)| -> Result<GenesisMemberOutput, ProtocolError> {
+			// 1) encrypt the share to quorum key
+			let personal_pub = P256Public::from_bytes(&share_set_member.pub_key)?;
+			let encrypted_quorum_key_share = personal_pub.encrypt(&share)?;
+
+			Ok(GenesisMemberOutput {
+				share_set_member,
+				encrypted_quorum_key_share,
+				share_hash: sha_512(&share),
 			})
-			.collect();
+		})
+		.collect();
 
 	let dr_key_wrapped_quorum_key = if let Some(dr_key) = maybe_dr_key {
 		let dr_public = P256Public::from_bytes(&dr_key)

src/qos_core/src/protocol/services/key.rs

@@ -447,7 +447,8 @@ mod test {
 			let ephemeral_file: PathWrapper =
 				"/tmp/boot_key_rejects_manifest_if_not_enough_approvals.secret"
 					.into();
-			let manifest_file: PathWrapper = "/tmp/boot_key_rejects_manifest_if_not_enough_approvals.manifest".into();
+			let manifest_file: PathWrapper =
+				"/tmp/boot_key_rejects_manifest_if_not_enough_approvals.manifest".into();
 
 			let handles = Handles::new(
 				ephemeral_file.deref().to_string(),
@@ -524,9 +525,13 @@ mod test {
 		fn rejects_manifest_with_bad_approval_signature() {
 			let TestArgs { mut manifest_envelope, pivot, .. } = get_test_args();
 
-			let pivot_file: PathWrapper = "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.pivot".into();
-			let ephemeral_file: PathWrapper = "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.secret".into();
-			let manifest_file: PathWrapper = "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.manifest".into();
+			let pivot_file: PathWrapper =
+				"/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.pivot".into();
+			let ephemeral_file: PathWrapper =
+				"/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.secret".into();
+			let manifest_file: PathWrapper =
+				"/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.manifest"
+					.into();
 
 			let handles = Handles::new(
 				ephemeral_file.deref().to_string(),
@@ -578,9 +583,12 @@ mod test {
 				member: non_member,
 			};
 
-			let pivot_file: PathWrapper = "/tmp/boot_key_reject_manifest_with_approval_from_non_memberpivot".into();
-			let ephemeral_file: PathWrapper = "/tmp/boot_key_reject_manifest_with_approval_from_non_membersecret".into();
-			let manifest_file: PathWrapper = "/tmp/boot_key_reject_manifest_with_approval_from_non_membermanifest".into();
+			let pivot_file: PathWrapper =
+				"/tmp/boot_key_reject_manifest_with_approval_from_non_memberpivot".into();
+			let ephemeral_file: PathWrapper =
+				"/tmp/boot_key_reject_manifest_with_approval_from_non_membersecret".into();
+			let manifest_file: PathWrapper =
+				"/tmp/boot_key_reject_manifest_with_approval_from_non_membermanifest".into();
 
 			let handles = Handles::new(
 				ephemeral_file.deref().to_string(),

src/qos_hex/src/lib.rs

@@ -115,7 +115,7 @@ pub fn decode(raw_s: &str) -> Result<Vec<u8>, HexError> {
 					verify_ascii(&sanitized_s_bytes[i])?;
 					verify_ascii(&sanitized_s_bytes[i + 1])?;
 
-					let s = std::str::from_utf8(&sanitized_s_bytes[i..i+2])
+					let s = std::str::from_utf8(&sanitized_s_bytes[i..i + 2])
 						.expect("We ensure that input slice represents ASCII above. qed.");
 					u8::from_str_radix(s, 16).map_err(Into::into)
 				})

src/qos_host/src/lib.rs

@@ -250,9 +250,11 @@ impl HostServer {
 		let enc_manifest_envelope_resp = state
 			.enclave_client
 			.send(&enc_manifest_envelope_req)
-			.map_err(|e|
-				Error(format!("error while trying to send manifest envelope socket request to enclave: {e:?}"))
-			)?;
+			.map_err(|e| {
+				Error(format!(
+					"error while trying to send manifest envelope socket request to enclave: {e:?}"
+				))
+			})?;
 
 		let manifest_envelope_resp = ProtocolMsg::try_from_slice(
 			&enc_manifest_envelope_resp,
@@ -311,7 +313,8 @@ impl HostServer {
 		match state.enclave_client.send(&encoded_request) {
 			Ok(encoded_response) => (StatusCode::OK, encoded_response),
 			Err(e) => {
-				let msg = format!("Error while trying to send request over socket to enclave: {e:?}");
+				let msg =
+					format!("Error while trying to send request over socket to enclave: {e:?}");
 				eprint!("{msg}");
 
 				(

src/qos_net/src/proxy.rs

@@ -106,7 +106,9 @@ impl Proxy {
 				let remote_ip = conn.ip.clone();
 				match self.save_connection(conn) {
 					Ok(()) => {
-						println!("Connection to {hostname} established and saved as ID {connection_id}");
+						println!(
+							"Connection to {hostname} established and saved as ID {connection_id}"
+						);
 						ProxyMsg::ConnectResponse { connection_id, remote_ip }
 					}
 					Err(e) => {
@@ -323,7 +325,8 @@ mod test {
 				panic!("test failure: msg is not ConnectResponse")
 			}
 		};
-		let http_request = "GET / HTTP/1.1\r\nHost: api.turnkey.com\r\nConnection: close\r\n\r\n".to_string();
+		let http_request =
+			"GET / HTTP/1.1\r\nHost: api.turnkey.com\r\nConnection: close\r\n\r\n".to_string();
 
 		let request = borsh::to_vec(&ProxyMsg::WriteRequest {
 			connection_id,

src/qos_net/src/proxy_stream.rs

@@ -139,9 +139,9 @@ impl Read for ProxyStream {
 		let stream: Stream = Stream::connect(&self.addr, self.timeout)
 			.map_err(|e| {
 				std::io::Error::new(
-			ErrorKind::NotConnected,
-			format!("Error while connecting to socket (sending read request): {:?}", e),
-		)
+				ErrorKind::NotConnected,
+				format!("Error while connecting to socket (sending read request): {:?}", e),
+			)
 			})?;
 
 		let req = borsh::to_vec(&ProxyMsg::ReadRequest {
@@ -172,7 +172,14 @@ impl Read for ProxyStream {
 						));
 					}
 					if data.len() > buf.len() {
-						return Err(std::io::Error::new(ErrorKind::InvalidData, format!("overflow: cannot read {} bytes into a buffer of {} bytes", data.len(), buf.len())));
+						return Err(std::io::Error::new(
+							ErrorKind::InvalidData,
+							format!(
+								"overflow: cannot read {} bytes into a buffer of {} bytes",
+								data.len(),
+								buf.len()
+							),
+						));
 					}
 
 					// Copy data into buffer
@@ -203,9 +210,9 @@ impl Write for ProxyStream {
 		let stream: Stream = Stream::connect(&self.addr, self.timeout)
 			.map_err(|e| {
 				std::io::Error::new(
-			ErrorKind::NotConnected,
-			format!("Error while connecting to socket (sending read request): {:?}", e),
-		)
+				ErrorKind::NotConnected,
+				format!("Error while connecting to socket (sending read request): {:?}", e),
+			)
 			})?;
 
 		let req = borsh::to_vec(&ProxyMsg::WriteRequest {
@@ -222,9 +229,9 @@ impl Write for ProxyStream {
 
 		let resp_bytes = stream.recv().map_err(|e| {
 			std::io::Error::new(
-			ErrorKind::Other,
-			format!("QOS IOError receiving bytes from stream after WriteRequest: {:?}", e),
-		)
+				ErrorKind::Other,
+				format!("QOS IOError receiving bytes from stream after WriteRequest: {:?}", e),
+			)
 		})?;
 
 		match ProxyMsg::try_from_slice(&resp_bytes) {
@@ -254,9 +261,9 @@ impl Write for ProxyStream {
 		let stream: Stream = Stream::connect(&self.addr, self.timeout)
 			.map_err(|e| {
 				std::io::Error::new(
-			ErrorKind::NotConnected,
-			format!("Error while connecting to socket (sending read request): {:?}", e),
-				)
+				ErrorKind::NotConnected,
+				format!("Error while connecting to socket (sending read request): {:?}", e),
+			)
 			})?;
 
 		let req = borsh::to_vec(&ProxyMsg::FlushRequest {
@@ -273,9 +280,9 @@ impl Write for ProxyStream {
 
 		let resp_bytes = stream.recv().map_err(|e| {
 			std::io::Error::new(
-			ErrorKind::Other,
-			format!("QOS IOError receiving bytes from stream after FlushRequest: {:?}", e),
-		)
+				ErrorKind::Other,
+				format!("QOS IOError receiving bytes from stream after FlushRequest: {:?}", e),
+			)
 		})?;
 
 		match ProxyMsg::try_from_slice(&resp_bytes) {
@@ -470,7 +477,14 @@ mod test {
 							));
 						}
 						if data.len() > buf.len() {
-							return Err(std::io::Error::new(ErrorKind::InvalidData, format!("overflow: cannot read {} bytes into a buffer of {} bytes", data.len(), buf.len())));
+							return Err(std::io::Error::new(
+								ErrorKind::InvalidData,
+								format!(
+									"overflow: cannot read {} bytes into a buffer of {} bytes",
+									data.len(),
+									buf.len()
+								),
+							));
 						}
 
 						// Copy data into buffer