diff --git a/Makefile b/Makefile index 985a9160..9c676c5a 100644 --- a/Makefile +++ b/Makefile @@ -77,5 +77,5 @@ out/common/index.json: \ $(call build,common) out/.common-loaded: out/common/index.json - env -C ./out/common tar -cf - . | docker load - touch out/.common-loaded + cd ./out/common && tar -cf - . | docker load + touch ./out/.common-loaded diff --git a/src/Makefile b/src/Makefile index c171fbab..3f6d365a 100644 --- a/src/Makefile +++ b/src/Makefile @@ -152,8 +152,7 @@ clippy-fix: .PHONY: fmt fmt: - cargo +nightly version - cargo +nightly fmt + cargo fmt .PHONY: test test: diff --git a/src/images/common/Containerfile b/src/images/common/Containerfile index 6f2e6620..28e9a485 100644 --- a/src/images/common/Containerfile +++ b/src/images/common/Containerfile @@ -20,11 +20,11 @@ FROM stagex/musl-obstack:sx2024.03.0@sha256:4b6737815460908f666fa7a8e91138610d0a FROM stagex/openssl:sx2024.03.0@sha256:1a2f656ced34d1ade99279c5663fcf0ec4f6526bcc50142079ef8adc080be3a9 AS openssl FROM stagex/pcsc-lite:sx2024.03.0@sha256:e720e1795706c7c8c1db14bf730b10521e3ff42e4bed90addc590f7446aac8af AS pcsc-lite FROM stagex/pkgconf:sx2024.03.0@sha256:31ce4eddaf4e777ddb51f01923089f3321ec5272ca0aa834d475f644279209b8 AS pkgconf -FROM stagex/rust:sx2024.03.0@sha256:fe22a0fcdb569cb70b8147378463fb6ff800e642be9d50542f8e25a38d90ec7f AS rust +FROM stagex/rust:1.81.0@sha256:b7c834268a81bfcc473246995c55b47fe18414cc553e3293b6294fde4e579163 AS rust FROM stagex/zlib:sx2024.03.0@sha256:de8f56f3ece28b14d575329bead53fc5318962ae3cb8f161a2d69710f7ec51f4 AS zlib FROM stagex/make:4.4@sha256:df43f0cf3ac1ad91bf91baefb539e8df42c11b0954a6e2498322a5467deb81e3 AS make -FROM scratch as base +FROM scratch AS base ENV TARGET=x86_64-unknown-linux-musl ENV RUSTFLAGS="-C target-feature=+crt-static" ENV CARGOFLAGS="--locked --no-default-features --release --target ${TARGET}" diff --git a/src/integration/src/bin/pivot_remote_tls.rs b/src/integration/src/bin/pivot_remote_tls.rs index 3d041bfd..f5f8eca0 100644 --- a/src/integration/src/bin/pivot_remote_tls.rs +++ b/src/integration/src/bin/pivot_remote_tls.rs @@ -58,9 +58,8 @@ impl RequestProcessor for Processor { .unwrap(); let mut tls = rustls::Stream::new(&mut conn, &mut stream); - let http_request = format!( - "GET {path} HTTP/1.1\r\nHost: {host}\r\nConnection: close\r\n\r\n" - ); + let http_request = + format!("GET {path} HTTP/1.1\r\nHost: {host}\r\nConnection: close\r\n\r\n"); tls.write_all(http_request.as_bytes()).unwrap(); diff --git a/src/qos_client/src/cli/mod.rs b/src/qos_client/src/cli/mod.rs index bc628ed4..f6ef16c0 100644 --- a/src/qos_client/src/cli/mod.rs +++ b/src/qos_client/src/cli/mod.rs @@ -499,11 +499,11 @@ impl Command { } fn display_type_token() -> Token { Token::new( - DISPLAY_TYPE, - "The type contained in the file (manifest, manifest-envelope, genesis-output)." - ) - .takes_value(true) - .required(true) + DISPLAY_TYPE, + "The type contained in the file (manifest, manifest-envelope, genesis-output).", + ) + .takes_value(true) + .required(true) } fn dr_key_path_token() -> Token { Token::new(DR_KEY_PATH, "Path to a DR key certificate") diff --git a/src/qos_client/src/cli/services.rs b/src/qos_client/src/cli/services.rs index 0aa8ce49..817c5f54 100644 --- a/src/qos_client/src/cli/services.rs +++ b/src/qos_client/src/cli/services.rs @@ -545,7 +545,10 @@ pub(crate) fn verify_genesis>( let genesis_output_path = namespace_dir.as_ref().join(GENESIS_OUTPUT_FILE); let genesis_output = GenesisOutput::try_from_slice( &fs::read(genesis_output_path).expect("Failed to read genesis output file"), - ).expect("Failed to deserialize genesis output - check that qos_client and qos_core version line up"); + ) + .expect( + "Failed to deserialize genesis output - check that qos_client and qos_core version line up", + ); let master_seed_hex = fs::read_to_string(&master_seed_path) .expect("Failed to read master seed to string"); @@ -1165,8 +1168,10 @@ pub(crate) fn get_attestation_doc>( }) => (document, manifest_envelope), Ok(ProtocolMsg::LiveAttestationDocResponse { nsm_response: _, - manifest_envelope: None - }) => panic!("ManifestEnvelope does not exist in enclave - likely waiting for boot instruction"), + manifest_envelope: None, + }) => panic!( + "ManifestEnvelope does not exist in enclave - likely waiting for boot instruction" + ), r => panic!("Unexpected response: {r:?}"), }; @@ -1387,7 +1392,9 @@ where approvers.sort(); let approvers = approvers.join("\n"); - let prompt = format!("The following manifest set members approved:\n{approvers}\nIs this ok? (yes/no)"); + let prompt = format!( + "The following manifest set members approved:\n{approvers}\nIs this ok? (yes/no)" + ); if !prompter.prompt_is_yes(&prompt) { return false; @@ -1897,15 +1904,12 @@ fn find_approvals>( boot_dir: P, manifest: &Manifest, ) -> Vec { - let approvals: Vec<_> = find_file_paths(&boot_dir) + let approvals: Vec<_> = find_file_paths(&boot_dir) .iter() .filter_map(|path| { let file_name = split_file_name(path); // Only look at files with the approval extension - if file_name - .last() - .map_or(true, |s| s.as_str() != APPROVAL_EXT) - { + if file_name.last().map_or(true, |s| s.as_str() != APPROVAL_EXT) { return None; }; @@ -1916,7 +1920,8 @@ fn find_approvals>( assert!( manifest.manifest_set.members.contains(&approval.member), - "Found approval from member ({:?}) not included in the Manifest Set", approval.member.alias + "Found approval from member ({:?}) not included in the Manifest Set", + approval.member.alias ); let pub_key = P256Public::from_bytes(&approval.member.pub_key) @@ -2563,10 +2568,7 @@ mod tests { )); let output = String::from_utf8(vec_out).unwrap(); - assert_eq!( - &output, - "Is this the correct namespace name: test-namespace? (yes/no)\n" - ); + assert_eq!(&output, "Is this the correct namespace name: test-namespace? (yes/no)\n"); } #[test] @@ -2815,7 +2817,10 @@ mod tests { let output = String::from_utf8(vec_out).unwrap(); let output: Vec<_> = output.trim().split('\n').collect(); - assert_eq!(output.last().unwrap(), &"Does this AWS IAM role belong to the intended organization: pr3? (yes/no)"); + assert_eq!( + output.last().unwrap(), + &"Does this AWS IAM role belong to the intended organization: pr3? (yes/no)" + ); } #[test] diff --git a/src/qos_core/src/parser.rs b/src/qos_core/src/parser.rs index 895179d8..3e34effc 100644 --- a/src/qos_core/src/parser.rs +++ b/src/qos_core/src/parser.rs @@ -27,9 +27,16 @@ impl fmt::Display for ParserError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { Self::UnexpectedInput(u) => write!(f, "found {u}, which was not an expected argument"), - Self::DuplicateInput(i) => write!(f, "found argument {i} more then once, but only one instance was expected"), - Self::MutuallyExclusiveInput(y, z) => write!(f, "arguments {y} and {z} are mutually exclusive and cannot be used at the same time"), - Self::MissingValue(i) => write!(f, "found argument {i}, which requires a value, but no value was given"), + Self::DuplicateInput(i) => { + write!(f, "found argument {i} more then once, but only one instance was expected") + } + Self::MutuallyExclusiveInput(y, z) => write!( + f, + "arguments {y} and {z} are mutually exclusive and cannot be used at the same time" + ), + Self::MissingValue(i) => { + write!(f, "found argument {i}, which requires a value, but no value was given") + } Self::MissingInput(i) => write!(f, "argument {i} is required but was not found"), } } diff --git a/src/qos_core/src/protocol/services/genesis.rs b/src/qos_core/src/protocol/services/genesis.rs index 3239aae3..95b9e654 100644 --- a/src/qos_core/src/protocol/services/genesis.rs +++ b/src/qos_core/src/protocol/services/genesis.rs @@ -139,21 +139,19 @@ pub(in crate::protocol) fn boot_genesis( ) .map_err(|e| ProtocolError::QosCrypto(format!("{e:?}")))?; - let member_outputs: Result, _> = - zip(shares, genesis_set.members.iter().cloned()) - .map(|(share, share_set_member)| -> Result{ - // 1) encrypt the share to quorum key - let personal_pub = P256Public::from_bytes(&share_set_member.pub_key)?; - let encrypted_quorum_key_share = - personal_pub.encrypt(&share)?; - - Ok(GenesisMemberOutput { - share_set_member, - encrypted_quorum_key_share, - share_hash: sha_512(&share), - }) + let member_outputs: Result, _> = zip(shares, genesis_set.members.iter().cloned()) + .map(|(share, share_set_member)| -> Result { + // 1) encrypt the share to quorum key + let personal_pub = P256Public::from_bytes(&share_set_member.pub_key)?; + let encrypted_quorum_key_share = personal_pub.encrypt(&share)?; + + Ok(GenesisMemberOutput { + share_set_member, + encrypted_quorum_key_share, + share_hash: sha_512(&share), }) - .collect(); + }) + .collect(); let dr_key_wrapped_quorum_key = if let Some(dr_key) = maybe_dr_key { let dr_public = P256Public::from_bytes(&dr_key) diff --git a/src/qos_core/src/protocol/services/key.rs b/src/qos_core/src/protocol/services/key.rs index be7b5fcb..c9601d9f 100644 --- a/src/qos_core/src/protocol/services/key.rs +++ b/src/qos_core/src/protocol/services/key.rs @@ -447,7 +447,8 @@ mod test { let ephemeral_file: PathWrapper = "/tmp/boot_key_rejects_manifest_if_not_enough_approvals.secret" .into(); - let manifest_file: PathWrapper = "/tmp/boot_key_rejects_manifest_if_not_enough_approvals.manifest".into(); + let manifest_file: PathWrapper = + "/tmp/boot_key_rejects_manifest_if_not_enough_approvals.manifest".into(); let handles = Handles::new( ephemeral_file.deref().to_string(), @@ -524,9 +525,13 @@ mod test { fn rejects_manifest_with_bad_approval_signature() { let TestArgs { mut manifest_envelope, pivot, .. } = get_test_args(); - let pivot_file: PathWrapper = "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.pivot".into(); - let ephemeral_file: PathWrapper = "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.secret".into(); - let manifest_file: PathWrapper = "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.manifest".into(); + let pivot_file: PathWrapper = + "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.pivot".into(); + let ephemeral_file: PathWrapper = + "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.secret".into(); + let manifest_file: PathWrapper = + "/tmp/boot_key_rejects_rejects_manifest_with_bad_approval_signature.manifest" + .into(); let handles = Handles::new( ephemeral_file.deref().to_string(), @@ -578,9 +583,12 @@ mod test { member: non_member, }; - let pivot_file: PathWrapper = "/tmp/boot_key_reject_manifest_with_approval_from_non_memberpivot".into(); - let ephemeral_file: PathWrapper = "/tmp/boot_key_reject_manifest_with_approval_from_non_membersecret".into(); - let manifest_file: PathWrapper = "/tmp/boot_key_reject_manifest_with_approval_from_non_membermanifest".into(); + let pivot_file: PathWrapper = + "/tmp/boot_key_reject_manifest_with_approval_from_non_memberpivot".into(); + let ephemeral_file: PathWrapper = + "/tmp/boot_key_reject_manifest_with_approval_from_non_membersecret".into(); + let manifest_file: PathWrapper = + "/tmp/boot_key_reject_manifest_with_approval_from_non_membermanifest".into(); let handles = Handles::new( ephemeral_file.deref().to_string(), diff --git a/src/qos_hex/src/lib.rs b/src/qos_hex/src/lib.rs index 90f96888..216fec08 100644 --- a/src/qos_hex/src/lib.rs +++ b/src/qos_hex/src/lib.rs @@ -115,7 +115,7 @@ pub fn decode(raw_s: &str) -> Result, HexError> { verify_ascii(&sanitized_s_bytes[i])?; verify_ascii(&sanitized_s_bytes[i + 1])?; - let s = std::str::from_utf8(&sanitized_s_bytes[i..i+2]) + let s = std::str::from_utf8(&sanitized_s_bytes[i..i + 2]) .expect("We ensure that input slice represents ASCII above. qed."); u8::from_str_radix(s, 16).map_err(Into::into) }) diff --git a/src/qos_host/src/lib.rs b/src/qos_host/src/lib.rs index d4ba6816..ef3e15c6 100644 --- a/src/qos_host/src/lib.rs +++ b/src/qos_host/src/lib.rs @@ -250,9 +250,11 @@ impl HostServer { let enc_manifest_envelope_resp = state .enclave_client .send(&enc_manifest_envelope_req) - .map_err(|e| - Error(format!("error while trying to send manifest envelope socket request to enclave: {e:?}")) - )?; + .map_err(|e| { + Error(format!( + "error while trying to send manifest envelope socket request to enclave: {e:?}" + )) + })?; let manifest_envelope_resp = ProtocolMsg::try_from_slice( &enc_manifest_envelope_resp, @@ -311,7 +313,8 @@ impl HostServer { match state.enclave_client.send(&encoded_request) { Ok(encoded_response) => (StatusCode::OK, encoded_response), Err(e) => { - let msg = format!("Error while trying to send request over socket to enclave: {e:?}"); + let msg = + format!("Error while trying to send request over socket to enclave: {e:?}"); eprint!("{msg}"); ( diff --git a/src/qos_net/src/proxy.rs b/src/qos_net/src/proxy.rs index 6018ece2..cfb36895 100644 --- a/src/qos_net/src/proxy.rs +++ b/src/qos_net/src/proxy.rs @@ -106,7 +106,9 @@ impl Proxy { let remote_ip = conn.ip.clone(); match self.save_connection(conn) { Ok(()) => { - println!("Connection to {hostname} established and saved as ID {connection_id}"); + println!( + "Connection to {hostname} established and saved as ID {connection_id}" + ); ProxyMsg::ConnectResponse { connection_id, remote_ip } } Err(e) => { @@ -323,7 +325,8 @@ mod test { panic!("test failure: msg is not ConnectResponse") } }; - let http_request = "GET / HTTP/1.1\r\nHost: api.turnkey.com\r\nConnection: close\r\n\r\n".to_string(); + let http_request = + "GET / HTTP/1.1\r\nHost: api.turnkey.com\r\nConnection: close\r\n\r\n".to_string(); let request = borsh::to_vec(&ProxyMsg::WriteRequest { connection_id, diff --git a/src/qos_net/src/proxy_stream.rs b/src/qos_net/src/proxy_stream.rs index 9c7e7631..6b691f0a 100644 --- a/src/qos_net/src/proxy_stream.rs +++ b/src/qos_net/src/proxy_stream.rs @@ -139,9 +139,9 @@ impl Read for ProxyStream { let stream: Stream = Stream::connect(&self.addr, self.timeout) .map_err(|e| { std::io::Error::new( - ErrorKind::NotConnected, - format!("Error while connecting to socket (sending read request): {:?}", e), - ) + ErrorKind::NotConnected, + format!("Error while connecting to socket (sending read request): {:?}", e), + ) })?; let req = borsh::to_vec(&ProxyMsg::ReadRequest { @@ -172,7 +172,14 @@ impl Read for ProxyStream { )); } if data.len() > buf.len() { - return Err(std::io::Error::new(ErrorKind::InvalidData, format!("overflow: cannot read {} bytes into a buffer of {} bytes", data.len(), buf.len()))); + return Err(std::io::Error::new( + ErrorKind::InvalidData, + format!( + "overflow: cannot read {} bytes into a buffer of {} bytes", + data.len(), + buf.len() + ), + )); } // Copy data into buffer @@ -203,9 +210,9 @@ impl Write for ProxyStream { let stream: Stream = Stream::connect(&self.addr, self.timeout) .map_err(|e| { std::io::Error::new( - ErrorKind::NotConnected, - format!("Error while connecting to socket (sending read request): {:?}", e), - ) + ErrorKind::NotConnected, + format!("Error while connecting to socket (sending read request): {:?}", e), + ) })?; let req = borsh::to_vec(&ProxyMsg::WriteRequest { @@ -222,9 +229,9 @@ impl Write for ProxyStream { let resp_bytes = stream.recv().map_err(|e| { std::io::Error::new( - ErrorKind::Other, - format!("QOS IOError receiving bytes from stream after WriteRequest: {:?}", e), - ) + ErrorKind::Other, + format!("QOS IOError receiving bytes from stream after WriteRequest: {:?}", e), + ) })?; match ProxyMsg::try_from_slice(&resp_bytes) { @@ -254,9 +261,9 @@ impl Write for ProxyStream { let stream: Stream = Stream::connect(&self.addr, self.timeout) .map_err(|e| { std::io::Error::new( - ErrorKind::NotConnected, - format!("Error while connecting to socket (sending read request): {:?}", e), - ) + ErrorKind::NotConnected, + format!("Error while connecting to socket (sending read request): {:?}", e), + ) })?; let req = borsh::to_vec(&ProxyMsg::FlushRequest { @@ -273,9 +280,9 @@ impl Write for ProxyStream { let resp_bytes = stream.recv().map_err(|e| { std::io::Error::new( - ErrorKind::Other, - format!("QOS IOError receiving bytes from stream after FlushRequest: {:?}", e), - ) + ErrorKind::Other, + format!("QOS IOError receiving bytes from stream after FlushRequest: {:?}", e), + ) })?; match ProxyMsg::try_from_slice(&resp_bytes) { @@ -470,7 +477,14 @@ mod test { )); } if data.len() > buf.len() { - return Err(std::io::Error::new(ErrorKind::InvalidData, format!("overflow: cannot read {} bytes into a buffer of {} bytes", data.len(), buf.len()))); + return Err(std::io::Error::new( + ErrorKind::InvalidData, + format!( + "overflow: cannot read {} bytes into a buffer of {} bytes", + data.len(), + buf.len() + ), + )); } // Copy data into buffer diff --git a/src/rustfmt.toml b/src/rustfmt.toml index a416aea0..f0bfed14 100644 --- a/src/rustfmt.toml +++ b/src/rustfmt.toml @@ -6,13 +6,15 @@ tab_spaces = 4 # Line wrapping use_small_heuristics = "Max" -wrap_comments = true max_width = 80 +# Not a stable feature yet, can't use consistently on StageX builds +# wrap_comments = true # Imports -imports_granularity = "Crate" reorder_imports = true -group_imports = "StdExternalCrate" +# Not a stable feature yet, can't use consistently on StageX builds +# imports_granularity = "Crate" +# group_imports = "StdExternalCrate" # Random use_field_init_shorthand = true