Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Rust (1.76->1.81) + fix Makefile and lints #492

Merged
merged 11 commits into from
Nov 14, 2024
14 changes: 5 additions & 9 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,15 @@ default: \

.PHONY: test
test: out/.common-loaded
$(call run,\
cargo build --all; \
cargo test; \
cargo test -p qos_core; \
)
$(call run,make test)

.PHONY: lint
lint: out/.common-loaded
$(call run,cargo clippy -- -D warnings)
$(call run,make lint)

.PHONY: format
format: out/.common-loaded
$(call run,rustfmt)
$(call run,make fmt)

.PHONY: docs
docs: out/.common-loaded
Expand Down Expand Up @@ -81,5 +77,5 @@ out/common/index.json: \
$(call build,common)

out/.common-loaded: out/common/index.json
env -C ./out/common tar -cf - . | docker load
touch out/.common-loaded
cd ./out/common && tar -cf - . | docker load
touch ./out/.common-loaded
7 changes: 5 additions & 2 deletions src/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -144,12 +144,15 @@ lint:

.PHONY: clippy
clippy:
cargo clippy -- -D warnings

.PHONY: clippy-fix
clippy-fix:
cargo clippy --fix --allow-dirty

.PHONY: fmt
fmt:
cargo +nightly version
cargo +nightly fmt
cargo fmt

.PHONY: test
test:
Expand Down
54 changes: 30 additions & 24 deletions src/images/common/Containerfile
Original file line number Diff line number Diff line change
@@ -1,29 +1,34 @@
FROM stagex/bash:sx2024.03.0@sha256:d1cbbb56847e6b1e7b879214aa6926b6fdfa210e9b42a2f612a6aea850ddeefc AS bash
FROM stagex/binutils:sx2024.03.0@sha256:3af41227e1fe6a8f9b3df9916ef4876840f33eaa172168e1db1d8f457ba011d5 AS binutils
FROM stagex/ca-certificates:sx2024.03.0@sha256:6746d2d203be3455bfc5ffd5a051c8edb73ecfd7be77c3da5a2973003a30794f AS ca-certificates
FROM stagex/coreutils:sx2024.03.0@sha256:cf4032ca6b5f912a8b9d572d527d388401b68a0c9224cc086173e46bc4e1eabe AS coreutils
FROM stagex/eif_build:sx2024.03.0@sha256:6f3fed0aeaf9f9eebb43a370a5495fab92fcb21119fc23e261f0f24e1174009c AS eif_build
FROM stagex/file:sx2024.03.0@sha256:7fd68d1e7d5e1d3b1e52433bb6709f28d3e362ea89c9e13586b852ca0412f640 AS file
FROM stagex/filesystem:sx2024.03.0@sha256:42c8353db508ac79599df38c684502e50167352de2cddc5aea9b89486e7f8498 AS filesystem
FROM stagex/findutils:sx2024.03.0@sha256:475ea3488840297454f0f20b58e1b8292bf9b3944f901e3fce432fa4afeaa4cd AS findutils
FROM stagex/gcc:sx2024.03.0@sha256:25798fdde278a9f1f27e4092a1668e93d2766d4f8b089fba38d4684b20a9b0f7 AS gcc
FROM stagex/gen_initramfs:sx2024.03.0@sha256:a51c840a1c82dbc00c0a813964195d4f4bcb20463701083999320f826ffa49bf AS gen_initramfs
FROM stagex/git:sx2024.03.0@sha256:2c11f2daf9b8c1738cbd966b6de5dd0bcfaf81b675c2d268d30f972ddab9d9df AS git
FROM stagex/grep:sx2024.03.0@sha256:589465adc0125128c21534eb560299c335a41935e0ce182a632f4b739bf25c60 AS grep
FROM stagex/libunwind:sx2024.03.0@sha256:e74819e47c79f68a008302927ef02a5aa39cf12e859a8dfeccf9d1b4769b4833 AS libunwind
FROM stagex/linux-nitro:sx2024.03.0@sha256:073c4603686e3bdc0ed6755fee3203f6f6f1512e0ded09eaea8866b002b04264 AS linux-nitro
FROM stagex/llvm13:sx2024.03.0@sha256:97d0f3d32f58dca648cd70b0d58364d9bea5170bb99054c0a0b19ef57a7da7b1 AS llvm13
FROM stagex/llvm:sx2024.03.0@sha256:8e361f1da92e956d947e37b6fc0a3951fcc1130863e2d3a9b4fca40ab4fd07f6 AS llvm
FROM stagex/musl-fts:sx2024.03.0@sha256:73c3c4647010f7151c711ed5005ef946c7c1a19c6e8921e057b5dbc15ef9559a AS musl-fts
FROM stagex/musl:sx2024.03.0@sha256:7db05e6817058a512a66ea82f3b99163069424c281363c2e9a48091d0d1d3bd9 AS musl
FROM stagex/musl-obstack:sx2024.03.0@sha256:4b6737815460908f666fa7a8e91138610d0a0909c408165a575ffb42bf21cd66 AS musl-obstack
FROM stagex/openssl:sx2024.03.0@sha256:1a2f656ced34d1ade99279c5663fcf0ec4f6526bcc50142079ef8adc080be3a9 AS openssl
FROM stagex/bash:5.2.21@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
FROM stagex/binutils:2.43.1@sha256:30a1bd110273894fe91c3a4a2103894f53eaac43cf12a035008a6982cb0e6908 AS binutils
FROM stagex/ca-certificates:sx2024.11.0@sha256:a84695f983a448a82acfe78af11f33c6a66b27124266e1fdc3ecfb8dc5852573 AS ca-certificates
FROM stagex/coreutils:9.4@sha256:1955f532d8923b5e17f60635c994bd9577bb3e6bccb5da702a69e79070bae0a9 AS coreutils
FROM stagex/eif_build:0.2.2@sha256:9d086a2743f9df4eddf934c7b68c9dee4a7fb131b6465a24237a67f6c359dfb0 AS eif_build
FROM stagex/file:5.45@sha256:f1053114ea2ef35dc04bd1d1f1572c3f1b86e3d57dffda99faac9e191bd7ab5d AS file
FROM stagex/filesystem:sx2024.11.0@sha256:d03195563f548c3ac8f34acf777b7e86f0d0d049a9430d715e5774eb7cc93302 AS filesystem
FROM stagex/findutils:4.9.0@sha256:d92494daaf08999aac0a277327d240a0149494716707fbce93381df058f693e2 AS findutils
FROM stagex/gcc:13.1.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
FROM stagex/gen_initramfs:6.8@sha256:f5b9271cca6003e952cbbb9ef041ffa92ba328894f563d1d77942e6b5cdeac1a AS gen_initramfs
FROM stagex/git:2.9.5@sha256:29a02c423a4b55fa72cf2fce89f3bbabd1defea86d251bb2aea84c056340ab22 AS git
FROM stagex/grep:3.11@sha256:576288125a7ecda969285e5edfaedef479c4bc18cba8230c0502000fdf2586c1 AS grep
FROM stagex/libunwind:1.7.2@sha256:97ee6068a8e8c9f1c74409f80681069c8051abb31f9559dedf0d0d562d3bfc82 AS libunwind

FROM stagex/linux-nitro:5.19.6@sha256:e6c8a861f9b18edfad56b1aa130feb822a25987c71e2b2932b020750dd7325bc AS linux-nitro
FROM stagex/llvm13:13.0.1@sha256:aa60e2883ecf2070c7591fc29622a578c8ea24a14a2b7fcce95d3e5d9c00b101 AS llvm13
FROM stagex/llvm:18.1.8@sha256:30517a41af648305afe6398af5b8c527d25545037df9d977018c657ba1b1708f AS llvm
FROM stagex/musl-fts:1.2.7@sha256:87edcc648085e8fd6cd8a6ebc94a9464181c3035a00266c621c6450f5d7c66d8 AS musl-fts
FROM stagex/musl:1.2.4@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
FROM stagex/musl-obstack:1.2.3@sha256:2a308833441b46a64a1fa5cf90d0bb75dec4807d5a15035776165db88ca661fd AS musl-obstack
FROM stagex/openssl:3.0.12@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
# This is using an old version of pcsc-lite since upgrading to v2.2.3 broke
# static builds. Once we have confirmed an updated pcsc-lite has fixed this
# issue, we should upgrade this again.
FROM stagex/pcsc-lite:sx2024.03.0@sha256:e720e1795706c7c8c1db14bf730b10521e3ff42e4bed90addc590f7446aac8af AS pcsc-lite
FROM stagex/pkgconf:sx2024.03.0@sha256:31ce4eddaf4e777ddb51f01923089f3321ec5272ca0aa834d475f644279209b8 AS pkgconf
FROM stagex/rust:sx2024.03.0@sha256:fe22a0fcdb569cb70b8147378463fb6ff800e642be9d50542f8e25a38d90ec7f AS rust
FROM stagex/zlib:sx2024.03.0@sha256:de8f56f3ece28b14d575329bead53fc5318962ae3cb8f161a2d69710f7ec51f4 AS zlib
FROM stagex/pkgconf:1.6.3@sha256:ba7fce4108b721e8bf1a0d993a5f9be9b65eceda8ba073fe7e8ebca2a31b1494 AS pkgconf
FROM stagex/rust:1.81.0@sha256:b7c834268a81bfcc473246995c55b47fe18414cc553e3293b6294fde4e579163 AS rust
FROM stagex/zlib:1.3.1@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
FROM stagex/make:4.4@sha256:df43f0cf3ac1ad91bf91baefb539e8df42c11b0954a6e2498322a5467deb81e3 AS make

FROM scratch as base
FROM scratch AS base
ENV TARGET=x86_64-unknown-linux-musl
ENV RUSTFLAGS="-C target-feature=+crt-static"
ENV CARGOFLAGS="--locked --no-default-features --release --target ${TARGET}"
Expand All @@ -48,6 +53,7 @@ COPY --from=llvm . /
COPY --from=pcsc-lite . /
COPY --from=file . /
COPY --from=gcc . /
COPY --from=make . /
COPY --from=linux-nitro /bzImage .
COPY --from=linux-nitro /nsm.ko .
COPY --from=linux-nitro /linux.config .
79 changes: 0 additions & 79 deletions src/integration/src/bin/gen_att_doc.rs

This file was deleted.

5 changes: 2 additions & 3 deletions src/integration/src/bin/pivot_remote_tls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,9 +58,8 @@ impl RequestProcessor for Processor {
.unwrap();
let mut tls = rustls::Stream::new(&mut conn, &mut stream);

let http_request = format!(
"GET {path} HTTP/1.1\r\nHost: {host}\r\nConnection: close\r\n\r\n"
);
let http_request =
format!("GET {path} HTTP/1.1\r\nHost: {host}\r\nConnection: close\r\n\r\n");

tls.write_all(http_request.as_bytes()).unwrap();

Expand Down
18 changes: 9 additions & 9 deletions src/qos_client/src/cli/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -203,13 +203,13 @@ pub enum Command {
ExportKey,
/// Inject a quorum key into a non-fully provisioned enclave
InjectKey,
/// Verify a signature from qos_p256 pair.
/// Verify a signature from `qos_p256` pair.
P256Verify,
/// Sign with a p256 signature.
P256Sign,
/// Encrypt to a qos_p256 public key.
/// Encrypt to a `qos_p256` public key.
P256AsymmetricEncrypt,
/// Decrypt a payload encrypted to a qos_p256 public key.
/// Decrypt a payload encrypted to a `qos_p256` public key.
P256AsymmetricDecrypt,
}

Expand Down Expand Up @@ -499,11 +499,11 @@ impl Command {
}
fn display_type_token() -> Token {
Token::new(
DISPLAY_TYPE,
"The type contained in the file (manifest, manifest-envelope, genesis-output)."
)
.takes_value(true)
.required(true)
DISPLAY_TYPE,
"The type contained in the file (manifest, manifest-envelope, genesis-output).",
)
.takes_value(true)
.required(true)
}
fn dr_key_path_token() -> Token {
Token::new(DR_KEY_PATH, "Path to a DR key certificate")
Expand Down Expand Up @@ -979,7 +979,7 @@ impl ClientOpts {
}

fn secret_path(&self) -> Option<String> {
self.parsed.single(SECRET_PATH).map(String::clone)
self.parsed.single(SECRET_PATH).cloned()
}

fn share_path(&self) -> String {
Expand Down
41 changes: 23 additions & 18 deletions src/qos_client/src/cli/services.rs
Original file line number Diff line number Diff line change
Expand Up @@ -547,7 +547,10 @@ pub(crate) fn verify_genesis<P: AsRef<Path>>(
let genesis_output_path = namespace_dir.as_ref().join(GENESIS_OUTPUT_FILE);
let genesis_output = GenesisOutput::try_from_slice(
&fs::read(genesis_output_path).expect("Failed to read genesis output file"),
).expect("Failed to deserialize genesis output - check that qos_client and qos_core version line up");
)
.expect(
"Failed to deserialize genesis output - check that qos_client and qos_core version line up",
);

let master_seed_hex = fs::read_to_string(&master_seed_path)
.expect("Failed to read master seed to string");
Expand Down Expand Up @@ -1167,8 +1170,10 @@ pub(crate) fn get_attestation_doc<P: AsRef<Path>>(
}) => (document, manifest_envelope),
Ok(ProtocolMsg::LiveAttestationDocResponse {
nsm_response: _,
manifest_envelope: None
}) => panic!("ManifestEnvelope does not exist in enclave - likely waiting for boot instruction"),
manifest_envelope: None,
}) => panic!(
"ManifestEnvelope does not exist in enclave - likely waiting for boot instruction"
),
r => panic!("Unexpected response: {r:?}"),
};

Expand Down Expand Up @@ -1391,7 +1396,9 @@ where
approvers.sort();
let approvers = approvers.join("\n");

let prompt = format!("The following manifest set members approved:\n{approvers}\nIs this ok? (yes/no)");
let prompt = format!(
"The following manifest set members approved:\n{approvers}\nIs this ok? (yes/no)"
);

if !prompter.prompt_is_yes(&prompt) {
return false;
Expand Down Expand Up @@ -1888,15 +1895,12 @@ fn find_approvals<P: AsRef<Path>>(
boot_dir: P,
manifest: &Manifest,
) -> Vec<Approval> {
let approvals: Vec<_> = find_file_paths(&boot_dir)
let approvals: Vec<_> = find_file_paths(&boot_dir)
.iter()
.filter_map(|path| {
let file_name = split_file_name(path);
// Only look at files with the approval extension
if file_name
.last()
.map_or(true, |s| s.as_str() != APPROVAL_EXT)
{
if file_name.last().map_or(true, |s| s.as_str() != APPROVAL_EXT) {
return None;
};

Expand All @@ -1907,7 +1911,8 @@ fn find_approvals<P: AsRef<Path>>(

assert!(
manifest.manifest_set.members.contains(&approval.member),
"Found approval from member ({:?}) not included in the Manifest Set", approval.member.alias
"Found approval from member ({:?}) not included in the Manifest Set",
approval.member.alias
);

let pub_key = P256Public::from_bytes(&approval.member.pub_key)
Expand Down Expand Up @@ -2554,10 +2559,7 @@ mod tests {
));

let output = String::from_utf8(vec_out).unwrap();
assert_eq!(
&output,
"Is this the correct namespace name: test-namespace? (yes/no)\n"
);
assert_eq!(&output, "Is this the correct namespace name: test-namespace? (yes/no)\n");
}

#[test]
Expand Down Expand Up @@ -2781,7 +2783,7 @@ mod tests {
));

let output = String::from_utf8(vec_out).unwrap();
let output: Vec<_> = output.trim().split('\n').collect();
let output: Vec<_> = output.lines().collect();
assert_eq!(
output.last().unwrap(),
&"Is this the correct namespace nonce: 2? (yes/no)"
Expand All @@ -2805,8 +2807,11 @@ mod tests {
));

let output = String::from_utf8(vec_out).unwrap();
let output: Vec<_> = output.trim().split('\n').collect();
assert_eq!(output.last().unwrap(), &"Does this AWS IAM role belong to the intended organization: pr3? (yes/no)");
let output: Vec<_> = output.lines().collect();
assert_eq!(
output.last().unwrap(),
&"Does this AWS IAM role belong to the intended organization: pr3? (yes/no)"
);
}

#[test]
Expand All @@ -2826,7 +2831,7 @@ mod tests {
));

let output = String::from_utf8(vec_out).unwrap();
let output: Vec<_> = output.trim().split('\n').collect();
let output: Vec<_> = output.lines().collect();

assert_eq!(
output[3],
Expand Down
2 changes: 1 addition & 1 deletion src/qos_core/src/handles.rs
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ mod test {
let ephemeral_file: PathWrapper =
"put_quorum_key_is_read_only_write_eph.secret".into();
let quorum_file: PathWrapper =
"put_pivot_is_read_only_write_quor.secret".into();
"put_quorum_key_is_read_only_write_quor.secret".into();
let manifest_file: PathWrapper =
"put_quorum_key_is_read_only_write.manifest".into();

Expand Down
Loading