difftreelog
chore(deps) update to `age` version `0.11` (#9)
in: trunk
* chore(deps): update to `age` version `0.11` * chore(deps): update the remaining dependencies * chore: simplify `encrypt_secret_data` bounds * chore: simplify `encrypt_secret_data` bounds even more
9 files changed
Cargo.lockdiffbeforeafterboth--- a/Cargo.lock
+++ b/Cargo.lock
@@ -63,9 +63,9 @@
[[package]]
name = "age"
-version = "0.10.0"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "edeef7d7b199195a2d7d7a8155d2d04aee736e60c5c7bdd7097d115369a8817d"
+checksum = "2020562e68d7a02c2743707b262c62484b340a296924a5e4146d5a0a96ca8103"
dependencies = [
"aes",
"aes-gcm",
@@ -98,9 +98,9 @@
[[package]]
name = "age-core"
-version = "0.10.0"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5f11899bc2bbddd135edbc30c36b1924fa59d0746bb45beb5933fafe3fe509b"
+checksum = "e2bf6a89c984ca9d850913ece2da39e1d200563b0a94b002b253beee4c5acf99"
dependencies = [
"base64 0.21.7",
"chacha20poly1305",
@@ -261,9 +261,9 @@
[[package]]
name = "axum"
-version = "0.7.7"
+version = "0.7.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "504e3947307ac8326a5437504c517c4b56716c9d98fac0028c2acc7ca47d70ae"
+checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f"
dependencies = [
"async-trait",
"axum-core",
@@ -318,7 +318,7 @@
"miniz_oxide",
"object",
"rustc-demangle",
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
@@ -480,9 +480,9 @@
[[package]]
name = "cc"
-version = "1.2.0"
+version = "1.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1aeb932158bd710538c73702db6945cb68a8fb08c519e6e12706b94263b36db8"
+checksum = "fd9de9f2205d5ef3fd67e685b0df337994ddd4495e2a28d185500d0e1edfea47"
dependencies = [
"shlex",
]
@@ -544,7 +544,7 @@
"num-traits",
"serde",
"wasm-bindgen",
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
@@ -571,9 +571,9 @@
[[package]]
name = "clap"
-version = "4.5.20"
+version = "4.5.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b97f376d85a664d5837dbae44bf546e6477a679ff6610010f17276f686d867e8"
+checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f"
dependencies = [
"clap_builder",
"clap_derive",
@@ -581,14 +581,14 @@
[[package]]
name = "clap_builder"
-version = "4.5.20"
+version = "4.5.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19bc80abd44e4bed93ca373a0704ccbd1b710dc5749406201bb018272808dc54"
+checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec"
dependencies = [
"anstream",
"anstyle",
"clap_lex",
- "strsim 0.11.1",
+ "strsim",
"terminal_size",
"unicase",
"unicode-width 0.2.0",
@@ -596,9 +596,9 @@
[[package]]
name = "clap_complete"
-version = "4.5.37"
+version = "4.5.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11611dca53440593f38e6b25ec629de50b14cdfa63adc0fb856115a2c6d97595"
+checksum = "d9647a559c112175f17cf724dc72d3645680a883c58481332779192b0d8e7a01"
dependencies = [
"clap",
]
@@ -617,9 +617,9 @@
[[package]]
name = "clap_lex"
-version = "0.7.2"
+version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97"
+checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7"
[[package]]
name = "colorchoice"
@@ -636,7 +636,7 @@
"encode_unicode",
"lazy_static",
"libc",
- "unicode-width 0.1.14",
+ "unicode-width 0.1.11",
"windows-sys 0.52.0",
]
@@ -677,17 +677,23 @@
]
[[package]]
+name = "crossbeam-utils"
+version = "0.8.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
+
+[[package]]
name = "crossterm"
-version = "0.27.0"
+version = "0.28.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f476fe445d41c9e991fd07515a6f463074b782242ccf4a5b7b1d1012e70824df"
+checksum = "829d955a0bb380ef178a640b91779e3987da38c9aea133b20614cfed8cdea9c6"
dependencies = [
"bitflags",
"crossterm_winapi",
"filedescriptor",
- "libc",
- "mio 0.8.11",
+ "mio",
"parking_lot",
+ "rustix",
"signal-hook",
"signal-hook-mio",
"winapi",
@@ -751,11 +757,12 @@
[[package]]
name = "dashmap"
-version = "5.5.3"
+version = "6.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
dependencies = [
"cfg-if",
+ "crossbeam-utils",
"hashbrown 0.14.5",
"lock_api",
"once_cell",
@@ -921,7 +928,7 @@
"nix-eval",
"nixlike",
"nom",
- "openssh 0.10.5",
+ "openssh",
"owo-colors",
"peg",
"regex",
@@ -954,7 +961,7 @@
"nix-eval",
"nixlike",
"nom",
- "openssh 0.11.3",
+ "openssh",
"serde",
"serde_json",
"tempfile",
@@ -1418,9 +1425,9 @@
[[package]]
name = "i18n-embed"
-version = "0.14.1"
+version = "0.15.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94205d95764f5bb9db9ea98fa77f89653365ca748e27161f5bbea2ffd50e459c"
+checksum = "a7839d8c7bb8da7bd58c1112d3a1aeb7f178ff3df4ae87783e758ca3bfb750b7"
dependencies = [
"arc-swap",
"fluent",
@@ -1439,9 +1446,9 @@
[[package]]
name = "i18n-embed-fl"
-version = "0.7.0"
+version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fc1f8715195dffc4caddcf1cf3128da15fe5d8a137606ea8856c9300047d5a2"
+checksum = "f6e9571c3cba9eba538eaa5ee40031b26debe76f0c7e17bafc97ea57a76cd82e"
dependencies = [
"dashmap",
"find-crate",
@@ -1450,10 +1457,10 @@
"i18n-config",
"i18n-embed",
"lazy_static",
- "proc-macro-error",
+ "proc-macro-error2",
"proc-macro2",
"quote",
- "strsim 0.10.0",
+ "strsim",
"syn 2.0.87",
"unic-langid",
]
@@ -1636,9 +1643,9 @@
[[package]]
name = "libc"
-version = "0.2.162"
+version = "0.2.164"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398"
+checksum = "433bfe06b8c75da9b2e3fbea6e5329ff87748f0b144ef75306e674c3f6f7c13f"
[[package]]
name = "libloading"
@@ -1647,7 +1654,7 @@
checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
dependencies = [
"cfg-if",
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
@@ -1752,18 +1759,6 @@
checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1"
dependencies = [
"adler2",
-]
-
-[[package]]
-name = "mio"
-version = "0.8.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
-dependencies = [
- "libc",
- "log",
- "wasi",
- "windows-sys 0.48.0",
]
[[package]]
@@ -1774,6 +1769,7 @@
dependencies = [
"hermit-abi 0.3.9",
"libc",
+ "log",
"wasi",
"windows-sys 0.52.0",
]
@@ -1956,21 +1952,6 @@
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
-
-[[package]]
-name = "openssh"
-version = "0.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "330f4b61092456dc0aaa0cf9a205d956cae07d8127a69ffeff6760a72549c77f"
-dependencies = [
- "libc",
- "once_cell",
- "shell-escape",
- "tempfile",
- "thiserror 1.0.69",
- "tokio",
- "tokio-pipe",
-]
[[package]]
name = "openssh"
@@ -2004,13 +1985,13 @@
[[package]]
name = "papergrid"
-version = "0.11.0"
+version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ad43c07024ef767f9160710b3a6773976194758c7919b17e63b863db0bdf7fb"
+checksum = "c7419ad52a7de9b60d33e11085a0fe3df1fbd5926aa3f93d3dd53afbc9e86725"
dependencies = [
"bytecount",
"fnv",
- "unicode-width 0.1.14",
+ "unicode-width 0.1.11",
]
[[package]]
@@ -2033,7 +2014,7 @@
"libc",
"redox_syscall",
"smallvec",
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
@@ -2243,6 +2224,28 @@
]
[[package]]
+name = "proc-macro-error-attr2"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+]
+
+[[package]]
+name = "proc-macro-error2"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
+dependencies = [
+ "proc-macro-error-attr2",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.87",
+]
+
+[[package]]
name = "proc-macro2"
version = "1.0.89"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2583,9 +2586,9 @@
[[package]]
name = "rustls"
-version = "0.23.16"
+version = "0.23.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eee87ff5d9b36712a58574e12e9f0ea80f915a5b0ac518d322b24a465617925e"
+checksum = "7f1a745511c54ba6d4465e8d5dfbd81b45791756de28d4981af70d6dca128f1e"
dependencies = [
"log",
"once_cell",
@@ -2680,9 +2683,9 @@
[[package]]
name = "secrecy"
-version = "0.8.0"
+version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
+checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a"
dependencies = [
"zeroize",
]
@@ -2748,9 +2751,9 @@
[[package]]
name = "serde_json"
-version = "1.0.132"
+version = "1.0.133"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03"
+checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
dependencies = [
"itoa",
"memchr",
@@ -2807,7 +2810,7 @@
checksum = "34db1a06d485c9142248b7a054f034b349b212551f3dfd19c94d45a754a217cd"
dependencies = [
"libc",
- "mio 0.8.11",
+ "mio",
"signal-hook",
]
@@ -2882,12 +2885,6 @@
[[package]]
name = "strsim"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
-
-[[package]]
-name = "strsim"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
@@ -2953,20 +2950,19 @@
[[package]]
name = "tabled"
-version = "0.15.0"
+version = "0.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c998b0c8b921495196a48aabaf1901ff28be0760136e31604f7967b0792050e"
+checksum = "77c9303ee60b9bedf722012ea29ae3711ba13a67c9b9ae28993838b63057cb1b"
dependencies = [
"papergrid",
"tabled_derive",
- "unicode-width 0.1.14",
]
[[package]]
name = "tabled_derive"
-version = "0.7.0"
+version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c138f99377e5d653a371cdad263615634cfc8467685dfe8e73e2b8e98f44b17"
+checksum = "bf0fb8bfdc709786c154e24a66777493fb63ae97e3036d914c8666774c477069"
dependencies = [
"heck 0.4.1",
"proc-macro-error",
@@ -3141,7 +3137,7 @@
"backtrace",
"bytes",
"libc",
- "mio 1.0.2",
+ "mio",
"pin-project-lite",
"signal-hook-registry",
"socket2",
@@ -3161,16 +3157,6 @@
]
[[package]]
-name = "tokio-pipe"
-version = "0.2.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f213a84bffbd61b8fa0ba8a044b4bbe35d471d0b518867181e82bd5c15542784"
-dependencies = [
- "libc",
- "tokio",
-]
-
-[[package]]
name = "tokio-rustls"
version = "0.26.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3464,9 +3450,9 @@
[[package]]
name = "unicode-width"
-version = "0.1.14"
+version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
+checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
[[package]]
name = "unicode-width"
@@ -3528,7 +3514,7 @@
dependencies = [
"itoa",
"log",
- "unicode-width 0.1.14",
+ "unicode-width 0.1.11",
"vte",
]
@@ -3693,7 +3679,7 @@
checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be"
dependencies = [
"windows-core",
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
@@ -3702,25 +3688,16 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
dependencies = [
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
name = "windows-sys"
-version = "0.48.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
-dependencies = [
- "windows-targets 0.48.5",
-]
-
-[[package]]
-name = "windows-sys"
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
dependencies = [
- "windows-targets 0.52.6",
+ "windows-targets",
]
[[package]]
@@ -3729,22 +3706,7 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
- "windows-targets 0.52.6",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
-dependencies = [
- "windows_aarch64_gnullvm 0.48.5",
- "windows_aarch64_msvc 0.48.5",
- "windows_i686_gnu 0.48.5",
- "windows_i686_msvc 0.48.5",
- "windows_x86_64_gnu 0.48.5",
- "windows_x86_64_gnullvm 0.48.5",
- "windows_x86_64_msvc 0.48.5",
+ "windows-targets",
]
[[package]]
@@ -3753,33 +3715,21 @@
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
dependencies = [
- "windows_aarch64_gnullvm 0.52.6",
- "windows_aarch64_msvc 0.52.6",
- "windows_i686_gnu 0.52.6",
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
"windows_i686_gnullvm",
- "windows_i686_msvc 0.52.6",
- "windows_x86_64_gnu 0.52.6",
- "windows_x86_64_gnullvm 0.52.6",
- "windows_x86_64_msvc 0.52.6",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
]
[[package]]
name = "windows_aarch64_gnullvm"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
-
-[[package]]
-name = "windows_aarch64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
-
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
[[package]]
name = "windows_aarch64_msvc"
@@ -3789,12 +3739,6 @@
[[package]]
name = "windows_i686_gnu"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
-
-[[package]]
-name = "windows_i686_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
@@ -3804,24 +3748,12 @@
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
-
-[[package]]
-name = "windows_i686_msvc"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
[[package]]
name = "windows_i686_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
-
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
[[package]]
name = "windows_x86_64_gnu"
@@ -3831,21 +3763,9 @@
[[package]]
name = "windows_x86_64_gnullvm"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
-
-[[package]]
-name = "windows_x86_64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
-
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.48.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
[[package]]
name = "windows_x86_64_msvc"
Cargo.tomldiffbeforeafterboth--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@
tokio-util = { version = "0.7.11", features = ["codec"] }
clap = { version = "4.5", features = ["derive", "env", "wrap_help", "unicode"] }
clap_complete = "4.5"
-age = { version = "0.10", features = ["ssh"] }
+age = { version = "0.11", features = ["ssh"] }
anyhow = "1.0"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
cmds/fleet/Cargo.tomldiffbeforeafterboth--- a/cmds/fleet/Cargo.toml
+++ b/cmds/fleet/Cargo.toml
@@ -20,7 +20,7 @@
tempfile.workspace = true
time = { version = "0.3", features = ["serde"] }
hostname = "0.4.0"
-age-core = "0.10"
+age-core = "0.11"
peg = "0.8"
base64 = "0.22.1"
chrono = { version = "0.4", features = ["serde"] }
@@ -29,15 +29,15 @@
futures = "0.3"
itertools = "0.13"
shlex = "1.3"
-tabled = { version = "0.15" }
+tabled = { version = "0.16" }
owo-colors = { version = "4.0", features = [
"supports-color",
"supports-colors",
] }
abort-on-drop = "0.2"
regex = "1.10"
-openssh = "0.10"
-crossterm = { version = "0.27.0", features = ["use-dev-tty"] }
+openssh = "0.11"
+crossterm = { version = "0.28.0", features = ["use-dev-tty"] }
fleet-shared.workspace = true
tracing-indicatif = { version = "0.3", optional = true }
cmds/fleet/src/cmds/secrets/mod.rsdiffbeforeafterboth--- a/cmds/fleet/src/cmds/secrets/mod.rs
+++ b/cmds/fleet/src/cmds/secrets/mod.rs
@@ -4,6 +4,7 @@
path::PathBuf,
};
+use age::Recipient;
use anyhow::{anyhow, bail, ensure, Context, Result};
use chrono::{DateTime, Utc};
use clap::Parser;
@@ -161,7 +162,8 @@
if should_regenerate {
info!("secret is owner-dependent, will regenerate");
- let generated = generate_shared(config, secret_name, field, updated_set.to_vec(), batch).await?;
+ let generated =
+ generate_shared(config, secret_name, field, updated_set.to_vec(), batch).await?;
Ok(generated)
} else {
drop(batch);
@@ -487,8 +489,9 @@
io::stdin().read_to_end(&mut input)?;
if !input.is_empty() {
- let encrypted = encrypt_secret_data(recipients, input)
- .ok_or_else(|| anyhow!("no recipients provided"))?;
+ let encrypted =
+ encrypt_secret_data(recipients.iter().map(|r| r as &dyn Recipient), input)
+ .ok_or_else(|| anyhow!("no recipients provided"))?;
parts.insert(part_name, FleetSecretPart { raw: encrypted });
}
@@ -536,8 +539,8 @@
if let Some(secret) = parse_secret().await? {
let recipient = config.recipient(&machine).await?;
- let encrypted =
- encrypt_secret_data(vec![recipient], secret).expect("recipient provided");
+ let encrypted = encrypt_secret_data([&recipient as &dyn Recipient], secret)
+ .expect("recipient provided");
if out
.parts
.insert(part_name.clone(), FleetSecretPart { raw: encrypted })
cmds/generator-helper/src/main.rsdiffbeforeafterboth--- a/cmds/generator-helper/src/main.rs
+++ b/cmds/generator-helper/src/main.rs
@@ -89,15 +89,10 @@
.map_err(|e| anyhow!("parse recipients: {e:?}"))
}
fn make_encryptor(r: &Identities) -> Result<Encryptor> {
- Ok(Encryptor::with_recipients(
- r.iter()
- .map(|v| {
- let coerced: Box<dyn Recipient + Send> = Box::new(v.clone());
- coerced
- })
- .collect(),
+ Ok(
+ Encryptor::with_recipients(r.iter().map(|v| v as &dyn Recipient))
+ .expect("list is not empty"),
)
- .expect("list is not empty"))
}
fn wrap_encoder<'t>(w: impl Write + 't, encoding: OutputEncoding) -> impl Write + 't {
fn coerce<'t>(w: impl Write + 't) -> Box<dyn Write + 't> {
cmds/install-secrets/src/main.rsdiffbeforeafterboth--- a/cmds/install-secrets/src/main.rs
+++ b/cmds/install-secrets/src/main.rs
@@ -68,10 +68,9 @@
ensure!(input.encrypted, "passed data is not encrypted!");
let mut input = Cursor::new(&input.data);
let decryptor = Decryptor::new(&mut input).context("failed to init decryptor")?;
- let decryptor = match decryptor {
- Decryptor::Recipients(r) => r,
- Decryptor::Passphrase(_) => bail!("should be recipients"),
- };
+ if decryptor.is_scrypt() {
+ bail!("should be recipients");
+ }
let mut decryptor = decryptor
.decrypt(iter::once(identity as &dyn age::Identity))
.context("failed to decrypt, wrong key?")?;
@@ -89,10 +88,7 @@
SshRecipient::from_str(&t).map_err(|e| anyhow!("failed to parse recipient: {e:?}"))
})
.collect::<Result<Vec<SshRecipient>>>()?;
- let recipients = recipients
- .into_iter()
- .map(|v| Box::new(v) as Box<dyn Recipient + Send>)
- .collect::<Vec<_>>();
+ let recipients = recipients.iter().map(|v| v as &dyn Recipient);
let mut encrypted = vec![];
let mut encryptor = Encryptor::with_recipients(recipients)
.expect("recipients provided")
crates/fleet-base/src/fleetdata.rsdiffbeforeafterboth--- a/crates/fleet-base/src/fleetdata.rs
+++ b/crates/fleet-base/src/fleetdata.rs
@@ -6,7 +6,6 @@
use age::Recipient;
use chrono::{DateTime, Utc};
use fleet_shared::SecretData;
-use itertools::Itertools;
use serde::{de::Error, Deserialize, Serialize};
use serde_json::Value;
@@ -73,16 +72,13 @@
}
/// Returns None if recipients.is_empty()
-pub fn encrypt_secret_data(
- recipients: impl IntoIterator<Item = impl Recipient + Send + 'static>,
+pub fn encrypt_secret_data<'a>(
+ recipients: impl IntoIterator<Item = &'a dyn Recipient>,
data: Vec<u8>,
) -> Option<SecretData> {
let mut encrypted = vec![];
- let recipients = recipients
- .into_iter()
- .map(|v| Box::new(v) as Box<dyn Recipient + Send>)
- .collect_vec();
- let mut encryptor = age::Encryptor::with_recipients(recipients)?
+ let mut encryptor = age::Encryptor::with_recipients(recipients.into_iter())
+ .ok()?
.wrap_output(&mut encrypted)
.expect("in memory write");
io::copy(&mut Cursor::new(data), &mut encryptor).expect("in memory copy");
flake.lockdiffbeforeafterboth--- a/flake.lock
+++ b/flake.lock
@@ -37,11 +37,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1731514040,
- "narHash": "sha256-4VkY8gwyR83N6MPT7ipXTOSBXpVL2Hrwh898UAR3HZ8=",
+ "lastModified": 1731873344,
+ "narHash": "sha256-bKfFggwcvvh9gmOsaMCXKVAGBfXCZZ6QrxLq9Nb1/vw=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "155168226cb666d242306e13d7dbdaa8a76d20e1",
+ "rev": "39e98fadd66c2564ac85b1f65bab89e044302c62",
"type": "github"
},
"original": {
@@ -66,11 +66,11 @@
]
},
"locked": {
- "lastModified": 1731464916,
- "narHash": "sha256-WZ5rpjr/wCt7yBOUsvDE2i22hYz9g8W921jlwVktRQ4=",
+ "lastModified": 1731820690,
+ "narHash": "sha256-/hHFMTD+FGURXZ4JtfXoIgpy87zL505pVi6AL76Wc+U=",
"owner": "oxalica",
"repo": "rust-overlay",
- "rev": "2c19bad6e881b5a154cafb7f9106879b5b356d1f",
+ "rev": "bbab2ab9e1932133b1996baa1dc00fefe924ca81",
"type": "github"
},
"original": {
modules/secrets.nixdiffbeforeafterboth1{2 lib,3 config,4 ...5}: let6 inherit (lib.options) mkOption;7 inherit (lib.types) unspecified nullOr listOf str bool attrsOf submodule;8 inherit (lib.strings) concatStringsSep;9 inherit (lib.attrsets) mapAttrs;1011 sharedSecret = {config, ...}: {12 options = {13 expectedOwners = mkOption {14 type = nullOr (listOf str);15 description = ''16 List of hosts to encrypt secret for. null if managed by user (= via owners field from fleet.nix)1718 Secrets would be decrypted and stored to /run/secrets/$\{name} on owners19 '';20 default = null;21 };22 # TODO: Aren't those options may be just desugared to data/expectedData?23 regenerateOnOwnerAdded = mkOption {24 type = bool;25 description = ''26 Is this secret owner-dependent, and needs to be regenerated on ownership set change, or it may be just reencrypted.2728 You want to have this option set to true, when this secret contains some reference to its owners, i.e x509 SANs.29 '';30 };31 regenerateOnOwnerRemoved = mkOption {32 default = config.regenerateOnOwnerAdded;33 type = bool;34 description = ''35 Should this secret be removed on owner removal, or it may be just reencrypted3637 Most probably its value should be equal to regenerateOnOwnerAdded, override only if you know what are you doing.38 Contrary to regenerateOnOwnerAdded, you may want to set this option to false, when host permissions are revoked39 in some other way than by this secret ownership, I.e by firewall/etc.40 '';41 };42 generator = mkOption {43 type = nullOr unspecified;44 description = "Derivation to evaluate for secret generation";45 default = null;46 };47 };48 };49in {50 options = {51 sharedSecrets = mkOption {52 type = attrsOf (submodule sharedSecret);53 default = {};54 description = "Shared secrets";55 };56 };57 config = {58 hosts =59 mapAttrs (_: secretMap: {60 nixos.secrets = mapAttrs (_: s: removeAttrs s ["createdAt" "expiresAt"]) secretMap;61 })62 config.data.hostSecrets;63 nixpkgs.overlays = [64 (final: prev: {65 mkSecretGenerators = {recipients}: rec {66 # TODO: Merge both generators to one with consistent options syntax?67 # Impure generator is built on local machine, then built closure is copied to remote machine,68 # and then it is ran in inpure context, so that this generator may access HSMs and other things.69 mkImpureSecretGenerator = {70 script,71 # If set - script will be run on remote machine, otherwise it will be run with fleet project in CWD72 # (Some secrets-encryption-in-git/managed PKI solution is expected)73 impureOn ? null,74 }:75 (prev.writeShellScript "impureGenerator.sh" ''76 #!/bin/sh77 set -eu7879 export GENERATOR_HELPER_IDENTITIES="${concatStringsSep"\n"recipients}";80 export PATH=${final.fleet-generator-helper}/bin:$PATH8182 # TODO: Provide tempdir from outside, to make it securely erasurable as needed?83 tmp=mktemp-d84 cd $tmp85 # cd /var/empty8687 created_at=date-u"%Y-%m-%dT%H:%M:%S.%NZ"8889 ${script}9091 if ! test -d $out; then92 echo "impure generator script did not produce expected \$out output"93 exit 194 fi9596 echo -n $created_at > $out/created_at97 echo -n SUCCESS > $out/marker98 '')99 .overrideAttrs (old: {100 passthru = {101 inherit impureOn;102 generatorKind = "impure";103 };104 });105 # Pure generators are disabled for now106 mkSecretGenerator = {script}: mkImpureSecretGenerator {inherit script;};107108 # TODO: Implement consistent naming109 # Pure secret generator is supposed to be run entirely by nix, using `__impure` derivation type...110 # But for now, it is ran the same way as `impureSecretGenerator`, but on the local machine.111 # mkSecretGenerator = {script}:112 # (prev.writeShellScript "generator.sh" ''113 # #!/bin/sh114 # set -eu115 # # TODO: make nix daemon build secret, not just the script.116 # cd /var/empty117 #118 # created_at=$(date -u +"%Y-%m-%dT%H:%M:%S.%NZ")119 #120 # ${script}121 # if ! test -d $out; then122 # echo "impure generator script did not produce expected \$out output"123 # exit 1124 # fi125 #126 # echo -n $created_at > $out/created_at127 # echo -n SUCCESS > $out/marker128 # '')129 # .overrideAttrs (old: {130 # passthru = {131 # generatorKind = "pure";132 # };133 # # TODO: make nix daemon build secret, not just the script.134 # # __impure = true;135 # });136 };137 })138 ];139 };140}