diff --git a/.copr/Makefile b/.copr/Makefile index bfa5e739d..b67942648 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -37,7 +37,7 @@ dnf-rpmdev: ifeq ($(OS_ID),rhel) vendor: vendor-app vendor-rs vendor-py else -vendor: vendor-app vendor-rs +vendor: vendor-app endif vendor-app: diff --git a/.github/rpm-matrix.json b/.github/rpm-matrix.json index 5fa29fd19..cf7bd3bc1 100644 --- a/.github/rpm-matrix.json +++ b/.github/rpm-matrix.json @@ -1,12 +1,5 @@ { "props": [ - { - "platform": "fedora", - "dist": "fc37", - "spec": "fapolicy-analyzer.spec", - "image": "registry.fedoraproject.org/fedora:37", - "chroot": "fedora-37-x86_64" - }, { "platform": "fedora", "dist": "fc38", diff --git a/.github/workflows/rpm.yml b/.github/workflows/rpm.yml index f169f6aa5..7f4ef4940 100644 --- a/.github/workflows/rpm.yml +++ b/.github/workflows/rpm.yml @@ -100,11 +100,17 @@ jobs: - name: Export tarballs run: | mkdir -p /tmp/archives - mv vendor-rs.$PLATFORM.tar.gz /tmp/archives mv fapolicy-analyzer.tar.gz /tmp/archives env: PLATFORM: ${{ matrix.props.dist }} + - name: Export Rust vendor tarball + if: startsWith(matrix.props.dist, 'el') + run: | + mv vendor-rs.tar.gz /tmp/archives/vendor-rs.tar.gz + env: + PLATFORM: ${{ matrix.props.dist }} + - name: Upload tarballs uses: actions/upload-artifact@v3 with: diff --git a/Cargo.lock b/Cargo.lock index 5fd99856a..d4507f524 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -20,12 +20,6 @@ dependencies = [ "yansi", ] -[[package]] -name = "arrayvec" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" - [[package]] name = "atty" version = "0.2.14" @@ -49,30 +43,12 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" -[[package]] -name = "bitvec" -version = "0.19.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8942c8d352ae1838c9dda0b0ca2ab657696ef2232a20147cf1b30ae1a9cb4321" -dependencies = [ - "funty", - "radium", - "tap", - "wyz", -] - [[package]] name = "bumpalo" version = "3.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c59e7af012c713f529e7a3ee57ce9b31ddd858d4b512923602f74608b009631" -[[package]] -name = "byteorder" -version = "1.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" - [[package]] name = "cc" version = "1.0.70" @@ -151,7 +127,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2913470204e9e8498a0f31f17f90a0de801ae92c8c5ac18c49af4819e6786697" dependencies = [ - "directories", + "directories 2.0.2", "serde", "toml", ] @@ -233,6 +209,15 @@ dependencies = [ "dirs-sys", ] +[[package]] +name = "directories" +version = "4.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f51c5d4ddabd36886dd3e1438cb358cdcb0d7c499cb99cb4ac2e38e18b5cb210" +dependencies = [ + "dirs-sys", +] + [[package]] name = "dirs-sys" version = "0.3.6" @@ -268,12 +253,11 @@ name = "fapolicy-app" version = "0.4.0" dependencies = [ "confy", - "directories", + "directories 4.0.1", "fapolicy-analyzer", "fapolicy-daemon", "fapolicy-rules", "fapolicy-trust", - "lmdb-rkv", "serde", "thiserror", ] @@ -323,7 +307,7 @@ dependencies = [ "fapolicy-rules", "fapolicy-trust", "fapolicy-util", - "lmdb-rkv", + "lmdb", "nom", "rayon", "thiserror", @@ -334,7 +318,7 @@ name = "fapolicy-trust" version = "0.4.0" dependencies = [ "fapolicy-util", - "lmdb-rkv", + "lmdb", "rayon", "serde", "thiserror", @@ -358,12 +342,6 @@ dependencies = [ "instant", ] -[[package]] -name = "funty" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7" - [[package]] name = "getrandom" version = "0.2.3" @@ -467,19 +445,6 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -[[package]] -name = "lexical-core" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6607c62aa161d23d17a9072cc5da0be67cdfc89d3afb1e8d9c842bebc2525ffe" -dependencies = [ - "arrayvec", - "bitflags", - "cfg-if 1.0.0", - "ryu", - "static_assertions", -] - [[package]] name = "libc" version = "0.2.132" @@ -496,22 +461,21 @@ dependencies = [ ] [[package]] -name = "lmdb-rkv" -version = "0.14.0" +name = "lmdb" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "447a296f7aca299cfbb50f4e4f3d49451549af655fb7215d7f8c0c3d64bad42b" +checksum = "5b0908efb5d6496aa977d96f91413da2635a902e5e31dbef0bfb88986c248539" dependencies = [ "bitflags", - "byteorder", "libc", - "lmdb-rkv-sys", + "lmdb-sys", ] [[package]] -name = "lmdb-rkv-sys" -version = "0.11.0" +name = "lmdb-sys" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b27470ac25167b3afdfb6af8fcd3bc1be67de50ffbdaf4073378cfded6ae24a5" +checksum = "d5b392838cfe8858e86fac37cf97a0e8c55cc60ba0a18365cadc33092f128ce9" dependencies = [ "cc", "libc", @@ -551,17 +515,20 @@ dependencies = [ "autocfg", ] +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + [[package]] name = "nom" -version = "6.1.2" +version = "7.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2" +checksum = "e5507769c4919c998e69e49c839d9dc6e693ede4cc4290d6ad8b41d4f09c548c" dependencies = [ - "bitvec", - "funty", - "lexical-core", "memchr", - "version_check", + "minimal-lexical", ] [[package]] @@ -751,12 +718,6 @@ dependencies = [ "proc-macro2", ] -[[package]] -name = "radium" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" - [[package]] name = "rayon" version = "1.5.1" @@ -825,12 +786,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "ryu" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" - [[package]] name = "scopeguard" version = "1.1.0" @@ -875,12 +830,6 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" -[[package]] -name = "static_assertions" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" - [[package]] name = "strsim" version = "0.10.0" @@ -898,12 +847,6 @@ dependencies = [ "unicode-xid", ] -[[package]] -name = "tap" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" - [[package]] name = "tempfile" version = "3.3.0" @@ -1097,12 +1040,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "wyz" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214" - [[package]] name = "yansi" version = "0.5.0" diff --git a/Containerfile b/Containerfile index 0c8dd5f1f..a5d0f2bce 100644 --- a/Containerfile +++ b/Containerfile @@ -20,13 +20,8 @@ WORKDIR /tmp/rpmbuild RUN spectool -gf -C SOURCES/ SPECS/fapolicy-analyzer.spec COPY --chown=10001:0 fapolicy-analyzer.tar.gz SOURCES/ -COPY --chown=10001:0 vendor-rs.tar.gz SOURCES/ COPY --chown=10001:0 scripts/srpm/build.sh ./build.sh -WORKDIR /tmp/rpmbuild/SOURCES -RUN dist=$(rpm --eval "%{?dist}") \ - && mv vendor-rs.tar.gz vendor-rs${dist}.tar.gz - WORKDIR /tmp/rpmbuild ENTRYPOINT ["/tmp/rpmbuild/build.sh"] diff --git a/crates/analyzer/Cargo.toml b/crates/analyzer/Cargo.toml index 74ed3a4a1..497e8b97e 100644 --- a/crates/analyzer/Cargo.toml +++ b/crates/analyzer/Cargo.toml @@ -9,7 +9,7 @@ edition = "2018" path = "src/lib.rs" [dependencies] -nom = "6.1.0" +nom = "7.1" serde = { version = "1.0", features = ["derive"] } thiserror = "1.0" chrono = "0.4.22" diff --git a/crates/app/Cargo.toml b/crates/app/Cargo.toml index 6580b0de0..8fe7082fc 100644 --- a/crates/app/Cargo.toml +++ b/crates/app/Cargo.toml @@ -6,9 +6,8 @@ version = "0.4.0" edition = "2018" [dependencies] -confy = "0.4.0" -directories = "2.0.2" -lmdb-rkv = "0.14.0" +confy = "0.4" +directories = "4.0" serde = { version = "1.0", features = ["derive"] } thiserror = "1.0" diff --git a/crates/daemon/Cargo.toml b/crates/daemon/Cargo.toml index 6045a4025..29944f53d 100644 --- a/crates/daemon/Cargo.toml +++ b/crates/daemon/Cargo.toml @@ -6,7 +6,7 @@ version = "0.4.0" edition = "2018" [dependencies] -nom = "6.1.0" +nom = "7.1" thiserror = "1.0" fapolicy-trust = { version = "*", path = "../trust" } dbus = "0.9" diff --git a/crates/rules/Cargo.toml b/crates/rules/Cargo.toml index 651ce2dfd..d3e62a942 100644 --- a/crates/rules/Cargo.toml +++ b/crates/rules/Cargo.toml @@ -12,6 +12,6 @@ path = "src/lib.rs" tempfile = "3.3" [dependencies] -nom = "6.1.0" +nom = "7.1" serde = { version = "1.0", features = ["derive"] } thiserror = "1.0" diff --git a/crates/tools/Cargo.toml b/crates/tools/Cargo.toml index ad5c3e7da..bcbce77dc 100644 --- a/crates/tools/Cargo.toml +++ b/crates/tools/Cargo.toml @@ -15,8 +15,8 @@ path = "src/rule_check.rs" [dependencies] clap = { version = "3.2.20", features = ["derive"] } -lmdb-rkv = "0.14.0" -nom = "6.1.0" +lmdb = "0.8" +nom = "7.1" rayon = "1.5" thiserror = "1.0" ariadne = "0.1" diff --git a/crates/trust/Cargo.toml b/crates/trust/Cargo.toml index ddcbc4f2b..b8a3f75c9 100644 --- a/crates/trust/Cargo.toml +++ b/crates/trust/Cargo.toml @@ -6,7 +6,7 @@ version = "0.4.0" edition = "2018" [dependencies] -lmdb-rkv = "0.14.0" +lmdb = "0.8" rayon = "1.5" serde = { version = "1.0", features = ["derive"] } thiserror = "1.0" diff --git a/crates/trust/src/read.rs b/crates/trust/src/read.rs index c01d52272..6512d1f80 100644 --- a/crates/trust/src/read.rs +++ b/crates/trust/src/read.rs @@ -59,12 +59,8 @@ pub fn load_trust_db(path: &str) -> Result { let lookup: HashMap = env .begin_ro_txn() .map(|t| { - t.open_ro_cursor(db).map(|mut c| { - c.iter() - .map(|c| c.unwrap()) - .map(|kv| TrustPair::new(kv).into()) - .collect() - }) + t.open_ro_cursor(db) + .map(|mut c| c.iter().map(|kv| TrustPair::new(kv).into()).collect()) }) .unwrap() .map_err(LmdbReadFail) diff --git a/fapolicy-analyzer.spec b/fapolicy-analyzer.spec index 11e68d954..a6c3b39f3 100644 --- a/fapolicy-analyzer.spec +++ b/fapolicy-analyzer.spec @@ -6,10 +6,6 @@ License: GPLv3+ URL: https://github.com/ctc-oss/fapolicy-analyzer Source0: %{url}/releases/download/v%{version}/fapolicy-analyzer.tar.gz -# this tarball contains bundled crates not available in Fedora -# reference: https://bugzilla.redhat.com/show_bug.cgi?id=2124697#c5 -Source1: %{url}/releases/download/v%{version}/vendor-rs%{?dist}.tar.gz - BuildRequires: python3-devel BuildRequires: python3dist(setuptools) BuildRequires: python3dist(pip) @@ -23,10 +19,8 @@ BuildRequires: desktop-file-utils BuildRequires: rust-packaging BuildRequires: python3dist(setuptools-rust) -BuildRequires: rust-arrayvec0.5-devel BuildRequires: rust-autocfg-devel BuildRequires: rust-bitflags-devel -BuildRequires: rust-bitvec-devel BuildRequires: rust-bumpalo-devel BuildRequires: rust-byteorder-devel BuildRequires: rust-cc-devel @@ -39,21 +33,23 @@ BuildRequires: rust-crossbeam-epoch-devel BuildRequires: rust-crossbeam-utils-devel BuildRequires: rust-data-encoding-devel BuildRequires: rust-dbus-devel +BuildRequires: rust-directories-devel BuildRequires: rust-dirs-sys-devel BuildRequires: rust-either-devel BuildRequires: rust-fastrand-devel -BuildRequires: rust-funty-devel BuildRequires: rust-getrandom-devel BuildRequires: rust-iana-time-zone-devel BuildRequires: rust-instant-devel BuildRequires: rust-lazy_static-devel -BuildRequires: rust-lexical-core-devel BuildRequires: rust-libc-devel BuildRequires: rust-libdbus-sys-devel +BuildRequires: rust-lmdb-devel BuildRequires: rust-lock_api-devel BuildRequires: rust-log-devel BuildRequires: rust-memchr-devel BuildRequires: rust-memoffset-devel +BuildRequires: rust-minimal-lexical-devel +BuildRequires: rust-nom-devel BuildRequires: rust-num-integer-devel BuildRequires: rust-num-traits-devel BuildRequires: rust-num_cpus-devel @@ -68,21 +64,17 @@ BuildRequires: rust-pyo3-build-config-devel BuildRequires: rust-pyo3-macros-devel BuildRequires: rust-pyo3-macros-backend-devel BuildRequires: rust-quote-devel -BuildRequires: rust-radium-devel BuildRequires: rust-rayon-devel BuildRequires: rust-rayon-core-devel BuildRequires: rust-remove_dir_all-devel BuildRequires: rust-ring-devel -BuildRequires: rust-ryu-devel BuildRequires: rust-scopeguard-devel BuildRequires: rust-serde-devel BuildRequires: rust-serde_derive-devel BuildRequires: rust-similar-devel BuildRequires: rust-smallvec-devel BuildRequires: rust-spin-devel -BuildRequires: rust-static_assertions-devel BuildRequires: rust-syn-devel -BuildRequires: rust-tap-devel BuildRequires: rust-tempfile-devel BuildRequires: rust-thiserror-devel BuildRequires: rust-thiserror-impl-devel @@ -91,12 +83,9 @@ BuildRequires: rust-toml-devel BuildRequires: rust-unicode-xid-devel BuildRequires: rust-unindent-devel BuildRequires: rust-untrusted-devel -BuildRequires: rust-version_check-devel -BuildRequires: rust-wyz-devel BuildRequires: rust-paste-devel BuildRequires: rust-indoc-devel - Requires: python3 Requires: python3-gobject Requires: python3-events @@ -113,22 +102,8 @@ Requires: gtksourceview3 Tools to assist with the configuration and management of fapolicyd. %prep -# An issue with unpacking the vendored crates is that an unprivileged user -# cannot write to the default registry at /usr/share/cargo/registry -# To unblock this, we link the contents of the /usr/share/cargo/registry -# into a new writable registry location, and then extract the contents of the -# vendor tarball to this new writable dir. -# Later the Cargo config will be updated to point to this new registry dir -CARGO_REG_DIR=%{_builddir}/vendor-rs -mkdir -p ${CARGO_REG_DIR} -for d in %{cargo_registry}/*; do ln -sf ${d} ${CARGO_REG_DIR}; done -tar -xzf %{SOURCE1} -C ${CARGO_REG_DIR} --strip-components=2 - %cargo_prep -# here the Cargo config is updated to point to the new registry dir -sed -i "s#%{cargo_registry}#${CARGO_REG_DIR}#g" .cargo/config - %autosetup -p0 -n %{name} # throw out the checked-in lock diff --git a/scripts/srpm/fapolicy-analyzer.spec b/scripts/srpm/fapolicy-analyzer.spec index dc7f2409c..4d9aaa24a 100644 --- a/scripts/srpm/fapolicy-analyzer.spec +++ b/scripts/srpm/fapolicy-analyzer.spec @@ -8,7 +8,7 @@ Source0: %{url}/releases/download/v%{version}/fapolicy-analyzer.tar.gz # this tarball contains bundled crates not available in Fedora # reference: https://bugzilla.redhat.com/show_bug.cgi?id=2124697#c5 -Source1: %{url}/releases/download/v%{version}/vendor-rs%{?dist}.tar.gz +Source1: %{url}/releases/download/v%{version}/vendor-rs.tar.gz # we need to provide some updates to python on el8 %if 0%{?rhel}