From 9c0c7a7d016fe52b12a6c8d3721feea9173abf41 Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Fri, 12 Apr 2024 12:35:25 +0200 Subject: [PATCH] fix: address changes done to Sigstore TUF repository The Sigstore project changed the internals of its TUF repository, which broke sigstore-rs. This commit updates to the latest version of sigstore-rs. The code changes have been caused by the massive changes done by sigstore-rs. Fixes https://github.com/kubewarden/kwctl/issues/753 Signed-off-by: Flavio Castelli --- Cargo.lock | 1264 ++++++++++++++++---------------------- Cargo.toml | 3 +- src/lib.rs | 70 ++- src/policy_downloader.rs | 66 +- 4 files changed, 616 insertions(+), 787 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c5b4e38a..abff5ffb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,16 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "Inflector" +version = "0.11.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3" +dependencies = [ + "lazy_static", + "regex", +] + [[package]] name = "addr2line" version = "0.21.0" @@ -38,6 +48,17 @@ dependencies = [ "cpufeatures", ] +[[package]] +name = "ahash" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9" +dependencies = [ + "getrandom", + "once_cell", + "version_check", +] + [[package]] name = "ahash" version = "0.8.11" @@ -154,140 +175,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457" [[package]] -name = "async-channel" -version = "1.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35" -dependencies = [ - "concurrent-queue", - "event-listener 2.5.3", - "futures-core", -] - -[[package]] -name = "async-channel" -version = "2.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "136d4d23bcc79e27423727b36823d86233aad06dfea531837b038394d11e9928" -dependencies = [ - "concurrent-queue", - "event-listener 5.3.0", - "event-listener-strategy 0.5.1", - "futures-core", - "pin-project-lite", -] - -[[package]] -name = "async-executor" -version = "1.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b10202063978b3351199d68f8b22c4e47e4b1b822f8d43fd862d5ea8c006b29a" -dependencies = [ - "async-task", - "concurrent-queue", - "fastrand 2.0.2", - "futures-lite 2.3.0", - "slab", -] - -[[package]] -name = "async-global-executor" -version = "2.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c" -dependencies = [ - "async-channel 2.2.1", - "async-executor", - "async-io 2.3.2", - "async-lock 3.3.0", - "blocking", - "futures-lite 2.3.0", - "once_cell", -] - -[[package]] -name = "async-io" -version = "1.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fc5b45d93ef0529756f812ca52e44c221b35341892d3dcc34132ac02f3dd2af" -dependencies = [ - "async-lock 2.8.0", - "autocfg", - "cfg-if", - "concurrent-queue", - "futures-lite 1.13.0", - "log", - "parking", - "polling 2.8.0", - "rustix 0.37.27", - "slab", - "socket2 0.4.10", - "waker-fn", -] - -[[package]] -name = "async-io" -version = "2.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcccb0f599cfa2f8ace422d3555572f47424da5648a4382a9dd0310ff8210884" -dependencies = [ - "async-lock 3.3.0", - "cfg-if", - "concurrent-queue", - "futures-io", - "futures-lite 2.3.0", - "parking", - "polling 3.6.0", - "rustix 0.38.32", - "slab", - "tracing", - "windows-sys 0.52.0", -] - -[[package]] -name = "async-lock" -version = "2.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b" -dependencies = [ - "event-listener 2.5.3", -] - -[[package]] -name = "async-lock" -version = "3.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d034b430882f8381900d3fe6f0aaa3ad94f2cb4ac519b429692a1bc2dda4ae7b" -dependencies = [ - "event-listener 4.0.3", - "event-listener-strategy 0.4.0", - "pin-project-lite", -] - -[[package]] -name = "async-std" -version = "1.12.0" +name = "async-recursion" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62565bb4402e926b29953c785397c6dc0391b7b446e45008b0049eb43cec6f5d" +checksum = "30c5ef0ede93efbf733c1a727f3b6b5a1060bbedd5600183e66f6e4be4af0ec5" dependencies = [ - "async-channel 1.9.0", - "async-global-executor", - "async-io 1.13.0", - "async-lock 2.8.0", - "crossbeam-utils", - "futures-channel", - "futures-core", - "futures-io", - "futures-lite 1.13.0", - "gloo-timers", - "kv-log-macro", - "log", - "memchr", - "once_cell", - "pin-project-lite", - "pin-utils", - "slab", - "wasm-bindgen-futures", + "proc-macro2", + "quote", + "syn 2.0.59", ] [[package]] @@ -312,12 +207,6 @@ dependencies = [ "syn 2.0.59", ] -[[package]] -name = "async-task" -version = "4.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" - [[package]] name = "async-trait" version = "0.1.80" @@ -329,12 +218,6 @@ dependencies = [ "syn 2.0.59", ] -[[package]] -name = "atomic-waker" -version = "1.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" - [[package]] name = "autocfg" version = "1.2.0" @@ -470,7 +353,7 @@ dependencies = [ "hyper-util", "pin-project-lite", "rustls 0.21.10", - "rustls-pemfile 2.1.2", + "rustls-pemfile", "tokio", "tokio-rustls 0.24.1", "tower", @@ -572,22 +455,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "blocking" -version = "1.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118" -dependencies = [ - "async-channel 2.2.1", - "async-lock 3.3.0", - "async-task", - "fastrand 2.0.2", - "futures-io", - "futures-lite 2.3.0", - "piper", - "tracing", -] - [[package]] name = "bstr" version = "1.9.1" @@ -607,14 +474,14 @@ checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "burrego" version = "0.3.4" -source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.16.4#c49018ee2aa5ab106adbfe19ba728fbe090da663" +source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.17.0#52fa632e2b882328aa0376d506a6cb99e8ac67d8" dependencies = [ "base64 0.22.0", "chrono", "chrono-tz", "gtmpl", "gtmpl_value", - "itertools 0.12.1", + "itertools", "json-patch", "lazy_static", "regex", @@ -640,32 +507,15 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" -[[package]] -name = "cached" -version = "0.44.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b195e4fbc4b6862bbd065b991a34750399c119797efff72492f28a5864de8700" -dependencies = [ - "async-trait", - "cached_proc_macro 0.17.0", - "cached_proc_macro_types", - "futures", - "hashbrown 0.13.2", - "instant", - "once_cell", - "thiserror", - "tokio", -] - [[package]] name = "cached" version = "0.49.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e8e463fceca5674287f32d252fb1d94083758b8709c160efae66d263e5f4eba" dependencies = [ - "ahash", + "ahash 0.8.11", "async-trait", - "cached_proc_macro 0.20.0", + "cached_proc_macro", "cached_proc_macro_types", "futures", "hashbrown 0.14.3", @@ -675,19 +525,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "cached_proc_macro" -version = "0.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b48814962d2fd604c50d2b9433c2a41a0ab567779ee2c02f7fba6eca1221f082" -dependencies = [ - "cached_proc_macro_types", - "darling 0.14.4", - "proc-macro2", - "quote", - "syn 1.0.109", -] - [[package]] name = "cached_proc_macro" version = "0.20.0" @@ -714,7 +551,7 @@ checksum = "769f8cd02eb04d57f14e2e371ebb533f96817f9b2525d73a5c72b61ca7973747" dependencies = [ "cap-primitives", "cap-std", - "io-lifetimes 2.0.3", + "io-lifetimes", "windows-sys 0.52.0", ] @@ -726,7 +563,7 @@ checksum = "59ff6d3fb274292a9af283417e383afe6ded1fe66f6472d2c781216d3d80c218" dependencies = [ "cap-primitives", "cap-std", - "rustix 0.38.32", + "rustix", "smallvec", ] @@ -739,10 +576,10 @@ dependencies = [ "ambient-authority", "fs-set-times", "io-extras", - "io-lifetimes 2.0.3", + "io-lifetimes", "ipnet", "maybe-owned", - "rustix 0.38.32", + "rustix", "windows-sys 0.52.0", "winx", ] @@ -765,8 +602,8 @@ checksum = "266626ce180cf9709f317d0bf9754e3a5006359d87f4bf792f06c9c5f1b63c0f" dependencies = [ "cap-primitives", "io-extras", - "io-lifetimes 2.0.3", - "rustix 0.38.32", + "io-lifetimes", + "rustix", ] [[package]] @@ -779,7 +616,7 @@ dependencies = [ "cap-primitives", "iana-time-zone", "once_cell", - "rustix 0.38.32", + "rustix", "winx", ] @@ -816,9 +653,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.37" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a0d04d43504c61aa6c7531f1871dd0d418d91130162063b789da00fd7057a5e" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ "android-tzdata", "iana-time-zone", @@ -905,15 +742,6 @@ dependencies = [ "memchr", ] -[[package]] -name = "concurrent-queue" -version = "2.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d16048cd947b08fa32c24458a22f5dc5e835264f689f4f5653210c69fd107363" -dependencies = [ - "crossbeam-utils", -] - [[package]] name = "const-oid" version = "0.9.6" @@ -1056,7 +884,7 @@ dependencies = [ "cranelift-codegen", "cranelift-entity", "cranelift-frontend", - "itertools 0.12.1", + "itertools", "log", "smallvec", "wasmparser 0.201.0", @@ -1260,6 +1088,12 @@ dependencies = [ "uuid", ] +[[package]] +name = "decoded-char" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5440d1dc8ea7cae44cda3c64568db29bfa2434aba51ae66a50c00488841a65a3" + [[package]] name = "der" version = "0.7.9" @@ -1418,16 +1252,10 @@ checksum = "e5766087c2235fec47fafa4cfecc81e494ee679d0fd4a59887ea0919bfb0e4fc" dependencies = [ "cfg-if", "libc", - "socket2 0.5.6", + "socket2", "windows-sys 0.48.0", ] -[[package]] -name = "doc-comment" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" - [[package]] name = "docker_credential" version = "1.3.1" @@ -1551,69 +1379,12 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "event-listener" -version = "2.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" - -[[package]] -name = "event-listener" -version = "4.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67b215c49b2b248c855fb73579eb1f4f26c38ffdc12973e20e07b91d78d5646e" -dependencies = [ - "concurrent-queue", - "parking", - "pin-project-lite", -] - -[[package]] -name = "event-listener" -version = "5.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d9944b8ca13534cdfb2800775f8dd4902ff3fc75a50101466decadfdf322a24" -dependencies = [ - "concurrent-queue", - "parking", - "pin-project-lite", -] - -[[package]] -name = "event-listener-strategy" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3" -dependencies = [ - "event-listener 4.0.3", - "pin-project-lite", -] - -[[package]] -name = "event-listener-strategy" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "332f51cb23d20b0de8458b86580878211da09bcd4503cb579c225b3d124cabb3" -dependencies = [ - "event-listener 5.3.0", - "pin-project-lite", -] - [[package]] name = "fallible-iterator" version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" -[[package]] -name = "fastrand" -version = "1.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" -dependencies = [ - "instant", -] - [[package]] name = "fastrand" version = "2.0.2" @@ -1627,7 +1398,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7e5768da2206272c81ef0b5e951a41862938a6070da63bcea197899942d3b947" dependencies = [ "cfg-if", - "rustix 0.38.32", + "rustix", "windows-sys 0.52.0", ] @@ -1677,6 +1448,21 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1698,8 +1484,8 @@ version = "0.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "033b337d725b97690d86893f9de22b67b80dcc4e9ad815f348254c38119db8fb" dependencies = [ - "io-lifetimes 2.0.3", - "rustix 0.38.32", + "io-lifetimes", + "rustix", "windows-sys 0.52.0", ] @@ -1751,34 +1537,6 @@ version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" -[[package]] -name = "futures-lite" -version = "1.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49a9d51ce47660b1e808d3c990b4709f2f415d928835a17dfd16991515c46bce" -dependencies = [ - "fastrand 1.9.0", - "futures-core", - "futures-io", - "memchr", - "parking", - "pin-project-lite", - "waker-fn", -] - -[[package]] -name = "futures-lite" -version = "2.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52527eb5074e35e9339c6b4e8d12600c7128b68fb25dcb9fa9dec18f7c25f3a5" -dependencies = [ - "fastrand 2.0.2", - "futures-core", - "futures-io", - "parking", - "pin-project-lite", -] - [[package]] name = "futures-macro" version = "0.3.30" @@ -1866,10 +1624,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi", - "wasm-bindgen", ] [[package]] @@ -1914,18 +1670,6 @@ dependencies = [ "regex-syntax 0.8.3", ] -[[package]] -name = "gloo-timers" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b995a66bb87bebce9a0f4a95aed01daca4872c050bfcb21653361c03bc35e5c" -dependencies = [ - "futures-channel", - "futures-core", - "js-sys", - "wasm-bindgen", -] - [[package]] name = "group" version = "0.13.0" @@ -2003,6 +1747,9 @@ name = "hashbrown" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +dependencies = [ + "ahash 0.7.8", +] [[package]] name = "hashbrown" @@ -2010,7 +1757,7 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" dependencies = [ - "ahash", + "ahash 0.8.11", ] [[package]] @@ -2019,7 +1766,7 @@ version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" dependencies = [ - "ahash", + "ahash 0.8.11", "allocator-api2", ] @@ -2168,7 +1915,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.5.6", + "socket2", "tokio", "tower-service", "tracing", @@ -2198,16 +1945,19 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.24.2" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" dependencies = [ "futures-util", - "http 0.2.12", - "hyper 0.14.28", - "rustls 0.21.10", + "http 1.1.0", + "hyper 1.2.0", + "hyper-util", + "rustls 0.22.3", + "rustls-pki-types", "tokio", - "tokio-rustls 0.24.1", + "tokio-rustls 0.25.0", + "tower-service", ] [[package]] @@ -2254,6 +2004,22 @@ dependencies = [ "tower-service", ] +[[package]] +name = "hyper-tls" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" +dependencies = [ + "bytes", + "http-body-util", + "hyper 1.2.0", + "hyper-util", + "native-tls", + "tokio", + "tokio-native-tls", + "tower-service", +] + [[package]] name = "hyper-util" version = "0.1.3" @@ -2267,7 +2033,7 @@ dependencies = [ "http-body 1.0.0", "hyper 1.2.0", "pin-project-lite", - "socket2 0.5.6", + "socket2", "tokio", "tower", "tower-service", @@ -2366,21 +2132,10 @@ version = "0.18.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9f046b9af244f13b3bd939f55d16830ac3a201e8a9ba9661bfcb03e2be72b9b" dependencies = [ - "io-lifetimes 2.0.3", + "io-lifetimes", "windows-sys 0.52.0", ] -[[package]] -name = "io-lifetimes" -version = "1.0.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" -dependencies = [ - "hermit-abi", - "libc", - "windows-sys 0.48.0", -] - [[package]] name = "io-lifetimes" version = "2.0.3" @@ -2393,15 +2148,6 @@ version = "2.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" -[[package]] -name = "itertools" -version = "0.10.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" -dependencies = [ - "either", -] - [[package]] name = "itertools" version = "0.12.1" @@ -2477,6 +2223,18 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "json-number" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c54d19ae7e6fc83aafa649707655a9a0ac956a0f62793bde4cfd193b0693fdf" +dependencies = [ + "lexical", + "ryu-js", + "serde", + "smallvec", +] + [[package]] name = "json-patch" version = "1.2.0" @@ -2489,6 +2247,25 @@ dependencies = [ "treediff", ] +[[package]] +name = "json-syntax" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbe45447363747ecc18deb478f945df8482edafbae21e51bdc73eab76883c6a5" +dependencies = [ + "decoded-char", + "hashbrown 0.12.3", + "indexmap 1.9.3", + "json-number", + "locspan", + "locspan-derive", + "ryu-js", + "serde", + "smallstr", + "smallvec", + "utf8-decode", +] + [[package]] name = "jsonpath-rust" version = "0.5.0" @@ -2575,9 +2352,9 @@ dependencies = [ "jsonpath-rust", "k8s-openapi", "kube-core", - "pem 3.0.4", + "pem", "rustls 0.23.4", - "rustls-pemfile 2.1.2", + "rustls-pemfile", "secrecy", "serde", "serde_json", @@ -2612,7 +2389,7 @@ version = "0.90.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4560e2c5c71366f6dceb6500ce33cf72299aede92381bb875dc2d4ba4f102c21" dependencies = [ - "ahash", + "ahash 0.8.11", "async-trait", "backoff", "derivative", @@ -2654,15 +2431,6 @@ dependencies = [ "wapc-guest", ] -[[package]] -name = "kv-log-macro" -version = "1.0.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f" -dependencies = [ - "log", -] - [[package]] name = "lazy_static" version = "1.4.0" @@ -2678,6 +2446,79 @@ version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67" +[[package]] +name = "lexical" +version = "6.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7aefb36fd43fef7003334742cbf77b243fcd36418a1d1bdd480d613a67968f6" +dependencies = [ + "lexical-core", +] + +[[package]] +name = "lexical-core" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2cde5de06e8d4c2faabc400238f9ae1c74d5412d03a7bd067645ccbc47070e46" +dependencies = [ + "lexical-parse-float", + "lexical-parse-integer", + "lexical-util", + "lexical-write-float", + "lexical-write-integer", +] + +[[package]] +name = "lexical-parse-float" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "683b3a5ebd0130b8fb52ba0bdc718cc56815b6a097e28ae5a6997d0ad17dc05f" +dependencies = [ + "lexical-parse-integer", + "lexical-util", + "static_assertions", +] + +[[package]] +name = "lexical-parse-integer" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d0994485ed0c312f6d965766754ea177d07f9c00c9b82a5ee62ed5b47945ee9" +dependencies = [ + "lexical-util", + "static_assertions", +] + +[[package]] +name = "lexical-util" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5255b9ff16ff898710eb9eb63cb39248ea8a5bb036bea8085b1a767ff6c4e3fc" +dependencies = [ + "static_assertions", +] + +[[package]] +name = "lexical-write-float" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accabaa1c4581f05a3923d1b4cfd124c329352288b7b9da09e766b0668116862" +dependencies = [ + "lexical-util", + "lexical-write-integer", + "static_assertions", +] + +[[package]] +name = "lexical-write-integer" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1b6f3d1f4422866b68192d62f77bc5c700bee84f3069f2469d7bc8c77852446" +dependencies = [ + "lexical-util", + "static_assertions", +] + [[package]] name = "libc" version = "0.2.153" @@ -2700,12 +2541,6 @@ dependencies = [ "libc", ] -[[package]] -name = "linux-raw-sys" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" - [[package]] name = "linux-raw-sys" version = "0.4.13" @@ -2722,14 +2557,29 @@ dependencies = [ "scopeguard", ] +[[package]] +name = "locspan" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33890449fcfac88e94352092944bf321f55e5deb4e289a6f51c87c55731200a0" + +[[package]] +name = "locspan-derive" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e88991223b049a3d29ca1f60c05639581336a0f3ee4bf8a659dddecc11c4961a" +dependencies = [ + "proc-macro-error", + "proc-macro2", + "quote", + "syn 1.0.109", +] + [[package]] name = "log" version = "0.4.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" -dependencies = [ - "value-bag", -] [[package]] name = "mach" @@ -2802,7 +2652,7 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b2cffa4ad52c6f791f4f8b15f0c05f9824b2ced1160e88cc393d64fff9a8ac64" dependencies = [ - "rustix 0.38.32", + "rustix", ] [[package]] @@ -2829,16 +2679,6 @@ version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" -[[package]] -name = "mime_guess" -version = "2.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4192263c238a5f0d0c6bfd21f336a313a4ce1c450542449ca191bb657b4642ef" -dependencies = [ - "mime", - "unicase", -] - [[package]] name = "miniz_oxide" version = "0.7.2" @@ -2904,6 +2744,24 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03" +[[package]] +name = "native-tls" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" +dependencies = [ + "lazy_static", + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + [[package]] name = "ndk-context" version = "0.1.1" @@ -3052,26 +2910,6 @@ dependencies = [ "libc", ] -[[package]] -name = "oauth2" -version = "4.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c38841cdd844847e3e7c8d29cef9dcfed8877f8f56f9071f77843ecf3baf937f" -dependencies = [ - "base64 0.13.1", - "chrono", - "getrandom", - "http 0.2.12", - "rand", - "reqwest", - "serde", - "serde_json", - "serde_path_to_error", - "sha2", - "thiserror", - "url", -] - [[package]] name = "objc" version = "0.2.7" @@ -3095,43 +2933,18 @@ dependencies = [ [[package]] name = "oci-distribution" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ac5b780ce1bd6c3c2ff72a3013f4b2d56d53ae03b20d424e99d2f6556125138" -dependencies = [ - "futures", - "futures-util", - "http 0.2.12", - "http-auth", - "jwt", - "lazy_static", - "olpc-cjson", - "regex", - "reqwest", - "serde", - "serde_json", - "sha2", - "thiserror", - "tokio", - "tokio-util", - "tracing", - "unicase", -] - -[[package]] -name = "oci-distribution" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a635cabf7a6eb4e5f13e9e82bd9503b7c2461bf277132e38638a935ebd684b4" +checksum = "b95a2c51531af0cb93761f66094044ca6ea879320bccd35ab747ff3fcab3f422" dependencies = [ "bytes", "chrono", "futures-util", - "http 0.2.12", + "http 1.1.0", "http-auth", "jwt", "lazy_static", - "olpc-cjson", + "olpc-cjson 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", "regex", "reqwest", "serde", @@ -3176,6 +2989,16 @@ dependencies = [ "unicode-normalization", ] +[[package]] +name = "olpc-cjson" +version = "0.1.3" +source = "git+https://github.com/flavio/tough.git?branch=update-reqwest#ad9cb20c1bc871111e2de7f799e1e43e30e2eec3" +dependencies = [ + "serde", + "serde_json", + "unicode-normalization", +] + [[package]] name = "once_cell" version = "1.19.0" @@ -3189,35 +3012,29 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] -name = "openidconnect" -version = "3.5.0" +name = "openssl" +version = "0.10.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f47e80a9cfae4462dd29c41e987edd228971d6565553fbc14b8a11e666d91590" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" dependencies = [ - "base64 0.13.1", - "chrono", - "dyn-clone", - "ed25519-dalek", - "hmac", - "http 0.2.12", - "itertools 0.10.5", - "log", - "oauth2", - "p256", - "p384", - "rand", - "rsa", - "serde", - "serde-value", - "serde_derive", - "serde_json", - "serde_path_to_error", - "serde_plain", - "serde_with", - "sha2", - "subtle", - "thiserror", - "url", + "bitflags 2.5.0", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.59", ] [[package]] @@ -3226,6 +3043,18 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +[[package]] +name = "openssl-sys" +version = "0.9.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "opentelemetry" version = "0.22.0" @@ -3354,12 +3183,6 @@ dependencies = [ "sha2", ] -[[package]] -name = "parking" -version = "2.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" - [[package]] name = "parking_lot" version = "0.12.1" @@ -3409,24 +3232,6 @@ version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" -[[package]] -name = "path-absolutize" -version = "3.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4af381fe79fa195b4909485d99f73a80792331df0625188e707854f0b3383f5" -dependencies = [ - "path-dedot", -] - -[[package]] -name = "path-dedot" -version = "3.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07ba0ad7e047712414213ff67533e6dd477af0a4e1d14fb52343e53d30ea9397" -dependencies = [ - "once_cell", -] - [[package]] name = "path-slash" version = "0.2.1" @@ -3434,32 +3239,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e91099d4268b0e11973f036e885d652fb0b21fedcf69738c627f94db6a44f42" [[package]] -name = "pbkdf2" -version = "0.12.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" -dependencies = [ - "digest", - "hmac", -] - -[[package]] -name = "pem" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" -dependencies = [ - "base64 0.13.1", -] - -[[package]] -name = "pem" -version = "2.0.1" +name = "pbkdf2" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a" +checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ - "base64 0.21.7", - "serde", + "digest", + "hmac", ] [[package]] @@ -3680,17 +3466,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" -[[package]] -name = "piper" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" -dependencies = [ - "atomic-waker", - "fastrand 2.0.2", - "futures-io", -] - [[package]] name = "pkcs1" version = "0.7.5" @@ -3743,18 +3518,18 @@ checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" [[package]] name = "policy-evaluator" -version = "0.16.4" -source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.16.4#c49018ee2aa5ab106adbfe19ba728fbe090da663" +version = "0.17.0" +source = "git+https://github.com/kubewarden/policy-evaluator?tag=v0.17.0#52fa632e2b882328aa0376d506a6cb99e8ac67d8" dependencies = [ "anyhow", "base64 0.22.0", "burrego", - "cached 0.49.3", + "cached", "chrono", "dns-lookup", "email_address", "futures", - "itertools 0.12.1", + "itertools", "json-patch", "k8s-openapi", "kube", @@ -3784,23 +3559,23 @@ dependencies = [ [[package]] name = "policy-fetcher" -version = "0.8.3" -source = "git+https://github.com/kubewarden/policy-fetcher?tag=v0.8.3#84ce045177eb672b25e17f614a0511c2993b7ec6" +version = "0.8.4" +source = "git+https://github.com/kubewarden/policy-fetcher?tag=v0.8.4#3735fecb1d6f394d0133bf8f807fdca0b7430d79" dependencies = [ - "async-std", - "async-stream", "async-trait", "base64 0.22.0", "cfg-if", "directories", "docker_credential", "lazy_static", - "oci-distribution 0.10.0", + "oci-distribution", "path-slash", + "pem", "rayon", "regex", "reqwest", "rustls 0.23.4", + "rustls-pki-types", "serde", "serde_json", "serde_yaml", @@ -3824,7 +3599,7 @@ dependencies = [ "daemonize", "futures", "http-body-util", - "itertools 0.12.1", + "itertools", "k8s-openapi", "lazy_static", "mime", @@ -3839,6 +3614,7 @@ dependencies = [ "rayon", "regex", "rstest", + "rustls-pki-types", "semver", "serde", "serde_json", @@ -3854,37 +3630,6 @@ dependencies = [ "tracing-subscriber", ] -[[package]] -name = "polling" -version = "2.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b2d323e8ca7996b3e23126511a523f7e62924d93ecd5ae73b333815b0eb3dce" -dependencies = [ - "autocfg", - "bitflags 1.3.2", - "cfg-if", - "concurrent-queue", - "libc", - "log", - "pin-project-lite", - "windows-sys 0.48.0", -] - -[[package]] -name = "polling" -version = "3.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0c976a60b2d7e99d6f229e414670a9b85d13ac305cc6d1e9c134de58c5aaaf6" -dependencies = [ - "cfg-if", - "concurrent-queue", - "hermit-abi", - "pin-project-lite", - "rustix 0.38.32", - "tracing", - "windows-sys 0.52.0", -] - [[package]] name = "poly1305" version = "0.8.0" @@ -3960,9 +3705,9 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43691bed4607592afec0d97723e6820211ce6b84089e082f04dbc882ea9379b8" +checksum = "5ac2cf0f2e4f42b49f5ffd07dae8d746508ef7526c13940e5f524012ae6c6550" dependencies = [ "proc-macro2", "syn 2.0.59", @@ -4028,7 +3773,7 @@ checksum = "80b776a1b2dc779f5ee0641f8ade0125bc1298dd41a9a0c16d8bd57b42d222b1" dependencies = [ "bytes", "heck 0.5.0", - "itertools 0.12.1", + "itertools", "log", "multimap", "once_cell", @@ -4048,7 +3793,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19de2de2a00075bf566bee3bd4db014b11587e84184d3f7a791bc17f1a8e9e48" dependencies = [ "anyhow", - "itertools 0.12.1", + "itertools", "proc-macro2", "quote", "syn 2.0.59", @@ -4222,37 +3967,39 @@ checksum = "e898588f33fdd5b9420719948f9f2a32c922a246964576f71ba7f24f80610fbc" [[package]] name = "reqwest" -version = "0.11.27" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" +checksum = "3e6cc1e89e689536eb5aeede61520e874df5a4707df811cd5da4aa5fbb2aae19" dependencies = [ - "base64 0.21.7", + "base64 0.22.0", "bytes", - "encoding_rs", "futures-core", "futures-util", - "h2 0.3.26", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.28", - "hyper-rustls 0.24.2", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "hyper 1.2.0", + "hyper-rustls 0.26.0", + "hyper-tls", + "hyper-util", "ipnet", "js-sys", "log", "mime", - "mime_guess", + "native-tls", "once_cell", "percent-encoding", "pin-project-lite", - "rustls 0.21.10", - "rustls-pemfile 1.0.4", + "rustls 0.22.3", + "rustls-pemfile", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", "sync_wrapper 0.1.2", - "system-configuration", "tokio", - "tokio-rustls 0.24.1", + "tokio-native-tls", + "tokio-rustls 0.25.0", "tokio-util", "tower-service", "url", @@ -4274,21 +4021,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.8" @@ -4300,7 +4032,7 @@ dependencies = [ "getrandom", "libc", "spin 0.9.8", - "untrusted 0.9.0", + "untrusted", "windows-sys 0.52.0", ] @@ -4374,20 +4106,6 @@ dependencies = [ "semver", ] -[[package]] -name = "rustix" -version = "0.37.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fea8ca367a3a01fe35e6943c400addf443c0f57670e6ec51196f71a4b8762dd2" -dependencies = [ - "bitflags 1.3.2", - "errno", - "io-lifetimes 1.0.11", - "libc", - "linux-raw-sys 0.3.8", - "windows-sys 0.48.0", -] - [[package]] name = "rustix" version = "0.38.32" @@ -4398,7 +4116,7 @@ dependencies = [ "errno", "itoa", "libc", - "linux-raw-sys 0.4.13", + "linux-raw-sys", "once_cell", "windows-sys 0.52.0", ] @@ -4410,11 +4128,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring 0.17.8", + "ring", "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99008d7ad0bbbea527ec27bddbc0e432c5b87d8175178cee68d2eec9c4a1813c" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", +] + [[package]] name = "rustls" version = "0.23.4" @@ -4423,7 +4155,7 @@ checksum = "8c4d6d8ad9f2492485e13453acbb291dd08f64441b6609c491f1c2cd2c6b4fe1" dependencies = [ "log", "once_cell", - "ring 0.17.8", + "ring", "rustls-pki-types", "rustls-webpki 0.102.2", "subtle", @@ -4437,21 +4169,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" dependencies = [ "openssl-probe", - "rustls-pemfile 2.1.2", + "rustls-pemfile", "rustls-pki-types", "schannel", "security-framework", ] -[[package]] -name = "rustls-pemfile" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" -dependencies = [ - "base64 0.21.7", -] - [[package]] name = "rustls-pemfile" version = "2.1.2" @@ -4474,8 +4197,8 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -4484,9 +4207,9 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ - "ring 0.17.8", + "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -4501,6 +4224,12 @@ version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +[[package]] +name = "ryu-js" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6518fc26bced4d53678a22d6e423e9d8716377def84545fe328236e3af070e7f" + [[package]] name = "salsa20" version = "0.10.2" @@ -4528,6 +4257,49 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "schemafy" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9725c16a64e85972fcb3630677be83fef699a1cd8e4bfbdcf3b3c6675f838a19" +dependencies = [ + "Inflector", + "schemafy_core", + "schemafy_lib", + "serde", + "serde_derive", + "serde_json", + "serde_repr", + "syn 1.0.109", +] + +[[package]] +name = "schemafy_core" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2bec29dddcfe60f92f3c0d422707b8b56473983ef0481df8d5236ed3ab8fdf24" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "schemafy_lib" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af3d87f1df246a9b7e2bfd1f4ee5f88e48b11ef9cfc62e63f0dead255b1a6f5f" +dependencies = [ + "Inflector", + "proc-macro2", + "quote", + "schemafy_core", + "serde", + "serde_derive", + "serde_json", + "syn 1.0.109", + "uriparse", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -4552,8 +4324,8 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -4681,6 +4453,17 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_repr" +version = "0.1.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c64451ba24fc7a6a2d60fc75dd9c83c90903b19028d4eff35e88fc1e86564e9" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.59", +] + [[package]] name = "serde_spanned" version = "0.6.5" @@ -4816,44 +4599,50 @@ dependencies = [ [[package]] name = "sigstore" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a306742205ee5e287f0c0cbb8f8361f6eda60a67232860c9e285778f001680fa" +version = "0.9.0" +source = "git+https://github.com/flavio/sigstore-rs.git?rev=46b1cb63b193ab3402beeae5b4999c42cfc65e43#46b1cb63b193ab3402beeae5b4999c42cfc65e43" dependencies = [ "async-trait", - "base64 0.21.7", - "cached 0.44.0", + "base64 0.22.0", + "cached", "cfg-if", "chrono", "const-oid", "crypto_secretbox", "digest", + "dyn-clone", "ecdsa", "ed25519", "ed25519-dalek", "elliptic-curve", + "futures", + "futures-util", "getrandom", + "hex", + "json-syntax", "lazy_static", - "oci-distribution 0.9.4", - "olpc-cjson", - "openidconnect", + "oci-distribution", + "olpc-cjson 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", "p256", "p384", - "pem 2.0.1", - "picky", + "pem", "pkcs1", "pkcs8", "rand", "regex", - "reqwest", "rsa", + "rustls-webpki 0.102.2", "scrypt", "serde", "serde_json", + "serde_repr", + "serde_with", "sha2", "signature", + "sigstore_protobuf_specs", "thiserror", "tokio", + "tokio-util", "tough", "tracing", "url", @@ -4862,6 +4651,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "sigstore_protobuf_specs" +version = "0.1.0-rc.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c54c3284a3ed53bd585dfbbe80b81142ad35128d7cba817623c4e066a4a95a2b" +dependencies = [ + "schemafy", + "schemafy_core", + "serde", + "serde_json", +] + [[package]] name = "siphasher" version = "0.3.11" @@ -4889,6 +4690,16 @@ version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8347046d4ebd943127157b94d63abb990fcf729dc4e9978927fdf4ac3c998d06" +[[package]] +name = "smallstr" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63b1aefdf380735ff8ded0b15f31aab05daf1f70216c01c02a12926badd1df9d" +dependencies = [ + "serde", + "smallvec", +] + [[package]] name = "smallvec" version = "1.13.2" @@ -4897,34 +4708,25 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "snafu" -version = "0.7.5" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4de37ad025c587a29e8f3f5605c00f70b98715ef90b9061a815b9e59e9042d6" +checksum = "75976f4748ab44f6e5332102be424e7c2dc18daeaf7e725f2040c3ebb133512e" dependencies = [ - "doc-comment", + "futures-core", + "pin-project", "snafu-derive", ] [[package]] name = "snafu-derive" -version = "0.7.5" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "990079665f075b699031e9c08fd3ab99be5029b96f3b78dc0709e8f77e4efebf" +checksum = "b4b19911debfb8c2fb1107bc6cb2d61868aaf53a988449213959bb1b5b1ed95f" dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 1.0.109", -] - -[[package]] -name = "socket2" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" -dependencies = [ - "libc", - "winapi", + "syn 2.0.59", ] [[package]] @@ -4971,6 +4773,12 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" +[[package]] +name = "static_assertions" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" + [[package]] name = "strsim" version = "0.10.0" @@ -5046,27 +4854,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" -[[package]] -name = "system-configuration" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" -dependencies = [ - "bitflags 1.3.2", - "core-foundation", - "system-configuration-sys", -] - -[[package]] -name = "system-configuration-sys" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "system-interface" version = "0.27.2" @@ -5077,8 +4864,8 @@ dependencies = [ "cap-fs-ext", "cap-std", "fd-lock", - "io-lifetimes 2.0.3", - "rustix 0.38.32", + "io-lifetimes", + "rustix", "windows-sys 0.52.0", "winx", ] @@ -5096,8 +4883,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "85b77fafb263dd9d05cbeac119526425676db3784113aa9295c88498cbf8bff1" dependencies = [ "cfg-if", - "fastrand 2.0.2", - "rustix 0.38.32", + "fastrand", + "rustix", "windows-sys 0.52.0", ] @@ -5218,7 +5005,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.6", + "socket2", "tokio-macros", "windows-sys 0.48.0", ] @@ -5244,6 +5031,16 @@ dependencies = [ "syn 2.0.59", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + [[package]] name = "tokio-rustls" version = "0.24.1" @@ -5254,6 +5051,17 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-rustls" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +dependencies = [ + "rustls 0.22.3", + "rustls-pki-types", + "tokio", +] + [[package]] name = "tokio-rustls" version = "0.26.0" @@ -5284,7 +5092,6 @@ checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" dependencies = [ "bytes", "futures-core", - "futures-io", "futures-sink", "pin-project-lite", "slab", @@ -5355,27 +5162,33 @@ dependencies = [ [[package]] name = "tough" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c259b2bd13fdff3305a5a92b45befb1adb315d664612c8991be57fb6a83dc126" +version = "0.17.1" +source = "git+https://github.com/flavio/tough.git?branch=update-reqwest#ad9cb20c1bc871111e2de7f799e1e43e30e2eec3" dependencies = [ + "async-recursion", + "async-trait", + "bytes", "chrono", "dyn-clone", + "futures", + "futures-core", "globset", "hex", "log", - "olpc-cjson", - "path-absolutize", - "pem 1.1.1", + "olpc-cjson 0.1.3 (git+https://github.com/flavio/tough.git?branch=update-reqwest)", + "pem", "percent-encoding", "reqwest", - "ring 0.16.20", + "ring", "serde", "serde_json", "serde_plain", "snafu", "tempfile", - "untrusted 0.7.1", + "tokio", + "tokio-util", + "typed-path", + "untrusted", "url", "walkdir", ] @@ -5539,6 +5352,12 @@ version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" +[[package]] +name = "typed-path" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "668404597c2c687647f6f8934f97c280fd500db28557f52b07c56b92d3dc500a" + [[package]] name = "typenum" version = "1.17.0" @@ -5611,15 +5430,19 @@ checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" [[package]] name = "untrusted" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] -name = "untrusted" -version = "0.9.0" +name = "uriparse" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +checksum = "0200d0fc04d809396c2ad43f3c95da3582a2556eba8d453c1087f4120ee352ff" +dependencies = [ + "fnv", + "lazy_static", +] [[package]] name = "url" @@ -5639,6 +5462,12 @@ version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" +[[package]] +name = "utf8-decode" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca61eb27fa339aa08826a29f03e87b99b4d8f0fc2255306fd266bb1b6a9de498" + [[package]] name = "utf8parse" version = "0.2.1" @@ -5688,10 +5517,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] -name = "value-bag" -version = "1.8.1" +name = "vcpkg" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74797339c3b98616c009c7c3eb53a0ce41e85c8ec66bd3db96ed132d20cfdee8" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] name = "version_check" @@ -5699,12 +5528,6 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -[[package]] -name = "waker-fn" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690" - [[package]] name = "walkdir" version = "2.5.0" @@ -5765,10 +5588,10 @@ dependencies = [ "cap-time-ext", "fs-set-times", "io-extras", - "io-lifetimes 2.0.3", + "io-lifetimes", "log", "once_cell", - "rustix 0.38.32", + "rustix", "system-interface", "thiserror", "tracing", @@ -5929,7 +5752,7 @@ dependencies = [ "once_cell", "paste", "rayon", - "rustix 0.38.32", + "rustix", "semver", "serde", "serde_derive", @@ -5972,7 +5795,7 @@ dependencies = [ "bincode", "directories-next", "log", - "rustix 0.38.32", + "rustix", "serde", "serde_derive", "sha2", @@ -6078,7 +5901,7 @@ dependencies = [ "anyhow", "cc", "cfg-if", - "rustix 0.38.32", + "rustix", "wasmtime-asm-macros", "wasmtime-versioned-export-macros", "windows-sys 0.52.0", @@ -6092,7 +5915,7 @@ checksum = "92de34217bf7f0464262adf391a9950eba440f9dfc7d3b0e3209302875c6f65f" dependencies = [ "object", "once_cell", - "rustix 0.38.32", + "rustix", "wasmtime-versioned-export-macros", ] @@ -6143,7 +5966,7 @@ dependencies = [ "memoffset", "paste", "psm", - "rustix 0.38.32", + "rustix", "sptr", "wasm-encoder 0.201.0", "wasmtime-asm-macros", @@ -6203,9 +6026,9 @@ dependencies = [ "fs-set-times", "futures", "io-extras", - "io-lifetimes 2.0.3", + "io-lifetimes", "once_cell", - "rustix 0.38.32", + "rustix", "system-interface", "thiserror", "tokio", @@ -6321,9 +6144,12 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.25.4" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +dependencies = [ + "rustls-pki-types", +] [[package]] name = "wiggle" @@ -6639,9 +6465,9 @@ dependencies = [ [[package]] name = "winreg" -version = "0.50.0" +version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" dependencies = [ "cfg-if", "windows-sys 0.48.0", @@ -6707,6 +6533,8 @@ checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid", "der", + "sha1", + "signature", "spki", "tls_codec", ] diff --git a/Cargo.toml b/Cargo.toml index a3c9b7e1..f916c9bc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,7 +29,8 @@ opentelemetry = { version = "0.22.0", default-features = false, features = [ ] } opentelemetry_sdk = { version = "0.22.1", features = ["rt-tokio"] } pprof = { version = "0.13", features = ["prost-codec"] } -policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.16.4" } +policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.17.0" } +rustls-pki-types = { version = "1", features = ["alloc"] } rayon = "1.10" regex = "1.10" serde_json = "1.0" diff --git a/src/lib.rs b/src/lib.rs index e649e05a..7416ccf6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -13,22 +13,28 @@ pub mod metrics; pub mod profiling; pub mod tracing; -use ::tracing::{debug, error, info, Level}; +use ::tracing::{debug, info, Level}; use anyhow::{anyhow, Result}; -use axum::routing::{get, post}; -use axum::Router; +use axum::{ + routing::{get, post}, + Router, +}; use axum_server::tls_rustls::RustlsConfig; -use policy_evaluator::callback_handler::CallbackHandler; -use policy_evaluator::policy_fetcher::sigstore; -use policy_evaluator::policy_fetcher::verify::FulcioAndRekorData; -use policy_evaluator::wasmtime; -use policy_evaluator::{callback_handler::CallbackHandlerBuilder, kube}; +use policy_evaluator::{ + callback_handler::{CallbackHandler, CallbackHandlerBuilder}, + kube, + policy_fetcher::sigstore::trust::{ + sigstore::{ManualTrustRoot, SigstoreTrustRoot}, + TrustRoot, + }, + wasmtime, +}; use rayon::prelude::*; -use std::net::SocketAddr; -use std::sync::Arc; -use tokio::sync::oneshot; -use tokio::sync::Semaphore; -use tokio::time; +use std::{net::SocketAddr, sync::Arc}; +use tokio::{ + sync::{oneshot, Semaphore}, + time, +}; use tower_http::trace::{self, TraceLayer}; use crate::api::handlers::{ @@ -57,30 +63,28 @@ impl PolicyServer { let (callback_handler_shutdown_channel_tx, callback_handler_shutdown_channel_rx) = oneshot::channel(); - // TODO: remove the spawn blocking once the Sigstore client is async - // see: https://github.com/sigstore/sigstore-rs/pull/320 - let fulcio_and_rekor_data = match tokio::task::spawn_blocking(|| { - sigstore::tuf::SigstoreRepository::fetch(None) - }) - .await - .unwrap() - { - Ok(repo) => Some(FulcioAndRekorData::FromTufRepository { repo }), - Err(e) => { - error!("Cannot fetch TUF repository: {e:?}"); - error!("Sigstore Verifier created without Fulcio data: keyless signatures are going to be discarded because they cannot be verified"); - error!( - "Sigstore Verifier created without Rekor data: transparency log data won't be used" - ); - error!("Sigstore capabilities are going to be limited"); - None - } + let repo = SigstoreTrustRoot::new(Some(config.sigstore_cache_dir.as_path())).await?; + let fulcio_certs: Vec = repo + .fulcio_certs() + .expect("Cannot fetch Fulcio certificates from TUF repository") + .into_iter() + .map(|c| c.into_owned()) + .collect(); + let manual_root = ManualTrustRoot { + fulcio_certs: Some(fulcio_certs), + rekor_keys: Some( + repo.rekor_keys() + .expect("Cannot fetch Rekor keys from TUF repository") + .iter() + .map(|k| k.to_vec()) + .collect(), + ), }; let mut callback_handler_builder = CallbackHandlerBuilder::new(callback_handler_shutdown_channel_rx) .registry_config(config.sources.clone()) - .fulcio_and_rekor_data(fulcio_and_rekor_data.as_ref()); + .trust_root(Some(Arc::new(manual_root))); let kube_client: Option = match kube::Client::try_default().await { Ok(client) => Some(client), @@ -111,7 +115,7 @@ impl PolicyServer { } }; - let callback_handler = callback_handler_builder.build()?; + let callback_handler = callback_handler_builder.build().await?; let callback_sender_channel = callback_handler.sender_channel(); // Download policies diff --git a/src/policy_downloader.rs b/src/policy_downloader.rs index 6e01cdfc..09b351e7 100644 --- a/src/policy_downloader.rs +++ b/src/policy_downloader.rs @@ -1,20 +1,20 @@ use anyhow::{anyhow, Result}; -use policy_evaluator::policy_metadata::Metadata; use policy_evaluator::{ policy_fetcher, policy_fetcher::{ sigstore, sources::Sources, - verify::{config::LatestVerificationConfig, FulcioAndRekorData, Verifier}, + verify::{config::LatestVerificationConfig, Verifier}, }, + policy_metadata::Metadata, }; -use std::path::Path; +use sigstore::trust::{ManualTrustRoot, TrustRoot}; use std::{ collections::{HashMap, HashSet}, fs, - path::PathBuf, + path::{Path, PathBuf}, + sync::Arc, }; -use tokio::task::spawn_blocking; use tracing::{debug, error, info}; use crate::config::Policy; @@ -25,22 +25,17 @@ use crate::config::Policy; pub(crate) type FetchedPolicies = HashMap>; /// Handles download and verification of policies -pub(crate) struct Downloader { - verifier: Option, +pub(crate) struct Downloader<'v> { + verifier: Option>, sources: Option, } -impl Downloader { +impl<'v> Downloader<'v> { /// Create a new instance of Downloader /// /// **Warning:** this needs network connectivity because the constructor /// fetches Fulcio and Rekor data from the official TUF repository of - /// sigstore. This network operations are going to be blocking, that's - /// caused by the libraries used by sigstore-rs to interact with TUF. - /// - /// Being a blocking operation, the other tokio operations are going to be - /// put on hold until this method is done. This should not be done too often, - /// otherwise there will be performance consequences. + /// sigstore. pub async fn new( sources: Option, enable_verification: bool, @@ -225,10 +220,10 @@ impl Downloader { /// Creates a new Verifier that fetches Fulcio and Rekor data from the official /// TUF repository of the sigstore project -async fn create_verifier( +async fn create_verifier<'v>( sources: Option, sigstore_cache_dir: Option, -) -> Result { +) -> Result> { if let Some(cache_dir) = sigstore_cache_dir.clone() { if !cache_dir.exists() { fs::create_dir_all(cache_dir) @@ -236,26 +231,27 @@ async fn create_verifier( } } - let repo = spawn_blocking(move || match sigstore_cache_dir { - Some(d) => sigstore::tuf::SigstoreRepository::fetch(Some(d.as_path())), - None => sigstore::tuf::SigstoreRepository::fetch(None), - }) - .await - .map_err(|e| anyhow!("Cannot spawn blocking task: {}", e))?; - - let fulcio_and_rekor_data = match repo { - Ok(repo) => Some(FulcioAndRekorData::FromTufRepository { repo }), - Err(e) => { - error!("Cannot fetch TUF repository: {e:?}"); - error!("Sigstore Verifier created without Fulcio data: keyless signatures are going to be discarded because they cannot be verified"); - error!( - "Sigstore Verifier created without Rekor data: transparency log data won't be used" - ); - error!("Sigstore capabilities are going to be limited"); - None - } + let repo = + sigstore::trust::sigstore::SigstoreTrustRoot::new(sigstore_cache_dir.as_deref()).await?; + let fulcio_certs: Vec = repo + .fulcio_certs() + .unwrap() + .into_iter() + .map(|c| c.into_owned()) + .collect(); + let manual_root = ManualTrustRoot { + fulcio_certs: Some(fulcio_certs), + rekor_keys: Some( + repo.rekor_keys() + .unwrap() + .iter() + .map(|k| k.to_vec()) + .collect(), + ), }; - Ok(Verifier::new(sources, fulcio_and_rekor_data.as_ref())?) + let verifier = Verifier::new(sources, Some(Arc::new(manual_root))).await?; + + Ok(verifier) } #[cfg(test)]