WIP: add dev container

this does not yet work
2025-12-15 00:40:37 -08:00 · 2023-12-03 13:43:35 +01:00
7 changed files with 31 additions and 182 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1176,13 +1176,6 @@ dependencies = [
 "thiserror",
 ]

-[[package]]
-name = "rosenpass-log"
-version = "0.1.0"
-dependencies = [
- "log",
-]
-
 [[package]]
 name = "rosenpass-oqs"
 version = "0.1.0"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,7 +13,6 @@ members = [
    "fuzz",
    "secret-memory",
    "lenses",
-    "rosenpass-log",
 ]

 default-members = [
--- a/flake.nix
+++ b/flake.nix
@@ -264,6 +264,7 @@
            inherit system;
          };
          packages = self.packages.${system};
+          devShells = self.devShells.${system};
        in
        {
          #
@@ -291,6 +292,7 @@
              ];
              buildPhase = ''
                export HOME=$(mktemp -d)
+                export OSFONTDIR="$(kpsewhich --var-value TEXMF)/fonts/{opentype/public/nunito,truetype/google/noto}"
                latexmk -r tex/CI.rc
              '';
              installPhase = ''
@@ -324,6 +326,28 @@
            '';
          };

+          #
+          ### A DevContainer attempt
+          #
+          packages.dev-container = pkgs.dockerTools.buildImage rec {
+            name = "rosenpass-dev-container";
+            tag = "latest";
+            copyToRoot = pkgs.buildEnv {
+              name = "image-root";
+              paths = with pkgs; [
+                bash
+                coreutils
+                curl
+                gnutar
+                gzip
+                openssh
+                stdenv.cc
+              ]; #++ lib.lists.filter (p: builtins.hasAttr "version" p)
+                #devShells.default.nativeBuildInputs;
+              pathsToLink = [ "/bin" "/lib" ];
+            };
+            config.Cmd = [ "/bin/bash" ];
+          };

          #
          ### Devshells ###
--- a/rosenpass-log/Cargo.toml
+++ b/rosenpass-log/Cargo.toml
@@ -1,9 +0,0 @@
-[package]
-name = "rosenpass-log"
-version = "0.1.0"
-edition = "2021"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]
-log.workspace = true
--- a/rosenpass-log/src/lib.rs
+++ b/rosenpass-log/src/lib.rs
@@ -1,110 +0,0 @@
-#![allow(unused_macros)]
-/// Whenever a log event occurs, the cause of the event must be decided on. This cause will then
-/// be used to decide, if an actual log event is to be cause. The goal is to prevent especially
-/// external, unautherized entities from causing excessive loggin, which otherwise might open the
-/// door to MITM attacks
-pub enum Cause {
-    /// An unauthorized entitiy triggered this event via Network
-    ///
-    /// Example: a InitHello message in the rosenpass protocol
-    UnauthorizedNetwork,
-
-    /// An authorized entitity triggered this event via Network
-    ///
-    /// Example: a handshake was succesful (which asserts the peer is authorized)
-    AuthorizedNetwork,
-
-    /// A local entity like rosenpassctl triggered this event
-    ///
-    /// Example: the broker adds a new peer
-    LocalNetwork,
-
-    /// The user caused this event
-    ///
-    /// Examples:
-    /// - The process was started
-    /// - Ctrl+C was used to send sig SIGINT
-    User,
-
-    /// The developer wanted this in the log!
-    Developer,
-}
-
-// Rational: All events are to be displayed if trace level debugging is configured
-macro_rules! trace {
-    ($cause:expr, $($tail:tt)* ) => {{
-        use crate::Cause::*;
-        match $cause {
-            UnauthorizedNetwork | AuthorizedNetwork | LocalNetwork | User | Developer => {
-                ::log::trace!($($tail)*);
-            }
-        }
-    }}
-}
-
-// Rational: All events are to be displayed if debug level debugging is configured
-macro_rules! debug {
-    ($cause:expr, $($tail:tt)* ) => {{
-        use crate::Cause::*;
-        match $cause {
-            UnauthorizedNetwork | AuthorizedNetwork | LocalNetwork | User | Developer => {
-                ::log::debug!($($tail)*);
-            }
-        }
-    }}
-}
-
-// Rational: Only authorized causes shall be able to emit info messages
-macro_rules! info {
-    ($cause:expr, $($tail:tt)* ) => {{
-        use crate::Cause::*;
-        match $cause {
-            UnauthorizedNetwork => {},
-             AuthorizedNetwork | LocalNetwork | User | Developer => {
-                ::log::info!($($tail)*);
-            }
-        }
-    }}
-}
-
-// Rational: Only authorized causes shall be able to emit info messages
-macro_rules! warn {
-    ($cause:expr, $($tail:tt)* ) => {{
-        use crate::Cause::*;
-        match $cause {
-            UnauthorizedNetwork => {},
-            AuthorizedNetwork | LocalNetwork | User | Developer =>{
-                ::log::warn!($($tail)*);
-            }
-        }
-    }}
-}
-
-// Rational: Only local sources shall be able to cause errors to be displayed
-macro_rules! error {
-    ($cause:expr, $($tail:tt)* ) => {{
-        use crate::Cause::*;
-        match $cause {
-            UnauthorizedNetwork | AuthorizedNetwork => {},
-            LocalNetwork | User | Developer => {
-                ::log::error!($($tail)*);
-            }
-        }
-    }}
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn expand_all_macros() {
-        use Cause::*;
-
-        trace!(UnauthorizedNetwork, "beep");
-        debug!(UnauthorizedNetwork, "boop");
-        info!(LocalNetwork, "tock");
-        warn!(LocalNetwork, "möp");
-        error!(User, "knirsch");
-    }
-}
--- a/rosenpass/src/cli.rs
+++ b/rosenpass/src/cli.rs
@@ -87,15 +87,6 @@ pub enum Cli {
        force: bool,
    },

-    /// Deprecated - use gen-keys instead
-    #[allow(rustdoc::broken_intra_doc_links)]
-    #[allow(rustdoc::invalid_html_tags)]
-    Keygen {
-        // NOTE yes, the legacy keygen argument initially really accepted "privet-key", not "secret-key"!
-        /// public-key <PATH> private-key <PATH>
-        args: Vec<String>,
-    },
-
    /// Validate a configuration
    Validate { config_files: Vec<PathBuf> },

@@ -128,40 +119,6 @@ impl Cli {
                config::Rosenpass::example_config().store(config_file)?;
            }

-            // Deprecated - use gen-keys instead
-            Keygen { args } => {
-                log::warn!("The 'keygen' command is deprecated. Please use the 'gen-keys' command instead.");
-
-                let mut public_key: Option<PathBuf> = None;
-                let mut secret_key: Option<PathBuf> = None;
-
-                // Manual arg parsing, since clap wants to prefix flags with "--"
-                let mut args = args.into_iter();
-                loop {
-                    match (args.next().as_ref().map(String::as_str), args.next()) {
-                        (Some("private-key"), Some(opt)) | (Some("secret-key"), Some(opt)) => {
-                            secret_key = Some(opt.into());
-                        }
-                        (Some("public-key"), Some(opt)) => {
-                            public_key = Some(opt.into());
-                        }
-                        (Some(flag), _) => {
-                            bail!("Unknown option `{}`", flag);
-                        }
-                        (_, _) => break,
-                    };
-                }
-
-                if secret_key.is_none() {
-                    bail!("private-key is required");
-                }
-                if public_key.is_none() {
-                    bail!("public-key is required");
-                }
-
-                generate_and_save_keypair(secret_key.unwrap(), public_key.unwrap())?;
-            }
-
            GenKeys {
                config_file,
                public_key,
@@ -203,7 +160,12 @@ impl Cli {
                }

                // generate the keys and store them in files
-                generate_and_save_keypair(skf, pkf)?;
+                let mut ssk = crate::protocol::SSk::random();
+                let mut spk = crate::protocol::SPk::random();
+                StaticKem::keygen(ssk.secret_mut(), spk.secret_mut())?;
+
+                ssk.store_secret(skf)?;
+                spk.store_secret(pkf)?;
            }

            ExchangeConfig { config_file } => {
@@ -284,12 +246,3 @@ impl Cli {
        srv.event_loop()
    }
 }
-
-/// generate secret and public keys, store in files according to the paths passed as arguments
-fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> {
-    let mut ssk = crate::protocol::SSk::random();
-    let mut spk = crate::protocol::SPk::random();
-    StaticKem::keygen(ssk.secret_mut(), spk.secret_mut())?;
-    ssk.store_secret(secret_key)?;
-    spk.store_secret(public_key)
-}
--- a/rosenpass/src/main.rs
+++ b/rosenpass/src/main.rs
@@ -5,8 +5,7 @@ use std::process::exit;

 /// Catches errors, prints them through the logger, then exits
 pub fn main() {
-    // default to displaying warning and error log messages only
-    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("warn")).init();
+    env_logger::init();

    let res = attempt!({
        rosenpass_sodium::init()?;