diff --git a/Cargo.toml b/Cargo.toml index 1b33bec2..52c164c2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,3 +11,23 @@ members = [ ] default-members = ["xbuild"] exclude = ["examples"] + +[workspace.dependencies] +anyhow = "1.0.95" +app-store-connect = "0.7.0" +base64 = "0.22.1" +byteorder = "1.5.0" +dunce = "1.0.5" +log = "0.4.22" +plist = "1.7.0" +quick-xml = { version = "0.26.0", features = ["serialize"] } +rasn = "0.22.0" +rasn-cms = "0.22.0" +rasn-pkix = "0.22.0" +rsa = { version = "0.9.7", features=["pem"] } +serde = { version = "1.0.217", features = ["derive"] } +sha2 = "0.10.8" +tracing = { version = "0.1.41", default-features = false } +tracing-log = "0.2.0" +tracing-subscriber = { version = "0.3.19", default-features = false, features = ["env-filter"]} +zip = { version = "0.6.6", default-features = false } diff --git a/apk/Cargo.toml b/apk/Cargo.toml index 520e3b0e..25f0e270 100644 --- a/apk/Cargo.toml +++ b/apk/Cargo.toml @@ -7,19 +7,19 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" -byteorder = "1.4.3" -quick-xml = { version = "0.26.0", features = ["serialize"] } -rasn = "0.6.1" -rasn-pkix = "0.6.0" -roxmltree = "0.16.0" -rsa = "0.7.2" -serde = { version = "1.0.151", features = ["derive"] } -sha2 = { version = "0.10.6", features = ["oid"] } -tracing = "0.1.37" +anyhow = { workspace = true } +byteorder = { workspace = true } +quick-xml = { workspace = true } +rasn = { workspace = true } +rasn-pkix = { workspace = true } +roxmltree = "0.20.0" +rsa = { workspace = true } +serde = { workspace = true } +sha2 = { workspace = true, features = ["oid"] } +tracing = { workspace = true } xcommon = { version = "0.3.0", path = "../xcommon" } -zip = { version = "0.6.3", default-features = false } +zip = { workspace = true } [dev-dependencies] -tracing-log = "0.1.3" -tracing-subscriber = { version = "0.3.16", features = ["env-filter"] } +tracing-log = { workspace = true } +tracing-subscriber = { workspace = true } diff --git a/apk/src/sign.rs b/apk/src/sign.rs index 1e907ca2..b29033e6 100644 --- a/apk/src/sign.rs +++ b/apk/src/sign.rs @@ -1,8 +1,11 @@ use anyhow::Result; use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt}; use rasn_pkix::Certificate; -use rsa::pkcs8::{DecodePublicKey, EncodePublicKey}; -use rsa::{PaddingScheme, PublicKey, RsaPublicKey}; +use rsa::RsaPublicKey; +use rsa::{ + pkcs8::{DecodePublicKey, EncodePublicKey}, + Pkcs1v15Sign, +}; use sha2::{Digest as _, Sha256}; use std::fs::File; use std::io::{BufReader, Cursor, Read, Seek, SeekFrom, Write}; @@ -61,7 +64,7 @@ pub fn verify(path: &Path) -> Result> { ); let pubkey = RsaPublicKey::from_public_key_der(&signer.public_key)?; let digest = Sha256::digest(&signer.signed_data); - let padding = PaddingScheme::new_pkcs1v15_sign::(); + let padding = Pkcs1v15Sign::new::(); pubkey.verify(padding, &digest, &sig.signature)?; } let mut r = Cursor::new(&signer.signed_data[..]); diff --git a/appbundle/Cargo.toml b/appbundle/Cargo.toml index 80d0c8e2..1b6c7c09 100644 --- a/appbundle/Cargo.toml +++ b/appbundle/Cargo.toml @@ -7,14 +7,15 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" -apple-codesign = "0.22.0" +anyhow = { workspace = true } +apple-codesign = "0.29.0" +app-store-connect = { workspace = true } icns = "0.3.1" -log = "0.4.17" -pkcs8 = "0.9.0" -plist = "1.3.1" -rasn = "0.6.1" -rasn-cms = "0.6.0" -serde = { version = "1.0.151", features = ["derive"] } -x509-certificate = "0.16.0" +log = { workspace = true } +pkcs8 = "0.10.2" +plist = { workspace = true } +rasn = { workspace = true } +rasn-cms = { workspace = true } +serde = { workspace = true } +x509-certificate = "0.24.0" xcommon = { version = "0.3.0", path = "../xcommon" } diff --git a/appbundle/src/lib.rs b/appbundle/src/lib.rs index 90734e7f..5ae4204e 100644 --- a/appbundle/src/lib.rs +++ b/appbundle/src/lib.rs @@ -1,8 +1,7 @@ use anyhow::{Context, Result}; +use app_store_connect::notary_api::SubmissionResponseStatus; use apple_codesign::dmg::DmgSigner; -use apple_codesign::notarization::{ - notary_api::SubmissionResponseStatus, NotarizationUpload, Notarizer, -}; +use apple_codesign::notarization::{NotarizationUpload, Notarizer}; use apple_codesign::stapling::Stapler; use apple_codesign::{BundleSigner, CodeSignatureFlags, SettingsScope, SigningSettings}; use icns::{IconFamily, Image}; diff --git a/appimage/Cargo.toml b/appimage/Cargo.toml index 83669ae7..0cfeb804 100644 --- a/appimage/Cargo.toml +++ b/appimage/Cargo.toml @@ -7,5 +7,5 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" +anyhow = { workspace = true } xcommon = { version = "0.3.0", path = "../xcommon" } diff --git a/msix/Cargo.toml b/msix/Cargo.toml index 466bb5a7..c562f24e 100644 --- a/msix/Cargo.toml +++ b/msix/Cargo.toml @@ -7,19 +7,19 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" -base64 = "0.20.0" -byteorder = "1.4.3" -mime_guess = "2.0.4" -quick-xml = { version = "0.26.0", features = ["serialize"] } -rasn = "0.6.1" -rasn-cms = "0.6.0" -rasn-pkix = "0.6.0" -serde = { version = "1.0.151", features = ["derive"] } -sha2 = "0.10.6" +anyhow = { workspace = true } +base64 = { workspace = true } +byteorder = { workspace = true } +mime_guess = "2.0.5" +quick-xml = { workspace = true } +rasn = { workspace = true } +rasn-cms = { workspace = true } +rasn-pkix = { workspace = true } +serde = { workspace = true } +sha2 = { workspace = true } xcommon = { version = "0.3.0", path = "../xcommon" } -zip = { version = "0.6.3", default-features = false } +zip = { workspace = true } [dev-dependencies] -der-parser = "8.1.0" -rsa = "0.7.2" +der-parser = "9.0.0" +rsa = { workspace = true } diff --git a/msix/src/block_map.rs b/msix/src/block_map.rs index f52e06a8..138d92e9 100644 --- a/msix/src/block_map.rs +++ b/msix/src/block_map.rs @@ -1,4 +1,5 @@ use anyhow::Result; +use base64::{engine::general_purpose::STANDARD, Engine as _}; use serde::{Deserialize, Serialize}; use sha2::{Digest, Sha256}; use std::io::Read; @@ -114,7 +115,7 @@ pub struct Block { impl Block { pub fn new(bytes: &[u8]) -> Self { Self { - hash: base64::encode(Sha256::digest(bytes)), + hash: STANDARD.encode(Sha256::digest(bytes)), size: None, } } diff --git a/msix/src/p7x.rs b/msix/src/p7x.rs index 55ff0f91..0228363d 100644 --- a/msix/src/p7x.rs +++ b/msix/src/p7x.rs @@ -31,8 +31,9 @@ pub fn p7x(signer: &Signer, digests: &Digests) -> Vec { let payload = Payload::encode(digests); let encap_content_info = EncapsulatedContentInfo { content_type: SPC_INDIRECT_DATA_OBJID.into(), - content: Any::new(payload), + content: Some(Any::new(payload)), }; + // This does not panic as content is explicitely constructed with None let signed_data = build_pkcs7(signer, encap_content_info); let content_info = ContentInfo { content_type: CONTENT_SIGNED_DATA.into(), @@ -164,8 +165,8 @@ impl Default for SpcSipInfoContent { #[cfg(test)] mod tests { use super::*; - use rsa::pkcs8::DecodePrivateKey; - use rsa::{PaddingScheme, RsaPrivateKey}; + use rsa::RsaPrivateKey; + use rsa::{pkcs8::DecodePrivateKey, Pkcs1v15Sign}; use sha2::{Digest, Sha256}; const HASHES: Digests = Digests { @@ -244,12 +245,8 @@ mod tests { #[test] #[ignore] fn payload_digest_and_sign() { - let payload = Payload::encode(&HASHES); - let encap_content_info = EncapsulatedContentInfo { - content_type: SPC_INDIRECT_DATA_OBJID.into(), - content: Any::new(payload), - }; - let digest = Sha256::digest(&encap_content_info.content.as_bytes()[8..]); + let payload = Any::new(Payload::encode(&HASHES)); + let digest = Sha256::digest(&payload.as_bytes()[8..]); let orig_digest = [ 68, 234, 15, 167, 40, 66, 12, 133, 19, 239, 228, 168, 72, 147, 90, 139, 75, 131, 41, 111, 247, 70, 28, 251, 130, 190, 57, 136, 200, 159, 93, 116, @@ -257,7 +254,7 @@ mod tests { assert_eq!(&orig_digest[..], &digest[..]); let orig_signature = b"\x7f\x13uP\xc8m:\x99\xb6\x89u\x85y\xea\xfc\xd8Cw\x96w\x10>j\xa7Z\x8c\xa3\x1f\\\xf4\x82\\\xdf\x8eh;\x10\x16o/\"i\x89\xb9\xf1\x03\x9c\xb0)\x9f\xc4\xfe\xf1\x05\x93\xbeJ\xd2\xeb\xe3\xb1f\xb1rq\x89\xdf\x7f\xe4\xe1\n\xae\xa70\x8c|\xd3\xe6\xe6/\xad\x97\xcb1\xb6\xa0\xf9\x16z\x83R#\xe8n\r\xfdErJ\x01\xfb\xd4\xef\x05\xf9\xab\x08o\x16\xbc)C\xee\x03=$\x88>G\xa4\xba)\xbc\xf4n6\xaa\xfd\xa7e\x15\xb9,|\xd6\xf9\x9b>\xe8\x95\xf7\xc6\x08\n\t\x8a\xd5{j\x8a\xfe{,O\xf3\xd9\x8a\xc79\x9f\x80\xcd\x17k8\xf8\xb3\xc3\x96\xd8\x1a/\xa8\x14R\x14\xaf\x813\x91;>\x99\xd24\x86J\x12\x0e\x89\x0c\xb8?\xfa\xa8\x1dM\x98@vz'\xe6y\xab\xc0\xcb\xc5\xb3\xbeC'$\"\xd2\x15\xaf0\xa3\x05\xcbj\x18j\x11\xa2\xfd\xe7\xe6y\xcf\xadd\x99\xa9\xdc\xc4\xc2`\x1d\xb0\xe3\xdb\xfeC\xdc\xce\xe5@\xde;P\xfav\x8c\xff"; let key = RsaPrivateKey::from_pkcs8_pem(crate::DEBUG_PEM).unwrap(); - let padding = PaddingScheme::new_pkcs1v15_sign::(); + let padding = Pkcs1v15Sign::new::(); let sig = key.sign(padding, &digest).unwrap(); assert_eq!(sig.len(), orig_signature.len()); assert_eq!(sig, orig_signature); diff --git a/msix/src/pkcs7.rs b/msix/src/pkcs7.rs index ddb2fe8f..219df7d7 100644 --- a/msix/src/pkcs7.rs +++ b/msix/src/pkcs7.rs @@ -4,16 +4,17 @@ use rasn_cms::pkcs7_compat::{EncapsulatedContentInfo, SignedData}; use rasn_cms::{AlgorithmIdentifier, IssuerAndSerialNumber, SignerIdentifier, SignerInfo}; use rasn_pkix::Attribute; use sha2::{Digest, Sha256}; -use std::collections::BTreeSet; -pub const SPC_INDIRECT_DATA_OBJID: ConstOid = ConstOid(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 4]); -pub const SPC_SP_OPUS_INFO_OBJID: ConstOid = ConstOid(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 12]); -pub const SPC_SIPINFO_OBJID: ConstOid = ConstOid(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 30]); +pub const SPC_INDIRECT_DATA_OBJID: &Oid = Oid::const_new(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 4]); +pub const SPC_SP_OPUS_INFO_OBJID: &Oid = Oid::const_new(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 12]); +pub const SPC_SIPINFO_OBJID: &Oid = Oid::const_new(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 30]); #[allow(clippy::mutable_key_type)] +/// Panics if encap_content_info.content is None pub fn build_pkcs7(signer: &Signer, encap_content_info: EncapsulatedContentInfo) -> SignedData { - let digest = Sha256::digest(&encap_content_info.content.as_bytes()[8..]); - let signature = signer.sign(&encap_content_info.content.as_bytes()[8..]); + let content = encap_content_info.content.as_ref().expect("Empty content"); + let digest = Sha256::digest(&content.as_bytes()[8..]); + let signature = signer.sign(&content.as_bytes()[8..]); let cert = signer.cert(); let digest_algorithm = AlgorithmIdentifier { @@ -34,7 +35,7 @@ pub fn build_pkcs7(signer: &Signer, encap_content_info: EncapsulatedContentInfo) r#type: Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_CONTENT_TYPE.into(), values: { let oid = ObjectIdentifier::from(SPC_INDIRECT_DATA_OBJID); - let mut content_type = BTreeSet::default(); + let mut content_type = SetOf::default(); content_type.insert(Any::new(rasn::der::encode(&oid).unwrap())); content_type }, @@ -43,7 +44,7 @@ pub fn build_pkcs7(signer: &Signer, encap_content_info: EncapsulatedContentInfo) r#type: Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_MESSAGE_DIGEST.into(), values: { let digest = OctetString::from(digest.to_vec()); - let mut digests = BTreeSet::default(); + let mut digests = SetOf::default(); digests.insert(Any::new(rasn::der::encode(&digest).unwrap())); digests }, diff --git a/mvn/Cargo.toml b/mvn/Cargo.toml index 3c3e7c95..dbb045dc 100644 --- a/mvn/Cargo.toml +++ b/mvn/Cargo.toml @@ -7,9 +7,9 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" -log = "0.4.17" +anyhow = { workspace = true } +log = { workspace = true } pubgrub = "0.2.1" -quick-xml = { version = "0.26.0", features = ["serialize"] } -serde = { version = "1.0.151", features = ["derive"] } +quick-xml = { workspace = true } +serde = { workspace = true } xcommon = { version = "0.3.0", path = "../xcommon" } diff --git a/pri/Cargo.toml b/pri/Cargo.toml index 9056d229..54627698 100644 --- a/pri/Cargo.toml +++ b/pri/Cargo.toml @@ -7,5 +7,5 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" -byteorder = "1.4.3" +anyhow = { workspace = true } +byteorder = { workspace = true } diff --git a/xbuild/Cargo.toml b/xbuild/Cargo.toml index 1ba745ca..463be1f0 100644 --- a/xbuild/Cargo.toml +++ b/xbuild/Cargo.toml @@ -7,41 +7,41 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -android-sdkmanager-rs = "0.5.0" -anyhow = "1.0.68" +android-sdkmanager-rs = "0.7.0" +anyhow = { workspace = true } apk = { version = "0.4.0", path = "../apk" } appbundle = { version = "0.3.0", path = "../appbundle" } appimage = { version = "0.4.0", path = "../appimage" } -apple-dmg = "0.2.0" -app-store-connect = "0.1.0" -base64 = "0.20.0" -clap = { version = "4.0.30", features = ["derive"] } -console = "0.15.2" -dirs = "4.0.0" -dunce = "1.0.3" -futures = "0.3.25" -glob = "0.3.0" -indicatif = "0.17.2" -log = "0.4.17" +apple-dmg = "0.5.0" +app-store-connect = { workspace = true } +base64 = { workspace = true } +clap = { version = "4.5.23", features = ["derive"] } +console = "0.15.10" +dirs = "5.0.1" +dunce = { workspace = true } +futures = "0.3.31" +glob = "0.3.2" +indicatif = "0.17.9" +log = { workspace = true } log-panics = "2.1.0" msix = { version = "0.4.0", path = "../msix" } mvn = { version = "0.2.0", path = "../mvn" } path-slash = "0.2.1" -plist = "1.3.1" -quick-xml = { version = "0.26.0", features = ["serialize"] } -reqwest = { version = "0.11.13", default-features = false, features = ["blocking", "rustls-tls"] } -serde = { version = "1.0.151", features = ["derive"] } -serde_yaml = "0.9.16" +plist = { workspace = true } +quick-xml = { workspace = true } +reqwest = { version = "0.12.12", default-features = false, features = ["blocking", "rustls-tls"] } +serde = { workspace = true } +serde_yaml = "0.9.34" symlink = "0.1.0" -tar = "0.4.38" -toml = "0.5.10" -tracing = { version = "0.1.37", default-features = false } -tracing-log = "0.1.3" -tracing-subscriber = { version = "0.3.16", default-features = false, features = ["env-filter", "fmt"] } -which = "4.3.0" +tar = "0.4.43" +toml = "0.8.19" +tracing = { workspace = true } +tracing-log = { workspace = true } +tracing-subscriber = { workspace = true, features = ["fmt"] } +which = "7.0.1" xcommon = { version = "0.3.0", path = "../xcommon" } -zip = { version = "0.6.3", default-features = false } -zstd = "0.12.1" +zip = { workspace = true } +zstd = "0.13.2" [[bin]] name = "x" diff --git a/xbuild/src/lib.rs b/xbuild/src/lib.rs index 4a376e51..0f5a90ac 100644 --- a/xbuild/src/lib.rs +++ b/xbuild/src/lib.rs @@ -2,6 +2,7 @@ use crate::cargo::{Cargo, CargoBuild, CrateType}; use crate::config::Config; use crate::devices::Device; use anyhow::Result; +use base64::{engine::general_purpose::STANDARD, Engine as _}; use clap::{Parser, ValueEnum}; use std::path::{Path, PathBuf}; use xcommon::Signer; @@ -397,7 +398,7 @@ impl BuildTargetArgs { Some(std::fs::read(profile)?) } else if let Ok(mut profile) = std::env::var("X_PROVISIONING_PROFILE") { profile.retain(|c| !c.is_whitespace()); - Some(base64::decode(&profile)?) + Some(STANDARD.decode(&profile)?) } else { None }; diff --git a/xcommon/Cargo.toml b/xcommon/Cargo.toml index 4d725d7d..fdff57e5 100644 --- a/xcommon/Cargo.toml +++ b/xcommon/Cargo.toml @@ -7,13 +7,13 @@ repository = "https://github.com/rust-mobile/xbuild" license = "Apache-2.0 OR MIT" [dependencies] -anyhow = "1.0.68" -byteorder = "1.4.3" -dunce = "1" -image = { version = "0.24.5", default-features = false, features = ["png", "webp"] } -pem = "1.1.0" -rasn = "0.6.1" -rasn-pkix = "0.6.0" -rsa = "0.7.2" -sha2 = { version = "0.10.6", features = ["oid"] } -zip = { version = "0.6.3", default-features = false, features = ["deflate"] } +anyhow = { workspace = true } +byteorder = { workspace = true } +dunce = { workspace = true } +image = { version = "0.25.5", default-features = false, features = ["png", "webp"] } +pem = "3.0.4" +rasn = { workspace = true } +rasn-pkix = { workspace = true } +rsa = { workspace = true } +sha2 = { workspace = true, features = ["oid"] } +zip = { workspace = true, features = ["deflate"] } diff --git a/xcommon/src/lib.rs b/xcommon/src/lib.rs index b3295593..69fafb8f 100644 --- a/xcommon/src/lib.rs +++ b/xcommon/src/lib.rs @@ -2,11 +2,11 @@ pub mod llvm; use anyhow::{Context, Result}; use byteorder::{LittleEndian, ReadBytesExt}; -use image::imageops::FilterType; -use image::io::Reader as ImageReader; -use image::{DynamicImage, GenericImageView, ImageOutputFormat, RgbaImage}; -use rsa::pkcs8::DecodePrivateKey; -use rsa::{PaddingScheme, RsaPrivateKey, RsaPublicKey}; +use image::ImageReader; +use image::{imageops::FilterType, ImageFormat}; +use image::{DynamicImage, GenericImageView, RgbaImage}; +use rsa::{pkcs8::DecodePrivateKey, Pkcs1v15Sign}; +use rsa::{RsaPrivateKey, RsaPublicKey}; use sha2::{Digest, Sha256}; use std::fs::{File, OpenOptions}; use std::io::{Cursor, Read, Seek, SeekFrom, Write}; @@ -61,13 +61,13 @@ impl Scaler { .img .resize(opts.scaled_size, opts.scaled_size, FilterType::Nearest); if opts.scaled_size == opts.target_width && opts.scaled_size == opts.target_height { - resized.write_to(w, ImageOutputFormat::Png)?; + resized.write_to(w, ImageFormat::Png)?; } else { let x = (opts.target_width - opts.scaled_size) / 2; let y = (opts.target_height - opts.scaled_size) / 2; let mut padded = RgbaImage::new(opts.target_width, opts.target_height); image::imageops::overlay(&mut padded, &resized, x as i64, y as i64); - padded.write_to(w, ImageOutputFormat::Png)?; + padded.write_to(w, ImageFormat::Png)?; } Ok(()) } @@ -156,13 +156,13 @@ impl Signer { /// ``` pub fn new(pem: &str) -> Result { let pem = pem::parse_many(pem)?; - let key = if let Some(key) = pem.iter().find(|pem| pem.tag == "PRIVATE KEY") { - RsaPrivateKey::from_pkcs8_der(&key.contents)? + let key = if let Some(key) = pem.iter().find(|pem| pem.tag() == "PRIVATE KEY") { + RsaPrivateKey::from_pkcs8_der(key.contents())? } else { anyhow::bail!("no private key found"); }; - let cert = if let Some(cert) = pem.iter().find(|pem| pem.tag == "CERTIFICATE") { - rasn::der::decode::(&cert.contents) + let cert = if let Some(cert) = pem.iter().find(|pem| pem.tag() == "CERTIFICATE") { + rasn::der::decode::(cert.contents()) .map_err(|err| anyhow::anyhow!("{}", err))? } else { anyhow::bail!("no certificate found"); @@ -177,7 +177,7 @@ impl Signer { pub fn sign(&self, bytes: &[u8]) -> Vec { let digest = Sha256::digest(bytes); - let padding = PaddingScheme::new_pkcs1v15_sign::(); + let padding = Pkcs1v15Sign::new::(); self.key.sign(padding, &digest).unwrap() }