Update dependencies and use workspace dependencies

Cargo.toml

@@ -11,3 +11,23 @@ members = [
 ]
 default-members = ["xbuild"]
 exclude = ["examples"]
+
+[workspace.dependencies]
+anyhow = "1.0.95"
+app-store-connect = "0.7.0"
+base64 = "0.22.1"
+byteorder = "1.5.0"
+dunce = "1.0.5"
+log = "0.4.22"
+plist = "1.7.0"
+quick-xml = { version = "0.26.0", features = ["serialize"] }
+rasn = "0.22.0"
+rasn-cms = "0.22.0"
+rasn-pkix = "0.22.0"
+rsa = { version = "0.9.7", features=["pem"] }
+serde = { version = "1.0.217", features = ["derive"] }
+sha2 = "0.10.8"
+tracing = { version = "0.1.41", default-features = false }
+tracing-log = "0.2.0"
+tracing-subscriber = { version = "0.3.19", default-features = false, features = ["env-filter"]} 
+zip = { version = "0.6.6", default-features = false }

apk/Cargo.toml

@@ -7,19 +7,19 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
-byteorder = "1.4.3"
-quick-xml = { version = "0.26.0", features = ["serialize"] }
-rasn = "0.6.1"
-rasn-pkix = "0.6.0"
-roxmltree = "0.16.0"
-rsa = "0.7.2"
-serde = { version = "1.0.151", features = ["derive"] }
-sha2 = { version = "0.10.6", features = ["oid"] }
-tracing = "0.1.37"
+anyhow = { workspace = true }
+byteorder = { workspace = true }
+quick-xml = { workspace = true }
+rasn = { workspace = true }
+rasn-pkix = { workspace = true }
+roxmltree = "0.20.0"
+rsa = { workspace = true }
+serde = { workspace = true }
+sha2 = { workspace = true, features = ["oid"] }
+tracing = { workspace = true }
 xcommon = { version = "0.3.0", path = "../xcommon" }
-zip = { version = "0.6.3", default-features = false }
+zip = { workspace = true }
 
 [dev-dependencies]
-tracing-log = "0.1.3"
-tracing-subscriber = { version = "0.3.16", features = ["env-filter"] }
+tracing-log = { workspace = true }
+tracing-subscriber = { workspace = true }

apk/src/sign.rs

@@ -1,8 +1,11 @@
 use anyhow::Result;
 use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
 use rasn_pkix::Certificate;
-use rsa::pkcs8::{DecodePublicKey, EncodePublicKey};
-use rsa::{PaddingScheme, PublicKey, RsaPublicKey};
+use rsa::RsaPublicKey;
+use rsa::{
+    pkcs8::{DecodePublicKey, EncodePublicKey},
+    Pkcs1v15Sign,
+};
 use sha2::{Digest as _, Sha256};
 use std::fs::File;
 use std::io::{BufReader, Cursor, Read, Seek, SeekFrom, Write};
@@ -61,7 +64,7 @@ pub fn verify(path: &Path) -> Result<Vec<Certificate>> {
             );
             let pubkey = RsaPublicKey::from_public_key_der(&signer.public_key)?;
             let digest = Sha256::digest(&signer.signed_data);
-            let padding = PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>();
+            let padding = Pkcs1v15Sign::new::<sha2::Sha256>();
             pubkey.verify(padding, &digest, &sig.signature)?;
         }
         let mut r = Cursor::new(&signer.signed_data[..]);

appbundle/Cargo.toml

@@ -7,14 +7,15 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
-apple-codesign = "0.22.0"
+anyhow = { workspace = true }
+apple-codesign = "0.29.0"
+app-store-connect = { workspace = true }
 icns = "0.3.1"
-log = "0.4.17"
-pkcs8 = "0.9.0"
-plist = "1.3.1"
-rasn = "0.6.1"
-rasn-cms = "0.6.0"
-serde = { version = "1.0.151", features = ["derive"] }
-x509-certificate = "0.16.0"
+log = { workspace = true }
+pkcs8 = "0.10.2"
+plist = { workspace = true }
+rasn = { workspace = true }
+rasn-cms = { workspace = true }
+serde = { workspace = true }
+x509-certificate = "0.24.0"
 xcommon = { version = "0.3.0", path = "../xcommon" }

appbundle/src/lib.rs

@@ -1,8 +1,7 @@
 use anyhow::{Context, Result};
+use app_store_connect::notary_api::SubmissionResponseStatus;
 use apple_codesign::dmg::DmgSigner;
-use apple_codesign::notarization::{
-    notary_api::SubmissionResponseStatus, NotarizationUpload, Notarizer,
-};
+use apple_codesign::notarization::{NotarizationUpload, Notarizer};
 use apple_codesign::stapling::Stapler;
 use apple_codesign::{BundleSigner, CodeSignatureFlags, SettingsScope, SigningSettings};
 use icns::{IconFamily, Image};

appimage/Cargo.toml

@@ -7,5 +7,5 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
+anyhow = { workspace = true }
 xcommon = { version = "0.3.0", path = "../xcommon" }

msix/Cargo.toml

@@ -7,19 +7,19 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
-base64 = "0.20.0"
-byteorder = "1.4.3"
-mime_guess = "2.0.4"
-quick-xml = { version = "0.26.0", features = ["serialize"] }
-rasn = "0.6.1"
-rasn-cms = "0.6.0"
-rasn-pkix = "0.6.0"
-serde = { version = "1.0.151", features = ["derive"] }
-sha2 = "0.10.6"
+anyhow = { workspace = true }
+base64 = { workspace = true }
+byteorder = { workspace = true }
+mime_guess = "2.0.5"
+quick-xml = { workspace = true }
+rasn = { workspace = true }
+rasn-cms = { workspace = true }
+rasn-pkix = { workspace = true }
+serde = { workspace = true }
+sha2 = { workspace = true }
 xcommon = { version = "0.3.0", path = "../xcommon" }
-zip = { version = "0.6.3", default-features = false }
+zip = { workspace = true }
 
 [dev-dependencies]
-der-parser = "8.1.0"
-rsa = "0.7.2"
+der-parser = "9.0.0"
+rsa = { workspace = true }

msix/src/block_map.rs

@@ -1,4 +1,5 @@
 use anyhow::Result;
+use base64::{engine::general_purpose::STANDARD, Engine as _};
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
 use std::io::Read;
@@ -114,7 +115,7 @@ pub struct Block {
 impl Block {
     pub fn new(bytes: &[u8]) -> Self {
         Self {
-            hash: base64::encode(Sha256::digest(bytes)),
+            hash: STANDARD.encode(Sha256::digest(bytes)),
             size: None,
         }
     }

msix/src/p7x.rs

@@ -31,8 +31,9 @@ pub fn p7x(signer: &Signer, digests: &Digests) -> Vec<u8> {
     let payload = Payload::encode(digests);
     let encap_content_info = EncapsulatedContentInfo {
         content_type: SPC_INDIRECT_DATA_OBJID.into(),
-        content: Any::new(payload),
+        content: Some(Any::new(payload)),
     };
+    // This does not panic as content is explicitely constructed with None
     let signed_data = build_pkcs7(signer, encap_content_info);
     let content_info = ContentInfo {
         content_type: CONTENT_SIGNED_DATA.into(),
@@ -164,8 +165,8 @@ impl Default for SpcSipInfoContent {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use rsa::pkcs8::DecodePrivateKey;
-    use rsa::{PaddingScheme, RsaPrivateKey};
+    use rsa::RsaPrivateKey;
+    use rsa::{pkcs8::DecodePrivateKey, Pkcs1v15Sign};
     use sha2::{Digest, Sha256};
 
     const HASHES: Digests = Digests {
@@ -244,20 +245,16 @@ mod tests {
     #[test]
     #[ignore]
     fn payload_digest_and_sign() {
-        let payload = Payload::encode(&HASHES);
-        let encap_content_info = EncapsulatedContentInfo {
-            content_type: SPC_INDIRECT_DATA_OBJID.into(),
-            content: Any::new(payload),
-        };
-        let digest = Sha256::digest(&encap_content_info.content.as_bytes()[8..]);
+        let payload = Any::new(Payload::encode(&HASHES));
+        let digest = Sha256::digest(&payload.as_bytes()[8..]);
         let orig_digest = [
             68, 234, 15, 167, 40, 66, 12, 133, 19, 239, 228, 168, 72, 147, 90, 139, 75, 131, 41,
             111, 247, 70, 28, 251, 130, 190, 57, 136, 200, 159, 93, 116,
         ];
         assert_eq!(&orig_digest[..], &digest[..]);
         let orig_signature = b"\x7f\x13uP\xc8m:\x99\xb6\x89u\x85y\xea\xfc\xd8Cw\x96w\x10>j\xa7Z\x8c\xa3\x1f\\\xf4\x82\\\xdf\x8eh;\x10\x16o/\"i\x89\xb9\xf1\x03\x9c\xb0)\x9f\xc4\xfe\xf1\x05\x93\xbeJ\xd2\xeb\xe3\xb1f\xb1rq\x89\xdf\x7f\xe4\xe1\n\xae\xa70\x8c|\xd3\xe6\xe6/\xad\x97\xcb1\xb6\xa0\xf9\x16z\x83R#\xe8n\r\xfdErJ\x01\xfb\xd4\xef\x05\xf9\xab\x08o\x16\xbc)C\xee\x03=$\x88>G\xa4\xba)\xbc\xf4n6\xaa\xfd\xa7e\x15\xb9,|\xd6\xf9\x9b>\xe8\x95\xf7\xc6\x08\n\t\x8a\xd5{j\x8a\xfe{,O\xf3\xd9\x8a\xc79\x9f\x80\xcd\x17k8\xf8\xb3\xc3\x96\xd8\x1a/\xa8\x14R\x14\xaf\x813\x91;>\x99\xd24\x86J\x12\x0e\x89\x0c\xb8?\xfa\xa8\x1dM\x98@vz'\xe6y\xab\xc0\xcb\xc5\xb3\xbeC'$\"\xd2\x15\xaf0\xa3\x05\xcbj\x18j\x11\xa2\xfd\xe7\xe6y\xcf\xadd\x99\xa9\xdc\xc4\xc2`\x1d\xb0\xe3\xdb\xfeC\xdc\xce\xe5@\xde;P\xfav\x8c\xff";
         let key = RsaPrivateKey::from_pkcs8_pem(crate::DEBUG_PEM).unwrap();
-        let padding = PaddingScheme::new_pkcs1v15_sign::<sha2::Sha256>();
+        let padding = Pkcs1v15Sign::new::<sha2::Sha256>();
         let sig = key.sign(padding, &digest).unwrap();
         assert_eq!(sig.len(), orig_signature.len());
         assert_eq!(sig, orig_signature);

msix/src/pkcs7.rs

@@ -4,16 +4,17 @@ use rasn_cms::pkcs7_compat::{EncapsulatedContentInfo, SignedData};
 use rasn_cms::{AlgorithmIdentifier, IssuerAndSerialNumber, SignerIdentifier, SignerInfo};
 use rasn_pkix::Attribute;
 use sha2::{Digest, Sha256};
-use std::collections::BTreeSet;
 
-pub const SPC_INDIRECT_DATA_OBJID: ConstOid = ConstOid(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 4]);
-pub const SPC_SP_OPUS_INFO_OBJID: ConstOid = ConstOid(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 12]);
-pub const SPC_SIPINFO_OBJID: ConstOid = ConstOid(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 30]);
+pub const SPC_INDIRECT_DATA_OBJID: &Oid = Oid::const_new(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 4]);
+pub const SPC_SP_OPUS_INFO_OBJID: &Oid = Oid::const_new(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 12]);
+pub const SPC_SIPINFO_OBJID: &Oid = Oid::const_new(&[1, 3, 6, 1, 4, 1, 311, 2, 1, 30]);
 
 #[allow(clippy::mutable_key_type)]
+/// Panics if encap_content_info.content is None
 pub fn build_pkcs7(signer: &Signer, encap_content_info: EncapsulatedContentInfo) -> SignedData {
-    let digest = Sha256::digest(&encap_content_info.content.as_bytes()[8..]);
-    let signature = signer.sign(&encap_content_info.content.as_bytes()[8..]);
+    let content = encap_content_info.content.as_ref().expect("Empty content");
+    let digest = Sha256::digest(&content.as_bytes()[8..]);
+    let signature = signer.sign(&content.as_bytes()[8..]);
     let cert = signer.cert();
 
     let digest_algorithm = AlgorithmIdentifier {
@@ -34,7 +35,7 @@ pub fn build_pkcs7(signer: &Signer, encap_content_info: EncapsulatedContentInfo)
                 r#type: Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_CONTENT_TYPE.into(),
                 values: {
                     let oid = ObjectIdentifier::from(SPC_INDIRECT_DATA_OBJID);
-                    let mut content_type = BTreeSet::default();
+                    let mut content_type = SetOf::default();
                     content_type.insert(Any::new(rasn::der::encode(&oid).unwrap()));
                     content_type
                 },
@@ -43,7 +44,7 @@ pub fn build_pkcs7(signer: &Signer, encap_content_info: EncapsulatedContentInfo)
                 r#type: Oid::ISO_MEMBER_BODY_US_RSADSI_PKCS9_MESSAGE_DIGEST.into(),
                 values: {
                     let digest = OctetString::from(digest.to_vec());
-                    let mut digests = BTreeSet::default();
+                    let mut digests = SetOf::default();
                     digests.insert(Any::new(rasn::der::encode(&digest).unwrap()));
                     digests
                 },

mvn/Cargo.toml

@@ -7,9 +7,9 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
-log = "0.4.17"
+anyhow = { workspace = true }
+log = { workspace = true }
 pubgrub = "0.2.1"
-quick-xml = { version = "0.26.0", features = ["serialize"] }
-serde = { version = "1.0.151", features = ["derive"] }
+quick-xml = { workspace = true }
+serde = { workspace = true }
 xcommon = { version = "0.3.0", path = "../xcommon" }

pri/Cargo.toml

@@ -7,5 +7,5 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
-byteorder = "1.4.3"
+anyhow = { workspace = true }
+byteorder = { workspace = true }

xbuild/Cargo.toml

@@ -7,41 +7,41 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-android-sdkmanager-rs = "0.5.0"
-anyhow = "1.0.68"
+android-sdkmanager-rs = "0.7.0"
+anyhow = { workspace = true }
 apk = { version = "0.4.0", path = "../apk" }
 appbundle = { version = "0.3.0", path = "../appbundle" }
 appimage = { version = "0.4.0", path = "../appimage" }
-apple-dmg = "0.2.0"
-app-store-connect = "0.1.0"
-base64 = "0.20.0"
-clap = { version = "4.0.30", features = ["derive"] }
-console = "0.15.2"
-dirs = "4.0.0"
-dunce = "1.0.3"
-futures = "0.3.25"
-glob = "0.3.0"
-indicatif = "0.17.2"
-log = "0.4.17"
+apple-dmg = "0.5.0"
+app-store-connect = { workspace = true }
+base64 = { workspace = true }
+clap = { version = "4.5.23", features = ["derive"] }
+console = "0.15.10"
+dirs = "5.0.1"
+dunce = { workspace = true }
+futures = "0.3.31"
+glob = "0.3.2"
+indicatif = "0.17.9"
+log = { workspace = true }
 log-panics = "2.1.0"
 msix = { version = "0.4.0", path = "../msix" }
 mvn = { version = "0.2.0", path = "../mvn" }
 path-slash = "0.2.1"
-plist = "1.3.1"
-quick-xml = { version = "0.26.0", features = ["serialize"] }
-reqwest = { version = "0.11.13", default-features = false, features = ["blocking", "rustls-tls"] }
-serde = { version = "1.0.151", features = ["derive"] }
-serde_yaml = "0.9.16"
+plist = { workspace = true }
+quick-xml = { workspace = true }
+reqwest = { version = "0.12.12", default-features = false, features = ["blocking", "rustls-tls"] }
+serde = { workspace = true }
+serde_yaml = "0.9.34"
 symlink = "0.1.0"
-tar = "0.4.38"
-toml = "0.5.10"
-tracing = { version = "0.1.37", default-features = false }
-tracing-log = "0.1.3"
-tracing-subscriber = { version = "0.3.16", default-features = false, features = ["env-filter", "fmt"] }
-which = "4.3.0"
+tar = "0.4.43"
+toml = "0.8.19"
+tracing = { workspace = true }
+tracing-log = { workspace = true }
+tracing-subscriber = { workspace = true, features = ["fmt"] }
+which = "7.0.1"
 xcommon = { version = "0.3.0", path = "../xcommon" }
-zip = { version = "0.6.3", default-features = false }
-zstd = "0.12.1"
+zip = { workspace = true }
+zstd = "0.13.2"
 
 [[bin]]
 name = "x"

xbuild/src/lib.rs

@@ -2,6 +2,7 @@ use crate::cargo::{Cargo, CargoBuild, CrateType};
 use crate::config::Config;
 use crate::devices::Device;
 use anyhow::Result;
+use base64::{engine::general_purpose::STANDARD, Engine as _};
 use clap::{Parser, ValueEnum};
 use std::path::{Path, PathBuf};
 use xcommon::Signer;
@@ -397,7 +398,7 @@ impl BuildTargetArgs {
             Some(std::fs::read(profile)?)
         } else if let Ok(mut profile) = std::env::var("X_PROVISIONING_PROFILE") {
             profile.retain(|c| !c.is_whitespace());
-            Some(base64::decode(&profile)?)
+            Some(STANDARD.decode(&profile)?)
         } else {
             None
         };

xcommon/Cargo.toml

@@ -7,13 +7,13 @@ repository = "https://github.com/rust-mobile/xbuild"
 license = "Apache-2.0 OR MIT"
 
 [dependencies]
-anyhow = "1.0.68"
-byteorder = "1.4.3"
-dunce = "1"
-image = { version = "0.24.5", default-features = false, features = ["png", "webp"] }
-pem = "1.1.0"
-rasn = "0.6.1"
-rasn-pkix = "0.6.0"
-rsa = "0.7.2"
-sha2 = { version = "0.10.6", features = ["oid"] }
-zip = { version = "0.6.3", default-features = false, features = ["deflate"] }
+anyhow = { workspace = true }
+byteorder = { workspace = true }
+dunce = { workspace = true }
+image = { version = "0.25.5", default-features = false, features = ["png", "webp"] }
+pem = "3.0.4"
+rasn = { workspace = true }
+rasn-pkix = { workspace = true }
+rsa = { workspace = true }
+sha2 = { workspace = true, features = ["oid"] }
+zip = { workspace = true, features = ["deflate"] }