Commit graph

1580 commits

Author SHA1 Message Date
Vincent Ambo
12ce508508 chore(adho): Enable kvm-intel kernel module
Suggested by nixos-generate-config.
2018-10-10 12:54:59 +02:00
Vincent Ambo
c7e60c1de4 chore(emacs): Remove manually upgraded packages that are in 18.09
Removes a whole bunch of manually pinned packages that were moved into
stable in 18.09.

However, it should be noted that `sly` is again broken in stable.
2018-10-10 11:21:15 +02:00
Vincent Ambo
d3058c0d0b fix(pkgs): Remove manually installed cargo
This conflicts with the rustup binary otherwise.
2018-10-10 11:20:40 +02:00
Vincent Ambo
78ae29aac4 feat(pkgs): Bump channels to latest
This moves to NixOS 18.09.
2018-10-10 11:20:22 +02:00
Vincent Ambo
dc1674f2a1 feat(adho): Add Homan Bistro wifi 2018-10-10 11:20:07 +02:00
Vincent Ambo
67d016029c chore: Disable Redis service on all machines 2018-10-10 11:19:54 +02:00
Vincent Ambo
623a84f6f8 refactor: Require directory instead of file path for cursors
The previous change, which makes journaldriver write the cursor
position in two steps, requires that journaldriver can write files
adjacent to the cursor position file itself.

Instead of simply guessing that this is possible (e.g. by changing the
file suffix), expect the user to provide a directory that
journaldriver can work with.
2018-10-09 11:38:41 +02:00
Vincent Ambo
61b2577a19 fix: Refuse to write empty journald cursors and inform users
Exits from `persist_cursor` early if the cursor received from journald
is an empty string.

We don't currently know if this actually happens (please see #2 for
more details), so an error message has been added that asks users to
report this if it ever occurs.
2018-10-09 11:38:41 +02:00
Vincent Ambo
c1ab78c05a fix: Write cursor into temporary file and move it
This deals with a potential issue where creating a new file in place
of an existing cursor position file may cause position files to be
empty.

The cause for this is that the newly created file will truncate the
previous content, if journaldriver is then terminated before it
completes the cursor write to this file, it will not have written a
valid cursor (or anything at all).

Potentially relates to #2
2018-10-09 11:38:41 +02:00
Vincent Ambo
7ec507f8cb chore: Bump version to 1.1.0
... in preparation of a new release!
2018-10-06 01:04:56 +02:00
Vincent Ambo
55c4943df1 docs(README): Add notes about error reporting & minor improvements 2018-10-06 00:51:26 +02:00
Vincent Ambo
86c25cc226 refactor: Replace reqwest library with ureq
This replaces reqwest with the more simplistic ureq library for
performing required HTTP requests.

Reqwest comes with a lot of (tokio-based) machinery for
high-performance requesting that is a bit out of scope for
journaldriver's needs.

This clocks in at 62 (!) fewer dependencies after the change, with
equivalent functionality. Wew.
2018-10-05 23:58:01 +02:00
Vincent Ambo
a4084bf1e0 docs(README): Add note about log levels / priorities / severities
(kjære barn har mange navn :P)

Adds a small piece of documentation about the conversion between
journald priorities and Stackdriver severities to the README, as well
as information about how to easily emit messages at different
priorities from applications logging to journald.
2018-09-24 16:03:58 +02:00
Vincent Ambo
3b20abe0f8 docs(main): Expand information on priority->severity conversion
Adds a few additional notes about where to find more information and
how to log information correctly, as was discussed on issue #11.
2018-09-24 16:03:58 +02:00
Thomas ten Cate
a89be8d715 feat(main): Pass log levels along to Stackdriver
If a priority is present, it is passed as-is into the Stackdriver API.
This allows filtering by severity in the logs UI. Conveniently, the
levels are the same between journald and Stackdriver.

Fixes #11.
2018-09-24 16:03:58 +02:00
Vincent Ambo
b19b1590e5 chore(emacs): Bump EXWM & XELB to most recent development versions 2018-09-19 22:59:42 +02:00
Vincent Ambo
8d918e48eb refactor(desktop): Don't launch EXWM via Emacs client
Launch EXWM directly in Emacs, instead of first launching an Emacs
server and connecting a client.

In cases where Emacs does not start correctly due to initialisation
errors the error message would never become visible without this change.
2018-09-16 16:57:33 +02:00
Vincent Ambo
754b487ee4 feat(adho): Add Dublin wifi networks 2018-09-16 16:51:20 +02:00
Vincent Ambo
5eefd71bf1 chore: Add repository URL to Cargo manifest 2018-09-04 14:56:06 +02:00
Vincent Ambo
5cb7dd7ca0 feat(build): Configure Travis CI builds 2018-09-04 14:50:58 +02:00
Vincent Ambo
0c3cdee5ee chore: Make JWKS type Cloneable 2018-09-04 14:40:41 +02:00
Vincent Ambo
64a480ccb7 fix: validate() does not require ownership of the token string
Thanks to @bvs for pointing this out.
2018-09-04 13:01:14 +02:00
Vincent Ambo
89af12444a chore: License under GPL-3.0-or-later 2018-09-04 12:48:11 +02:00
Vincent Ambo
29dfb6826f docs: Update README to match new library API 2018-09-04 12:48:11 +02:00
Vincent Ambo
dd527ecdf1 feat: Implement claim validation
Implements initial validations of token claims. The included
validations are:

* validation of token issuer
* validation of token audience
* validation that a subject is set
* validation that a token is not expired
2018-09-04 12:45:27 +02:00
Vincent Ambo
ae409995ca fix: Handle warning about unused kty & alg fields
These fields are only used to constrain deserialisation to the
supported values, but have no further effect.

`rustc` throws warnings about them not being used, which this commit
disables.
2018-09-04 12:45:27 +02:00
Vincent Ambo
5f8f252f68 test: Ensure library doctest compiles & runs correctly 2018-09-04 12:45:27 +02:00
Vincent Ambo
7c99220723 refactor: Pass 'String' to token_kid instead of internal type 2018-09-04 12:45:27 +02:00
Vincent Ambo
b6eedbfe16 feat: Initial implementation of 'validate' function
Implements the logic for validating a token signature and returning
its decoded headers and claims.

This does not yet apply claim validations, as those have not been
specified yet.
2018-09-04 12:45:27 +02:00
Vincent Ambo
37652545b4 feat: Introduce ValidJWT type to represent validated & decoded JWT
Introduces a new struct type which contains the token's headers and
claims as JSON values. This is constructed by validating a token and
allows library users to deal with the deserialised values as they
please.
2018-09-04 12:45:27 +02:00
Vincent Ambo
b3e8f7a91f refactor: Introduce helper for deserialising token parts
There are multiple points in the code where a token part needs to be
deserialised (i.e. first base64-decoded, then JSON-deserialised). This
is extracted to a helper function in this commit.
2018-09-04 12:45:27 +02:00
Vincent Ambo
33c122f10e feat: Implement extraction of KIDs from unvalidated tokens 2018-09-04 12:45:27 +02:00
Vincent Ambo
5bd7a91d10 test: Add simple test for working JWT validation 2018-09-04 12:45:27 +02:00
Vincent Ambo
4b5dc17fc8 feat: Introduce validation of JWT signatures
Introduces the internal function for validating JWT signatures. The
process is relatively straightforward:

1. Create an OpenSSL signature verifier using the public key from the
   JWK.

2. Split the JWT into the data (header + claims) and signature parts.

3. Validate the data against the signature using the verifier from (1)

OpenSSL "cleanly" returns a boolean in case of an invalid signature,
but an otherwise successful operation.

This is represented differently in the returned error variant, with an
invalid signature being represented as `InvalidSignature`, and other
errors as the `OpenSSL` error variant which wraps the underlying
OpenSSL issue.

Successful validation returns an empty `Ok` result.
2018-09-04 12:45:27 +02:00
Vincent Ambo
17e3a6560a refactor: Move tests to separate file 2018-09-04 12:45:27 +02:00
Vincent Ambo
d3b200e820 refactor: Use error enum + result type alias for failures
This makes the library slightly more "rusty". Instead of returning a
validation result which also represents potential success, use an enum
representing the error variants and the standard library's
`Result`-type to represent success/failure.
2018-09-04 12:45:27 +02:00
Vincent Ambo
0f8231e990 feat: Add initial public API skeleton 2018-09-04 12:45:27 +02:00
Vincent Ambo
d0a52de5e8 docs: Add code of conduct 2018-09-04 12:45:26 +02:00
Vincent Ambo
b916554ac5 docs: Add initial README 2018-09-04 12:45:26 +02:00
Vincent Ambo
63c08b923f chore(emacs): Bump EXWM version
Includes changes from ch11ng/exwm#477 which may resolve issues with
ch11ng/exwm#425.
2018-09-02 15:21:23 +02:00
Vincent Ambo
1515020dd4 feat(adho): Add additional wifi networks 2018-09-02 15:14:18 +02:00
Vincent Ambo
614375c7b1 feat(adho): Run haveged daemon 2018-09-02 15:14:18 +02:00
Vincent Ambo
2c9a4b8816 chore(stallo): Add 2.4Ghz network as fallback
Apparently the wifi card likes to act up occasionally (this is new?)
and can't see the 5Ghz network anymore.

This adds the 2.4Ghz network as a fallback in those cases.
2018-08-26 22:30:53 +02:00
Vincent Ambo
b64dd00fe3 chore(emacs): Add another potential fix for EXWM issue
Pulls in the changes from @medranocalvo's ch11ng/exwm#469 pull
request, which could be a potential fix for ch11ng/exwm#425.
2018-08-17 10:20:45 +02:00
Vincent Ambo
5f433c46c1 docs(README): Add note about installing on NixOS 2018-08-15 21:27:10 +02:00
Vincent Ambo
20b9432f16 chore(image): Update image for Kontemplate 1.7.0
Version changes:

* Kontemplate 1.7.0
* Kubectl 1.11.0
* Alpine 3.8
2018-08-15 21:27:10 +02:00
Vincent Ambo
f31a7d33b6 chore(brew): Update Homebrew formula for 1.7.0 2018-08-15 21:27:10 +02:00
Vincent Ambo
511ae92224 chore(build): Update dependencies to newest version
Updates the following dependencies to latest:

* Masterminds/semver
* Masterminds/sprig
* ghodss/yaml
* satori/go.uuid -> google/uuid
* huandu/xstrings
* imdario/mergo
* crypto
* alecthomas/kingpin.v2
* yaml.v2

As usual Go libraries are YOLO-versioned, so who knows what changed
here. I'll be going through `sprig` at least to add that to the
changelog.

This relates to #152.
2018-08-15 19:46:33 +02:00
Vincent Ambo
c32445da81 chore(stallo): Use wine with 64-bit support 2018-08-10 22:18:08 +02:00
Vincent Ambo
45e3207658 feat(adho): Add Yubikey PIV related tools 2018-08-10 22:16:57 +02:00