Commit graph

10653 commits

Author SHA1 Message Date
Gennadiy Civil
411b3c56d9
Update AbseilHelpers.cmake
Comment change
2018-09-11 13:53:48 -04:00
Graham Christensen
0aca1ffb6e Prefer 'remote builder' over 'slave' 2018-09-10 18:57:46 +02:00
Eelco Dolstra
5b2fdfdca2
Merge pull request #2412 from dingxiangfei2009/patch-repl-autoargs
nix repl respects --arg and --argstr
2018-09-10 10:50:51 +02:00
Ding Xiang Fei
d6ac762bf7 auto args on repl 2018-09-10 15:43:17 +08:00
Eelco Dolstra
bba3f0a308
If fallback is enabled, temporarily disable substituters after a failure
Otherwise, we just keep asking the substituter for other .narinfo
files, which can take a very long time due to retries/timeouts.
2018-09-07 17:08:43 +02:00
Eelco Dolstra
33c3f91885
Handle queryPathInfo() failure from substituters when fallback is enabled
Fixes #1990.
2018-09-07 16:35:48 +02:00
Eelco Dolstra
91405986f4
Convert NIX_COUNT_CALLS to JSON too 2018-09-05 21:57:54 +02:00
Eelco Dolstra
0a2545f95c
Log stats to stderr
We shouldn't pollute stdout.
2018-09-05 21:35:58 +02:00
Eelco Dolstra
c4ba5f4be9
Merge branch 'improve-stats' of https://github.com/cleverca22/nix 2018-09-05 21:28:05 +02:00
Eelco Dolstra
2d91012754
fetchurl: Respect unpack
Fixes #2393.
2018-09-05 21:22:37 +02:00
Abseil Team
fb462224c0 Export of internal Abseil changes.
--
86b1c997fac1f77b0eacfab788659b5a89a6096e by Abseil Team <absl-team@google.com>:

Import of CCTZ from GitHub.

PiperOrigin-RevId: 211654320

--
299b70e1247df768454a76eb957a184de9706f61 by Chris Kennelly <ckennelly@google.com>:

Avoid creating a misaligned reference to int.

PiperOrigin-RevId: 211505883

--
c8fad4357ad0bfb3c5ad197c505509bc087072c9 by Abseil Team <absl-team@google.com>:

Import of CCTZ from GitHub.

PiperOrigin-RevId: 211458539

--
0613feffcd36466c3e53a50758d7e8f17c001dce by Greg Falcon <gfalcon@google.com>:

Refactor a string unit test into a template function for internal purposes.

PiperOrigin-RevId: 211100748
GitOrigin-RevId: 86b1c997fac1f77b0eacfab788659b5a89a6096e
Change-Id: Ic6a932b6c27c6762dcdb3b0127f1e2be782418c1
2018-09-05 15:21:18 -04:00
Eelco Dolstra
e0ddabb0d6
Merge pull request #2400 from matthewbauer/patch-9
Get effective user in Nix commands
2018-09-05 13:28:23 +02:00
Matthew Bauer
74f6d8767d Get effective user in Nix commands
‘geteuid’ gives us the user that the command is being run as,
including in setuid modes. By using geteuid to determind id, we can
avoid the ‘sudo -i’ hack when upgrading Nix. So now, upgrading Nix on
macOS is as simple as:

$ sudo nix-channel --update
$ sudo nix-env -u

$ sudo launchctl stop org.nixos.nix-daemon
$ sudo launchctl start org.nixos.nix-daemon
or
$ sudo systemctl restart nix-daemon
2018-09-04 19:32:39 -05:00
Loo Rong Jie
d2e5ae5a1a [CMake] Only include test targets if ABSL_RUN_TESTS=ON 2018-09-05 08:25:36 +08:00
Vincent Ambo
5eefd71bf1 chore: Add repository URL to Cargo manifest 2018-09-04 14:56:06 +02:00
Vincent Ambo
5cb7dd7ca0 feat(build): Configure Travis CI builds 2018-09-04 14:50:58 +02:00
Vincent Ambo
0c3cdee5ee chore: Make JWKS type Cloneable 2018-09-04 14:40:41 +02:00
Vincent Ambo
64a480ccb7 fix: validate() does not require ownership of the token string
Thanks to @bvs for pointing this out.
2018-09-04 13:01:14 +02:00
Vincent Ambo
89af12444a chore: License under GPL-3.0-or-later 2018-09-04 12:48:11 +02:00
Vincent Ambo
29dfb6826f docs: Update README to match new library API 2018-09-04 12:48:11 +02:00
Vincent Ambo
dd527ecdf1 feat: Implement claim validation
Implements initial validations of token claims. The included
validations are:

* validation of token issuer
* validation of token audience
* validation that a subject is set
* validation that a token is not expired
2018-09-04 12:45:27 +02:00
Vincent Ambo
ae409995ca fix: Handle warning about unused kty & alg fields
These fields are only used to constrain deserialisation to the
supported values, but have no further effect.

`rustc` throws warnings about them not being used, which this commit
disables.
2018-09-04 12:45:27 +02:00
Vincent Ambo
5f8f252f68 test: Ensure library doctest compiles & runs correctly 2018-09-04 12:45:27 +02:00
Vincent Ambo
7c99220723 refactor: Pass 'String' to token_kid instead of internal type 2018-09-04 12:45:27 +02:00
Vincent Ambo
b6eedbfe16 feat: Initial implementation of 'validate' function
Implements the logic for validating a token signature and returning
its decoded headers and claims.

This does not yet apply claim validations, as those have not been
specified yet.
2018-09-04 12:45:27 +02:00
Vincent Ambo
37652545b4 feat: Introduce ValidJWT type to represent validated & decoded JWT
Introduces a new struct type which contains the token's headers and
claims as JSON values. This is constructed by validating a token and
allows library users to deal with the deserialised values as they
please.
2018-09-04 12:45:27 +02:00
Vincent Ambo
b3e8f7a91f refactor: Introduce helper for deserialising token parts
There are multiple points in the code where a token part needs to be
deserialised (i.e. first base64-decoded, then JSON-deserialised). This
is extracted to a helper function in this commit.
2018-09-04 12:45:27 +02:00
Vincent Ambo
33c122f10e feat: Implement extraction of KIDs from unvalidated tokens 2018-09-04 12:45:27 +02:00
Vincent Ambo
5bd7a91d10 test: Add simple test for working JWT validation 2018-09-04 12:45:27 +02:00
Vincent Ambo
4b5dc17fc8 feat: Introduce validation of JWT signatures
Introduces the internal function for validating JWT signatures. The
process is relatively straightforward:

1. Create an OpenSSL signature verifier using the public key from the
   JWK.

2. Split the JWT into the data (header + claims) and signature parts.

3. Validate the data against the signature using the verifier from (1)

OpenSSL "cleanly" returns a boolean in case of an invalid signature,
but an otherwise successful operation.

This is represented differently in the returned error variant, with an
invalid signature being represented as `InvalidSignature`, and other
errors as the `OpenSSL` error variant which wraps the underlying
OpenSSL issue.

Successful validation returns an empty `Ok` result.
2018-09-04 12:45:27 +02:00
Vincent Ambo
17e3a6560a refactor: Move tests to separate file 2018-09-04 12:45:27 +02:00
Vincent Ambo
d3b200e820 refactor: Use error enum + result type alias for failures
This makes the library slightly more "rusty". Instead of returning a
validation result which also represents potential success, use an enum
representing the error variants and the standard library's
`Result`-type to represent success/failure.
2018-09-04 12:45:27 +02:00
Vincent Ambo
0f8231e990 feat: Add initial public API skeleton 2018-09-04 12:45:27 +02:00
Vincent Ambo
d0a52de5e8 docs: Add code of conduct 2018-09-04 12:45:26 +02:00
Vincent Ambo
b916554ac5 docs: Add initial README 2018-09-04 12:45:26 +02:00
Eelco Dolstra
5e0a7206f5
Merge pull request #2397 from dtzWill/fix/reported-dl-size-with-callback
download: fix size reported to progress bar
2018-09-04 12:16:51 +02:00
Will Dietz
28418af920 download: fix size reported to progress bar 2018-09-03 14:12:54 -05:00
Vladimír Čunát
5f3b72cfc2
docs: change expired bzip2.org to archive.org
Fixes #2396.
2018-09-03 17:57:13 +02:00
Michael Bishop
4b034f390c remove the old text format output 2018-09-02 18:25:23 -03:00
Eelco Dolstra
54996b51fb
Bump version 2018-09-02 22:12:00 +02:00
Eelco Dolstra
4dd09210d7
Release notes tweaks 2018-09-02 21:47:10 +02:00
Vincent Ambo
63c08b923f chore(emacs): Bump EXWM version
Includes changes from ch11ng/exwm#477 which may resolve issues with
ch11ng/exwm#425.
2018-09-02 15:21:23 +02:00
Vincent Ambo
1515020dd4 feat(adho): Add additional wifi networks 2018-09-02 15:14:18 +02:00
Vincent Ambo
614375c7b1 feat(adho): Run haveged daemon 2018-09-02 15:14:18 +02:00
Daiderd Jordan
80a4b44d3d
nix doctor: only perform path/profile checks with a daemon/local store
Not all store types LegacySSHStore support these operations and it
doesn't really make sense to check those.
2018-09-02 13:41:55 +02:00
Daiderd Jordan
bfdca55868
nix doctor: add check for profile roots
In most cases profiles that are in PATH should have a gcroot.
2018-09-02 12:56:28 +02:00
Daiderd Jordan
0f18dc5479
nix doctor: add warning for multiple versions
It's pretty easy to unintentionally install a second version of nix
into the user profile when using a daemon install.  In this case it
looks like nix was upgraded while the nix-daemon is probably still
unning an older version.
2018-09-02 12:56:28 +02:00
Daiderd Jordan
246acf93f2
nix doctor: handle serve protocol
The serve protocol used by LegacySSHStore has a different major and
shouldn't be compared to PROTOCOL_VERSION.
2018-09-02 12:54:42 +02:00
Daiderd Jordan
7314dc7f07
nix doctor: add warning if client/daemon protocol mismatches
A protocol mismatch can sometimes cause problems when using specific
features with an older daemon. For example:

Nix 2.0 changed the way files are compied to the store.  The daemon is
backwards compatible and can still handle older clients, however a 1.11
nix-daemon isn't forwards compatible.
2018-09-02 12:54:39 +02:00
Daiderd Jordan
070823baa4
Store: expose the protocol version used by a store 2018-09-02 12:54:29 +02:00