feat: v0.2.0, add harden support

2022-07-27 23:31:25 +08:00
parent 7af1521354
commit 77591990ad
3 changed files with 27 additions and 3 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -444,7 +444,7 @@ dependencies = [

 [[package]]
 name = "local-mini-kms"
-version = "0.1.1"
+version = "0.2.0"
 dependencies = [
 "base64",
 "clap",
@@ -454,6 +454,7 @@ dependencies = [
 "lazy_static",
 "rusqlite",
 "rust_util",
+ "secmem-proc",
 "serde",
 "serde_derive",
 "serde_json",
@@ -713,6 +714,18 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"

+[[package]]
+name = "secmem-proc"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b291669c8562407a90242395b35409c070f748c64268ed7c837bd0550c4dec5"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "thiserror",
+ "winapi",
+]
+
 [[package]]
 name = "serde"
 version = "1.0.138"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "local-mini-kms"
-version = "0.1.1"
+version = "0.2.0"
 edition = "2021"

 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -16,6 +16,7 @@ serde_derive = "1.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 josekit = "0.8.1"
+secmem-proc = "0.1.1"
 rust_util = { version = "0.6", features = ["use_clap"] }
 tokio = { version = "1.19", features = ["full"] }
 hyper = { version = "0.14.20", features = ["client", "server", "tcp", "http1", "http2"] }
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use clap::{App, AppSettings, ArgMatches};
-use rust_util::{failure_and_exit, information};
+use rust_util::{failure_and_exit, information, success, warning};
 use rust_util::util_clap::{Command, CommandError};

 mod db;
@@ -20,6 +20,16 @@ impl DefaultCommandImpl {
 }

 fn main() {
+    let ignore_harden_process_error = std::env::var("IGNORE_HARDEN_PROCESS_ERROR")
+        .map(|v| &v == "true").unwrap_or_else(|_| false);
+    match secmem_proc::harden_process() {
+        Err(e) => if ignore_harden_process_error {
+            warning!("Harden local-mini-kms failed: {}", e);
+        } else {
+            failure_and_exit!("Harden local-mini-kms failed: {}", e);
+        }
+        Ok(_) => success!("Harden local-mini-kms success"),
+    }
    if let Err(e) = inner_main() {
        failure_and_exit!("Run local-mini-kms error: {}", e);
    }