feat: v1.0.2, add feature harden_process
This commit is contained in:
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -874,7 +874,7 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
|
||||
|
||||
[[package]]
|
||||
name = "local-mini-kms"
|
||||
version = "1.0.1"
|
||||
version = "1.0.2"
|
||||
dependencies = [
|
||||
"aes-gcm-stream",
|
||||
"aes-kw",
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
[package]
|
||||
name = "local-mini-kms"
|
||||
version = "1.0.1"
|
||||
version = "1.0.2"
|
||||
edition = "2021"
|
||||
|
||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[features]
|
||||
default = ["yubikey"]
|
||||
default = ["yubikey", "harden_process"]
|
||||
yubikey = ["yubico_manager"]
|
||||
harden_process = ["secmem-proc", "procfs"]
|
||||
|
||||
[dependencies]
|
||||
zeroize = "1.8"
|
||||
@@ -19,7 +20,7 @@ lazy_static = "1.5"
|
||||
serde_derive = "1.0"
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
secmem-proc = "0.3"
|
||||
secmem-proc = { version = "0.3", optional = true }
|
||||
seckey = "0.12"
|
||||
rust_util = { version = "0.6", features = ["use_clap"] }
|
||||
tokio = { version = "1.37", features = ["full"] }
|
||||
@@ -35,4 +36,4 @@ aes-gcm-stream = "0.2"
|
||||
jose-jwk = "0.1"
|
||||
|
||||
[target.'cfg(target_os = "linux")'.dependencies]
|
||||
procfs = "0.13"
|
||||
procfs = { version = "0.13", optional = true }
|
||||
|
||||
@@ -36,6 +36,7 @@ fn main() {
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "harden_process")]
|
||||
fn harden_process() {
|
||||
let ignore_harden_process_error = std::env::var("IGNORE_HARDEN_PROCESS_ERROR")
|
||||
.map(|v| &v == "true").unwrap_or_else(|_| false);
|
||||
@@ -75,6 +76,7 @@ fn inner_main() -> CommandError {
|
||||
let matches = app.get_matches();
|
||||
for command in &commands {
|
||||
if let Some(sub_cmd_matches) = matches.subcommand_matches(command.name()) {
|
||||
#[cfg(feature = "harden_process")]
|
||||
if command.name() == "serve" { harden_process(); }
|
||||
return command.run(&matches, sub_cmd_matches);
|
||||
}
|
||||
|
||||
@@ -7,12 +7,12 @@ pub struct Process {
|
||||
pub exec: Option<PathBuf>,
|
||||
}
|
||||
|
||||
#[cfg(not(target_os = "linux"))]
|
||||
#[cfg(not(all(target_os = "linux", feature = "harden_process")))]
|
||||
pub fn get_process(_port: u16) -> Option<Process> {
|
||||
None
|
||||
}
|
||||
|
||||
#[cfg(target_os = "linux")]
|
||||
#[cfg(all(target_os = "linux", feature = "harden_process"))]
|
||||
pub fn get_process(port: u16) -> Option<Process> {
|
||||
let all_procs = match procfs::process::all_processes() {
|
||||
Err(e) => {
|
||||
|
||||
Reference in New Issue
Block a user