hatter/local-mini-kms
1
1
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

feat: v1.0.2, add feature harden_process

Browse Source
This commit is contained in:
Hatter Jiang
2024-11-20 01:47:32 +08:00
parent 5e6694c53e
commit c939490f0e
4 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -874,7 +874,7 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
[[package]] [[package]]
name = "local-mini-kms" name = "local-mini-kms"
version = "1.0.1" version = "1.0.2"
dependencies = [ dependencies = [
"aes-gcm-stream", "aes-gcm-stream",
"aes-kw", "aes-kw",

9
Cargo.toml
View File

@@ -1,13 +1,14 @@
[package] [package]
name = "local-mini-kms" name = "local-mini-kms"
version = "1.0.1" version = "1.0.2"
edition = "2021" edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[features] [features]
default = ["yubikey"] default = ["yubikey", "harden_process"]
yubikey = ["yubico_manager"] yubikey = ["yubico_manager"]
harden_process = ["secmem-proc", "procfs"]
[dependencies] [dependencies]
zeroize = "1.8" zeroize = "1.8"
@@ -19,7 +20,7 @@ lazy_static = "1.5"
serde_derive = "1.0" serde_derive = "1.0"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
secmem-proc = "0.3" secmem-proc = { version = "0.3", optional = true }
seckey = "0.12" seckey = "0.12"
rust_util = { version = "0.6", features = ["use_clap"] } rust_util = { version = "0.6", features = ["use_clap"] }
tokio = { version = "1.37", features = ["full"] } tokio = { version = "1.37", features = ["full"] }
@@ -35,4 +36,4 @@ aes-gcm-stream = "0.2"
jose-jwk = "0.1" jose-jwk = "0.1"
[target.'cfg(target_os = "linux")'.dependencies] [target.'cfg(target_os = "linux")'.dependencies]
procfs = "0.13" procfs = { version = "0.13", optional = true }

2
src/main.rs
View File

@@ -36,6 +36,7 @@ fn main() {
} }
} }
#[cfg(feature = "harden_process")]
fn harden_process() { fn harden_process() {
let ignore_harden_process_error = std::env::var("IGNORE_HARDEN_PROCESS_ERROR") let ignore_harden_process_error = std::env::var("IGNORE_HARDEN_PROCESS_ERROR")
.map(|v| &v == "true").unwrap_or_else(|_| false); .map(|v| &v == "true").unwrap_or_else(|_| false);
@@ -75,6 +76,7 @@ fn inner_main() -> CommandError {
let matches = app.get_matches(); let matches = app.get_matches();
for command in &commands { for command in &commands {
if let Some(sub_cmd_matches) = matches.subcommand_matches(command.name()) { if let Some(sub_cmd_matches) = matches.subcommand_matches(command.name()) {
#[cfg(feature = "harden_process")]
if command.name() == "serve" { harden_process(); } if command.name() == "serve" { harden_process(); }
return command.run(&matches, sub_cmd_matches); return command.run(&matches, sub_cmd_matches);
} }

4
src/proc.rs
View File

@@ -7,12 +7,12 @@ pub struct Process {
pub exec: Option<PathBuf>, pub exec: Option<PathBuf>,
} }
#[cfg(not(target_os = "linux"))] #[cfg(not(all(target_os = "linux", feature = "harden_process")))]
pub fn get_process(_port: u16) -> Option<Process> { pub fn get_process(_port: u16) -> Option<Process> {
None None
} }
#[cfg(target_os = "linux")] #[cfg(all(target_os = "linux", feature = "harden_process"))]
pub fn get_process(port: u16) -> Option<Process> { pub fn get_process(port: u16) -> Option<Process> {
let all_procs = match procfs::process::all_processes() { let all_procs = match procfs::process::all_processes() {
Err(e) => { Err(e) => {