From a1f6520223b4ae97c21e8d02b8db5a59ace328b8 Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Mon, 11 Sep 2023 15:37:54 +0200 Subject: [PATCH 1/7] ci: fix env set step --- .github/workflows/current.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index 8578a2e..f68171d 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -18,6 +18,8 @@ jobs: submodules: recursive - name: Extract branch name uses: nelonoel/branch-name@v1 + env: + ACTIONS_ALLOW_UNSECURE_COMMANDS: "true" - name: Docker meta id: meta uses: docker/metadata-action@v4 From 54e054073f00967975f46fed401281e91a9ff7de Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Mon, 11 Sep 2023 15:59:20 +0200 Subject: [PATCH 2/7] ci: fix current workflow --- .github/workflows/current.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index f68171d..cfb17ce 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -44,7 +44,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From 8174ef87c14459b26ef01292e3ab974a97fbb591 Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Mon, 11 Sep 2023 16:22:50 +0200 Subject: [PATCH 3/7] ci: fix current image tag --- .github/workflows/current.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index cfb17ce..e4a8ef2 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -16,10 +16,10 @@ jobs: uses: actions/checkout@v4 with: submodules: recursive - - name: Extract branch name - uses: nelonoel/branch-name@v1 - env: - ACTIONS_ALLOW_UNSECURE_COMMANDS: "true" + + - name: Inject slug/short variables + uses: rlespinasse/github-slug-action@v4 + - name: Docker meta id: meta uses: docker/metadata-action@v4 @@ -28,18 +28,22 @@ jobs: ghcr.io/defguard/yubikey-provision tags: | type=ref,event=branch - type=raw,value=current.${BRANCH_NAME} + type=raw,value=current.${{ env.GITHUB_REF_NAME }} type=sha + - name: Set up QEMU uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Login to GitHub container registry uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build container uses: docker/build-push-action@v4 with: From d738a9f6bf6db7a08dfc2b3fafc2b2ce0b021a05 Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Tue, 12 Sep 2023 13:28:22 +0200 Subject: [PATCH 4/7] ci: current tag change --- .github/workflows/current.yml | 2 +- src/error.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index e4a8ef2..0b3a0c1 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -28,7 +28,7 @@ jobs: ghcr.io/defguard/yubikey-provision tags: | type=ref,event=branch - type=raw,value=current.${{ env.GITHUB_REF_NAME }} + type=raw,value=current type=sha - name: Set up QEMU diff --git a/src/error.rs b/src/error.rs index 7bb5f00..2f7e1d2 100644 --- a/src/error.rs +++ b/src/error.rs @@ -21,7 +21,7 @@ pub enum WorkerError { NoKeysFound, #[error("Multiple yubikeys found")] MultipleKeysPresent, - #[error("IO error occured")] + #[error("IO error occurred")] IO, #[error("UTF8 conversion failed")] UTF8Conversion, From a5ed5f16ecbd0c8d33aaa005309b4c7114ca099e Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Tue, 12 Sep 2023 14:06:16 +0200 Subject: [PATCH 5/7] ci: fix release workflow --- .github/workflows/release.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a8ef661..d222409 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: uses: docker/build-push-action@v4 with: context: . - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} @@ -102,6 +102,9 @@ jobs: target: ${{ matrix.target }} override: true + - name: Install protoc + run: sudo apt-get update && sudo apt-get -y install protobuf-compiler + - name: Build release binary uses: actions-rs/cargo@v1 with: From d1518ba7f5fce9d262b550cf7916cd5b0cef7d0e Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Tue, 12 Sep 2023 14:22:21 +0200 Subject: [PATCH 6/7] ci: fix release cross compile --- .github/workflows/release.yml | 3 --- Cross.toml | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 Cross.toml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d222409..63a2ea9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -102,9 +102,6 @@ jobs: target: ${{ matrix.target }} override: true - - name: Install protoc - run: sudo apt-get update && sudo apt-get -y install protobuf-compiler - - name: Build release binary uses: actions-rs/cargo@v1 with: diff --git a/Cross.toml b/Cross.toml new file mode 100644 index 0000000..9eafb1e --- /dev/null +++ b/Cross.toml @@ -0,0 +1,17 @@ +[target.x86_64-unknown-linux-gnu] +pre-build = ["apt-get update && apt-get install --assume-yes unzip ", +"PB_REL='https://github.com/protocolbuffers/protobuf/releases'", +"PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", +"unzip protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr"] + +[target.armv7-unknown-linux-gnueabihf] +pre-build = ["apt-get update && apt-get install --assume-yes unzip ", +"PB_REL='https://github.com/protocolbuffers/protobuf/releases'", +"PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", +"unzip protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr"] + +[target.aarch64-unknown-linux-gnu] +pre-build = ["apt-get update && apt-get install --assume-yes unzip ", +"PB_REL='https://github.com/protocolbuffers/protobuf/releases'", +"PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", +"unzip protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr"] From add15f88b5aa8ae74e8b1e1f49ffddabd9c0bf1d Mon Sep 17 00:00:00 2001 From: Filip Slezak Date: Fri, 22 Sep 2023 00:30:47 +0200 Subject: [PATCH 7/7] add gpg debug flag to config --- src/config.rs | 13 +++++++++++-- src/gpg.rs | 22 +++++++++++++++++++--- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/src/config.rs b/src/config.rs index 31a4a36..82e0f82 100644 --- a/src/config.rs +++ b/src/config.rs @@ -35,6 +35,10 @@ pub struct Config { #[arg(long, env = "YUBIKEY_RETRY_INTERVAL", default_value = "15")] pub smartcard_retry_interval: u64, + /// gpg debug level, this is set to advanced when log_level is set to debug + #[arg(long, env = "GPG_DEBUG_LEVEL", default_value = "none")] + pub gpg_debug_level: String, + /// Token from Defguard available on Provisioning page #[arg( long, @@ -61,13 +65,14 @@ impl Default for Config { token: "TOKEN".into(), config_path: None, grpc_ca: None, + gpg_debug_level: "none".into(), } } } pub fn get_config() -> Result { // parse CLI arguments to get config file path - let cli_config = Config::parse(); + let mut cli_config = Config::parse(); // load config from file if one was specified if let Some(config_path) = cli_config.config_path { @@ -75,7 +80,11 @@ pub fn get_config() -> Result { .map_err(|err| WorkerError::InvalidConfigFile(err.to_string()))?; let file_config: Config = toml::from_str(&config_toml) .map_err(|err| WorkerError::InvalidConfigFile(err.message().to_string()))?; - return Ok(file_config); + cli_config = file_config.clone(); + } + + if cli_config.log_level == "debug" && cli_config.gpg_debug_level == "none" { + cli_config.gpg_debug_level = "advanced".into(); } Ok(cli_config) diff --git a/src/gpg.rs b/src/gpg.rs index df5db90..d9edc77 100644 --- a/src/gpg.rs +++ b/src/gpg.rs @@ -108,12 +108,15 @@ pub fn init_gpg() -> Result<(String, Child), WorkerError> { pub fn gen_key( gpg_command: &str, + gpg_debug_level: &str, gpg_home: &str, full_name: &str, email: &str, ) -> Result<(), WorkerError> { let mut child = Command::new(gpg_command) .args([ + "--debug-level", + gpg_debug_level, "--homedir", gpg_home, "--batch", @@ -132,9 +135,16 @@ pub fn gen_key( Ok(()) } -pub fn key_to_card(gpg_command: &str, gpg_home: &str, email: &str) -> Result<(), WorkerError> { +pub fn key_to_card( + gpg_command: &str, + gpg_debug_level: &str, + gpg_home: &str, + email: &str, +) -> Result<(), WorkerError> { let mut child = Command::new(gpg_command) .args([ + "--debug-level", + gpg_debug_level, "--homedir", gpg_home, "--command-fd=0", @@ -279,12 +289,18 @@ pub async fn provision_key( debug!("Temporary GPG session crated"); factory_reset_key()?; debug!("OpenPGP Key app restored to factory."); - gen_key(gpg_command, &gpg_home, &full_name, &job.email)?; + gen_key( + gpg_command, + &config.gpg_debug_level, + &gpg_home, + &full_name, + &job.email, + )?; debug!("OpenPGP key for {} created", &job.email); let fingerprint = get_fingerprint()?; let pgp = export_public(gpg_command, &gpg_home, &job.email)?; let ssh = export_ssh(gpg_command, &gpg_home, &job.email)?; - key_to_card(gpg_command, &gpg_home, &job.email)?; + key_to_card(gpg_command, &config.gpg_debug_level, &gpg_home, &job.email)?; debug!("Subkeys saved in yubikey"); // cleanup after provisioning if gpg_process.kill().is_err() {