Build is broken, trying to fix it

common.nix

@@ -1,18 +1,18 @@
 rec {
   pkgsSrc = builtins.fetchTarball {
-    # The following is for nixos-unstable on 2022-03-15
-    url = "https://github.com/NixOS/nixpkgs/archive/73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58.tar.gz";
-    sha256 = "01j7nhxbb2kjw38yk4hkjkkbmz50g3br7fgvad6b1cjpdvfsllds";
+    # The following is for nixos-unstable on 2024-02-09
+    url = "https://github.com/NixOS/nixpkgs/archive/8a3e1cf40a6eaeb122c8321b97a0518cfa6ed779.tar.gz";
+    sha256 = "000k9dvgnhd6f6599w1pdxlj7f616p82hd12i3g013684873kcrh";
   };
   naerskSrc = builtins.fetchTarball {
-    # The following is the latest version as of 2022-03-15
-    url = "https://github.com/nmattia/naersk/archive/2fc8ce9d3c025d59fee349c1f80be9785049d653.tar.gz";
-    sha256 = "0qjyfmw5v7s6ynjns4a61vlyj9cghj7vbpgrp9147ngb1f8krz3c";
+    # The following is the latest version as of 2024-02-09
+    url = "https://github.com/nmattia/naersk/archive/aeb58d5e8faead8980a807c840232697982d47b9.tar.gz";
+    sha256 = "0qjyfmw5v7s6ynjns4a61vlyj9cghj7vbpgrp9147ngb1f8krz32";
   };
   rustOverlaySrc = builtins.fetchTarball {
-    # The following is the latest version as of 2022-03-15
-    url = "https://github.com/mozilla/nixpkgs-mozilla/archive/15b7a05f20aab51c4ffbefddb1b448e862dccb7d.tar.gz";
-    sha256 = "0admybxrjan9a04wq54c3zykpw81sc1z1nqclm74a7pgjdp7iqv1";
+    # The following is the latest version as of 2024-02-09
+    url = "https://github.com/mozilla/nixpkgs-mozilla/archive/9b11a87c0cc54e308fa83aac5b4ee1816d5418a2.tar.gz";
+    sha256 = "1f41psqw00mdcwm28y1frjhssybg6r8i7rpa8jq0jiannksbj27s";
   };
   rustOverlay = import rustOverlaySrc;
   pkgs = import pkgsSrc {
@@ -24,9 +24,10 @@ rec {
     ];
   };
   rustNightlyChannelRaw = pkgs.rustChannelOf {
-    date = "2022-03-15";
+    date = "2024-02-04";
     channel = "nightly";
-    sha256 = "0wgn87di2bz901iv2gspg935qgyzc3c2fg5jszckxl4q47jzvd8b";
+    hash = "sha256-MR0rZ9wid6oc0sGwg4/MnOkPSQ06qVtYjV6X8a+BZA8=";
+    #sha256 = "0wgn87di2bz901iv2gspg935qgyzc3c2fg5jszckxl4q47jzvd8c";
   };
   rustNightlyChannel = rustNightlyChannelRaw // {
     rust = rustNightlyChannelRaw.rust.override {

kannader-config-macros/src/lib.rs

@@ -460,7 +460,7 @@ fn make_host_server(impl_name: Ident, c: Communicator) -> TokenStream {
                 #fn_body
             };
 
-            l.define(#link_name, #ffi_name, wasmtime::Func::wrap(&mut *ctx, the_fn))?;
+            l.func_wrap(#link_name, #ffi_name, the_fn)?;
         }}
     });
     let res = quote! {

kannader/Cargo.toml

@@ -12,29 +12,31 @@ edition = "2018"
 
 [dependencies]
 anyhow = "1.0"
-async-compat = "0.2.1"
+async-compat = "0.2"
 async-std-resolver = "0.21.2"
 async-trait = "0.1.30"
 bincode = "1.3"
-cap-std = "0.24.4"
+cap-std = "3.0"
 chrono = { version = "0.4.19", features = ["serde"] }
 duplexify = "1.2"
 easy-parallel = "3.1"
 futures = "0.3.8"
 rustls = { version = "0.20.6", features = ["dangerous_configuration"] }
-rustls-pemfile = "1.0"
+rustls-pemfile = "2.0"
+rustls-pki-types = "1.2"
 scoped-tls = "1.0"
 serde = { version = "1.0", features = ["derive"] }
 serde-error = "0.1.0"
 smol = "1.2"
 structopt = "0.3.21"
-tokio-rustls = "0.23.4"
+tokio-rustls = "0.25"
 tracing = "0.1.22"
 tracing-subscriber = "0.3.11"
 trust-dns-resolver = { version = "0.21.2", default-features = false }
-wasmtime = "1.0"
-wasmtime-wasi = "1.0"
+wasmtime = "17.0"
+wasmtime-wasi = "17.0"
 webpki = "0.22.0"
+tokio = "1.36"
 
 kannader-config-macros = { path = "../kannader-config-macros", version = "0.1.0" }
 kannader-types = { path = "../kannader-types", version = "0.1.0" }

kannader/src/client_config.rs

@@ -67,7 +67,7 @@ impl smtp_client::Config for ClientConfig {
                 let io = self
                     .connector
                     .connect(
-                        rustls::ServerName::try_from("nodomainyet").unwrap(),
+                        rustls_pki_types::ServerName::try_from("nodomainyet").unwrap(),
                         io.compat(),
                     )
                     .await?;

kannader/src/lib.rs

@@ -36,19 +36,50 @@ use wasm_config::WasmConfig;
 #[derive(serde::Deserialize, serde::Serialize)]
 pub struct Meta;
 
+#[derive(Debug)]
 struct NoCertVerifier;
 
-impl rustls::client::ServerCertVerifier for NoCertVerifier {
+impl tokio_rustls::rustls::client::danger::ServerCertVerifier for NoCertVerifier {
     fn verify_server_cert(
         &self,
-        _end_entity: &rustls::Certificate,
-        _intermediates: &[rustls::Certificate],
-        _server_name: &rustls::client::ServerName,
-        _scts: &mut dyn Iterator<Item = &[u8]>,
+        _end_entity: &tokio_rustls::rustls::pki_types::CertificateDer,
+        _intermediates: &[tokio_rustls::rustls::pki_types::CertificateDer],
+        _server_name: &tokio_rustls::rustls::pki_types::ServerName,
         _ocsp_response: &[u8],
-        _now: SystemTime,
-    ) -> Result<rustls::client::ServerCertVerified, rustls::Error> {
-        Ok(rustls::client::ServerCertVerified::assertion())
+        _now: tokio_rustls::rustls::pki_types::UnixTime,
+    ) -> Result<tokio_rustls::rustls::client::danger::ServerCertVerified, tokio_rustls::rustls::Error>
+    {
+        Ok(tokio_rustls::rustls::client::danger::ServerCertVerified::assertion())
+    }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &tokio_rustls::rustls::pki_types::CertificateDer,
+        _dss: &tokio_rustls::rustls::DigitallySignedStruct,
+    ) -> Result<
+        tokio_rustls::rustls::client::danger::HandshakeSignatureValid,
+        tokio_rustls::rustls::Error,
+    > {
+        Ok(tokio_rustls::rustls::client::danger::HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &tokio_rustls::rustls::pki_types::CertificateDer,
+        _dss: &tokio_rustls::rustls::DigitallySignedStruct,
+    ) -> Result<
+        tokio_rustls::rustls::client::danger::HandshakeSignatureValid,
+        tokio_rustls::rustls::Error,
+    > {
+        Ok(tokio_rustls::rustls::client::danger::HandshakeSignatureValid::assertion())
+    }
+
+    fn supported_verify_schemes(&self) -> Vec<tokio_rustls::rustls::SignatureScheme> {
+        //@FIXME It will probably break TLS 1.2 and TLS 1.3
+        // we should send another list instead...
+        vec![]
     }
 }
 
@@ -128,13 +159,19 @@ pub fn run(opt: &Opt, shutdown: smol::channel::Receiver<()>) -> anyhow::Result<(
                     // Prepare the clients
                     debug!("Preparing the client configuration");
                     // TODO: see for configuring persistence, for more performance?
-                    let tls_client_cfg = rustls::ClientConfig::builder()
-                        .with_cipher_suites(rustls::ALL_CIPHER_SUITES)
-                        .with_kx_groups(&rustls::ALL_KX_GROUPS)
-                        .with_protocol_versions(rustls::ALL_VERSIONS)
-                        .context("Configuring the rustls client")?
-                        .with_custom_certificate_verifier(Arc::new(NoCertVerifier))
-                        .with_no_client_auth();
+                    let provider = tokio_rustls::rustls::crypto::CryptoProvider {
+                        cipher_suites: tokio_rustls::rustls::crypto::ring::ALL_CIPHER_SUITES
+                            .to_vec(),
+                        kx_groups: tokio_rustls::rustls::crypto::ring::ALL_KX_GROUPS.to_vec(),
+                        ..tokio_rustls::rustls::crypto::ring::default_provider()
+                    };
+                    let tls_client_cfg =
+                        tokio_rustls::rustls::ClientConfig::builder_with_provider(provider.into())
+                            .with_protocol_versions(tokio_rustls::rustls::ALL_VERSIONS)
+                            .context("Configuring the rustls client")?
+                            .dangerous()
+                            .with_custom_certificate_verifier(Arc::new(NoCertVerifier))
+                            .with_no_client_auth();
                     let connector = tokio_rustls::TlsConnector::from(Arc::new(tls_client_cfg));
                     let client = smtp_client::Client::new(
                         async_std_resolver::resolver_from_system_conf()
@@ -184,19 +221,18 @@ pub fn run(opt: &Opt, shutdown: smol::channel::Receiver<()>) -> anyhow::Result<(
                                 format!("Opening the certificate file ‘{}’", cert_file.display())
                             })?,
                         ))
+                        .collect::<Result<Vec<_>, _>>()
                         .with_context(|| {
                             format!("Parsing the TLS certificate file ‘{}’", cert_file.display())
-                        })?
-                        .into_iter()
-                        .map(rustls::Certificate)
-                        .collect::<Vec<_>>();
+                        })?;
                         debug!(num_certs = certs.len(), "Parsed certificates");
 
                         let keys = rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new(
                             std::fs::File::open(&keys_file).with_context(|| {
                                 format!("Opening the key file ‘{}’", keys_file.display())
                             })?,
                         ))
+                        .collect::<Result<Vec<_>, _>>()
                         .with_context(|| {
                             format!("Parsing the key file ‘{}’", keys_file.display())
                         })?;
@@ -206,15 +242,22 @@ pub fn run(opt: &Opt, shutdown: smol::channel::Receiver<()>) -> anyhow::Result<(
                             "Key file did not have just one key, but had {}",
                             keys.len()
                         );
-                        let key = rustls::PrivateKey(keys.into_iter().next().unwrap());
+                        let key = keys.into_iter().next().unwrap().into();
 
                         // Configure rustls
                         // TODO: see for configuring persistence, for more performance?
                         // TODO: support SNI
-                        let tls_server_cfg = rustls::ServerConfig::builder()
-                            .with_cipher_suites(rustls::ALL_CIPHER_SUITES)
-                            .with_kx_groups(&rustls::ALL_KX_GROUPS)
-                            .with_protocol_versions(rustls::ALL_VERSIONS)
+                        let provider = tokio_rustls::rustls::crypto::CryptoProvider {
+                            cipher_suites: tokio_rustls::rustls::crypto::ring::ALL_CIPHER_SUITES
+                                .to_vec(),
+                            kx_groups: tokio_rustls::rustls::crypto::ring::ALL_KX_GROUPS.to_vec(),
+                            ..tokio_rustls::rustls::crypto::ring::default_provider()
+                        };
+                        let tls_server_cfg =
+                            tokio_rustls::rustls::ServerConfig::builder_with_provider(
+                                provider.into(),
+                            )
+                            .with_protocol_versions(tokio_rustls::rustls::ALL_VERSIONS)
                             .context("Configuring the rustls server")?
                             .with_no_client_auth()
                             .with_single_cert(certs, key)

kannader/src/wasm_config.rs

@@ -60,20 +60,18 @@ impl WasmConfig {
             // adds the necessary stuff
             // TODO: this should be async files, but let's keep
             // that for the day async wasi is implemented upstream
-            b = b
-                .preopened_dir(
-                    Dir::open_ambient_dir(&host, ambient_authority()).with_context(|| {
-                        format!("Preopening ‘{}’ for the guest", host.display())
-                    })?,
-                    guest,
+            b.preopened_dir(
+                Dir::open_ambient_dir(&host, ambient_authority())
+                    .with_context(|| format!("Preopening ‘{}’ for the guest", host.display()))?,
+                guest,
+            )
+            .with_context(|| {
+                format!(
+                    "Registering ‘{}’ as preopened dir pointing to ‘{}‘ for the guest",
+                    guest.display(),
+                    host.display()
                 )
-                .with_context(|| {
-                    format!(
-                        "Registering ‘{}’ as preopened dir pointing to ‘{}‘ for the guest",
-                        guest.display(),
-                        host.display()
-                    )
-                })?;
+            })?;
         }
 
         let mut store = wasmtime::Store::new(engine, WasmState {

smtp-message/src/misc.rs

@@ -915,10 +915,10 @@ mod tests {
     #[test]
     fn hostname_invalid() {
         let tests: &[&[u8]] = &[
-            b"-foo.bar>",                 // No sub-domain starting with a dash
-            b"\xFF>",                     // No invalid utf-8
+            b"-foo.bar>",               // No sub-domain starting with a dash
+            b"\xFF>",                   // No invalid utf-8
             "élégance.-fr>".as_bytes(), // No dashes in utf-8 either
-            b"foo.bar!>",                 // For parse: reject when there is trailing data
+            b"foo.bar!>",               // For parse: reject when there is trailing data
         ];
         for inp in tests {
             // Test parse_until