forked from confidential-containers/guest-components
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCargo.toml
123 lines (104 loc) · 5.31 KB
/
Cargo.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
[package]
name = "image-rs"
version = "0.1.0"
description = "The OCI Images Rust Crate"
repository = "https://github.com/confidential-containers/guest-components/tree/main/image-rs"
readme = "README.md"
license = "Apache-2.0"
authors = ["The image-rs Authors"]
edition = "2021"
[dependencies]
anyhow.workspace = true
async-compression = { version = "0.4.10", features = ["futures-io", "tokio", "gzip", "zstd"] }
async-trait.workspace = true
base64.workspace = true
cfg-if = { workspace = true, optional = true }
devicemapper = { version = "0.34.2", optional = true }
dircpy = { version = "0.3.12", optional = true }
flate2 = "1.0"
fs_extra = { version = "1.2.0", optional = true }
futures = { version = "0.3.28", optional = true }
futures-util = "0.3"
hex = { workspace = true, optional = true }
kbc = { path = "../attestation-agent/kbc", default-features = false, optional = true }
lazy_static = { workspace = true, optional = true }
libc = "0.2.153"
log = "0.4.14"
loopdev = { git = "https://github.com/mdaffin/loopdev", rev = "c9f91e8f0326ce8a3364ac911e81eb32328a5f27"}
nix = { version = "0.28", optional = true, features = ["mount"] }
oci-distribution = { version = "0.10.0", default-features = false, optional = true }
oci-spec = "0.6.2"
ocicrypt-rs = { path = "../ocicrypt-rs", default-features = false, features = ["async-io"], optional = true }
prost = { workspace = true, optional = true }
protobuf = { workspace = true, optional = true }
reqwest = { workspace = true, features = ["json"], optional = true }
resource_uri = { path = "../attestation-agent/deps/resource_uri", optional = true }
sequoia-openpgp = { version = "1.7.0", default-features = false, features = ["compression", "crypto-rust", "allow-experimental-crypto", "allow-variable-time-crypto"], optional = true }
serde = { workspace = true, features = ["serde_derive", "rc"] }
serde_json.workspace = true
serde_yaml = { version = "0.9", optional = true }
sha2.workspace = true
sigstore = { git = "https://github.com/sigstore/sigstore-rs.git", rev = "d5ba303", default-features = false, optional = true }
strum.workspace = true
strum_macros = "0.26"
tar = "0.4.37"
tokio.workspace = true
tokio-util = "0.7.10"
tonic = { workspace = true, optional = true }
ttrpc = { workspace = true, features = [ "async" ], optional = true }
url = "2.2.2"
walkdir = "2"
zstd = "0.12"
nydus-api = { version = "0.3.0", optional = true}
nydus-service = { version = "0.3.0", features = ["coco"], optional = true}
[build-dependencies]
anyhow.workspace = true
tonic-build = { workspace = true, optional = true }
ttrpc-codegen = { workspace = true, optional = true }
[dev-dependencies]
cfg-if.workspace = true
filetime = "0.2"
nix = { version = "0.28", features = ["user"] }
ring.workspace = true
rstest.workspace = true
serial_test = "2.0.0"
strum.workspace = true
tempfile.workspace = true
test-utils = { path = "libs/test-utils" }
tokio = { workspace = true, features = ["process"] }
# Remove nested workspace.
# Unclear if test-utils is needed as a member or not.
# Excluded member scripts/attestation_agent/app doesn't seem to exist.
# [workspace]
# members = ["libs/test-utils"]
# exclude = ["scripts/attestation_agent/app"]
[features]
default = ["snapshot-overlayfs", "signature-cosign-rustls", "keywrap-grpc", "oci-distribution-rustls"]
# This will be based on `ring` dependency
kata-cc-rustls-tls = ["encryption-ring", "keywrap-ttrpc", "snapshot-overlayfs", "signature-cosign-rustls", "signature-simple", "getresource", "oci-distribution/rustls-tls"]
enclave-cc-cckbc-rustls-tls = ["encryption-ring", "keywrap-native", "snapshot-unionfs", "signature-simple", "getresource", "signature-cosign-rustls", "oci-distribution-rustls"]
# This will be based on `openssl` dependency
kata-cc-native-tls = ["encryption-openssl", "keywrap-ttrpc", "snapshot-overlayfs", "signature-cosign-native", "signature-simple", "getresource", "oci-distribution/native-tls"]
enclave-cc-cckbc-native-tls = ["encryption-openssl", "keywrap-native", "snapshot-unionfs", "signature-simple", "getresource", "signature-cosign-native", "oci-distribution-native"]
encryption = ["ocicrypt-rs/block-cipher"]
encryption-ring = ["ocicrypt-rs/block-cipher-ring", "kbc?/rust-crypto", "encryption"]
encryption-openssl = ["ocicrypt-rs/block-cipher-openssl", "kbc?/openssl", "encryption"]
keywrap-cmd = ["ocicrypt-rs/keywrap-keyprovider-cmd"]
keywrap-grpc = ["ocicrypt-rs/keywrap-keyprovider-grpc", "prost", "tonic", "tonic-build"]
keywrap-native = ["ocicrypt-rs/keywrap-keyprovider-native", "kbc/cc_kbc", "kbc/sample_kbc", "kbc/sgx-attester", "resource_uri"]
keywrap-ttrpc = ["ocicrypt-rs/keywrap-keyprovider-ttrpc", "dep:ttrpc", "dep:protobuf", "ttrpc-codegen"]
# Enable keywrap-jwe to decrypt image
keywrap-jwe = ["ocicrypt-rs/keywrap-jwe"]
signature = ["hex"]
signature-cosign = ["signature", "futures"]
signature-cosign-rustls = ["signature-cosign", "sigstore/cosign-rustls-tls"]
signature-cosign-native = ["signature-cosign", "sigstore/cosign-native-tls"]
oci-distribution-rustls = ["oci-distribution/rustls-tls"]
oci-distribution-native = ["oci-distribution/native-tls"]
signature-simple-xrss = ["signature-simple", "dep:reqwest"]
signature-simple = ["signature", "sequoia-openpgp", "serde_yaml"]
snapshot-overlayfs = ["nix"]
snapshot-unionfs = ["nix", "dircpy", "fs_extra"]
getresource = [ "lazy_static", "cfg-if" ]
nydus = ["lazy_static", "nydus-api", "nydus-service"]
verity = ["devicemapper"]