Nightly features CI #244
Closed
Nightly features CI #244
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joechrisellis
force-pushed
the
nightly-features-ci
branch
3 times, most recently
from
d888c37
to
8c3ece6
Compare
|
We'll have to wait until (if?) the Unix peer credentials stuff is in the nightly compiler for this to pass CI. |
hug-dev
reviewed
Sep 8, 2020
joechrisellis
force-pushed
the
nightly-features-ci
branch
2 times, most recently
from
2ffc4fb
to
a5e4947
Compare
added 2 commits
September 9, 2020 15:21
This authenticator uses peer credentials for authentication. The
specific type of peer credentials in mind at the moment are Unix peer
credentials, but this can be extended in the future.
Unix peer credentials provide direct access to the (effective) uid/gid
on the other end of a domain socket connect, without cooperation between
the endpoints. This means that we can trivially determine the uid/gid of
the connecting process, which we can then use for authentication.
This authenticator:
- grabs the (uid, gid) pair of the connecting process.
- grabs the self-declared uid sent in the authentication request.
- verifies that authentication is successful by checking that the
self-declared uid in the authentication request is equal to the actual
uid from the peer credentials.
- if authentication was successful, creates an `ApplicationName` based
on the uid.
The authenticator is hidden behind the Cargo feature
`peer-credentials-authenticator`.
Note that gid is currently unused by the authenticator.
Also note that this patch depends on the following PR being merged:
rust-lang/rust#75148
At the time of writing, this PR is currently under review and is not
merged into the Rust stdlib. This patch therefore will not build with
the current a stable/nightly compiler.
Signed-off-by: Joe Ellis <joe.ellis@arm.com>
Certain features require a nightly build of the Rust toolchain. For example, the peer credentials authenticator currently (Sep 2020) requires the nightly Rust compiler, because the `peer_cred` functionality it depends on is only available in the nightly builds. Nonetheless, we still want to be able to test this functionality. This commit adds a section to the CI script to allow us to test these sorts of features with the nightly Rust toolchain. Signed-off-by: Joe Ellis <joe.ellis@arm.com>
joechrisellis
force-pushed
the
nightly-features-ci
branch
from
a5e4947
to
a1bf065
Compare
|
Closing. This PR is not needed any more. We have cherry-picked the peer credentials code from the Rust standard library into Parsec so that we can use the functionality 'early' -- the relevant commit is in this PR: #214 We have also removed the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for testing features that require a nightly Rust build.
Seems like a reasonable way to do this, for now. I don't imagine that we will have a lot of Parsec features in the future that will require something like this, but this should do the trick for the peer credentials authenticator stuff for now. 😄