From 1073fafe1b0cdd869ea66c67c1470b86a44fd89c Mon Sep 17 00:00:00 2001 From: khcrysalis Date: Sat, 20 Dec 2025 02:58:10 -0800 Subject: [PATCH] drop patch-crate for forks --- .github/workflows/build.yml | 24 +---- Cargo.lock | 16 ++- Cargo.toml | 4 - crates/core/Cargo.toml | 7 +- patches/apple-codesign+0.29.0.patch | 102 ------------------- patches/srp+0.6.0.patch | 148 ---------------------------- 6 files changed, 14 insertions(+), 287 deletions(-) delete mode 100644 patches/apple-codesign+0.29.0.patch delete mode 100644 patches/srp+0.6.0.patch diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c53755b4..3576a80b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,15 +48,9 @@ jobs: sudo apt-get update sudo apt-get install -y libglib2.0-dev libsecret-1-dev libgtk-3-dev libpng-dev libjpeg-dev libgl1-mesa-dev libglu1-mesa-dev libxkbcommon-dev libexpat1-dev libtiff-dev - - name: Build Dependencies - run: | - cargo install patch-crate - cargo fetch --locked || true - cargo patch-crate --force - mkdir -p build/out - - name: Build Binary run: | + mkdir -p build/out cargo build --workspace --bins --locked --release cp target/release/${{ env.BINARY_NAME_CLI }} build/out/${{ env.BINARY_NAME_CLI }}-linux-${{ matrix.arch }} @@ -109,16 +103,10 @@ jobs: - name: Setup Windows MSVC environment uses: ilammy/msvc-dev-cmd@v1 - - name: Build Dependencies + - name: Build & Bundle (Windows) run: | - cargo install patch-crate - cargo fetch --locked || true - cargo patch-crate --force mkdir -p build/out mkdir -p build/nsis - - - name: Build & Bundle (Windows) - run: | cargo build --workspace --bins --locked --release cp target/release/${{ env.BINARY_NAME }}.exe build/nsis cp target/release/${{ env.BINARY_NAME_CLI }}.exe build/out/${{ env.BINARY_NAME_CLI }}-windows-x86_64.exe @@ -155,15 +143,9 @@ jobs: with: targets: ${{ matrix.target }} - - name: Build Dependencies - run: | - cargo install patch-crate - cargo fetch --locked || true - cargo patch-crate --force - mkdir -p build/out - - name: Build (macOS ${{ matrix.arch }}) run: | + mkdir -p build/out cargo build --workspace --bins --locked --release strip target/release/${{ env.BINARY_NAME }} strip target/release/${{ env.BINARY_NAME_CLI }} diff --git a/Cargo.lock b/Cargo.lock index a89c3d65..8353dcf4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -134,8 +134,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "apple-bundles" version = "0.21.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0f40bb8f844cec39fa3aceae717808c2ac3d2b6c474a9dffbeba07a4a945d10" +source = "git+https://github.com/PlumeImpactor/plume-apple-platform-rs?rev=428b42f#428b42f059bbf0b17104f9ad448b5dab3ef79f53" dependencies = [ "anyhow", "plist", @@ -146,6 +145,7 @@ dependencies = [ [[package]] name = "apple-codesign" version = "0.29.0" +source = "git+https://github.com/PlumeImpactor/plume-apple-platform-rs?rev=428b42f#428b42f059bbf0b17104f9ad448b5dab3ef79f53" dependencies = [ "anyhow", "apple-bundles", @@ -223,8 +223,7 @@ dependencies = [ [[package]] name = "apple-flat-package" version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c9d5a1fd8af4a376cc33d7e816a13f8ce127d52101f5dbc8061fb595397bea0" +source = "git+https://github.com/PlumeImpactor/plume-apple-platform-rs?rev=428b42f#428b42f059bbf0b17104f9ad448b5dab3ef79f53" dependencies = [ "apple-xar", "cpio-archive", @@ -238,8 +237,7 @@ dependencies = [ [[package]] name = "apple-xar" version = "0.20.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9631e781df71ebd049d7b4988cdae88712324cb20eb127fd79026bc8f1335d93" +source = "git+https://github.com/PlumeImpactor/plume-apple-platform-rs?rev=428b42f#428b42f059bbf0b17104f9ad448b5dab3ef79f53" dependencies = [ "base64 0.22.1", "bcder", @@ -923,13 +921,12 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "cpio-archive" version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f11d34b07689c21889fc89bd7cc885b3244b0157bbededf4a1c159832cd0df05" +source = "git+https://github.com/PlumeImpactor/plume-apple-platform-rs?rev=428b42f#428b42f059bbf0b17104f9ad448b5dab3ef79f53" dependencies = [ "chrono", "is_executable", "simple-file-manifest", - "thiserror 1.0.69", + "thiserror 2.0.16", ] [[package]] @@ -4227,6 +4224,7 @@ dependencies = [ [[package]] name = "srp" version = "0.6.0" +source = "git+https://github.com/PlumeImpactor/plume-PAKEs?rev=047936a#047936ae2e8bc5cb7a6b26edb66ae06a57ff451c" dependencies = [ "digest", "generic-array", diff --git a/Cargo.toml b/Cargo.toml index e9c7aafc..5c9fc46f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,7 +41,3 @@ thiserror = "2.0.16" # Utils uuid = "1.18.1" futures = "0.3.31" - -[patch.crates-io] -srp = { path="./target/patch/srp-0.6.0" } -apple-codesign = { path="./target/patch/apple-codesign-0.29.0" } diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml index 7deb518d..9589e7c1 100644 --- a/crates/core/Cargo.toml +++ b/crates/core/Cargo.toml @@ -33,7 +33,6 @@ hmac = "0.12.1" pbkdf2 = "0.11" sha1 = "0.10.6" sha2 = "0.10.9" -srp = "0.6.0" rsa = "0.9.8" # Certificates x509-certificate = "0.24.0" @@ -42,9 +41,11 @@ pem-rfc7468 = "0.7.0" rcgen = "0.9.3" p12-keystore = "0.2.0" # TODO: look into p12 crate and why it doesnt support SHA256 # Apple -apple-codesign = { version = "0.29.0", default-features = false } -omnisette = { git = "https://github.com/PlumeImpactor/omnisette", rev = "c066ac2", package = "omnisette", features = ["remote-anisette-v3"] } goblin = "0.9.3" +# Forks +apple-codesign = { git = "https://github.com/PlumeImpactor/plume-apple-platform-rs", rev = "428b42f", package = "apple-codesign", default-features = false } +omnisette = { git = "https://github.com/PlumeImpactor/omnisette", rev = "c066ac2", package = "omnisette", features = ["remote-anisette-v3"] } +srp = { git = "https://github.com/PlumeImpactor/plume-PAKEs", rev = "047936a", package = "srp" } [features] default = [] diff --git a/patches/apple-codesign+0.29.0.patch b/patches/apple-codesign+0.29.0.patch deleted file mode 100644 index 60d2d9a6..00000000 --- a/patches/apple-codesign+0.29.0.patch +++ /dev/null @@ -1,102 +0,0 @@ -diff -ruN -U3 a/src/bundle_signing.rs b/src/bundle_signing.rs ---- a/src/bundle_signing.rs 2025-11-23 15:42:04 -+++ b/src/bundle_signing.rs 2025-11-23 15:59:04 -@@ -469,6 +466,14 @@ - ) -> Result<(PathBuf, SignedMachOInfo), AppleCodesignError> { - warn!("signing Mach-O file {}", bundle_rel_path.display()); - -+ #[cfg(unix)] -+ { -+ use std::os::unix::fs::PermissionsExt; -+ let mut perms = std::fs::metadata(source_path)?.permissions(); -+ perms.set_mode(0o755); -+ std::fs::set_permissions(source_path, perms)?; -+ } -+ - let macho_data = std::fs::read(source_path)?; - let signer = MachOSigner::new(&macho_data)?; - -@@ -607,11 +612,6 @@ - dest_dir.join("Contents") - }; - -- self.bundle -- .identifier() -- .map_err(AppleCodesignError::DirectoryBundle)? -- .ok_or_else(|| AppleCodesignError::BundleNoIdentifier(self.bundle.info_plist_path()))?; -- - let mut resources_digests = settings.all_digests(SettingsScope::Main); - - // State in the main executable can influence signing settings of the bundle. So examine -@@ -722,6 +722,14 @@ - // Seal the main executable. - if let Some(exe) = main_exe { - warn!("signing main executable {}", exe.relative_path().display()); -+ -+ #[cfg(unix)] -+ { -+ use std::os::unix::fs::PermissionsExt; -+ let mut perms = std::fs::metadata(exe.absolute_path())?.permissions(); -+ perms.set_mode(0o755); -+ std::fs::set_permissions(exe.absolute_path(), perms)?; -+ } - - let macho_data = std::fs::read(exe.absolute_path())?; - let signer = MachOSigner::new(&macho_data)?; -diff -ruN -U3 a/src/lib.rs b/src/lib.rs ---- a/src/lib.rs 2025-12-09 17:09:33 -+++ b/src/lib.rs 2025-12-09 17:06:18 -@@ -143,7 +143,7 @@ - mod macho_signing; - pub use macho_signing::*; - mod macho_universal; --pub use macho_universal::UniversalBinaryBuilder; -+pub use macho_universal::*; - #[cfg(feature = "notarize")] - pub mod notarization; - #[cfg(feature = "notarize")] -diff -ruN -U3 a/src/macho.rs b/src/macho.rs ---- a/src/macho.rs 2025-12-09 17:09:33 -+++ b/src/macho.rs 2025-12-09 15:10:07 -@@ -646,9 +646,22 @@ - self.machos.iter() - } - -+ pub fn iter_macho_mut(&mut self) -> impl Iterator> + '_ { -+ self.machos.iter_mut() -+ } -+ - pub fn nth_macho(&self, index: usize) -> Result<&MachOBinary<'a>, AppleCodesignError> { - self.machos - .get(index) -+ .ok_or(AppleCodesignError::InvalidMachOIndex(index)) -+ } -+ -+ pub fn nth_macho_mut( -+ &mut self, -+ index: usize, -+ ) -> Result<&mut MachOBinary<'a>, AppleCodesignError> { -+ self.machos -+ .get_mut(index) - .ok_or(AppleCodesignError::InvalidMachOIndex(index)) - } - } -diff -ruN -U3 a/src/signing.rs b/src/signing.rs ---- a/src/signing.rs 2025-12-09 17:09:33 -+++ b/src/signing.rs 2025-12-10 22:12:19 -@@ -66,6 +66,15 @@ - let output_path = output_path.as_ref(); - - warn!("signing {} as a Mach-O binary", input_path.display()); -+ -+ #[cfg(unix)] -+ { -+ use std::os::unix::fs::PermissionsExt; -+ let mut perms = std::fs::metadata(input_path)?.permissions(); -+ perms.set_mode(0o755); -+ std::fs::set_permissions(input_path, perms)?; -+ } -+ - let macho_data = std::fs::read(input_path)?; - - let mut settings = self.settings.clone(); diff --git a/patches/srp+0.6.0.patch b/patches/srp+0.6.0.patch deleted file mode 100644 index 907a9181..00000000 --- a/patches/srp+0.6.0.patch +++ /dev/null @@ -1,148 +0,0 @@ -diff -ruN a/src/client.rs b/src/client.rs ---- a/src/client.rs 1973-11-29 13:33:09 -+++ b/src/client.rs 2024-11-13 17:23:51 -@@ -83,10 +83,9 @@ - //! send_registration_data(username, salt, &pwd_verifier); - //! ``` - --use std::marker::PhantomData; -- - use digest::{Digest, Output}; - use num_bigint::BigUint; -+use std::marker::PhantomData; - use subtle::ConstantTimeEq; - - use crate::types::{SrpAuthError, SrpGroup}; -@@ -187,7 +186,9 @@ - b_pub: &[u8], - ) -> Result, SrpAuthError> { - let a = BigUint::from_bytes_be(a); -- let a_pub = self.compute_a_pub(&a); -+ // let a_pub = BigUint::from_bytes_be(&a_pub_bytes); -+ let a_pub = Self::compute_a_pub(&self, &a); -+ - let b_pub = BigUint::from_bytes_be(b_pub); - - // Safeguard against malicious B -@@ -197,23 +198,27 @@ - - let u = compute_u::(&a_pub.to_bytes_be(), &b_pub.to_bytes_be()); - let k = compute_k::(self.params); -- let identity_hash = Self::compute_identity_hash(username, password); -+ let identity_hash = Self::compute_identity_hash(&[], password); - let x = Self::compute_x(identity_hash.as_slice(), salt); - - let key = self.compute_premaster_secret(&b_pub, &k, &x, &a, &u); -+ let key = D::digest(key.to_bytes_be()); - - let m1 = compute_m1::( - &a_pub.to_bytes_be(), - &b_pub.to_bytes_be(), -- &key.to_bytes_be(), -+ &key, -+ username, -+ salt, -+ self.params, - ); - -- let m2 = compute_m2::(&a_pub.to_bytes_be(), &m1, &key.to_bytes_be()); -+ let m2 = compute_m2::(&a_pub.to_bytes_be(), &m1, &key); - - Ok(SrpClientVerifier { - m1, - m2, -- key: key.to_bytes_be(), -+ key: key.to_vec(), - }) - } - } -diff -ruN a/src/server.rs b/src/server.rs ---- a/src/server.rs 1973-11-29 13:33:09 -+++ b/src/server.rs 2024-11-13 17:23:51 -@@ -127,6 +127,8 @@ - b: &[u8], - v: &[u8], - a_pub: &[u8], -+ username: &[u8], -+ salt: &[u8], - ) -> Result, SrpAuthError> { - let b = BigUint::from_bytes_be(b); - let v = BigUint::from_bytes_be(v); -@@ -148,6 +150,9 @@ - &a_pub.to_bytes_be(), - &b_pub.to_bytes_be(), - &key.to_bytes_be(), -+ username, -+ salt, -+ self.params, - ); - - let m2 = compute_m2::(&a_pub.to_bytes_be(), &m1, &key.to_bytes_be()); -diff -ruN a/src/types.rs b/src/types.rs ---- a/src/types.rs 1973-11-29 13:33:09 -+++ b/src/types.rs 2024-11-13 17:23:51 -@@ -31,15 +31,15 @@ - pub g: BigUint, - } - --#[cfg(test)] --mod tests { -- use crate::groups::G_1024; -- use crate::utils::compute_k; -- use sha1::Sha1; -+// #[cfg(test)] -+// mod tests { -+// use crate::groups::G_1024; -+// use crate::utils::compute_k; -+// use sha1::Sha1; - -- #[test] -- fn test_k_1024_sha1() { -- let k = compute_k::(&G_1024).to_bytes_be(); -- assert_eq!(&k, include_bytes!("test/k_sha1_1024.bin")); -- } --} -+// #[test] -+// fn test_k_1024_sha1() { -+// let k = compute_k::(&G_1024).to_bytes_be(); -+// assert_eq!(&k, include_bytes!("test/k_sha1_1024.bin")); -+// } -+// } -diff -ruN a/src/utils.rs b/src/utils.rs ---- a/src/utils.rs 1973-11-29 13:33:09 -+++ b/src/utils.rs 2024-11-13 17:23:51 -@@ -27,8 +27,33 @@ - - // M1 = H(A, B, K) this doesn't follow the spec but apparently no one does for M1 - // M1 should equal = H(H(N) XOR H(g) | H(U) | s | A | B | K) according to the spec --pub fn compute_m1(a_pub: &[u8], b_pub: &[u8], key: &[u8]) -> Output { -+pub fn compute_m1( -+ a_pub: &[u8], -+ b_pub: &[u8], -+ key: &[u8], -+ username: &[u8], -+ salt: &[u8], -+ params: &SrpGroup, -+) -> Output { -+ let n = params.n.to_bytes_be(); -+ let g_bytes = params.g.to_bytes_be(); -+ //pad g and n to the same length -+ let mut g = vec![0; n.len() - g_bytes.len()]; -+ g.extend_from_slice(&g_bytes); -+ -+ // Compute the hash of n and g -+ let mut g_hash = D::digest(&g); -+ let n_hash = D::digest(&n); -+ -+ // XOR the hashes -+ for i in 0..g_hash.len() { -+ g_hash[i] ^= n_hash[i]; -+ } -+ - let mut d = D::new(); -+ d.update(&g_hash); -+ d.update(D::digest(username)); -+ d.update(salt); - d.update(a_pub); - d.update(b_pub); - d.update(key);