itsi-scheduler 0.2.22-aarch64-linux

data/Cargo.toml

@@ -0,0 +1,7 @@
+[workspace]
+members = ["./ext/itsi_scheduler"]
+resolver = "2"
+
+[patch.crates-io]
+magnus = { git = "https://github.com/matsadler/magnus.git", rev = "1ed232edb2b75a2eed9b1def34ad57e55c411a5c" }
+rb-sys-build = { path = "vendor/rb-sys-build" }

data/Rakefile

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "minitest/test_task"
+
+SMOKE_TEST_GLOBS = %w[
+  test/test_itsi_scheduler.rb
+  test/test_kernel_sleep.rb
+  test/test_block_unblock.rb
+  test/test_network_io.rb
+  test/test_file_io.rb
+].freeze
+
+def configure_test_task(task_name, test_globs)
+  Minitest::TestTask.create(task_name) do |t|
+    t.libs << "test"
+    t.libs << "lib"
+    t.warning = false
+    t.test_globs = test_globs
+    t.test_prelude = 'require "helpers/test_helper.rb"'
+  end
+end
+
+configure_test_task(:test, ["test/**/*.rb"])
+configure_test_task("test:smoke", SMOKE_TEST_GLOBS)
+
+task "test:full" => :test
+
+require "rb_sys/extensiontask"
+
+task build: :compile
+
+GEMSPEC = Gem::Specification.load("itsi-scheduler.gemspec")
+
+RbSys::ExtensionTask.new("itsi-scheduler", GEMSPEC) do |ext|
+  ext.lib_dir = "lib/itsi/scheduler"
+end
+
+task default: %i[compile test rubocop]

data/ext/itsi_acme/Cargo.toml

@@ -0,0 +1,86 @@
+[package]
+name = "itsi_acme"
+version = "0.1.0"
+authors = [
+  "wouterken <wc@pico.net.nz>",
+  "dignifiedquire <me@dignifiedquire.com>",
+  "Florian Uekermann <florian@uekermann.me>",
+]
+edition = "2018"
+description = "Automatic TLS certificate management using rustls, specifically for itsi"
+license = "Apache-2.0 OR MIT"
+repository = "https://github.com/n0-computer/tokio-rustls-acme"
+documentation = "https://docs.rs/tokio-rustls-acme"
+keywords = ["acme", "rustls", "tls", "letsencrypt"]
+categories = ["asynchronous", "cryptography", "network-programming"]
+
+[dependencies]
+futures = "0.3.21"
+rcgen = "0.13"
+serde_json = "1.0.81"
+serde = { version = "1.0.137", features = ["derive"] }
+ring = { version = "0.17.0", features = ["std"] }
+base64 = "0.22"
+log = "0.4.17"
+webpki-roots = "0.26"
+pem = "3.0"
+thiserror = "2.0"
+x509-parser = "0.16"
+chrono = { version = "0.4.24", default-features = false, features = ["clock"] }
+async-trait = "0.1.53"
+rustls = { version = "0.23", default-features = false, features = ["ring"] }
+time = "0.3.36"                                                                 # force the transitive dependency to a more recent minimal version. The build fails with 0.3.20
+
+tokio = { version = "1.20.1", default-features = false }
+tokio-rustls = { version = "0.26", default-features = false, features = [
+  "tls12",
+] }
+reqwest = { version = "0.12", default-features = false, features = [
+  "rustls-tls",
+] }
+
+# Axum
+axum-server = { version = "0.7", features = ["tokio-rustls"], optional = true }
+
+[dependencies.proc-macro2]
+# This is a transitive dependency, we specify it to make sure we have
+# a recent-enough version so that -Z minimal-versions crate resolution
+# works.
+version = "1.0.78"
+
+[dependencies.num-bigint]
+# This is a transitive dependency, we specify it to make sure we have
+# a recent-enough version so that -Z minimal-versions crate resolution
+# works.
+version = "0.4.4"
+
+[dev-dependencies]
+simple_logger = "5.0"
+structopt = "0.3.26"
+clap = { version = "4", features = ["derive"] }
+axum = "0.7"
+tokio = { version = "1.19.2", features = ["full"] }
+tokio-stream = { version = "0.1.9", features = ["net"] }
+tokio-util = { version = "0.7.3", features = ["compat"] }
+warp = "0.3"
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "doc_auto_cfg"]
+
+[features]
+default = []
+axum = ["dep:axum-server"]
+
+[[example]]
+name = "low_level_axum"
+required-features = ["axum"]
+
+[[example]]
+name = "high_level_warp"
+
+[[example]]
+name = "high_level"
+
+[[example]]
+name = "low_level"

data/ext/itsi_acme/examples/high_level.rs

@@ -0,0 +1,63 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use tokio::io::AsyncWriteExt;
+use tokio_stream::wrappers::TcpListenerStream;
+use tokio_stream::StreamExt;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let tcp_listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, args.port))
+        .await
+        .unwrap();
+    let tcp_incoming = TcpListenerStream::new(tcp_listener);
+
+    let mut tls_incoming = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .incoming(tcp_incoming, Vec::new());
+
+    while let Some(tls) = tls_incoming.next().await {
+        let mut tls = tls.unwrap();
+        tokio::spawn(async move {
+            tls.write_all(HELLO).await.unwrap();
+            tls.shutdown().await.unwrap();
+        });
+    }
+    unreachable!()
+}
+
+const HELLO: &[u8] = br#"HTTP/1.1 200 OK
+Content-Length: 10
+Content-Type: text/plain; charset=utf-8
+
+Hello Tls!"#;

data/ext/itsi_acme/examples/high_level_warp.rs

@@ -0,0 +1,52 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use tokio_stream::wrappers::TcpListenerStream;
+use warp::Filter;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let tcp_listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, args.port))
+        .await
+        .unwrap();
+    let tcp_incoming = TcpListenerStream::new(tcp_listener);
+
+    let tls_incoming = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .incoming(tcp_incoming, Vec::new());
+
+    let route = warp::any().map(|| "Hello Tls!");
+    warp::serve(route).run_incoming(tls_incoming).await;
+
+    unreachable!()
+}

data/ext/itsi_acme/examples/low_level.rs

@@ -0,0 +1,87 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::{AcmeAcceptor, AcmeConfig};
+use rustls::ServerConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::io::AsyncWriteExt;
+use tokio_stream::StreamExt;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let mut state = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .state();
+    let rustls_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_cert_resolver(state.resolver());
+    let acceptor = state.acceptor();
+
+    tokio::spawn(async move {
+        loop {
+            match state.next().await.unwrap() {
+                Ok(ok) => log::info!("event: {:?}", ok),
+                Err(err) => log::error!("error: {:?}", err),
+            }
+        }
+    });
+
+    serve(acceptor, Arc::new(rustls_config), args.port).await;
+}
+
+async fn serve(acceptor: AcmeAcceptor, rustls_config: Arc<ServerConfig>, port: u16) {
+    let listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, port))
+        .await
+        .unwrap();
+    loop {
+        let tcp = listener.accept().await.unwrap().0;
+        let rustls_config = rustls_config.clone();
+        let accept_future = acceptor.accept(tcp);
+
+        tokio::spawn(async move {
+            match accept_future.await.unwrap() {
+                None => log::info!("received TLS-ALPN-01 validation request"),
+                Some(start_handshake) => {
+                    let mut tls = start_handshake.into_stream(rustls_config).await.unwrap();
+                    tls.write_all(HELLO).await.unwrap();
+                    tls.shutdown().await.unwrap();
+                }
+            }
+        });
+    }
+}
+
+const HELLO: &[u8] = br#"HTTP/1.1 200 OK
+Content-Length: 10
+Content-Type: text/plain; charset=utf-8
+
+Hello Tls!"#;

data/ext/itsi_acme/examples/low_level_axum.rs

@@ -0,0 +1,66 @@
+use axum::{routing::get, Router};
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use rustls::ServerConfig;
+use std::net::{Ipv6Addr, SocketAddr};
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio_stream::StreamExt;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let mut state = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .state();
+    let rustls_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_cert_resolver(state.resolver());
+    let acceptor = state.axum_acceptor(Arc::new(rustls_config));
+
+    tokio::spawn(async move {
+        loop {
+            match state.next().await.unwrap() {
+                Ok(ok) => log::info!("event: {:?}", ok),
+                Err(err) => log::error!("error: {:?}", err),
+            }
+        }
+    });
+
+    let app = Router::new().route("/", get(|| async { "Hello Tls!" }));
+
+    let addr = SocketAddr::from((Ipv6Addr::UNSPECIFIED, args.port));
+    axum_server::bind(addr)
+        .acceptor(acceptor)
+        .serve(app.into_make_service())
+        .await
+        .unwrap();
+}

data/ext/itsi_acme/src/acceptor.rs

@@ -0,0 +1,81 @@
+use crate::acme::ACME_TLS_ALPN_NAME;
+use crate::ResolvesServerCertAcme;
+use rustls::server::Acceptor;
+use rustls::ServerConfig;
+use std::future::Future;
+use std::io;
+use std::pin::Pin;
+use std::sync::Arc;
+use std::task::{Context, Poll};
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio_rustls::{Accept, LazyConfigAcceptor, StartHandshake};
+
+#[derive(Clone)]
+pub struct AcmeAcceptor {
+    config: Arc<ServerConfig>,
+}
+
+impl AcmeAcceptor {
+    pub(crate) fn new(resolver: Arc<ResolvesServerCertAcme>) -> Self {
+        let mut config = ServerConfig::builder()
+            .with_no_client_auth()
+            .with_cert_resolver(resolver);
+        config.alpn_protocols.push(ACME_TLS_ALPN_NAME.to_vec());
+        Self {
+            config: Arc::new(config),
+        }
+    }
+    pub fn accept<IO: AsyncRead + AsyncWrite + Unpin>(&self, io: IO) -> AcmeAccept<IO> {
+        AcmeAccept::new(io, self.config.clone())
+    }
+}
+
+pub struct AcmeAccept<IO: AsyncRead + AsyncWrite + Unpin> {
+    acceptor: LazyConfigAcceptor<IO>,
+    config: Arc<ServerConfig>,
+    validation_accept: Option<Accept<IO>>,
+}
+
+impl<IO: AsyncRead + AsyncWrite + Unpin> AcmeAccept<IO> {
+    pub(crate) fn new(io: IO, config: Arc<ServerConfig>) -> Self {
+        Self {
+            acceptor: LazyConfigAcceptor::new(Acceptor::default(), io),
+            config,
+            validation_accept: None,
+        }
+    }
+}
+
+impl<IO: AsyncRead + AsyncWrite + Unpin> Future for AcmeAccept<IO> {
+    type Output = io::Result<Option<StartHandshake<IO>>>;
+
+    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        loop {
+            if let Some(validation_accept) = &mut self.validation_accept {
+                return match Pin::new(validation_accept).poll(cx) {
+                    Poll::Ready(Ok(_)) => Poll::Ready(Ok(None)),
+                    Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                    Poll::Pending => Poll::Pending,
+                };
+            }
+
+            return match Pin::new(&mut self.acceptor).poll(cx) {
+                Poll::Ready(Ok(handshake)) => {
+                    let is_validation = handshake
+                        .client_hello()
+                        .alpn()
+                        .into_iter()
+                        .flatten()
+                        .eq([ACME_TLS_ALPN_NAME]);
+                    if is_validation {
+                        self.validation_accept = Some(handshake.into_stream(self.config.clone()));
+                        continue;
+                    }
+                    Poll::Ready(Ok(Some(handshake)))
+                }
+                Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                Poll::Pending => Poll::Pending,
+            };
+        }
+    }
+}