maximus/Simpl-Resultat
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases 19 Packages Wiki Activity Actions
Simpl-Resultat/src-tauri/Cargo.toml
le king fu 69e136cab0
Some checks failed
PR Check / rust (push) Failing after 10m20s
Details
PR Check / frontend (push) Successful in 2m15s
Details
PR Check / rust (pull_request) Failing after 9m30s
Details
PR Check / frontend (pull_request) Successful in 2m7s
Details
fix(rust): use DER-built keys in license tests, drop ed25519-dalek pem feature 
cargo CI flagged: `unresolved import ed25519_dalek::pkcs8::LineEnding`. The
`LineEnding` re-export path varies between pkcs8/spki/der versions, so the
test code that called `to_pkcs8_pem(LineEnding::LF)` won't compile against
the dependency tree we get with ed25519-dalek 2.2 + pkcs8 0.10.

Fix:
- Drop the `pem` feature from the ed25519-dalek dev-dependency.
- In tests, build the PKCS#8 v1 PrivateKeyInfo and SubjectPublicKeyInfo
  DER blobs manually from the raw 32-byte Ed25519 seed/public key. The
  Ed25519 layout is fixed (16-byte prefix + 32-byte key) so this is short
  and stable.
- Pass the resulting DER bytes to `EncodingKey::from_ed_der` /
  `DecodingKey::from_ed_der`.

Refactor:
- Extract `strict_validation()` and `embedded_decoding_key()` helpers so
  the validation config (mandatory exp/iat for CWE-613) lives in one
  place and production callers all share the same DecodingKey constructor.
- `validate_with_key` and `validate_activation_with_key` now take a
  `&DecodingKey` instead of raw PEM bytes; production builds the key
  once via `embedded_decoding_key()`.
- New canary test `embedded_public_key_pem_parses` fails fast if the
  embedded PEM constant ever becomes malformed.
2026-04-09 10:59:12 -04:00

46 lines
1.5 KiB
TOML
Raw Blame History

[package]
name = "simpl-result"
version = "0.6.7"
description = "Personal finance management app"
license = "GPL-3.0-only"
authors = ["you"]
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[lib]
# The `_lib` suffix may seem redundant but it is necessary
# to make the lib name unique and wouldn't conflict with the bin name.
# This seems to be only an issue on Windows, see https://github.com/rust-lang/cargo/issues/8519
name = "simpl_result_lib"
crate-type = ["staticlib", "cdylib", "rlib"]
[build-dependencies]
tauri-build = { version = "2", features = [] }
[dependencies]
tauri = { version = "2", features = [] }
tauri-plugin-opener = "2"
tauri-plugin-sql = { version = "2", features = ["sqlite"] }
tauri-plugin-dialog = "2"
tauri-plugin-updater = "2"
tauri-plugin-process = "2"
libsqlite3-sys = { version = "0.30", features = ["bundled"] }
rusqlite = { version = "0.32", features = ["bundled"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
sha2 = "0.10"
encoding_rs = "0.8"
walkdir = "2"
aes-gcm = "0.10"
argon2 = "0.5"
rand = "0.8"
jsonwebtoken = "9"
machine-uid = "0.5"
[dev-dependencies]
# Used in license_commands.rs tests to sign test JWTs. We avoid the `pem`
# feature because the `LineEnding` re-export path varies between versions
# of pkcs8/spki; building the PKCS#8 DER manually is stable and trivial
# for Ed25519.
ed25519-dalek = { version = "2", features = ["pkcs8", "rand_core"] }
Reference in a new issue View git blame Copy permalink