| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
When we originally switched over to using anyhow for error handling, we
evidently missed to take advantage of its context support in a couple of
error paths. The result was that we ended up with rather long winded
> result.ok_or_else(|| anyhow::anyhow!(...))
constructs.
This change shortens them, making use of the anyhow::Context trait.
|
|
|
|
|
| |
For consistency with the --usb-path option, this path renames the device
path column in the output of the list command to USB path.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the --usb-path option as an additional way to filter the
Nitrokey device to connect to. While the serial number is a better
identifier in theory, the Nitrokey Storage devices do not send their
serial number in the USB device descriptor. Having the --usb-path
options allows users to select one of multiple Nitrokey Storage devices.
While we could directly call the nitrokey::Manager::connect_path
function with the specified path, we integrate the --usb-path option
into the existing find_device function for consistent error messages and
to avoid having to duplicate the --model and --serial-number checks.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds test cases for the new connection logic:
- connect_multiple checks that nitrocli aborts if more than one Nitrokey
device is connected and no filter is set.
- connect_serial_number checks that we can use the --serial-number
option to connect to all supported Nitrokey devices.
- connect_wrong_serial_number checks that nitrocli aborts if it can’t
find a device with the requested serial number.
- connect_model checks that we can use the --model option to select the
Nitrokey device to connect to, and that nitrocli aborts if it finds no
matching device or multiple matching devices.
|
|
|
|
|
|
|
|
| |
This patch adds the --serial-number option that allows the user to
filter the attached Nitrokey devices by serial number. As the Nitrokey
Storage does not include its serial number in the USB device descriptor
and as we don't want to connect to it just to query the serial number,
this option only works for Nitrokey Storage devices.
|
|
|
|
|
|
|
|
| |
Previously, we just applied our filter (if any) to all attached Nitrokey
devices and selected the first match when connection to a Nitrokey
device. This may lead to unexpected behavior if multiple devices are
attached. This patch changes the find_device function to return an
error if multiple matching devices are found.
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces two new functions, find_device and connect, to
connect to a Nitrokey device. find_device queries the attached Nitrokey
devices, applies the filters (currently only the --model option) and
returns the first match. connect calls find_device and connects to the
returned device.
This refactoring allows us to add more device filters, for example a
--serial-number option, without code duplication.
|
|
|
|
|
|
|
|
| |
In the future we would like to provide more ways for tests to create a
Nitrocli instance. In order to prevent explosion of with_XXX methods for
each possible combination of arguments, this change allows for an easier
configuration of an existing object with builder-pattern-inspired
modifier methods.
|
|
|
|
|
|
|
|
| |
While the Nitrocli::model() method was well intentioned, we do not
actually need it because we create a Nitrocli instance from the model
passed to the individual test. We can just reuse this model instead.
With this patch we do exactly that, allowing us to get rid of
Nitrocli::model() all together.
|
|
|
|
|
|
|
|
| |
With this change we switch to using a REUSE compliant way of specifying
the copyright & license of the program. To be fully in conformance we
also add additional license specifications for the remaining files in
the project. Lastly, a new CI pipeline rule takes care of verifying
compliance on an ongoing basis.
|
|
|
|
|
| |
This change adjusts the copyright header in all files to no longer
mention individuals but refer to The Nitrocli Developers in general.
|
|
|
|
|
| |
This patch adds the from_env constructor to Context to make the main
function easier to read.
|
|
|
|
|
|
|
| |
Since we moved the model, no_cache and verbosity fields from ExecCtx
into Config and added a Config field to both ExecCtx and RunCtx, RunCtx
and ExecCtx are identical. Therefore this patch merges the ExecCtx and
RunCtx structs into the new Context struct.
|
|
|
|
|
|
|
| |
With the switch from argparse over to structopt a while back the need
for the Stdio trait that we used for abstracting over the different
contexts vanished. With this change we remove the trait and its various
implementations.
|
|
|
|
|
|
|
|
| |
This patch adds a new --no-cache option that corresponds to the
NITROCLI_NO_CACHE environment variable and the no_cache configuration.
This makes the user interface more consistent as all configuration items
are now backed by both an environment variable and a command-line
option.
|
|
|
|
|
|
|
|
| |
This patch adds a simple configuration file that demonstrates the syntax
and contains some documentation. We suggest to ship this file together
with nitrocli and to install it e.g., in the /usr/share/doc/nitrocli
directory. This patch also adds a simple test case that makes sure that
the example file is parsed correctly.
|
|
|
|
|
|
|
|
|
| |
This patch uses the directories crate to query the appropriate path for
the configuration files. For Linux, paths according to the XDG Base
Directory Specification are used.
Note that directories does not yet support the XDG_CONFIG_DIRS variable
for system-wide configuration files. Therefore we only use a user
configuration file.
|
|
|
|
|
|
|
|
| |
This patch uses the envy crate to parse the environment. A variable
NITROCLI_KEY can be used to overwrite the configuration for *key*. This
has the side effect that the NITROCLI_NO_CACHE variable is evaluated as
a boolean variable (instead of only checking whether it is set). We
also accept two new variables, NITROCLI_MODEL and NITROCLI_VERBOSITY.
|
|
|
|
|
|
|
|
|
| |
This patch implements basic configuration handling that reads a
configuration file and stores the parsed data in the ExecCtx and RunCtx
structs. It supports three configuration items:
- model (previously only --model)
- no_cache (previously only NITROCLI_NO_CACHE)
- verbosity (previously only --verbose)
|
|
|
|
|
|
|
| |
The missing_copy_implementations lint is arguably not super useful in an
application crate, where no third party is consuming the type
definitions. As such, this change removes it from the list of lints
causing warnings.
|
|
|
|
|
|
|
| |
In the past we were using an application global custom Result type
definition. This makes less sense now that we switched over to using
anyhow's Error and Result types. We kept that for the time being, but
with this change we remove the type and use anyhow::Result instead.
|
|
|
|
|
|
| |
This change removes the error module. This module, and the Error type it
homes, are no longer used by the application, as everything has been
transitioned over to using anyhow's Error type.
|
|
|
|
|
|
|
|
|
| |
With the move to using anyhow's Error type and adding contextual
information at the point where we bubble up errors, we no longer require
the 'msg' argument that is passed to the try_with_pin_* and authenticate
functions.
To that end, this change removes this parameter, concluding the switch
to using anyhow.
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes our error handling approach from the ground up:
instead of having a globally used Error enum that contains variants for
all possible errors, we now use anyhow's Error type. This approach is
more dynamic (and not statically typed), but it allows for more fine
grained error messages and overall more user-friendly error reporting.
Overall it also is a net simplification. While we have one dynamic cast
now, in order to be able to handle erroneous password/PIN entries
correctly, that is considered a reasonable compromise.
|
|
|
|
|
|
|
|
| |
The pinentry tests currently expect the Error::Error variant to be
reported for failures.
This patch adjusts the tests to merely compare strings and ignore the
exact type of error. Doing so will make it easier to switch to using
anyhow for error handling.
|
|
|
|
|
|
| |
This change wraps up the removal of the UnwrapError test trait. This
step prepares us for the subsequent removal of the application's global
Error enum type, in favor of the usage of anyhow's Error type.
|
|
|
|
|
| |
This change marks the next step in getting rid of the UnwrapError test
trait. Specifically, it removes its unwrap_lib_err method.
|
|
|
|
|
|
|
|
|
|
| |
With upcoming changes we intend to move towards a model where we do not
distinguish the individual error variants the program deals with in a
global enum.
In preparation of such a change, this patch marks a first step in
removing the UnwrapError test trait, which relies on the existence of
exactly such typed errors. In particular, we remove the unwrap_str_err
method from it, basically falling back to just working with strings.
|
|
|
|
|
|
|
|
|
|
|
| |
An arguably unrepresentative survey of services (GitHub, Google
Authenticator, and Bitbucket) seems to suggests that the base32 format
is the de-facto standard format for OTP secrets. Given that it's not
necessarily obvious what format a secret is in and that most services
refrain from mentioning it explicitly, having the correct default format
is fairly important.
With this change we switch the default format from hexadecimal to
base32 to accommodate for this finding.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our custom macros for conveniently creating types with additional meta
information for working with structopt do not actually use the doc
comments we have in place -- these comments are solely for in-source
documentation. We are an application and as such crates.io will not
automatically generate documentation.
All of that does not deter rustc from complaining that doc comments are
unused. In the past we tried to fudge that by adding a special
allowance, #[allow(unused_doc_comments)], but that seems to have seized
to work.
With this change we finally give in and move the doc comment into the
macro itself, where it will be used to annotate the generated type. This
step should hopefully silence rustc once and for all -- at the expense
of a slight decrease in readability.
|
|
|
|
|
|
| |
We have never been fully satisfied with the name arg_defs. Now that we
have gotten rid of the formerly used args module, this change renames
arg_defs to args.
|
|
|
|
|
|
| |
This change removes the args module by moving all remaining
functionality in it into main.rs. The result is arguably a nice
consolidation of all context related definitions in a single module.
|
|
|
|
|
|
| |
As a next step moving us closer towards removing the args module, this
change merges the config_set function into the existing function of the
same name in the commands module.
|
|
|
|
|
|
|
|
|
| |
Now that we have isolated and separated out structopt specific
definitions into a new module, arg_defs, args.rs is actually so small
that we do not want to keep it around any longer.
This change marks a first step moving us closer towards removing it.
Specifically, it merges the otp_set function from args.rs into the
function of the same name in commands.rs.
|
|
|
|
|
|
|
|
|
|
|
| |
We are aiming to rid the arg_defs module of dependencies to the rest of
the crate in an attempt to make the file fully free standing. The last
remaining references into the crate are used to hook up the functionality
backing the respective commands. Luckily for us, this "gluing" of
functionality to types is really only required in the macro-generated
code (which we do not care about as part of this exercise) and so with
this change we remove the use declarations from the top of the file and
reference the respective functionality in an absolute manner instead.
|
|
|
|
|
|
|
|
|
| |
This change removes the need to import crate::Error from the arg_defs
module. By dropping this dependency we make the file more independent of
the rest of the crate, which subsequently will allow us to merely
include! it in another file in order to get the argument related type
definitions without compilation errors due to missing symbols from the
rest of the crate.
|
|
|
|
|
|
|
|
| |
The PinType struct, despite being intended for the pinentry module, is
ultimately part of the argument handling definitions. Because our goal
is to consolidate all of those in a single file, this change moves the
definition of this type from the pinentry module into the newly
introduced arg_defs.
|
|
|
|
|
|
|
|
| |
This change marks the first step in a restructuring of the argument
handling code, the ultimate goal of which is a separation of the type
definitions as used by structopt from the logic associated with it. This
change in particular introduces a new module, arg_defs, that contains
all those type definitions that previously resided in the args module.
|
|
|
|
|
|
| |
The plugin_as_library lint has been deprecated as of Rust 1.40.0. Hence,
with this change we remove it from the list of lints we want to get
warnings from.
|
|
|
|
|
|
| |
nitrokey 0.6.0 introduced the SerialNumber struct (instead of
representing serial numbers as strings). We no longer have to manually
format the serial number as SerialNumber implements Display.
|
|
|
|
|
|
|
|
|
| |
This patch adds the attribute 'global = true' for the top-level
--verbose and --model options, which ensures that they can also be set
for subcommands. For example:
$ nitrocli status --model pro
Instead of only:
$ nitrocli --model pro status
|
|
|
|
|
|
|
|
|
|
| |
The -o/--otp-pin and -O/--no-otp-pin options to the config set command
are supposed to be mutually exclusive, with wrong usage detected by
structopt.
That is not the case currently, however, because the argument to
structopt's conflicts_with attribute is supposed to be the resulting
option and not the name of the variable capturing the result.
This change fixes the problem by changing the string accordingly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the list command that lists all attached Nitrokey
devices. Currently the Nitrokey Storage does not report its serial
number during HID enumeration, see [0]. So if we detect a Nitrokey
Storage device, we connect to it and use the get_serial_number function
to query its serial number. This can be disabled using the --no-connect
option.
Note that even the get_serial_number function reports a wrong serial
number for the Nitrokey Storage, see [1].
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/88
[1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/76
|
|
|
|
|
| |
This patch adds the basic scaffolding for the list command which will
list all attached Nitrokey devices.
|
|
|
|
|
|
| |
This change updates the version of the nitrokey crate that we use to
0.5.1. As part of that, it replaces occurrences of Storage::get_status
with Storage::get_storage_status as the method has been renamed.
|
|
|
|
|
|
|
|
|
|
| |
With the switch to using structopt for argument parsing some of the
default values have become mere strings, whereas one of our earlier
objectives was to have symbolic values where that is possible. As
structopt works with symbolic values equally well, this change makes it
use those.
As a bonus, also list the possible formats for the --format option to
the otp set subcommand.
|
|
|
|
|
|
|
|
| |
With the recent patch set moving us to using structopt over argparse we
introduced all new structs and enums representing subcommands and the
like as public. That is unnecessary, as they are not accessed from the
outside.
This change adjusts the visibility accordingly.
|
|
|
|
|
|
| |
Since we updated the Command! macro to also allow enum variants without
fields, we no longer need the empty *Args structs for commands or
subcommands without arguments or options.
|
|
|
|
|
|
|
| |
Since we changed the Command! macro to also support doc comments, we can
now document the commands directly in the enum. This makes the
documentation more consistent when we remove the empty structs for
commands without arguments.
|