release 0.1.6 (#3)

Author: filipslezaklab

.fpm

@@ -0,0 +1,6 @@
+-s dir
+-a native
+--name yubikey-provision
+--description "Defguard YubiKey Provision client"
+--url "https://defguard.net/"
+--maintainer "Teonite"

.github/workflows/current.yml

@@ -16,8 +16,10 @@ jobs:
         uses: actions/checkout@v4
         with:
           submodules: recursive
-      - name: Extract branch name
-        uses: nelonoel/branch-name@v1
+
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
@@ -26,23 +28,27 @@ jobs:
             ghcr.io/defguard/yubikey-provision
           tags: |
             type=ref,event=branch
-            type=raw,value=current.${BRANCH_NAME}
+            type=raw,value=current
             type=sha
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+
       - name: Login to GitHub container registry
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build container
         uses: docker/build-push-action@v4
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/release.yml

@@ -39,7 +39,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -112,9 +112,6 @@ jobs:
       - name: Rename binary
         run: mv target/${{ matrix.target }}/release/yubikey-provision ${{ matrix.asset_name }}-${{ github.ref_name }}
 
-      - name: Strip release binary
-        run: strip "${{ matrix.asset_name }}-${{ github.ref_name }}"
-
       - name: Tar
         uses: a7ul/tar-action@v1.1.0
         with:

Cargo.lock

@@ -1,5 +1,5 @@
 [package]
-name = "yubikey-provider"
+name = "yubikey-provision"
 version = "0.1.0"
 edition = "2021"
 
@@ -23,3 +23,8 @@ which = "4"
 [build-dependencies]
 tonic-build = { version = "0.10" }
 prost-build = { version = "0.12" }
+
+[profile.release]
+strip = true
+opt-level = "s"
+lto = true

Cargo.toml

@@ -0,0 +1,17 @@
+[target.x86_64-unknown-linux-gnu]
+pre-build = ["apt-get update && apt-get install --assume-yes unzip ",
+"PB_REL='https://github.com/protocolbuffers/protobuf/releases'",
+"PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip",
+"unzip protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr"]
+
+[target.armv7-unknown-linux-gnueabihf]
+pre-build = ["apt-get update && apt-get install --assume-yes unzip ",
+"PB_REL='https://github.com/protocolbuffers/protobuf/releases'",
+"PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip",
+"unzip protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr"]
+
+[target.aarch64-unknown-linux-gnu]
+pre-build = ["apt-get update && apt-get install --assume-yes unzip ",
+"PB_REL='https://github.com/protocolbuffers/protobuf/releases'",
+"PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip",
+"unzip protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr"]

Cross.toml

@@ -15,5 +15,5 @@ RUN pip install yubikey-manager
 FROM runner
 RUN service pcscd start
 WORKDIR /app
-COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/yubikey-provider /usr/local/bin
+COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/yubikey-provision /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/yubikey-provider"]

Dockerfile

@@ -8,19 +8,23 @@ use crate::error::WorkerError;
 #[derive(Debug, Parser, Clone, Deserialize)]
 #[clap(about = "Defguard YubiKey Provisioning service")]
 pub struct Config {
-    // CA Used for GRPC connection
-    #[arg(long, env = "GRPC_CA")]
+    // Path to CA Used for GRPC connection
+    #[arg(long = "ca-file", env = "GRPC_CA")]
     pub grpc_ca: Option<PathBuf>,
-    /// Worker id
-    #[arg(long, env = "WORKER_ID", default_value = "YubiBridge")]
+    /// ID, this will be also displayed in defguard UI
+    #[arg(long = "id", env = "ID", default_value = "YubikeyProvisioner")]
     pub worker_id: String,
 
     /// Logging level, needs to be compatible with log crate log::LevelFilter::from_str
     #[arg(long, env = "LOG_LEVEL", default_value = "info")]
     pub log_level: String,
 
-    /// Url of your DefGuard instance
-    #[arg(long, env = "URL", default_value = "http://127.0.0.1:50055")]
+    /// Url of your DefGuard GRPC server
+    #[arg(
+        long = "grpc",
+        env = "GRPC_URL",
+        default_value = "http://127.0.0.1:50055"
+    )]
     pub url: String,
 
     /// Number of retries in case if there are no keys detected

src/config.rs

@@ -21,7 +21,7 @@ pub enum WorkerError {
     NoKeysFound,
     #[error("Multiple yubikeys found")]
     MultipleKeysPresent,
-    #[error("IO error occured")]
+    #[error("IO error occurred")]
     IO,
     #[error("UTF8 conversion failed")]
     UTF8Conversion,

src/error.rs

@@ -3,7 +3,7 @@ use std::time::Duration;
 use config::get_config;
 use error::WorkerError;
 use gpg::provision_key;
-use log::{debug, info};
+use log::{debug, error, info};
 use proto::{worker_service_client::WorkerServiceClient, JobStatus, Worker};
 use tokio::time::interval;
 use tonic::{
@@ -124,7 +124,7 @@ async fn main() -> Result<(), WorkerError> {
                     let request = tonic::Request::new(job_status);
                     let _ = client.set_job_done(request).await;
                     debug!("Job result sent");
-                    info!("Job failed");
+                    error!("Job failed! Result sent");
                 }
             }
         }