From 705779d7acd4dbf8ea68359fc9e5df6e56509a39 Mon Sep 17 00:00:00 2001 From: Echo Date: Sun, 3 May 2026 00:36:32 +0000 Subject: [PATCH] fix: resolve clippy errors for rustls 0.23 API and unnecessary_map_or lint - Fix ServerConfig::builder() to builder_with_provider() for TLS 1.3 enforcement - Add aws_lc_rs feature to rustls in Cargo.toml - Fix clippy unnecessary_map_or -> is_some_and in packages/mod.rs --- Cargo.toml | 2 +- src/auth/mtls.rs | 3 ++- src/packages/mod.rs | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 585549d..4a56a92 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ actix-tls = { version = "3", features = ["rustls-0_23"] } tokio = { version = "1", features = ["full"] } # TLS/mTLS (rustls for modern TLS 1.3) -rustls = "0.23" +rustls = { version = "0.23", features = ["aws_lc_rs"] } rustls-pemfile = "2" tokio-rustls = "0.26" x509-parser = "0.16" diff --git a/src/auth/mtls.rs b/src/auth/mtls.rs index 6cd14c0..1a09edf 100644 --- a/src/auth/mtls.rs +++ b/src/auth/mtls.rs @@ -14,6 +14,7 @@ use rustls::{ server::{ServerConfig, WebPkiClientVerifier}, version::TLS13, RootCertStore, + crypto::aws_lc_rs, }; use rustls_pemfile::{certs, private_key}; use std::{fs::File, io::BufReader, sync::Arc}; @@ -79,7 +80,7 @@ impl MtlsMiddleware { let server_cert = load_certs(&self.config.server_cert_path)?; let server_key = load_private_key(&self.config.server_key_path)?; - let config = ServerConfig::builder() + let config = ServerConfig::builder_with_provider(Arc::new(aws_lc_rs::default_provider())) .with_protocol_versions(&[&TLS13]) .map_err(|e| { MtlsError::ServerConfigError(format!("Failed to set TLS 1.3 only: {}", e)) diff --git a/src/packages/mod.rs b/src/packages/mod.rs index c94eec8..2d89c08 100644 --- a/src/packages/mod.rs +++ b/src/packages/mod.rs @@ -99,7 +99,7 @@ impl AptBackend { /// Run apt command and capture output fn run_apt(&self, args: &[&str]) -> Result { // Use sudo for operations that modify packages (install, upgrade, remove, purge) - let needs_sudo = args.first().map_or(false, |&cmd| { + let needs_sudo = args.first().is_some_and(|&cmd| { matches!( cmd, "install" | "upgrade" | "remove" | "purge" | "dist-upgrade" | "autoremove"