From de9638e1b0b8872912ff3167df5b40333ab95f9b Mon Sep 17 00:00:00 2001
From: Echo <echo@moon-dragon.us>
Date: Sun, 3 May 2026 00:36:32 +0000
Subject: [PATCH] fix: resolve clippy errors for rustls 0.23 API and
 unnecessary_map_or lint

- Fix ServerConfig::builder() to builder_with_provider() for TLS 1.3 enforcement
- Add aws_lc_rs feature to rustls in Cargo.toml
- Fix clippy unnecessary_map_or -> is_some_and in packages/mod.rs
---
 .a0proj/audit.db    | Bin 1339392 -> 1363968 bytes
 Cargo.toml          |   2 +-
 src/auth/mtls.rs    |   3 ++-
 src/packages/mod.rs |   2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.a0proj/audit.db b/.a0proj/audit.db
index 1158b2d9b7c9605db34a5d314b529a2b9f245517..6a8212635a1f6ed198f800822714e27c5b5c589a 100644
GIT binary patch
delta 6355
zcmcgwe{37~b@!cqkg_H6ct=~dWlLXCjx0)~#5?|`97&9#Bu-;X{uQ+|U6CS>)<x8j
z=8=)zT9cd<3s4k`J*9pvlBISnH*TCZPKCng(5x|rZP<`B4p!_3uxxRIVHn!3vHxhW
zB3<^r-y>-`ak{h^M&K(_<oDk9z0do+&wF=E@9bMTci?ne!=ZKSxIJgcFn8#c<ci%I
zvfWyT-#oP3EIh{BZmpgYj@!;m)YowjKDzpTdka@L$&1St;^ujA)kogpyghY?IKNMp
z<*@4ahUDq2HxO2*z0rU_==Ep(el?KF2EtL_B;5#Svd$f=Y1jFd#!1T)>nu;KT7AbY
z%g=^4)qSmJa#@aST74yaz}h(3^vt@ZXI8BvUv64{VYfhkTzz5pk;b~o4QH1v6X*F2
zXIC#x{Cs^&bKQ2XIQH1?u~czl^2rN_pSp0E!^PvO!&Q%~0aqg~3oa|JCS2=rZNSxx
zs|A-0mmQaY%YjS8C0)I6*m=aczJ=n!U0%msMljBE_n!J;baLaNzK-pOI-U<cZ+YU+
zx_I7FU(Y!{4GJ*uQVU@yET8&^&dvw4<0M5!b6TNrVj!KLD`>e?Nz3a*Ef(`dqUmsL
z!oCx(cRMyj`V)FWKRBaSe=}kUJ()}<bhh{Km@gQO9*Ge>Pv+FpOg=;O)SQ|jNw{{x
zzNt4!viY)}!M{afl#1nai6o0<qm(mZvC+Jq)sEg*)^ZuOxC?H)FF60eL#n?{ru35W
zs9Myrnpzx6qEn=VUZl&#qN<mOk<J&?gieUpJ4B3PdLUIU%?!+;;r^l#i}+)5fc{EO
zCiI9xP7(q)g5p4Z#7|Db&5$U;)Avd3hv)`eYhK>Z-}O}sE?=rdg#P@tNESaalB!#H
z=)DMANsY0<D(KCpj5Uyb!U+dHZrs518AF&BmYam`qbVyC^N*<rdD&2n3b4f2ulW1P
zZi=R6kjK>`z0!mES~_lT?M{-SS}GTHgCy@rKoYZ;DybeaUB(R3+_sLp>E>f)t%$~J
zyO|%A-6nPN<fw|*RLz+iJmf^aOmr2QQp!{ROb0f$Pt9wknJIMqaSd6~gJ)>EQBqSG
zlFwG0l#?}1R@sowXH?RY({ywtqIe@=H_<9YrF?>8$L$LIti{<5eMB_idW)by{tNc`
zMT$}utHGGbmvb4@k!h2WcY2Z})G?N+jG9fAb0v~4o+zO6RbTtb=!}}4Wm`-VGptD_
zpEd^K6T4XrFbe09!kCp*p|DuYr_wVloOsU2lQgq1nkpX6_m}c>x!N@qgIP6&*})*E
zRZTxi-OUg$JF%MToHncGPM8@_rsj>QTzaZ#Bni@roqeazE_U?pJrm>m561T%jFJ6_
z7D-{jrl}7kRaD{ahn<_fNR>JC6anrhpTo?hQ%E2c_pVhBhEOt{q3Y3DN4mS=)GPI^
zaQ%jLJv_8nuY8^;L)|h~Tq&jHh}Z8!x+ZigMkXv7<QEcB%bp-w)iTD)%%+)Gd6;iS
zwU95C$ox#I#AuYBN$E$`47~LaPZmv8BZZVf!Aa-Tl#Y0KNh*hEYRAzYJ3>=4F3<XE
z;kyo$=jKwy6O?48H6uo3H(8U3R3?M=YKW3bDm+ASlZxyRV_sV<VGc7`CQQ|O+?3vT
zB~(wmn2yDCb-t%&GZw2*YYqS1ZV&OhF`V>l>ZocA%;hsEa4eDxrlc^1!ioy08B<1n
zPMu2GXzmzR1k0fW@;CTxZdy!~FIi1b<q$$+UM-riQdBAdqcwyuQa=W-J;~QsutJXJ
z5Gn?H6*uzJrDsTT`BWydm^5)VsyH(`b#--NDbSP{WKSxCDxJ`Kd*yzTybWiP8HqDY
z*V43tDn-qtd~Yw4w2YR`CUkFA#O@^t7Yf<gUR#5;ukt0tKeS7Wia+7<RFh+%!X8ez
zY5*r(N611&A`epeQ}xtz4&9{uTkFP0N}C|+<($g&iYE62N!~rD?hU3k_4X?L1g<^D
zN#hhOq&Qx-Rurfnlnu-%jW3~_KxlK6*Jgh;113z7%nM_&FJkL}n>!o<jzFhJY=xVC
z+s6HUjKrqLu~;ou5A8DxgSCcWW~9bUtYAz%lS~rvyVoA-g?+=)POgu>bw%%#!B5TF
zgbt^MrQV)OJL>J-pU2jjPN8J=_Qq)cSp!G4{Y<WDKX*<CQyx-nAk~3jenv~r5Mx#=
znE9);GECCZd`UCs8SESd<Q?l*i);H8OL*1d+MeY>S)q239C<1nMHOX_l7u|2r9Lt3
z$$oOs?6<6KkvS@((<+%SVgX_5>9FwGTEU|uINR;U^{}DoX_e8h(*F(ZsLnKgO>e~u
zca1XPo~ZQ2p(@R=l_#O|yP^~`E6QYAMF5gzU02hpVW6^2nOc!#s&Hpf!OhEJ7}Je!
z9iOcUiJs{>*`1!toFqs)mPJ-EbUs1tFY84WXGRRIa#j{49Xk`5&gIjyRBI^0qq|8#
zE2y+D!?7-LBfQM5?}37BOLI|h{KUTT>hK>+*EqObCp>a>;<OZA58t%gBq)5(UJoC<
zAnpa{vyuRd&CZ585(%4wn{NckN#M0+=OBI=g?LQth7rZFqlrX)1X&-IVJR$jS`=0o
z3vlB%8(QJto|U>che%c@xqK=!l}=5i)ndu$DPR^p10Byv0WJ)2yAZTQn2ji$eooq1
zC;NPG?F~mK{P&>P2_HNs5&TL9K@gNC*{9%E+2@BdlF-fj0+5J`9xiBJ@Y;xN*b-tJ
z!th>H+{Q(qB__6F<hvZgR$lf|&oxPwO*he!%<Rd2cr_+Qxd7Niq16_oiY3d;k{pI@
zgW>>MdSp<{q9y7hyekPisDHz}QuRz>mXwNTN&sFzC)GTAZ<jc_li5?k?CkN`9tMUR
z4^krRJS9p!_xs?O6GQXM@X~oH%PD6!3Ojkfe+?vm_)V!DT}43dftNQ5HcOCQ7=rH%
ziG2tu15bFs7DuOd4U5zFFv9^~_260c1U)t&vtt9y?|>hEaY5RGX5StbyBg@vK^R!U
zZ$hwpMcM%`uSktxtVm9HeFgaeE7In(7xAm_uSlC<+eJx)w^t+=?7b*ipz)&A3gdB6
z0PjWoZZR%4!l8>2fxo$kmrlh+f*D(ii(P2^jTNa4eiRqCqvP*w7CLPv7(wQ9$Oj!;
zgrSy@j1r+1v8~A=1>_f{eSF9d$F>V?d?*0tUzDV#P>>dl916j!FG_uUC=9|VBf!X3
zVLPVn*b9=vhkbD7VOzo)mMLOk1)45NLrs1L4E}*Lqp0vlFG=kHzp&e2?tZZuCO>Sk
z!FMi61f4w((iZslOVYMxGmG@X1vgxI)7}o}n}jVu#zcWb5646&=ZD<4rEQ4lwI-pX
zPL2e@=XG=oawNoXkA$fYkqF%Qwse1Uv=(60X9kER#R7~fG(e}-&*F;)XnY>9V{m*l
z1UDWK4_cU|XavUFg-#0vPQeoTbyU~|7sqX%tH*MC1a6$!&{ZFb1fp=`D;P<V2#=oS
zgnIb!SN6S}a&_<f_U~E0UoZH%I@|=uejxV3#PdQAkiW2m;0h5M+3tUO(BXx@`Y(G3
z?*Gs(xc>Lf5B0ycAB2Xs#%R@u6)f`(pY8TslF&y+;HKN=Z1Yz7Q)Se^u_B@OncuNV
z<I|jXZlL8pj5CND(p49t!q)~P7p-I9dy*4&#Bg}RX_3s7^;x`2z%c~x1}oDT&eeJe
z?{nd;8QUOCyzUr=Un-6^o_dD^0DZ>^U=#Zvhk(|R5!UNJIxeuy=B#iFw|OZ??m8*Z
zK>=;#@J<a+&T5#ZJ#fS4*bWzd>==N-Hyuszk3NUX`;l>=Hg4Q?c7-YcGMxWFbel;m
zToz+MzQnb_KX*H}IKn>Kl34Kb34Lg22u?3b1sFLkSz%(QL+Sh^pJgmg^jgMF60muA
z1@*LEkf{c~`bXS7jZ{fc0M7?(Asz*gJjI2u(1%Y+W5~EaeTo}zq)b&J@JfT==anc7
z^o#vGDqgZ*+)fp5sb5rhzXJdIC(<a@ytZCP2Nuw_0c-^OEJ7=EJS|$G^QX2}DBO}9
zaAjE%vCiV7!dAH6>(~t3jJWCS*5-Oh?h@Kyd!NGv`&R9n8r|r1zz2?ZTQ)+W&td0e
zh`(!dj-mLieWC0JYHC2MG!S4v(@#P6DVxd}C_@2O!vPvjAOcHPVGECy#XU`rI+D<l
zeS*i)hNpNu*vJfz!vU|YV6`oNRTB81AKv;2w%kQo#D4<N@&1OcmLO|7LE0mNVffis
zr5$`Q0_U29c0L$o62hYzqJr$i+d1?nM8OXE2@bG1vIn2R?9noroH~!Uk5nj77MB!p
zCm#yJ^|R7_JnG^v6*0a&L|qO=YC&TkI-usV?2;%<_{AP7lBjb&f+AUcEnvS0S9&{s
z@}rG#0N(VA`}lAWe)GCxKOYXk_#2K%K8z#7UrSO$54{9N=%5h(y0o()Omzvad>y+5
z`7u^g1Tzp6op9Rch%(|t{Pb~ApZq(q9iKD>Za-V%QDd>eZ*4#TA|Y@zJE!2#e@OSj
z(mCu!<!@NTt+L-kT&27VZ#BdCsZ#RzuM7V6%hD`M^4+SH(%!Y;AzyT5i}^X+A5p4?
zA__QuWZCrl)N0``Eun@msugPdrH`rA*?FtNWDDZ+)-TXc&dq8@D;X|)PPr~d4&Qdh
z5B8_IcKCarV@LQS0M<s}->w^Opw84&XW*TmTf$U1rzsbHI4E`ff2J(yxZPVR{}$ZC
z@aN6WR=^>&2OBv)NsRK?Bx^G$JlNvg1HK_?oa%l6;<v07-M>TjtZ+H#5Ze476F>H}
z691U|8~i=t`(2sH<9Yw5Ir|C@P!o;LY;({QcP8vt1&h<iU7Z!2S2$Swme?XhkhWC(
zr_3V2A>*7?VI0I^f=&jkV<K|LVfupjRP)-KldJ77iGRnjLTbTDyjlP_R-gKoRf7M#
zEV}TiRpqJ39XB&oA))Vcv;(U~XAkPZF~PYB+FllC;JcEuwQj*Z$Y|I>X&4GG9O3u!
Z<HLKJKH%?P_!sS0U+cm3<l)0d{s(>P5o-Vd

delta 229
zcmZoz5Zv$}aDp^zFaral`$PqM#^8+!OZYiV`MxuNL?-hHWNmH~DCV0yK|o;hPdRQz
z<}fDf$?OW6n~fA6FakxjSu~hK8K+N76H(cmthA7qC5(MG!)7jn3U;8R^yDUUvCSLJ
zgE?5jIF|#39lAJy!lIL>cnWOZ?&-_M9LBwPGJC+n&8q_5a7_&0Z(bbTzBrl@h?#(x
z8Hibcm=%cGfS4VKIe?fGh`E568;E&;m=}oofS4bM1%Ox(h=qVyc>CgLkysG`nfOiG

diff --git a/Cargo.toml b/Cargo.toml
index 585549d..4a56a92 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@ actix-tls = { version = "3", features = ["rustls-0_23"] }
 tokio = { version = "1", features = ["full"] }
 
 # TLS/mTLS (rustls for modern TLS 1.3)
-rustls = "0.23"
+rustls = { version = "0.23", features = ["aws_lc_rs"] }
 rustls-pemfile = "2"
 tokio-rustls = "0.26"
 x509-parser = "0.16"
diff --git a/src/auth/mtls.rs b/src/auth/mtls.rs
index 6cd14c0..1a09edf 100644
--- a/src/auth/mtls.rs
+++ b/src/auth/mtls.rs
@@ -14,6 +14,7 @@ use rustls::{
     server::{ServerConfig, WebPkiClientVerifier},
     version::TLS13,
     RootCertStore,
+    crypto::aws_lc_rs,
 };
 use rustls_pemfile::{certs, private_key};
 use std::{fs::File, io::BufReader, sync::Arc};
@@ -79,7 +80,7 @@ impl MtlsMiddleware {
         let server_cert = load_certs(&self.config.server_cert_path)?;
         let server_key = load_private_key(&self.config.server_key_path)?;
 
-        let config = ServerConfig::builder()
+        let config = ServerConfig::builder_with_provider(Arc::new(aws_lc_rs::default_provider()))
             .with_protocol_versions(&[&TLS13])
             .map_err(|e| {
                 MtlsError::ServerConfigError(format!("Failed to set TLS 1.3 only: {}", e))
diff --git a/src/packages/mod.rs b/src/packages/mod.rs
index c94eec8..2d89c08 100644
--- a/src/packages/mod.rs
+++ b/src/packages/mod.rs
@@ -99,7 +99,7 @@ impl AptBackend {
     /// Run apt command and capture output
     fn run_apt(&self, args: &[&str]) -> Result<String> {
         // Use sudo for operations that modify packages (install, upgrade, remove, purge)
-        let needs_sudo = args.first().map_or(false, |&cmd| {
+        let needs_sudo = args.first().is_some_and(|&cmd| {
             matches!(
                 cmd,
                 "install" | "upgrade" | "remove" | "purge" | "dist-upgrade" | "autoremove"