Skip to main content

max / makenotwork

server: add scan-pipeline deps (apple-codesign, authenticode, +3) Pulls in the Rust crates needed for the macOS / Windows / Linux signing-trust layers and supporting CMS/x509 parsing: - apple-codesign 0.29.0 (default-features off): Mach-O / .app / .dmg signature parsing + DmgReader, no Apple host required. - authenticode 0.5.0: pure-Rust Authenticode PE signature parser from Google. No osslsigncode shell-out. - x509-cert 0.2.5: parses signer certs for subject-CN extraction. - const-oid 0.9 (db feature): rfc4519 OID constants for CN/O lookup. - object 0.37 (pe feature): PE/Mach-O binary reader. Pinned to match authenticode's expected version. All pure Rust, no native deps, builds clean on glibc Hetzner. MPL-2.0 and Apache/MIT licenses; compatible with the PolyForm-NC ship target. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Author: Max J. <87768334+MaxJMath@users.noreply.github.com> · 2026-05-24 20:49 UTC
Commit: 0d02c2fc30006423493ac3054f45c8b30d2ae83d
Parent: a368b11
2 files changed, +362 insertions, -15 deletions
M server/Cargo.lock +357 -15
@@ -145,10 +145,149 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
145 145 checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
146 146
147 147 [[package]]
148 + name = "apple-bundles"
149 + version = "0.21.0"
150 + source = "registry+https://github.com/rust-lang/crates.io-index"
151 + checksum = "c0f40bb8f844cec39fa3aceae717808c2ac3d2b6c474a9dffbeba07a4a945d10"
152 + dependencies = [
153 + "anyhow",
154 + "plist",
155 + "simple-file-manifest",
156 + "walkdir",
157 + ]
158 +
159 + [[package]]
160 + name = "apple-codesign"
161 + version = "0.29.0"
162 + source = "registry+https://github.com/rust-lang/crates.io-index"
163 + checksum = "f24e9ebdb70a2aee3ca1cea217009fb50776955f0d7678c31d22e48c1524667f"
164 + dependencies = [
165 + "anyhow",
166 + "apple-bundles",
167 + "apple-flat-package",
168 + "apple-xar",
169 + "base64 0.22.1",
170 + "bcder",
171 + "bitflags 2.11.0",
172 + "bytes",
173 + "chrono",
174 + "clap",
175 + "cryptographic-message-syntax",
176 + "der 0.7.10",
177 + "dialoguer",
178 + "difference",
179 + "digest 0.10.7",
180 + "dirs",
181 + "elliptic-curve 0.13.8",
182 + "env_logger",
183 + "figment",
184 + "filetime",
185 + "glob",
186 + "goblin 0.9.3",
187 + "hex",
188 + "log",
189 + "md-5 0.10.6",
190 + "minicbor",
191 + "num-traits",
192 + "object 0.36.7",
193 + "oid-registry 0.7.1",
194 + "once_cell",
195 + "p12",
196 + "p256 0.13.2",
197 + "pem",
198 + "pkcs1",
199 + "pkcs8 0.10.2",
200 + "plist",
201 + "rand 0.8.5",
202 + "rasn",
203 + "rayon",
204 + "regex",
205 + "reqwest",
206 + "ring",
207 + "rsa",
208 + "scroll 0.12.0",
209 + "security-framework 2.11.1",
210 + "security-framework-sys",
211 + "semver",
212 + "serde",
213 + "serde_json",
214 + "serde_yaml",
215 + "sha2 0.10.9",
216 + "signature 2.2.0",
217 + "simple-file-manifest",
218 + "spake2",
219 + "spki 0.7.3",
220 + "subtle",
221 + "tempfile",
222 + "thiserror 2.0.18",
223 + "tokio",
224 + "tungstenite",
225 + "uuid",
226 + "walkdir",
227 + "widestring",
228 + "windows-sys 0.59.0",
229 + "x509",
230 + "x509-certificate",
231 + "xml-rs",
232 + "yasna",
233 + "zeroize",
234 + "zip 2.4.2",
235 + "zip_structs",
236 + ]
237 +
238 + [[package]]
239 + name = "apple-flat-package"
240 + version = "0.20.0"
241 + source = "registry+https://github.com/rust-lang/crates.io-index"
242 + checksum = "9c9d5a1fd8af4a376cc33d7e816a13f8ce127d52101f5dbc8061fb595397bea0"
243 + dependencies = [
244 + "apple-xar",
245 + "cpio-archive",
246 + "flate2",
247 + "scroll 0.12.0",
248 + "serde",
249 + "serde-xml-rs",
250 + "thiserror 2.0.18",
251 + ]
252 +
253 + [[package]]
254 + name = "apple-xar"
255 + version = "0.20.0"
256 + source = "registry+https://github.com/rust-lang/crates.io-index"
257 + checksum = "9631e781df71ebd049d7b4988cdae88712324cb20eb127fd79026bc8f1335d93"
258 + dependencies = [
259 + "base64 0.22.1",
260 + "bcder",
261 + "bzip2 0.4.4",
262 + "chrono",
263 + "cryptographic-message-syntax",
264 + "digest 0.10.7",
265 + "flate2",
266 + "log",
267 + "md-5 0.10.6",
268 + "rand 0.8.5",
269 + "reqwest",
270 + "scroll 0.12.0",
271 + "serde",
272 + "serde-xml-rs",
273 + "sha1 0.10.6",
274 + "sha2 0.10.9",
275 + "signature 2.2.0",
276 + "thiserror 2.0.18",
277 + "url",
278 + "x509-certificate",
279 + "xml-rs",
280 + "xz2",
281 + ]
282 +
283 + [[package]]
148 284 name = "arbitrary"
149 285 version = "1.4.2"
150 286 source = "registry+https://github.com/rust-lang/crates.io-index"
151 287 checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1"
288 + dependencies = [
289 + "derive_arbitrary",
290 + ]
152 291
153 292 [[package]]
154 293 name = "argon2"
@@ -163,6 +302,12 @@ dependencies = [
163 302 ]
164 303
165 304 [[package]]
305 + name = "arrayvec"
306 + version = "0.7.6"
307 + source = "registry+https://github.com/rust-lang/crates.io-index"
308 + checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
309 +
310 + [[package]]
166 311 name = "ascii_tree"
167 312 version = "0.1.1"
168 313 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -489,12 +634,39 @@ dependencies = [
489 634 ]
490 635
491 636 [[package]]
637 + name = "atomic"
638 + version = "0.6.1"
639 + source = "registry+https://github.com/rust-lang/crates.io-index"
640 + checksum = "a89cbf775b137e9b968e67227ef7f775587cde3fd31b0d8599dbd0f598a48340"
641 + dependencies = [
642 + "bytemuck",
643 + ]
644 +
645 + [[package]]
492 646 name = "atomic-waker"
493 647 version = "1.1.2"
494 648 source = "registry+https://github.com/rust-lang/crates.io-index"
495 649 checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
496 650
497 651 [[package]]
652 + name = "authenticode"
653 + version = "0.5.0"
654 + source = "registry+https://github.com/rust-lang/crates.io-index"
655 + checksum = "86c421a87e3dd1a3024c86e0787106b6ba40d9b434fe0ebeffbd24a242dc144d"
656 + dependencies = [
657 + "cms",
658 + "const-oid 0.9.6",
659 + "der 0.7.10",
660 + "digest 0.10.7",
661 + "object 0.37.3",
662 + "rsa",
663 + "sha1 0.10.6",
664 + "sha2 0.10.9",
665 + "spki 0.7.3",
666 + "x509-cert",
667 + ]
668 +
669 + [[package]]
498 670 name = "autocfg"
499 671 version = "1.5.0"
500 672 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -815,7 +987,7 @@ dependencies = [
815 987 "pin-project-lite",
816 988 "rustls 0.21.12",
817 989 "rustls 0.23.37",
818 - "rustls-native-certs",
990 + "rustls-native-certs 0.8.3",
819 991 "rustls-pki-types",
820 992 "tokio",
821 993 "tokio-rustls 0.26.4",
@@ -1112,6 +1284,16 @@ dependencies = [
1112 1284 ]
1113 1285
1114 1286 [[package]]
1287 + name = "bcder"
1288 + version = "0.7.6"
1289 + source = "registry+https://github.com/rust-lang/crates.io-index"
1290 + checksum = "1f7c42c9913f68cf9390a225e81ad56a5c515347287eb98baa710090ca1de86d"
1291 + dependencies = [
1292 + "bytes",
1293 + "smallvec",
1294 + ]
1295 +
1296 + [[package]]
1115 1297 name = "beef"
1116 1298 version = "0.5.2"
1117 1299 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1189,6 +1371,16 @@ dependencies = [
1189 1371 ]
1190 1372
1191 1373 [[package]]
1374 + name = "bitvec-nom2"
1375 + version = "0.2.1"
1376 + source = "registry+https://github.com/rust-lang/crates.io-index"
1377 + checksum = "d988fcc40055ceaa85edc55875a08f8abd29018582647fd82ad6128dba14a5f0"
1378 + dependencies = [
1379 + "bitvec",
1380 + "nom 7.1.3",
1381 + ]
1382 +
1383 + [[package]]
1192 1384 name = "blake2"
1193 1385 version = "0.10.6"
1194 1386 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1216,6 +1408,15 @@ dependencies = [
1216 1408 ]
1217 1409
1218 1410 [[package]]
1411 + name = "block-padding"
1412 + version = "0.3.3"
1413 + source = "registry+https://github.com/rust-lang/crates.io-index"
1414 + checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93"
1415 + dependencies = [
1416 + "generic-array",
1417 + ]
1418 +
1419 + [[package]]
1219 1420 name = "borsh"
1220 1421 version = "1.6.1"
1221 1422 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1280,6 +1481,22 @@ dependencies = [
1280 1481 ]
1281 1482
1282 1483 [[package]]
1484 + name = "bytesize"
1485 + version = "1.3.3"
1486 + source = "registry+https://github.com/rust-lang/crates.io-index"
1487 + checksum = "2e93abca9e28e0a1b9877922aacb20576e05d4679ffa78c3d6dc22a26a216659"
1488 +
1489 + [[package]]
1490 + name = "bzip2"
1491 + version = "0.4.4"
1492 + source = "registry+https://github.com/rust-lang/crates.io-index"
1493 + checksum = "bdb116a6ef3f6c3698828873ad02c3014b3c85cadb88496095628e3ef1e347f8"
1494 + dependencies = [
1495 + "bzip2-sys",
1496 + "libc",
1497 + ]
1498 +
1499 + [[package]]
1283 1500 name = "bzip2"
1284 1501 version = "0.6.1"
1285 1502 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1289,6 +1506,25 @@ dependencies = [
1289 1506 ]
1290 1507
1291 1508 [[package]]
1509 + name = "bzip2-sys"
1510 + version = "0.1.13+1.0.8"
1511 + source = "registry+https://github.com/rust-lang/crates.io-index"
1512 + checksum = "225bff33b2141874fe80d71e07d6eec4f85c5c216453dd96388240f96e1acc14"
1513 + dependencies = [
1514 + "cc",
1515 + "pkg-config",
1516 + ]
1517 +
1518 + [[package]]
1519 + name = "cbc"
1520 + version = "0.1.2"
1521 + source = "registry+https://github.com/rust-lang/crates.io-index"
1522 + checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6"
1523 + dependencies = [
1524 + "cipher",
1525 + ]
1526 +
1527 + [[package]]
1292 1528 name = "cc"
1293 1529 version = "1.2.57"
1294 1530 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1403,6 +1639,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
1403 1639 checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
1404 1640
1405 1641 [[package]]
1642 + name = "cms"
1643 + version = "0.2.3"
1644 + source = "registry+https://github.com/rust-lang/crates.io-index"
1645 + checksum = "7b77c319abfd5219629c45c34c89ba945ed3c5e49fcde9d16b6c3885f118a730"
1646 + dependencies = [
1647 + "const-oid 0.9.6",
1648 + "der 0.7.10",
1649 + "spki 0.7.3",
1650 + "x509-cert",
1651 + ]
1652 +
1653 + [[package]]
1406 1654 name = "cobs"
1407 1655 version = "0.3.0"
1408 1656 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1427,6 +1675,19 @@ dependencies = [
1427 1675 ]
1428 1676
1429 1677 [[package]]
1678 + name = "console"
1679 + version = "0.15.11"
1680 + source = "registry+https://github.com/rust-lang/crates.io-index"
1681 + checksum = "054ccb5b10f9f2cbf51eb355ca1d05c2d279ce1804688d0db74b4733a5aeafd8"
1682 + dependencies = [
1683 + "encode_unicode",
1684 + "libc",
1685 + "once_cell",
1686 + "unicode-width",
1687 + "windows-sys 0.59.0",
1688 + ]
1689 +
1690 + [[package]]
1430 1691 name = "const-oid"
1431 1692 version = "0.9.6"
1432 1693 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1439,6 +1700,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
1439 1700 checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
1440 1701
1441 1702 [[package]]
1703 + name = "const_panic"
1704 + version = "0.2.15"
1705 + source = "registry+https://github.com/rust-lang/crates.io-index"
1706 + checksum = "e262cdaac42494e3ae34c43969f9cdeb7da178bdb4b66fa6a1ea2edb4c8ae652"
1707 + dependencies = [
1708 + "typewit",
1709 + ]
1710 +
1711 + [[package]]
1442 1712 name = "constant_time_eq"
1443 1713 version = "0.3.1"
1444 1714 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1462,6 +1732,15 @@ dependencies = [
1462 1732 ]
1463 1733
1464 1734 [[package]]
1735 + name = "cookie-factory"
1736 + version = "0.3.3"
1737 + source = "registry+https://github.com/rust-lang/crates.io-index"
1738 + checksum = "9885fa71e26b8ab7855e2ec7cae6e9b380edff76cd052e07c683a0319d51b3a2"
1739 + dependencies = [
1740 + "futures",
1741 + ]
1742 +
1743 + [[package]]
1465 1744 name = "cookie_store"
1466 1745 version = "0.22.1"
1467 1746 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1512,6 +1791,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
1512 1791 checksum = "7704b5fdd17b18ae31c4c1da5a2e0305a2bf17b5249300a9ee9ed7b72114c636"
1513 1792
1514 1793 [[package]]
1794 + name = "cpio-archive"
1795 + version = "0.10.0"
1796 + source = "registry+https://github.com/rust-lang/crates.io-index"
1797 + checksum = "f11d34b07689c21889fc89bd7cc885b3244b0157bbededf4a1c159832cd0df05"
1798 + dependencies = [
1799 + "chrono",
1800 + "is_executable",
1801 + "simple-file-manifest",
1802 + "thiserror 1.0.69",
1803 + ]
1804 +
1805 + [[package]]
1515 1806 name = "cpufeatures"
1516 1807 version = "0.2.17"
1517 1808 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1791,6 +2082,23 @@ dependencies = [
1791 2082 ]
1792 2083
1793 2084 [[package]]
2085 + name = "cryptographic-message-syntax"
2086 + version = "0.27.0"
2087 + source = "registry+https://github.com/rust-lang/crates.io-index"
2088 + checksum = "97a99e58d7755c646cb3f2a138d99f90da4c495282e1700b82daff8a48759ce0"
2089 + dependencies = [
2090 + "bcder",
2091 + "bytes",
2092 + "chrono",
2093 + "hex",
2094 + "pem",
2095 + "reqwest",
2096 + "ring",
2097 + "signature 2.2.0",
2098 + "x509-certificate",
2099 + ]
2100 +
2101 + [[package]]
1794 2102 name = "cssparser"
1795 2103 version = "0.35.0"
1796 2104 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1844,6 +2152,32 @@ dependencies = [
1844 2152 ]
1845 2153
1846 2154 [[package]]
2155 + name = "curve25519-dalek"
2156 + version = "4.1.3"
2157 + source = "registry+https://github.com/rust-lang/crates.io-index"
2158 + checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
2159 + dependencies = [
2160 + "cfg-if",
2161 + "cpufeatures 0.2.17",
2162 + "curve25519-dalek-derive",
2163 + "fiat-crypto",
2164 + "rand_core 0.6.4",
2165 + "rustc_version",
2166 + "subtle",
2167 + ]
2168 +
2169 + [[package]]
2170 + name = "curve25519-dalek-derive"
2171 + version = "0.1.1"
2172 + source = "registry+https://github.com/rust-lang/crates.io-index"
2173 + checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
2174 + dependencies = [
2175 + "proc-macro2",
2176 + "quote",
2177 + "syn",
2178 + ]
2179 +
2180 + [[package]]
1847 2181 name = "daachorse"
1848 2182 version = "3.0.0"
1849 2183 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1945,6 +2279,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
1945 2279 checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
1946 2280 dependencies = [
1947 2281 "const-oid 0.9.6",
2282 + "der_derive",
2283 + "flagset",
1948 2284 "pem-rfc7468",
1949 2285 "zeroize",
1950 2286 ]
@@ -1978,6 +2314,17 @@ dependencies = [
1978 2314 ]
1979 2315
1980 2316 [[package]]
2317 + name = "der_derive"
2318 + version = "0.7.3"
2319 + source = "registry+https://github.com/rust-lang/crates.io-index"
2320 + checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
2321 + dependencies = [
2322 + "proc-macro2",
2323 + "quote",
2324 + "syn",
2325 + ]
2326 +
2327 + [[package]]
1981 2328 name = "deranged"
1982 2329 version = "0.5.8"
1983 2330 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1988,34 +2335,94 @@ dependencies = [
1988 2335 ]
1989 2336
1990 2337 [[package]]
1991 - name = "digest"
1992 - version = "0.10.7"
2338 + name = "derive_arbitrary"
2339 + version = "1.4.2"
1993 2340 source = "registry+https://github.com/rust-lang/crates.io-index"
1994 - checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
2341 + checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a"
1995 2342 dependencies = [
1996 - "block-buffer 0.10.4",
1997 - "const-oid 0.9.6",
1998 - "crypto-common 0.1.6",
1999 - "subtle",
2343 + "proc-macro2",
2344 + "quote",
2345 + "syn",
2000 2346 ]
2001 2347
2002 2348 [[package]]
2003 - name = "digest"
2004 - version = "0.11.3"
2349 + name = "des"
2350 + version = "0.8.1"
2005 2351 source = "registry+https://github.com/rust-lang/crates.io-index"
2006 - checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2"
2352 + checksum = "ffdd80ce8ce993de27e9f063a444a4d53ce8e8db4c1f00cc03af5ad5a9867a1e"
2007 2353 dependencies = [
2008 - "block-buffer 0.12.0",
2009 - "const-oid 0.10.2",
2010 - "crypto-common 0.2.1",
2011 - "ctutils",
Lines truncated
M server/Cargo.toml +5
@@ -136,6 +136,11 @@ urlencoding = "2.1.3"
136 136
137 137 # URL parsing
138 138 url = "2.5.8"
139 + apple-codesign = { version = "0.29.0", default-features = false }
140 + authenticode = { version = "0.5.0", features = ["std", "object"] }
141 + x509-cert = "0.2.5"
142 + const-oid = { version = "0.9", features = ["db"] }
143 + object = { version = "0.37", features = ["pe"] }
139 144
140 145 [[bin]]
141 146 name = "mnw-admin"