[package] # Note: some of these values are also used when building Debian packages below. name = "krill" version = "0.14.5" edition = "2018" rust-version = "1.70" authors = ["NLnet Labs "] description = "Resource Public Key Infrastructure (RPKI) daemon" homepage = "https://www.nlnetlabs.nl/projects/rpki/krill/" repository = "https://github.com/NLnetLabs/krill" keywords = ["rpki", "routing-security", "bgp"] readme = "README.md" license = "MPL-2.0" exclude = [ "test-resources/*", "tests/*", ".github/*", "docker/*", "pkg/*", "Dockerfile", ] [dependencies] backoff = { version = "0.4.0", optional = true } base64 = "^0.13" basic-cookies = { version = "^0.1", optional = true } bytes = "1" chrono = { version = "^0.4", features = ["serde"] } clap = "^2.33" cryptoki = { version = "^0.3", optional = true } cryptoki-sys = { version = "=0.1.4", optional = true } # pin cryptoki-sys because of compilation issues on various systems fern = { version = "^0.5", features = ["syslog-4"] } futures = "^0.3" futures-util = "^0.3" fslock = "0.2.1" hex = "^0.4" hyper = { version = "^0.14", features = ["server"] } intervaltree = "0.2.6" jmespatch = { version = "^0.3", features = ["sync"], optional = true } kmip = { version = "0.4.2", package = "kmip-protocol", features = [ "tls-with-openssl" ], optional = true } kvx = { version = "0.9.3", features = ["macros"] } libflate = "^1" log = "^0.4" once_cell = { version = "^1.7.2", optional = true } openidconnect = { version = "^2.0.0", optional = true, default_features = false } openssl = { version = "^0.10", features = ["v110"] } oso = { version = "^0.12", optional = true, default_features = false } r2d2 = { version = "0.8.9", optional = true } rand = "^0.8" regex = { version = "1.5.5", optional = true, default_features = false, features = [ "std" ] } reqwest = { version = "0.11", features = ["json"] } rpassword = { version = "^5.0", optional = true } rpki = { version = "0.18.4", features = ["ca", "compat", "rrdp"] } rustls-pemfile = "1.0.4" scrypt = { version = "^0.6", optional = true, default-features = false } serde = { version = "^1.0", features = ["derive", "rc"] } serde_json = "^1.0" tokio = { version = "1", features = [ "macros", "rt", "rt-multi-thread", "signal", "time" ] } tokio-rustls = "0.24.1" toml = "^0.5" unicode-normalization = { version = "^0.1", optional = true } url = { version = "2.3.1", features = ["serde"] } urlparse = { version = "^0.7", optional = true } uuid = { version = "1.1", features = ["v4"] } # Disable compiler optimizations for the pkcs11 crate because otherwise with a release build the # `pReserved = ptr::null_mut()` assignment done by `CK_C_INITIALIZE_ARGS::default()` appears to be optimized out. This # causes SoftHSMv2 to fail with error CKR_ARGUMENTS_BAD and to log to syslog "SoftHSM.cpp(436): pReserved must be set to # NULL_PTR". Disabling optimizations for the pkcs11 crate "solves" this problem. # [profile.release.package.pkcs11] # opt-level = 0 [target.'cfg(unix)'.dependencies] libc = "^0.2" syslog = "^4.0" [features] default = ["multi-user", "hsm"] hsm = ["backoff", "kmip", "once_cell", "cryptoki", "r2d2"] multi-user = [ "basic-cookies", "jmespatch/sync", "regex", "oso", "openidconnect", "rpassword", "scrypt", "unicode-normalization", "urlparse", ] static-openssl = ["openssl/vendored"] # Preview features - not ready for production use rta = [] # Internal features - not for external use all = ["multi-user", "rta", "static-openssl"] hsm-tests-kmip = ["hsm"] hsm-tests-pkcs11 = ["hsm"] # Make sure that Krill crashes on panics, rather than losing threads and # limping on in a bad state. [profile.release] panic = "abort" [dev-dependencies] regex = "1.5.5" urlparse = "^0.7" # ------------------------------------------------------------------------------ # START DEBIAN PACKAGING # # Configurations for the cargo-deb cargo plugin which builds Debian packages in # target/debian/ when invoked with: cargo deb. Tested with cargo-deb v1.23.1. # Use `--variant` to select which section below to use. Variant sections inherit # and override the settings in the base [package.metadata.deb] section. The # configs vary because of differing degrees of OpenSSL and systemd support # across operating systems. # # Note that as the postinst script uses the adduser command we declare a # dependency on the adduser package to keep the lintian tool happy. # Note: krill.conf is deliberately NOT specified as a "conf-file" because it is # generated. # # The GitHub Actions pkg.yml workflow definition file uses these configurations # to build and test Ubuntu/Debian packages for Krill. # # See: # - https://github.com/mmstick/cargo-deb # - https://lintian.debian.org/tags/systemd-service-file-outside-lib.html # - https://www.debian.org/doc/debian-policy/ch-files.html#behavior # - .github/workflows/pkg.yml [package.metadata.deb] name = "krill" priority = "optional" section = "net" extended-description-file = "pkg/debian/description.txt" license-file = ["LICENSE", "0"] depends = "$auto, passwd, libssl1.1" maintainer-scripts = "pkg/debian/" changelog = "target/debian/changelog" # this will be generated by the pkg workflow copyright = "Copyright (c) 2019, NLnet Labs. All rights reserved." assets = [ [ "target/release/krill", "/usr/bin/krill", "755", ], [ "target/release/krillc", "/usr/bin/krillc", "755", ], [ "defaults/krill.conf", "/usr/share/doc/krill/krill.conf", "644", ], [ "doc/krill.1", "/usr/share/man/man1/krill.1", "644", ], [ "doc/krillc.1", "/usr/share/man/man1/krillc.1", "644", ], [ "pkg/common/krill.service.preset", "/lib/systemd/system-preset/50-krill.preset", "644", ], ] systemd-units = { unit-name = "krill", unit-scripts = "pkg/common", enable = false } # Packaging configuration for the `krillup` binary rather than Krill itself. As # we want the built binary to match that built for Krill we want the same # dynamic or static OpenSSL linking too. Rather than inherit from # [package.metadata.deb] and override fields to build a different package (which # cargo deb variants weren't intended for), instead we use the same approach # that we are forced to use for `cargo generate-rpm` (see below) where the the # `pkg` GitHub Actions workflow renames the `package.metadata.deb` section out # of the way and renames this section to `package.metadata.deb` to use it as the # base configuration instead. [package.metadata.deb_alt_base_krillup] name = "krillup" priority = "optional" section = "net" extended-description-file = "pkg/debian/description-krillup.txt" license-file = ["LICENSE", "0"] depends = "$auto, passwd, libssl1.1" changelog = "target/debian/changelog" # this will be generated by the pkg workflow copyright = "Copyright (c) 2019, NLnet Labs. All rights reserved." assets = [ [ "target/release/krillup", "/usr/bin/krillup", "755", ], [ "doc/krillup.1", "/usr/share/man/man1/krillup.1", "644", ], ] [package.metadata.deb_alt_base_krillta] name = "krillta" priority = "optional" section = "net" extended-description-file = "pkg/debian/description-krillta.txt" license-file = ["LICENSE", "0"] depends = "$auto, passwd, libssl1.1" changelog = "target/debian/changelog" # this will be generated by the pkg workflow copyright = "Copyright (c) 2023, NLnet Labs. All rights reserved." assets = [ [ "target/release/krillta", "/usr/bin/krillta", "755", ], [ "doc/krillta.1", "/usr/share/man/man1/krillta.1", "644", ], ] # Variant of the Debian packaging configuration that: # a) statically links with OpenSSL when building a Debian package because the # newest OpenSSL available on Ubuntu 16.04 at the time of writing is 1.0.2g # (see: https://packages.ubuntu.com/xenial/openssl) while Krill requires # OpenSSL >= 1.1.0. # b) uses a simpler systemd service unit file because Ubuntu 16.04 doesn't # support newer features supported by Ubuntu 18.04 and 20.04. [package.metadata.deb.variants.ubuntu-xenial] features = ["static-openssl"] depends = "$auto, passwd" [package.metadata.deb.variants.ubuntu-bionic] [package.metadata.deb.variants.ubuntu-focal] [package.metadata.deb.variants.ubuntu-jammy] depends = "$auto, passwd, libssl3" [package.metadata.deb.variants.debian-stretch] features = ["static-openssl"] depends = "$auto, passwd" [package.metadata.deb.variants.debian-buster] [package.metadata.deb.variants.debian-bullseye] [package.metadata.deb.variants.debian-bookworm] depends = "$auto, passwd, libssl3" # Cross compilation variants: # Note: we have to specifiy dependencies manually because we don't run cargo-deb # on the target platform and so it cannot determine the dependencies correctly # for us. [package.metadata.deb.variants.debian-buster-aarch64-unknown-linux-gnu] depends = "adduser, passwd, libc6 (>= 2.28), libssl1.1" [package.metadata.deb.variants.debian-buster-arm-unknown-linux-gnueabihf] depends = "adduser, passwd, libc6 (>= 2.28), libssl1.1" [package.metadata.deb.variants.debian-bullseye-armv7-unknown-linux-gnueabihf] depends = "adduser, passwd, libc6 (>= 2.28), libssl1.1" # END DEBIAN PACKAGING # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # START RPM PACKAGING # # Configurations for the cargo-generate-rpm cargo plugin which builds RPM # packages in target/generate-rpm/ when invoked with: cargo generate-rpm # [package.metadata.generate-rpm] name = "krill" # See: https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing license = "MPLv2.0" assets = [ { source = "target/release/krill", dest = "/usr/bin/krill", mode = "755" }, { source = "target/release/krillc", dest = "/usr/bin/krillc", mode = "755" }, { source = "target/rpm/krill.service", dest = "/lib/systemd/system/krill.service", mode = "644" }, { source = "defaults/krill.conf", dest = "/usr/share/doc/krill/krill.conf", mode = "644", doc = true }, { source = "doc/krill.1", dest = "/usr/share/man/man1/krill.1", mode = "644", doc = true }, { source = "doc/krillc.1", dest = "/usr/share/man/man1/krillc.1", mode = "644", doc = true }, { source = "pkg/common/krill.service.preset", dest = "/lib/systemd/system-preset/50-krill.preset", mode = "644" }, ] # These get set using cargo-generate-rpm --set-metadata at package build time. #post_install_script = ... #pre_uninstall_script = ... #post_uninstall_script = ... # Ensure that the useradd tool is present by depending on its package [package.metadata.generate-rpm.requires] shadow-utils = "*" # A variant of the RPM packaging configuration that package the `krillup` binary # instead of Krill itself. The `cargo generate-rpm` command doesn't itself know # how to use this alternate configuration, instead the `pkg` GitHub Actions # workflow renames the `package.metadata.generate-rpm` section out of the way # and renames this section to `package.metadata.generate-rpm` to use it instead. [package.metadata.generate-rpm-alt-base-krillup] name = "krillup" # See: https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing license = "MPLv2.0" assets = [ { source = "target/release/krillup", dest = "/usr/bin/krillup", mode = "755" }, { source = "doc/krillup.1", dest = "/usr/share/man/man1/krillup.1", mode = "644", doc = true }, ] [package.metadata.generate-rpm-alt-base-krillta] name = "krillta" # See: https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing license = "MPLv2.0" assets = [ { source = "target/release/krillta", dest = "/usr/bin/krillta", mode = "755" }, { source = "doc/krillta.1", dest = "/usr/share/man/man1/krillta.1", mode = "644", doc = true }, ] # END RPM PACKAGING # ------------------------------------------------------------------------------