From 3a376b835958e36470358d632ecdbbf22b080343 Mon Sep 17 00:00:00 2001 From: Stacky McStackface Date: Wed, 8 May 2024 12:15:03 +0000 Subject: [PATCH 1/4] chore(deps): update rust crate h2 to v0.3.26 [security] --- Cargo.lock | 12 +++++++++--- Cargo.toml | 2 +- rust/operator-binary/Cargo.toml | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b084cd82..752c2e97 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -749,8 +749,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "h2" -version = "0.3.18" -source = "git+https://github.com/stackabletech/h2.git?branch=feature/grpc-uds#557dd1070dfc7ee5199a3efbaf66de4250c448b9" +version = "0.3.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" dependencies = [ "bytes", "fnv", @@ -758,7 +759,7 @@ dependencies = [ "futures-sink", "futures-util", "http 0.2.12", - "indexmap 1.9.3", + "indexmap 2.2.6", "slab", "tokio", "tokio-util", @@ -3055,3 +3056,8 @@ name = "zeroize" version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" + +[[patch.unused]] +name = "h2" +version = "0.3.18" +source = "git+https://github.com/stackabletech/h2.git?branch=feature/grpc-uds#557dd1070dfc7ee5199a3efbaf66de4250c448b9" diff --git a/Cargo.toml b/Cargo.toml index 9f29dde9..c9ad8610 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ anyhow = "1.0" built = { version = "0.7", features = ["chrono", "git2"] } clap = "4.3" futures = { version = "0.3", features = ["compat"] } -h2 = "=0.3.18" # We need to keep this in sync with our patched h2 build +h2 = "=0.3.26" # We need to keep this in sync with our patched h2 build libc = "0.2" pin-project = "1.1" prost = "0.11" diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index 4ee4c295..c39198c3 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -10,7 +10,7 @@ publish = false [dependencies] # We need to keep this in sync with our patched h2 build -h2 = "=0.3.18" +h2 = "=0.3.26" csi-grpc = { path = "../csi-grpc" } From 096f2f3f24f60856259317947517f48b6f41aa00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Wed, 8 May 2024 16:28:55 +0200 Subject: [PATCH 2/4] Update forked h2 --- Cargo.lock | 8 +------- Cargo.nix | 12 +++++------- Cargo.toml | 3 ++- crate-hashes.json | 4 ++-- 4 files changed, 10 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 752c2e97..46356d61 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -750,8 +750,7 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "h2" version = "0.3.26" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +source = "git+https://github.com/stackabletech/h2.git?branch=feature/grpc-uds-/v0.3.26#19ec427ad2f32593443462b5b65dac9d85482864" dependencies = [ "bytes", "fnv", @@ -3056,8 +3055,3 @@ name = "zeroize" version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" - -[[patch.unused]] -name = "h2" -version = "0.3.18" -source = "git+https://github.com/stackabletech/h2.git?branch=feature/grpc-uds#557dd1070dfc7ee5199a3efbaf66de4250c448b9" diff --git a/Cargo.nix b/Cargo.nix index e008b9f2..33c47705 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -2192,13 +2192,13 @@ rec { }; "h2" = rec { crateName = "h2"; - version = "0.3.18"; + version = "0.3.26"; edition = "2018"; workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/h2.git"; - rev = "557dd1070dfc7ee5199a3efbaf66de4250c448b9"; - sha256 = "06nhvzn2fb3w2ry1cc9ddd7h8ffy2jrbd9gy9srxx2c3r2mnbn78"; + rev = "19ec427ad2f32593443462b5b65dac9d85482864"; + sha256 = "1bg3ad0106i1mp9nxl2wv1kw5wmmfx2hra3dv63kd86rfv6cmbnm"; }; authors = [ "Carl Lerche " @@ -2234,7 +2234,7 @@ rec { } { name = "indexmap"; - packageId = "indexmap 1.9.3"; + packageId = "indexmap 2.2.6"; features = [ "std" ]; } { @@ -2249,7 +2249,7 @@ rec { { name = "tokio-util"; packageId = "tokio-util"; - features = [ "codec" ]; + features = [ "codec" "io" ]; } { name = "tracing"; @@ -3152,7 +3152,6 @@ rec { "serde" = [ "dep:serde" ]; "serde-1" = [ "serde" ]; }; - resolvedDefaultFeatures = [ "std" ]; }; "indexmap 2.2.6" = rec { crateName = "indexmap"; @@ -10711,4 +10710,3 @@ rec { # }; } - diff --git a/Cargo.toml b/Cargo.toml index c9ad8610..a6be2faa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,4 +35,5 @@ tonic-reflection = "0.9" [patch.crates-io] # Workaround for https://github.com/hyperium/tonic/issues/243 -h2 = { git = "https://github.com/stackabletech/h2.git", branch = "feature/grpc-uds" } +# Can be removed once we no longer support K8s 1.25.x (and OpenShift 4.12.x) +h2 = { git = "https://github.com/stackabletech/h2.git", branch = "feature/grpc-uds-/v0.3.26" } diff --git a/crate-hashes.json b/crate-hashes.json index 59bfe08c..b89df615 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,5 +1,5 @@ { - "git+https://github.com/stackabletech/h2.git?branch=feature%2Fgrpc-uds#h2@0.3.18": "06nhvzn2fb3w2ry1cc9ddd7h8ffy2jrbd9gy9srxx2c3r2mnbn78", + "git+https://github.com/stackabletech/h2.git?branch=feature%2Fgrpc-uds-%2Fv0.3.26#h2@0.3.26": "1bg3ad0106i1mp9nxl2wv1kw5wmmfx2hra3dv63kd86rfv6cmbnm", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.67.0#stackable-operator-derive@0.2.0": "07qn20a20kkym8spc15wvqw97rblq0hcl2x2sn6wxhjfajjfjzp9", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.67.0#stackable-operator@0.67.0": "07qn20a20kkym8spc15wvqw97rblq0hcl2x2sn6wxhjfajjfjzp9", "git+https://github.com/stackabletech/product-config.git?tag=0.6.0#product-config@0.6.0": "1ixc2x7540sxdmc92hqdcwm24rj8i1ivjsvwk2d57pdsq03j2x41", @@ -305,4 +305,4 @@ "registry+https://github.com/rust-lang/crates.io-index#zerocopy-derive@0.7.34": "0fqvglw01w3hp7xj9gdk1800x9j7v58s9w8ijiyiz2a7krb39s8m", "registry+https://github.com/rust-lang/crates.io-index#zerocopy@0.7.34": "11xhrwixm78m6ca1jdxf584wdwvpgg7q00vg21fhwl0psvyf71xf", "registry+https://github.com/rust-lang/crates.io-index#zeroize@1.7.0": "0bfvby7k9pdp6623p98yz2irqnamcyzpn7zh20nqmdn68b0lwnsj" -} \ No newline at end of file +} From 278d4e853578913e30dbac7bdaa2c472df24059d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Mon, 13 May 2024 13:41:41 +0200 Subject: [PATCH 3/4] stackabletech/h2#3 was merged --- Cargo.lock | 2 +- Cargo.nix | 4 ++-- Cargo.toml | 2 +- crate-hashes.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 46356d61..493d0d40 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -750,7 +750,7 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "h2" version = "0.3.26" -source = "git+https://github.com/stackabletech/h2.git?branch=feature/grpc-uds-/v0.3.26#19ec427ad2f32593443462b5b65dac9d85482864" +source = "git+https://github.com/stackabletech/h2.git?branch=feature/grpc-uds#5438b66af85c7d871b32db8962bcd5bff849c824" dependencies = [ "bytes", "fnv", diff --git a/Cargo.nix b/Cargo.nix index 33c47705..a4caf33f 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -2197,8 +2197,8 @@ rec { workspace_member = null; src = pkgs.fetchgit { url = "https://github.com/stackabletech/h2.git"; - rev = "19ec427ad2f32593443462b5b65dac9d85482864"; - sha256 = "1bg3ad0106i1mp9nxl2wv1kw5wmmfx2hra3dv63kd86rfv6cmbnm"; + rev = "5438b66af85c7d871b32db8962bcd5bff849c824"; + sha256 = "0w5pfq633861pbkmrdll9i8vmiwkic1m43ccbvynif7cgx0ppvdz"; }; authors = [ "Carl Lerche " diff --git a/Cargo.toml b/Cargo.toml index a6be2faa..6136968f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,4 +36,4 @@ tonic-reflection = "0.9" [patch.crates-io] # Workaround for https://github.com/hyperium/tonic/issues/243 # Can be removed once we no longer support K8s 1.25.x (and OpenShift 4.12.x) -h2 = { git = "https://github.com/stackabletech/h2.git", branch = "feature/grpc-uds-/v0.3.26" } +h2 = { git = "https://github.com/stackabletech/h2.git", branch = "feature/grpc-uds" } diff --git a/crate-hashes.json b/crate-hashes.json index b89df615..6f341d8f 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,5 +1,5 @@ { - "git+https://github.com/stackabletech/h2.git?branch=feature%2Fgrpc-uds-%2Fv0.3.26#h2@0.3.26": "1bg3ad0106i1mp9nxl2wv1kw5wmmfx2hra3dv63kd86rfv6cmbnm", + "git+https://github.com/stackabletech/h2.git?branch=feature%2Fgrpc-uds#h2@0.3.26": "0w5pfq633861pbkmrdll9i8vmiwkic1m43ccbvynif7cgx0ppvdz", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.67.0#stackable-operator-derive@0.2.0": "07qn20a20kkym8spc15wvqw97rblq0hcl2x2sn6wxhjfajjfjzp9", "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.67.0#stackable-operator@0.67.0": "07qn20a20kkym8spc15wvqw97rblq0hcl2x2sn6wxhjfajjfjzp9", "git+https://github.com/stackabletech/product-config.git?tag=0.6.0#product-config@0.6.0": "1ixc2x7540sxdmc92hqdcwm24rj8i1ivjsvwk2d57pdsq03j2x41", From 624f7a12a4f957d17cc33e589495a44c3d8d6368 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Natalie=20Klestrup=20R=C3=B6ijezon?= Date: Mon, 13 May 2024 14:14:10 +0200 Subject: [PATCH 4/4] Use h2 version from workspace --- rust/operator-binary/Cargo.toml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml index c39198c3..701a54b4 100644 --- a/rust/operator-binary/Cargo.toml +++ b/rust/operator-binary/Cargo.toml @@ -9,9 +9,6 @@ repository.workspace = true publish = false [dependencies] -# We need to keep this in sync with our patched h2 build -h2 = "=0.3.26" - csi-grpc = { path = "../csi-grpc" } clap.workspace = true @@ -29,6 +26,7 @@ anyhow.workspace = true serde.workspace = true snafu.workspace = true strum.workspace = true +h2.workspace = true [build-dependencies] built.workspace = true