Merge pull request BlackDex#1 from BlackDex/update-crates-edition-and-clippy

Update crates, edition, name and clippy fixes

* Upgrade to `tokio` 1.44, `rand` 0.9
* Renamed to yubico_ng and published crate
* Made edition 2024 compatible
* Added several clippy/rust lints and fixed those
* Fixed a panic if the `YK_API_HOST` was invalid
* Use only the main api server, the others are deprecated
* Run cargo fmt
* Updated GHA to use hashes and run/fix zizmor
* Set MSRV based upon 'cargo msrv find'

Author: BlackDex

.dockerignore

@@ -0,0 +1,9 @@
+target/
+Cargo.lock
+Dockerfile**
+LICENSE
+
+.dockerignore
+*.fmt
+*.iml
+*.md

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+github: BlackDex
+liberapay: BlackDex
+custom: ["https://paypal.me/MathijsvVeluw"]

.github/workflows/build.yml

@@ -0,0 +1,166 @@
+name: Build
+permissions: {}
+
+on:
+  push:
+    paths:
+      - ".github/workflows/build.yml"
+      - "examples/**"
+      - "src/**"
+      - "Cargo.toml"
+  pull_request:
+    paths:
+      - ".github/workflows/build.yml"
+      - "examples/**"
+      - "src/**"
+      - "Cargo.toml"
+
+## To trigger this workflow using `act` (https://github.com/nektos/act) you can do the following.
+#    act push -j build
+
+jobs:
+  build:
+    name: Build and Test
+    permissions:
+      contents: read
+    runs-on: ubuntu-24.04
+    timeout-minutes: 30
+    # Make warnings errors, this is to prevent warnings slipping through.
+    # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
+    env:
+      RUSTFLAGS: "-D warnings"
+    strategy:
+      fail-fast: false
+
+    steps:
+      # Install dependencies
+      - name: "Install dependencies Ubuntu"
+        run: sudo apt-get update && sudo apt-get install -y --no-install-recommends build-essential pkg-config openssl libssl-dev
+      # End Install dependencies
+
+
+      # Install Rust with clippy
+      - name: "Install rust-toolchain version"
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable at Mar 18, 2025, 8:14 PM GMT+1
+        with:
+          components: clippy
+      # End Install Rust with clippy
+
+      # Show environment
+      - name: "Show environment"
+        run: |
+          rustc -vV
+          cargo -vV
+      # End Show environment
+
+      # Checkout the repo
+      - name: "Checkout"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      # End Checkout the repo
+
+      # Enable Rust Caching
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
+      # End Enable Rust Caching
+
+      # Run cargo commands
+      - name: "Run cargo update"
+        id: run_cargo_update
+        if: ${{ always() }}
+        run: |
+          cargo update --verbose
+
+      - name: "cargo test"
+        id: run_cargo_test
+        if: ${{ always() }}
+        run: |
+          cargo test --verbose
+
+      - name: "Build all features"
+        id: build_all_features
+        if: ${{ always() }}
+        run: |
+          cargo build --all-features --verbose
+
+      - name: "Build otp example"
+        id: build_example_otp
+        if: ${{ always() }}
+        run: |
+          cargo build --example otp
+
+      - name: "Build otp_async example"
+        id: build_example_otp_async
+        if: ${{ always() }}
+        run: |
+          cargo build --example otp_async
+
+      - name: "Build otp_custom example"
+        id: build_example_otp_custom
+        if: ${{ always() }}
+        run: |
+          cargo build --example otp_custom
+
+      - name: "Build otp_with_proxy example"
+        id: build_example_otp_with_proxy
+        if: ${{ always() }}
+        run: |
+          cargo build --example otp_with_proxy
+      # End Run cargo tests
+
+
+      # Run cargo clippy, and fail on warnings
+      - name: "Run clippy"
+        id: run_cargo_clippy
+        if: ${{ always() }}
+        run: |
+          cargo clippy --all-features
+
+      - name: "Run clippy"
+        id: run_cargo_clippy_examples
+        if: ${{ always() }}
+        run: |
+          cargo clippy --examples
+      # End Run cargo clippy
+
+
+      # Check for any previous failures, if there are stop, else continue.
+      # This is useful so all test/clippy/fmt actions are done, and they can all be addressed
+      - name: "Some checks failed"
+        if: ${{ failure() }}
+        env:
+          RUN_CARGO_UPDATE: ${{ steps.run_cargo_update.outcome }}
+          RUN_CARGO_TEST: ${{ steps.run_cargo_test.outcome }}
+          BUILD_ALL: ${{ steps.build_all_features.outcome }}
+          EXAMPLE_OTP: ${{ steps.build_example_otp.outcome }}
+          EXAMPLE_OTP_ASYNC: ${{ steps.build_example_otp_async.outcome }}
+          EXAMPLE_OTP_CUSTOM: ${{ steps.build_example_otp_custom.outcome }}
+          EXAMPLE_OTP_WITH_PROXY: ${{ steps.build_example_otp_with_proxy.outcome }}
+          RUN_CARGO_CLIPPY: ${{ steps.run_cargo_clippy.outcome }}
+          RUN_CARGO_CLIPPY_EXAMPLES: ${{ steps.run_cargo_clippy_examples.outcome }}
+        run: |
+          echo "### :x: Checks Failed!" >> ${GITHUB_STEP_SUMMARY}
+          echo "" >> ${GITHUB_STEP_SUMMARY}
+          echo "|Job|Status|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|---|------|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|cargo update|${RUN_CARGO_UPDATE}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|cargo test|${RUN_CARGO_TEST}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|build all features|${BUILD_ALL}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|build example otp|${EXAMPLE_OTP}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|build example otp_async|${EXAMPLE_OTP_ASYNC}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|build example otp_custom|${EXAMPLE_OTP_CUSTOM}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|build example otp_with_proxy|${EXAMPLE_OTP_WITH_PROXY}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|clippy all features|${RUN_CARGO_CLIPPY}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "|clippy examples|${RUN_CARGO_CLIPPY_EXAMPLES}|" >> ${GITHUB_STEP_SUMMARY}
+          echo "" >> ${GITHUB_STEP_SUMMARY}
+          echo "Please check the failed jobs and fix where needed." >> ${GITHUB_STEP_SUMMARY}
+          echo "" >> ${GITHUB_STEP_SUMMARY}
+          exit 1
+
+
+      # If all was ok, then we show this
+      - name: "All checks passed"
+        if: ${{ success() }}
+        run: |
+          echo "### :tada: Checks Passed!" >> ${GITHUB_STEP_SUMMARY}
+          echo "" >> ${GITHUB_STEP_SUMMARY}

Cargo.toml

@@ -1,39 +1,103 @@
 [package]
-name = "yubico"
-version = "0.11.0"
-authors = ["Flavio Oliveira <[email protected]>", "Pierre Larger <[email protected]>"]
-edition = "2018"
+name = "yubico_ng"
+version = "0.13.0"
+authors = ["Mathijs van Veluw <[email protected]>"]
+edition = "2021"
+rust-version = "1.81.0"
 
 description = "Yubikey client API library"
 license = "MIT OR Apache-2.0"
 keywords = ["yubikey", "authentication", "encryption", "OTP", "Challenge-Response"]
 categories = ["authentication"]
-repository = "https://github.com/wisespace-io/yubico-rs"
+repository = "https://github.com/BlackDex/yubico-rs"
 readme = "README.md"
 
-[badges]
-travis-ci = { repository = "wisespace-io/yubico-rs" }
-
 [lib]
-name = "yubico"
+name = "yubico_ng"
 path = "src/lib.rs"
 
 [dependencies]
-base64 = "0.13"
+base64 = "0.22"
 futures = { version = "0.3", optional = true }
 hmac = "0.12"
-rand = "0.8"
-reqwest = { version = "0.11", features = ["blocking"], default-features = false }
+rand = "0.9"
+reqwest = { version = "0.12", features = ["blocking"], default-features = false }
 sha1 = "0.10"
-threadpool = "1.7"
+threadpool = "1.8"
 form_urlencoded = "1"
 
 [dev-dependencies]
-tokio = { version = "1.1", features = ["macros"] }
+tokio = { version = "1.44", features = ["macros", "rt-multi-thread"] }
 futures = "0.3"
 
 [features]
 default = ["online-tokio", "native-tls"]
 online-tokio = ["futures"]
-rustls-tls = ["reqwest/rustls-tls"]
 native-tls = ["reqwest/native-tls"]
+rustls-tls = ["reqwest/rustls-tls"]
+
+# Linting config
+# https://doc.rust-lang.org/rustc/lints/groups.html
+[workspace.lints.rust]
+# Forbid
+unsafe_code = "forbid"
+non_ascii_idents = "forbid"
+
+# Deny
+deprecated_in_future = "deny"
+future_incompatible = { level = "deny", priority = -1 }
+keyword_idents = { level = "deny", priority = -1 }
+let_underscore = { level = "deny", priority = -1 }
+noop_method_call = "deny"
+refining_impl_trait = { level = "deny", priority = -1 }
+rust_2018_idioms = { level = "deny", priority = -1 }
+rust_2021_compatibility = { level = "deny", priority = -1 }
+rust_2024_compatibility = { level = "deny", priority = -1 }
+single_use_lifetimes = "deny"
+trivial_casts = "deny"
+trivial_numeric_casts = "deny"
+unused = { level = "deny", priority = -1 }
+unused_import_braces = "deny"
+unused_lifetimes = "deny"
+unused_qualifications = "deny"
+variant_size_differences = "deny"
+
+# https://rust-lang.github.io/rust-clippy/stable/index.html
+[workspace.lints.clippy]
+# Warn
+dbg_macro = "warn"
+todo = "warn"
+
+# Deny
+case_sensitive_file_extension_comparisons = "deny"
+cast_lossless = "deny"
+clone_on_ref_ptr = "deny"
+equatable_if_let = "deny"
+filter_map_next = "deny"
+float_cmp_const = "deny"
+inefficient_to_string = "deny"
+iter_on_empty_collections = "deny"
+iter_on_single_items = "deny"
+linkedlist = "deny"
+macro_use_imports = "deny"
+manual_assert = "deny"
+manual_instant_elapsed = "deny"
+manual_string_new = "deny"
+match_on_vec_items = "deny"
+match_wildcard_for_single_variants = "deny"
+mem_forget = "deny"
+needless_continue = "deny"
+needless_lifetimes = "deny"
+option_option = "deny"
+string_add_assign = "deny"
+string_to_string = "deny"
+unnecessary_join = "deny"
+unnecessary_self_imports = "deny"
+unnested_or_patterns = "deny"
+unused_async = "deny"
+unused_self = "deny"
+verbose_file_reads = "deny"
+zero_sized_map_values = "deny"
+
+[lints]
+workspace = true

Dockerfile

@@ -1,26 +1,33 @@
+# Change to build a different example, like otp_async
+ARG EXAMPLE=otp
+
 FROM rust:alpine as base
-RUN apk update \
-    && apk add \
-        git \
-        gcc \
-        g++ \
-        openssl \
-        openssl-dev \
-        pkgconfig
+ARG EXAMPLE
+
+RUN apk --no-cache add \
+    git \
+    gcc \
+    g++ \
+    openssl \
+    openssl-dev \
+    pkgconfig
 
 COPY . /src
 
-RUN rustup update 1.64 && rustup default 1.64
+WORKDIR /src
 
-RUN cd /src && \
-    RUSTFLAGS="-C target-feature=-crt-static" cargo build --release --example otp
+ENV RUSTFLAGS="-C target-feature=-crt-static"
+RUN cargo build \
+    --release \
+    --example "${EXAMPLE}"
 
-FROM alpine as tool
+FROM alpine:3
+ARG EXAMPLE
+RUN apk --no-cache add \
+    libgcc \
+    pcsc-lite-dev
 
-RUN apk update && \
-    apk add \
-        libgcc \
-        pcsc-lite-dev
+COPY --from=base "/src/target/release/examples/${EXAMPLE}" /usr/local/bin/otp
 
-COPY --from=base /src/target/release/examples/otp /usr/local/bin
-ENTRYPOINT [ "otp" ]
+ENV RUST_BACKTRACE=1
+ENTRYPOINT [ "/usr/local/bin/otp" ]

Dockerfile.static

@@ -0,0 +1,41 @@
+# Change to build a different example, like otp_async
+ARG EXAMPLE=otp
+
+FROM rust:alpine as base
+ARG EXAMPLE
+
+RUN apk --no-cache add \
+    git \
+    gcc \
+    g++ \
+    openssl-dev \
+    openssl-libs-static \
+    pkgconfig
+
+COPY . /src
+
+WORKDIR /src
+
+# Force a static binary
+ENV RUSTFLAGS="-C target-feature=+crt-static"
+
+# Ensure OpenSSL is linked statically
+ENV OPENSSL_STATIC=1 \
+    PKG_CONFIG_ALLOW_CROSS=1 \
+    PKG_CONFIG_ALL_STATIC=1
+
+RUN cargo build \
+    --release \
+    --target=x86_64-unknown-linux-musl \
+    --example "${EXAMPLE}"
+
+FROM scratch
+ARG EXAMPLE
+
+COPY --from=base "/src/target/x86_64-unknown-linux-musl/release/examples/${EXAMPLE}" /otp
+
+# Copy the ca-certificates.crt from base so certificates can be validated
+COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+ENV RUST_BACKTRACE=1
+ENTRYPOINT [ "/otp" ]