Package: rust-tonic I hope to update rust-rustls-pemfile to version 2 soon. I have prepared a patch for rust-tonic.
Unfortunately, the rust-tonic package can't be built in a clean sid environment right now due to a dependency on an old version of axum. but I tested in an environment with the axum package from trixie and it built and passed tests succesfully.
diff -Nru rust-tonic-0.10.2+dfsg/debian/changelog rust-tonic-0.10.2+dfsg/debian/changelog --- rust-tonic-0.10.2+dfsg/debian/changelog 2025-02-19 18:57:45.000000000 +0000 +++ rust-tonic-0.10.2+dfsg/debian/changelog 2025-02-25 03:13:13.000000000 +0000 @@ -1,3 +1,10 @@ +rust-tonic (0.10.2+dfsg-12.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Add patch for rustls-pemfile 2. + + -- Peter Michael Green <plugw...@debian.org> Tue, 25 Feb 2025 03:13:13 +0000 + rust-tonic (0.10.2+dfsg-12) unstable; urgency=medium * skip checking test max_message_send_size, diff -Nru rust-tonic-0.10.2+dfsg/debian/control rust-tonic-0.10.2+dfsg/debian/control --- rust-tonic-0.10.2+dfsg/debian/control 2025-02-19 15:21:54.000000000 +0000 +++ rust-tonic-0.10.2+dfsg/debian/control 2025-02-25 02:19:08.000000000 +0000 @@ -34,7 +34,7 @@ librust-rand-0.8+default-dev, librust-rustls-0.21+default-dev, librust-rustls-native-certs-0.6+default-dev, - librust-rustls-pemfile-1+default-dev, + librust-rustls-pemfile-2+default-dev, librust-static-assertions-1+default-dev, librust-syn-2+default-dev, librust-tokio-1+default-dev, @@ -111,7 +111,7 @@ librust-prost-0.12+default-dev, librust-rustls-0.21+default-dev, librust-rustls-native-certs-0.6+default-dev, - librust-rustls-pemfile-1+default-dev, + librust-rustls-pemfile-2+default-dev, librust-tokio-1+default-dev, librust-tokio-1+macros-dev, librust-tokio-1+net-dev, diff -Nru rust-tonic-0.10.2+dfsg/debian/patches/2006_rustls-pemfile.patch rust-tonic-0.10.2+dfsg/debian/patches/2006_rustls-pemfile.patch --- rust-tonic-0.10.2+dfsg/debian/patches/2006_rustls-pemfile.patch 1970-01-01 00:00:00.000000000 +0000 +++ rust-tonic-0.10.2+dfsg/debian/patches/2006_rustls-pemfile.patch 2025-02-25 03:10:29.000000000 +0000 @@ -0,0 +1,164 @@ +Description: update rustls-pemfile to version 2 + changes in tonic crate were based on + https://github.com/hyperium/tonic/commit/23106dd76882a4ffbf2d3ac59c9c403518e429c9 + + changes in example crate were based on + https://github.com/hyperium/tonic/commit/32c91838122eaaab076b2c4606751a680afe5b46 + which was squash-merged as part of + https://github.com/hyperium/tonic/commit/9c1f2f9402d97cfa4c9d9065b5af2fb99d2ef521 + + changes in both crates were adapted for use with the debian packaged version of + tonic by Peter Michael green. +Author: Peter Michael Green <plugw...@debian.org> +Author: Ivan Krivosheev <py.krivosh...@gmail.com> +Author: Alex Rudy <git...@alexrudy.net> +Author: tottoto <tottoto...@gmail.com> +Forwarded: not-needed +Last-Update: 2025-02-25 + +Index: rust-tonic-0.10.2+dfsg/examples/Cargo.toml +=================================================================== +--- rust-tonic-0.10.2+dfsg.orig/examples/Cargo.toml ++++ rust-tonic-0.10.2+dfsg/examples/Cargo.toml +@@ -332,7 +332,7 @@ bytes = { version = "1", optional = true + h2 = { version = ">= 0.3, <= 0.4", optional = true } + tokio-rustls = { version = "0.24.0", optional = true } + hyper-rustls = { version = "0.24.0", features = ["http2"], optional = true } +-rustls-pemfile = { version = "1", optional = true } ++rustls-pemfile = { version = "2", optional = true } + tower-http = { version = "0.4", optional = true } + + [build-dependencies] +Index: rust-tonic-0.10.2+dfsg/tonic/Cargo.toml +=================================================================== +--- rust-tonic-0.10.2+dfsg.orig/tonic/Cargo.toml ++++ rust-tonic-0.10.2+dfsg/tonic/Cargo.toml +@@ -73,7 +73,7 @@ axum = {version = "0.6.9", default_featu + + # rustls + async-stream = { version = "0.3", optional = true } +-rustls-pemfile = { version = "1.0", optional = true } ++rustls-pemfile = { version = "2.0", optional = true } + rustls-native-certs = { version = "0.6.3", optional = true } + tokio-rustls = { version = "0.24.1", optional = true } + rustls = { version = "0.21.7", optional = true } +Index: rust-tonic-0.10.2+dfsg/tonic/src/transport/service/tls.rs +=================================================================== +--- rust-tonic-0.10.2+dfsg.orig/tonic/src/transport/service/tls.rs ++++ rust-tonic-0.10.2+dfsg/tonic/src/transport/service/tls.rs +@@ -179,9 +179,9 @@ mod rustls_keys { + ) -> Result<PrivateKey, crate::Error> { + while let Ok(Some(item)) = rustls_pemfile::read_one(&mut cursor) { + match item { +- rustls_pemfile::Item::RSAKey(key) +- | rustls_pemfile::Item::PKCS8Key(key) +- | rustls_pemfile::Item::ECKey(key) => return Ok(PrivateKey(key)), ++ rustls_pemfile::Item::Pkcs1Key(key) => return Ok(PrivateKey(key.secret_pkcs1_der().to_vec())), ++ rustls_pemfile::Item::Pkcs8Key(key) => return Ok(PrivateKey(key.secret_pkcs8_der().to_vec())), ++ rustls_pemfile::Item::Sec1Key(key) => return Ok(PrivateKey(key.secret_sec1_der().to_vec())), + _ => continue, + } + } +@@ -193,36 +193,29 @@ mod rustls_keys { + pub(crate) fn load_identity( + identity: Identity, + ) -> Result<(Vec<Certificate>, PrivateKey), crate::Error> { +- let cert = { +- let mut cert = std::io::Cursor::new(identity.cert.as_ref()); +- match rustls_pemfile::certs(&mut cert) { +- Ok(certs) => certs.into_iter().map(Certificate).collect(), +- Err(_) => return Err(Box::new(TlsError::CertificateParseError)), +- } +- }; ++ let cert = rustls_pemfile::certs(&mut Cursor::new(identity.cert)) ++ .map(|result| result.map(|cert| Certificate(cert.to_vec()))) ++ .collect::<Result<Vec<_>, _>>() ++ .map_err(|_| TlsError::CertificateParseError)?; + +- let key = { +- let key = std::io::Cursor::new(identity.key.as_ref()); +- match load_rustls_private_key(key) { +- Ok(key) => key, +- Err(e) => { +- return Err(e); +- } +- } ++ let Ok(Some(key)) = rustls_pemfile::private_key(&mut Cursor::new(identity.key)) else { ++ return Err(Box::new(TlsError::PrivateKeyParseError)); + }; + +- Ok((cert, key)) ++ Ok((cert, PrivateKey(key.secret_der().to_vec()))) + } + + pub(crate) fn add_certs_from_pem( + mut certs: Cursor<&[u8]>, + roots: &mut RootCertStore, + ) -> Result<(), crate::Error> { +- let (_, ignored) = roots.add_parsable_certificates(&rustls_pemfile::certs(&mut certs)?); +- match ignored == 0 { +- true => Ok(()), +- false => Err(Box::new(TlsError::CertificateParseError)), ++ ++ for cert in rustls_pemfile::certs(&mut certs).collect::<Result<Vec<_>, _>>()? { ++ roots ++ .add(&Certificate(cert.to_vec())) ++ .map_err(|_| TlsError::CertificateParseError)?; + } ++ Ok(()) + } + } + +Index: rust-tonic-0.10.2+dfsg/examples/src/tls_rustls/client.rs +=================================================================== +--- rust-tonic-0.10.2+dfsg.orig/examples/src/tls_rustls/client.rs ++++ rust-tonic-0.10.2+dfsg/examples/src/tls_rustls/client.rs +@@ -19,7 +19,7 @@ async fn main() -> Result<(), Box<dyn st + let mut roots = RootCertStore::empty(); + + let mut buf = std::io::BufReader::new(&fd); +- let certs = rustls_pemfile::certs(&mut buf)?; ++ let certs = rustls_pemfile::certs(&mut buf).collect::<Result<Vec<_>, _>>()?; + roots.add_parsable_certificates(&certs); + + let tls = ClientConfig::builder() +Index: rust-tonic-0.10.2+dfsg/examples/src/tls_rustls/server.rs +=================================================================== +--- rust-tonic-0.10.2+dfsg.orig/examples/src/tls_rustls/server.rs ++++ rust-tonic-0.10.2+dfsg/examples/src/tls_rustls/server.rs +@@ -19,19 +19,21 @@ async fn main() -> Result<(), Box<dyn st + let certs = { + let fd = std::fs::File::open(data_dir.join("tls/server.pem"))?; + let mut buf = std::io::BufReader::new(&fd); +- rustls_pemfile::certs(&mut buf)? ++ rustls_pemfile::certs(&mut buf).collect::<Result<Vec<_>, _>>()? + .into_iter() +- .map(Certificate) ++ .map(|cert| Certificate(cert.to_vec())) + .collect() + }; + let key = { + let fd = std::fs::File::open(data_dir.join("tls/server.key"))?; + let mut buf = std::io::BufReader::new(&fd); +- rustls_pemfile::pkcs8_private_keys(&mut buf)? ++ let key = rustls_pemfile::pkcs8_private_keys(&mut buf) + .into_iter() +- .map(PrivateKey) + .next() +- .unwrap() ++ .unwrap()? ++ .clone_key(); ++ ++ key + + // let key = std::fs::read(data_dir.join("tls/server.key"))?; + // PrivateKey(key) +@@ -40,7 +42,7 @@ async fn main() -> Result<(), Box<dyn st + let mut tls = ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() +- .with_single_cert(certs, key)?; ++ .with_single_cert(certs, PrivateKey(key.secret_pkcs8_der().to_vec()))?; + tls.alpn_protocols = vec![b"h2".to_vec()]; + + let server = EchoServer::default(); diff -Nru rust-tonic-0.10.2+dfsg/debian/patches/series rust-tonic-0.10.2+dfsg/debian/patches/series --- rust-tonic-0.10.2+dfsg/debian/patches/series 2025-02-19 15:21:54.000000000 +0000 +++ rust-tonic-0.10.2+dfsg/debian/patches/series 2025-02-25 01:47:50.000000000 +0000 @@ -6,3 +6,4 @@ 2003_no_bench.patch 2004_no_warp.patch 2005_no_interop.patch +2006_rustls-pemfile.patch
