SBOMs (#1289)

.cargo/config.toml

@@ -1,6 +1,7 @@
-#[build]
-#rustflags = ["--cfg", "tokio_unstable"]
-
 # https://github.com/rust-lang/cargo/issues/5376#issuecomment-2163350032
 [target.'cfg(all())']
-rustflags = ["--cfg", "tokio_unstable"]
+rustflags = [
+    "--cfg", "tokio_unstable",
+    "--remap-path-prefix=$HOME=/reproducible-home",
+    "--remap-path-prefix=$PWD=/reproducible-pwd",
+]

.github/workflows/build.yml

@@ -1,4 +1,6 @@
 name: Build
+permissions:
+  contents: write
 
 on: [push, pull_request]
 
@@ -10,15 +12,23 @@ jobs:
           - arch: x86_64-linux
             target: x86_64-unknown-linux-gnu
             os: ubuntu-22.04
+            cyclonedx-build: cyclonedx-linux-x64
+            cargo-cross: false
           - arch: arm64-linux
             target: aarch64-unknown-linux-gnu
-            os: ubuntu-22.04
+            os: ubuntu-22.04-arm
+            cyclonedx-build: cyclonedx-linux-arm64
+            cargo-cross: false
           - arch: x86_64-macos
             target: x86_64-apple-darwin
             os: macos-latest
+            cyclonedx-build: cyclonedx-osx-x64
+            cargo-cross: false
           - arch: arm64-macos
             target: aarch64-apple-darwin
             os: macos-latest
+            cyclonedx-build: cyclonedx-osx-arm64
+            cargo-cross: true
       fail-fast: false
 
     name: Build (${{ matrix.arch }})
@@ -49,6 +59,10 @@ jobs:
         run: |
           cargo install just
           cargo install cargo-deny@^0.16
+          cargo install cargo-cyclonedx@^0.5
+          mkdir cdx
+          wget https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.27.2/${{ matrix.cyclonedx-build }} -O cyclonedx
+          chmod +x cyclonedx
 
       - name: cargo-deny
         run: |
@@ -56,28 +70,35 @@ jobs:
 
       - name: Install admin UI deps
         run: |
-          just yarn --network-timeout 1000000000
+          just npm ci
 
       - name: Build admin UI
         run: |
-          just yarn build
+          just npm run build
+
+      - name: Generate admin UI BOM
+        run: |
+          NODE_ENV=dev just npx @cyclonedx/cyclonedx-npm --output-format xml > cdx/admin-ui.cdx.xml
 
       - name: Build
         uses: actions-rs/cargo@v1
         with:
           command: build
-          use-cross: true
+          use-cross: ${{ matrix.cargo-cross }}
           args: --all-features --release --target ${{ matrix.target }}
         env:
-          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable"
+          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
-          CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable"
+          CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
-          CARGO_TARGET_X86_64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable"
+          CARGO_TARGET_X86_64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
-          CARGO_TARGET_AARCH64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable"
+          CARGO_TARGET_AARCH64_APPLE_DARWIN_RUSTFLAGS: "--cfg tokio_unstable --remap-path-prefix=$HOME=/reproducible-home --remap-path-prefix=$PWD=/reproducible-pwd"
-        # env:
+
-        #   CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "-C target-feature=+crt-static --cfg tokio_unstable"
+      - name: Generate Rust BOM
-        #   CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_RUSTFLAGS: "-C target-feature=+crt-static --cfg tokio_unstable"
+        run: |
-        #   CARGO_TARGET_X86_64_APPLE_DARWIN_RUSTFLAGS: "-C target-feature=+crt-static --cfg tokio_unstable"
+          cargo cyclonedx --all-features
-        #   CARGO_TARGET_AARCH64_APPLE_DARWIN_RUSTFLAGS: "-C target-feature=+crt-static --cfg tokio_unstable"
+          mv warpgate*/*.cdx.xml cdx/
+
+      - name: Merge BOMs
+        run: ./cyclonedx merge --input-files cdx/* --input-format xml --output-format xml > cdx.xml
 
       - name: Upload artifact
         uses: actions/upload-artifact@master
@@ -85,10 +106,17 @@ jobs:
           name: warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}
           path: target/${{ matrix.target }}/release/warpgate
 
-      - name: Rename artifact
+      - name: Upload SBOM
+        uses: actions/upload-artifact@master
+        with:
+          name: warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}.cdx.xml
+          path: cdx.xml
+
+      - name: Rename artifacts
         run: |
           mkdir dist
           mv target/${{ matrix.target }}/release/warpgate dist/warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}
+          mv cdx.xml dist/warpgate-${{ env.GITHUB_REF_SLUG }}-${{ matrix.arch }}.cdx.xml
 
       - name: Upload release
         uses: softprops/action-gh-release@v1

.github/workflows/reprotest.yml

@@ -0,0 +1,32 @@
+name: Reproducibility test
+permissions:
+  contents: read
+
+on: [workflow_dispatch]
+
+jobs:
+  reprotest:
+    name: Reproducibility test
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Setup
+        run: |
+          sudo apt update
+          sudo apt install --no-install-recommends -y libssl-dev pkg-config disorderfs faketime locales-all reprotest diffoscope
+          test -c /dev/fuse || mknod -m 666 /dev/fuse c 10 229
+          test -f /etc/mtab || ln -s ../proc/self/mounts /etc/mtab
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo sh -s -- -y
+          echo "/root/.cargo/bin" >> $GITHUB_PATH
+
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - name: Install tools
+        run: |
+          sudo env "PATH=$PATH" cargo install just
+
+      - name: Reprotest
+        run: |
+          sudo env "PATH=$PATH" reprotest -vv --vary=environment,build_path,kernel,aslr,num_cpus --build-command 'just npm ci; just npm run build; cargo build --all-features --release' . target/release/warpgate

.github/workflows/test.yml

@@ -24,10 +24,10 @@ jobs:
 
       - name: Build UI
         run: |
-          just yarn --network-timeout 1000000000
+          just npm ci
           just openapi
-          just yarn openapi:tests-sdk
+          just npm run openapi:tests-sdk
-          just yarn build
+          just npm run build
 
       - name: Build images
         working-directory: tests

.gitignore

@@ -26,3 +26,7 @@ dhat-heap.json
 # IntelliJ based IDEs
 .idea/
 /.data/
+
+
+cdx.xml
+*.cdx.xml

Cargo.lock

@@ -361,12 +361,6 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "23ce669cd6c8588f79e15cf450314f9638f967fc5770ff1c7c1deb0925ea7cfa"
 
-[[package]]
-name = "base64"
-version = "0.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
-
 [[package]]
 name = "base64"
 version = "0.21.7"
@@ -1319,7 +1313,7 @@ checksum = "da0e4dd2a88388a1f4ccc7c9ce104604dab68d9f408dc34cd45823d5a9069095"
 dependencies = [
  "futures-core",
  "futures-sink",
- "spin 0.9.8",
+ "spin",
 ]
 
 [[package]]
@@ -2209,13 +2203,14 @@ dependencies = [
 
 [[package]]
 name = "jsonwebtoken"
-version = "8.3.0"
+version = "9.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378"
+checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde"
 dependencies = [
- "base64 0.21.7",
+ "base64 0.22.1",
+ "js-sys",
  "pem",
- "ring 0.16.20",
+ "ring",
  "serde",
  "serde_json",
  "simple_asn1",
@@ -2270,7 +2265,7 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
 dependencies = [
- "spin 0.9.8",
+ "spin",
 ]
 
 [[package]]
@@ -2292,7 +2287,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
 dependencies = [
  "cfg-if",
- "windows-targets 0.52.6",
+ "windows-targets 0.48.5",
 ]
 
 [[package]]
@@ -2466,7 +2461,7 @@ dependencies = [
  "httparse",
  "memchr",
  "mime",
- "spin 0.9.8",
+ "spin",
  "tokio",
  "version_check",
 ]
@@ -2892,11 +2887,12 @@ dependencies = [
 
 [[package]]
 name = "pem"
-version = "1.1.1"
+version = "3.0.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.22.1",
+ "serde",
 ]
 
 [[package]]
@@ -3433,12 +3429,13 @@ dependencies = [
 
 [[package]]
 name = "rcgen"
-version = "0.10.0"
+version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ffbe84efe2f38dea12e9bfc1f65377fdf03e53a18cb3b995faedf7934c7e785b"
+checksum = "75e669e5202259b5314d1ea5397316ad400819437857b90861765f24c4cf80a2"
 dependencies = [
  "pem",
- "ring 0.16.20",
+ "ring",
+ "rustls-pki-types",
  "time",
  "yasna",
  "zeroize",
@@ -3522,6 +3519,7 @@ dependencies = [
  "bytes",
  "futures-core",
  "futures-util",
+ "h2 0.4.7",
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
@@ -3577,30 +3575,14 @@ dependencies = [
 
 [[package]]
 name = "ring"
-version = "0.16.20"
+version = "0.17.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
-dependencies = [
- "cc",
- "libc",
- "once_cell",
- "spin 0.5.2",
- "untrusted 0.7.1",
- "web-sys",
- "winapi",
-]
-
-[[package]]
-name = "ring"
-version = "0.17.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
 dependencies = [
  "cc",
  "cfg-if",
  "getrandom 0.2.15",
  "libc",
- "spin 0.9.8",
  "untrusted 0.9.0",
  "windows-sys 0.52.0",
 ]
@@ -3855,7 +3837,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432"
 dependencies = [
  "log",
- "ring 0.17.8",
+ "ring",
  "rustls-pki-types",
  "rustls-webpki",
  "subtle",
@@ -3920,7 +3902,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
 dependencies = [
  "aws-lc-rs",
- "ring 0.17.8",
+ "ring",
  "rustls-pki-types",
  "untrusted 0.9.0",
 ]
@@ -4428,12 +4410,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "spin"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
-
 [[package]]
 name = "spin"
 version = "0.9.8"
@@ -5832,7 +5808,7 @@ version = "0.22.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53"
 dependencies = [
- "ring 0.17.8",
+ "ring",
  "untrusted 0.9.0",
 ]
 

README.md

@@ -82,11 +82,11 @@ You can also use the admin web interface to view the live session list, review s
 
 ## Contributing / building from source
 
-* You'll need Rust, NodeJS and Yarn
+* You'll need Rust, NodeJS and NPM
 * Clone the repo
 * [Just](https://github.com/casey/just) is used to run tasks - install it: `cargo install just`
-* Install the admin UI deps: `just yarn`
+* Install the admin UI deps: `just npm`
-* Build the frontend: `just yarn build`
+* Build the frontend: `just npm run build`
 * Build Warpgate: `cargo build` (optionally `--release`)
 
 The binary is in `target/{debug|release}`.

deny.toml

@@ -72,6 +72,7 @@ feature-depth = 1
 ignore = [
     "RUSTSEC-2023-0071",
     "RUSTSEC-2021-0139", # ansi-term is unmaintained
+    "RUSTSEC-2024-0436", # paste is unmaintained
     #{ id = "RUSTSEC-0000-0000", reason = "you can specify a reason the advisory is ignored" },
     #"a-crate-that-is-yanked@0.1.1", # you can also ignore yanked crate versions if you wish
     #{ crate = "a-crate-that-is-yanked@0.1.1", reason = "you can specify why you are ignoring the yanked crate" },

docker/Dockerfile

@@ -7,15 +7,14 @@ RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get update \
     && apt-get install -y ca-certificates-java nodejs openjdk-17-jdk \
     && rm -rf /var/lib/apt/lists/* \
-    && npm install -g yarn \
     && cargo install just
 
 COPY . /opt/warpgate
 
 RUN cd /opt/warpgate \
-    && just yarn --network-timeout 1000000000 \
+    && just npm ci \
     && just openapi \
-    && just yarn build \
+    && just npm run build \
     && cargo build --features mysql,postgres --release
 
 FROM debian:bullseye-20221024

docker/Dockerfile.builder

@@ -2,6 +2,5 @@ FROM centos/devtoolset-7-toolchain-centos7
 USER root
 RUN curl -fsSL https://rpm.nodesource.com/setup_16.x | bash -
 RUN yum install -y nodejs java pkgconfig openssl-devel perl-IPC-Cmd && yum clean all
-RUN npm i -g yarn
 USER 1001
 ENV PATH=/opt/app-root/src/.cargo/bin:/opt/rh/devtoolset-7/root/usr/bin:/opt/app-root/src/bin:/opt/app-root/bin:/opt/rh/devtoolset-7/root/usr/bin/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

justfile

@@ -15,23 +15,26 @@ clippy *ARGS:
 test:
     for p in {{projects}}; do cargo test --all-features -p $p; done
 
-yarn *ARGS:
+npm *ARGS:
-    cd warpgate-web && yarn {{ARGS}}
+    cd warpgate-web && npm {{ARGS}}
+
+npx *ARGS:
+    cd warpgate-web && npx {{ARGS}}
 
 migrate *ARGS:
     cargo run --all-features -p warpgate-db-migrations -- {{ARGS}}
 
 lint *ARGS:
-    cd warpgate-web && yarn run lint {{ARGS}}
+    cd warpgate-web && npm run lint {{ARGS}}
 
 svelte-check:
-    cd warpgate-web && yarn run check
+    cd warpgate-web && npm run check
 
 openapi-all:
-    cd warpgate-web && yarn openapi:schema:admin && yarn openapi:schema:gateway && yarn openapi:client:admin && yarn openapi:client:gateway
+    cd warpgate-web && npm run openapi:schema:admin && npm run openapi:schema:gateway && npm run openapi:client:admin && npm run openapi:client:gateway
 
 openapi:
-    cd warpgate-web && yarn openapi:client:admin && yarn openapi:client:gateway
+    cd warpgate-web && npm run openapi:client:admin && npm run openapi:client:gateway
 
 cleanup: (fix "--allow-dirty") (clippy "--fix" "--allow-dirty") fmt svelte-check lint
 

warpgate-protocol-http/Cargo.toml

@@ -17,6 +17,7 @@ once_cell = "1.17"
 poem.workspace = true
 poem-openapi = { version = "5.1", features = ["swagger-ui"] }
 reqwest = { version = "0.12", features = [
+    "http2",                               # required for connecting to targets behind AWS ELB
     "rustls-tls-native-roots-no-provider",
     "stream",
 ], default-features = false }

warpgate-sso/Cargo.toml

@@ -16,6 +16,6 @@ openidconnect = { version = "4.0", default-features = false, features = [
 serde.workspace = true
 serde_json.workspace = true
 once_cell = "1.17"
-jsonwebtoken = "8"
+jsonwebtoken = "9"
 data-encoding.workspace = true
 futures.workspace = true

warpgate-web/package.json

@@ -9,15 +9,16 @@
     "watch": "vite build -w --mode development --minify false",
     "check": "svelte-check --compiler-warnings 'a11y-no-noninteractive-element-interactions:ignore,a11y-click-events-have-key-events:ignore,a11y-no-static-element-interactions:ignore' --tsconfig ./tsconfig.json",
     "lint": "eslint src && svelte-check",
-    "postinstall": "yarn run openapi:client:gateway && yarn run openapi:client:admin",
+    "postinstall": "npm run openapi:client:gateway && npm run openapi:client:admin",
     "openapi:schema:gateway": "cargo run -p warpgate-protocol-http > src/gateway/lib/openapi-schema.json",
     "openapi:schema:admin": "cargo run -p warpgate-admin > src/admin/lib/openapi-schema.json",
-    "openapi:client:gateway": "openapi-generator-cli generate -g typescript-fetch -i src/gateway/lib/openapi-schema.json -o src/gateway/lib/api-client -p npmName=warpgate-gateway-api-client -p useSingleRequestParameter=true && cd src/gateway/lib/api-client && npm i typescript@5 && npm i && yarn tsc --target esnext --module esnext && rm -rf src tsconfig.json",
+    "openapi:client:gateway": "openapi-generator-cli generate -g typescript-fetch -i src/gateway/lib/openapi-schema.json -o src/gateway/lib/api-client -p npmName=warpgate-gateway-api-client -p useSingleRequestParameter=true && cd src/gateway/lib/api-client && npm i typescript@5 && npm i && npx tsc --target esnext --module esnext && rm -rf src tsconfig.json",
-    "openapi:client:admin": "openapi-generator-cli generate -g typescript-fetch -i src/admin/lib/openapi-schema.json -o src/admin/lib/api-client -p npmName=warpgate-admin-api-client -p useSingleRequestParameter=true && cd src/admin/lib/api-client && npm i typescript@5 && npm i && yarn tsc --target esnext --module esnext && rm -rf src tsconfig.json",
+    "openapi:client:admin": "openapi-generator-cli generate -g typescript-fetch -i src/admin/lib/openapi-schema.json -o src/admin/lib/api-client -p npmName=warpgate-admin-api-client -p useSingleRequestParameter=true && cd src/admin/lib/api-client && npm i typescript@5 && npm i && npx tsc --target esnext --module esnext && rm -rf src tsconfig.json",
     "openapi:tests-sdk": "openapi-generator-cli generate -g python -i src/admin/lib/openapi-schema.json -o ../tests/api_sdk",
-    "openapi": "yarn run openapi:schema:admin && yarn run openapi:schema:gateway && yarn run openapi:client:admin && yarn run openapi:client:gateway"
+    "openapi": "npm run openapi:schema:admin && npm run openapi:schema:gateway && npm run openapi:client:admin && npm run openapi:client:gateway"
   },
   "devDependencies": {
+    "@cyclonedx/cyclonedx-npm": "^2.1.0",
     "@fontsource/poppins": "^5.1.1",
     "@fontsource/work-sans": "^4.5.12",
     "@fortawesome/free-brands-svg-icons": "^6.7.2",
@@ -27,6 +28,7 @@
     "@otplib/plugin-base32-enc-dec": "^12.0.1",
     "@otplib/plugin-crypto-js": "^12.0.1",
     "@otplib/preset-browser": "^12.0.1",
+    "@stylistic/eslint-plugin": "^2.13.0",
     "@sveltejs/vite-plugin-svelte": "^4.0.4",
     "@sveltestrap/sveltestrap": "^6.2.7",
     "@tsconfig/svelte": "^5.0.0",
@@ -37,12 +39,12 @@
     "bootstrap": "^5.3.3",
     "copy-text-to-clipboard": "^3.0.1",
     "date-fns": "^4.1.0",
-    "eslint": "^9.20.1",
+    "eslint": "^9",
     "eslint-config-standard": "^17.1.0",
     "eslint-import-resolver-typescript": "^3.7.0",
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^7.2.1",
+    "eslint-plugin-promise": "^6",
     "eslint-plugin-svelte": "^2.46.1",
     "format-duration": "^3.0.2",
     "otpauth": "^9.3.6",
@@ -58,13 +60,21 @@
     "thenby": "^1.3.4",
     "tslib": "^2.8.0",
     "typescript": "^5.7.3",
+    "typescript-eslint": "^8.26.0",
     "ua-parser-js": "^2.0.2",
     "vite": "^5.4.11",
     "vite-plugin-checker": "^0.8.0",
     "vite-tsconfig-paths": "^5.1.4"
   },
-  "dependencies": {
+  "overrides": {
-    "@stylistic/eslint-plugin": "^2.13.0",
+    "svelte-observable": {
-    "typescript-eslint": "^8.24.0"
+      "svelte": "^5"
+    },
+    "eslint-config-standard": {
+      "eslint": "^9"
+    },
+    "@eslint-community/eslint-utils": {
+      "eslint": "^9"
+    }
   }
 }

warpgate-web/src/admin/lib/openapi-schema.json

@@ -2,7 +2,7 @@
   "openapi": "3.0.0",
   "info": {
     "title": "Warpgate Web Admin",
-    "version": "0.13.0"
+    "version": "0.13.2"
   },
   "servers": [
     {

warpgate-web/src/gateway/lib/openapi-schema.json

@@ -2,7 +2,7 @@
   "openapi": "3.0.0",
   "info": {
     "title": "Warpgate HTTP proxy",
-    "version": "0.13.0"
+    "version": "0.13.2"
   },
   "servers": [
     {

warpgate/Cargo.toml

@@ -18,7 +18,7 @@ dialoguer = "0.10"
 enum_dispatch.workspace = true
 futures.workspace = true
 notify = "5.1"
-rcgen = { version = "0.10", features = ["zeroize"] }
+rcgen = { version = "0.13", features = ["zeroize"] }
 rustls.workspace = true
 serde_json.workspace = true
 serde_yaml = "0.9"

warpgate/src/commands/setup.rs

@@ -361,8 +361,8 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
             .paths_relative_to
             .join(&config.store.http.certificate);
         let key_path = config.paths_relative_to.join(&config.store.http.key);
-        std::fs::write(&certificate_path, cert.serialize_pem()?)?;
+        std::fs::write(&certificate_path, cert.cert.pem())?;
-        std::fs::write(&key_path, cert.serialize_private_key_pem())?;
+        std::fs::write(&key_path, cert.key_pair.serialize_pem())?;
         secure_file(&certificate_path)?;
         secure_file(&key_path)?;
     }