An NTP implementation in Rust, supported by Internet Security Research Group's Prossimo project.

Related tags

Command-line ntpd-rs
Overview

checkscodecov

NTPD-rs

NTPD-rs is an implementation of NTP completely written in Rust, with a focus on exposing a minimal attack surface. The project is currently in an early stage, and is not yet suitable for daily use. However, you can try it out if you are comfortable with running pre-release software.

Quick start

Currently, NTPD-rs only supports Linux-based operating systems. Our current testing only targets Linux kernels after version 5.0.0, older kernels may work but this is not guaranteed.

NTPD-rs is written in rust, and requires cargo 1.60.0 at a minimum to be built. We strongly recommend using rustup to install a rust toolchain, because the version provided by system package managers tends to be out of date.

To build NTPD-rs run

cargo build --release

This produces a binary ntp-daemon in the target/release folder, which is the main NTP daemon.

Before running the NTPD-rs daemon, make sure that no other NTP daemons are running. E.g. when chrony is running

systemctl stop chronyd

The NTPD-rs daemon requires elevated permissions to change the system clock. It can be tested against a server in the NTP pool

sudo ./target/release/ntp-daemon -p pool.ntp.org

After a few minutes you should start to see messages indicating the offset of your machine from the server. A complete description of how the daemon can be configured can be found in the configuration documentation

Naming

We are currently looking for a better name for this project. Suggestions for this are welcome.

Package substructure

Currently, the code is split up into five separate crates:

  • ntp-proto contains the packet parsing and the algorithms needed for clock selection, filtering and steering.
  • ntp-daemon contains the main NTP daemon, and deals with orchestrating the networking and configuration.
  • test-binaries contains a number of simple NTP servers that can be used for testing (see below).
  • ntp-os-clock contains the unsafe code needed to interface with system clocks.
  • ntp-udp contains the unsafe code needed to deal with timestamping on the network layer.

All unsafe code is contained within the ntp-os-clock and ntp-udp packages, which are kept as small as possible. All interfaces exposed by these crates should be safe. For a more detailed description of how NTPD-rs is structured, see the development documentation.

Test Binaries

This crate contains extremely limited NTP servers for testing purposes

  • demobilize-server always sends the DENY kiss code, the client must demobilize this association
  • rate-limit-server forces an increase of the poll interval to 32 seconds

Minimum supported rust version

We try to keep NTPD-rs working on at least the latest stable, beta and nightly rust compiler. Beyond this, we keep track of the current minimum rust version needed to compile our code for purposes of documentation. However, right now we do not have a policy guaranteeing a minimum amount of time we will support a stable rust release beyond the 6 weeks during which it is the latest stable version.

Please note that the rust foundation only supports the latest stable rust release. As this is the only release that will receive any security updates, we STRONGLY recommend using the latest stable rust version for compiling NTPD-rs for daily use.

Comments
  • use an ip filter based on a sorted vector

    use an ip filter based on a sorted vector

    so that we can properly contrast the approaches: an implementation of an ip filter using a sorted vector.

    The BTreeMap provides sorted keys, but we don't really get any other benefit, and assume that storing the values in a Vec will be better versus a tree (e.g. scanning can be vectorized and data locality is better)

    This implementation is much smaller than the bitset implementation, and has very little complex logic (some bit shifts, that's it really). A clear win.

    But, the time complexity of a lookup (the important operation here, construction is performed once and hence I don't think its complexity is relevant) degrades from O(1) to O(n), where n is the number of IPs in the filter. That is unfortunate, but

    • we expect n to be small (couple dozen, at most)
    • the implementation can be readily vectorized
    • technically we can get it down to O(log n) by using a binary search instead of a linear scan. But I predict this is actually slower for small n

    So overall I'm in favor of this simpler, Vec-based approach

    opened by folkertdev 6
  • Bump sentry from 0.27.0 to 0.28.0

    Bump sentry from 0.27.0 to 0.28.0

    Bumps sentry from 0.27.0 to 0.28.0.

    Release notes

    Sourced from sentry's releases.

    0.28.0

    Breaking Changes:

    • The minimum supported Rust version was bumped to 1.60.0 due to requirements from dependencies. (#498)
    • Added the traces_sampler option to ClientOptions. This allows the user to customise sampling rates on a per-transaction basis. (#510)

    Features:

    • Add support for Profiling feature. (#479)
    • Add SSL_VERIFY option to control certificate verification. (#508)
    • Add Windows OS version to OS context (#499)
    • Add a tower-http feature as a shortcut (#493)

    Internal:

    • Take advantage of weak features in Rust 1.60 for TLS enablement (#454)
    • Turn off pprof default features (#491)
    • Change session update logic to follow the spec (#477)
    • Extract public event_from_error fn in sentry-anyhow (#476)

    Thank you:

    Features, fixes and improvements in this release have been contributed by:

    Changelog

    Sourced from sentry's changelog.

    0.28.0

    Breaking Changes:

    • The minimum supported Rust version was bumped to 1.60.0 due to requirements from dependencies. (#498)
    • Added the traces_sampler option to ClientOptions. This allows the user to customise sampling rates on a per-transaction basis. (#510)

    Features:

    • Add support for Profiling feature. (#479)
    • Add SSL_VERIFY option to control certificate verification. (#508)
    • Add Windows OS version to OS context (#499)
    • Add a tower-http feature as a shortcut (#493)

    Internal:

    • Take advantage of weak features in Rust 1.60 for TLS enablement (#454)
    • Turn off pprof default features (#491)
    • Change session update logic to follow the spec (#477)
    • Extract public event_from_error fn in sentry-anyhow (#476)

    Thank you:

    Features, fixes and improvements in this release have been contributed by:

    Commits
    • dc048f5 release: 0.28.0
    • d390b64 meta: 0.28 changelog (#511)
    • 0e021ba sentry-core: Add traces_sampler client option (#510)
    • 8e8f7c3 Take advantage of weak features in Rust 1.60 for TLS enablement (#454)
    • 89b31f8 ref: Improve Hub concurrency docs (#509)
    • e11ab3b feat(transport): Add option to disable SSL verification (#508)
    • af1b255 feat(profiling): Update to new standard Profile format (#504)
    • a433f63 feat(contexts): Add Windows OS version to OS context (#499)
    • bb81c88 feat(profiling): Use frame-pointer for stack unwinding and update to pprof 0....
    • a9f81cb doc: add few verbs and punctuation (#496)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 5
  • ntp-udp safety

    ntp-udp safety

    Various improvements to the analysis and isolation of unsafe code within the ntp-udp crate

    Note: This PR does 3 things:

    • It isolates each section of unsafe code in its own module such that that module has a safe interface.
    • It reworks some code to ensure the above is actually possible
    • It adds the argumentation why each of the unsafe code blocks has safe behaviour.

    The commits below are split consciously to make the review process hopefully easier. Each commit either moves stuff around, or reworks a specific bit for proving safety.

    opened by davidv1992 5
  • send timestamps

    send timestamps

    finally worked this out. Two links that helped me crack this

    • https://stackoverflow.com/questions/47313383/linux-udp-datagrams-and-kernel-timestamps-lots-of-examples-and-stackoversflow
    • https://pastebin.com/qd0gspRc

    the thing that nobody tells you is that these timestamping messages come in on the MSG_ERRQUEUE

    opened by folkertdev 5
  • Client for observing state and dynamically changing configuration

    Client for observing state and dynamically changing configuration

    we have two unix sockets, by default

    /run/ntpd-rs/log-level
    /run/ntpd-rs/config
    

    the log level is unprotected, the config needs additional permissions.


    we can use https://docs.rs/tokio/latest/tokio/net/struct.UnixStream.html

    for sending data over the socket, use https://docs.rs/postcard/latest/postcard/ ? (or send json as bytes?)


    client --set-log-level=debug
    
    client --step-if-bigger=1000 --step-first-updates=10
    

    then we also need some observability features, some ideas

    client peers list # lists all remotes we are connected to
    client peers watch # show for each connected peer its `PeerStatus`
    
    opened by folkertdev 5
  • Bump sentry-tracing from 0.27.0 to 0.28.0

    Bump sentry-tracing from 0.27.0 to 0.28.0

    Bumps sentry-tracing from 0.27.0 to 0.28.0.

    Release notes

    Sourced from sentry-tracing's releases.

    0.28.0

    Breaking Changes:

    • The minimum supported Rust version was bumped to 1.60.0 due to requirements from dependencies. (#498)
    • Added the traces_sampler option to ClientOptions. This allows the user to customise sampling rates on a per-transaction basis. (#510)

    Features:

    • Add support for Profiling feature. (#479)
    • Add SSL_VERIFY option to control certificate verification. (#508)
    • Add Windows OS version to OS context (#499)
    • Add a tower-http feature as a shortcut (#493)

    Internal:

    • Take advantage of weak features in Rust 1.60 for TLS enablement (#454)
    • Turn off pprof default features (#491)
    • Change session update logic to follow the spec (#477)
    • Extract public event_from_error fn in sentry-anyhow (#476)

    Thank you:

    Features, fixes and improvements in this release have been contributed by:

    Changelog

    Sourced from sentry-tracing's changelog.

    0.28.0

    Breaking Changes:

    • The minimum supported Rust version was bumped to 1.60.0 due to requirements from dependencies. (#498)
    • Added the traces_sampler option to ClientOptions. This allows the user to customise sampling rates on a per-transaction basis. (#510)

    Features:

    • Add support for Profiling feature. (#479)
    • Add SSL_VERIFY option to control certificate verification. (#508)
    • Add Windows OS version to OS context (#499)
    • Add a tower-http feature as a shortcut (#493)

    Internal:

    • Take advantage of weak features in Rust 1.60 for TLS enablement (#454)
    • Turn off pprof default features (#491)
    • Change session update logic to follow the spec (#477)
    • Extract public event_from_error fn in sentry-anyhow (#476)

    Thank you:

    Features, fixes and improvements in this release have been contributed by:

    Commits
    • dc048f5 release: 0.28.0
    • d390b64 meta: 0.28 changelog (#511)
    • 0e021ba sentry-core: Add traces_sampler client option (#510)
    • 8e8f7c3 Take advantage of weak features in Rust 1.60 for TLS enablement (#454)
    • 89b31f8 ref: Improve Hub concurrency docs (#509)
    • e11ab3b feat(transport): Add option to disable SSL verification (#508)
    • af1b255 feat(profiling): Update to new standard Profile format (#504)
    • a433f63 feat(contexts): Add Windows OS version to OS context (#499)
    • bb81c88 feat(profiling): Use frame-pointer for stack unwinding and update to pprof 0....
    • a9f81cb doc: add few verbs and punctuation (#496)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 4
  • Origin Timestamp as Transaction ID

    Origin Timestamp as Transaction ID

    reported by jsha

    The origin timestamp in outbound packets is used to identify reply packets. This is a good measure against off-path attackers, similar to how DNS uses source port randomization in addition to query id to make it hard for spoofed packets to interfere with operations.

    In ntp-proto/src/peer.rs, the next_expected_origin is kept live until either (a) a packet with that timestamp is accepted, or (b) the next poll interval arrives. Since the poll interval can be quite long at the maximum (many hours), this gives a long window for attackers to send packets guessing origin timestamp values. I recommend having a maximum time (on the order of seconds) past which reply packets won't be accepted, independent of the poll interval.

    I recommend adding a small random delay to the poll time to make it harder for an attacker to guess when a poll request is inflight. This also has the happy operational effect of preventing a situation where a fleet of clients all make their poll requests at the same time.

    Handle_incoming checks for a match with next_expected_origin before checking whether a packet is a Kiss-O'-Death (KoD) packet. The RFC says:

    The Receive Timestamp and the Transmit Timestamp (set by the server) are undefined when in a KoD packet and MUST NOT be relied upon to have valid values and MUST be discarded.

    This suggests KISS checks should come before the next_expected_origin checks and should not be able to redeem next_expected origin. The MUST discard suggests these fields should be cleared during packet parsing.

    The downside of following the spec here is that KISS packets can be easily forged by off-path attackers if they are not validated against next_expected_origin. In practice, do common NTP deployments copy the transmit timestamp? I suspect there may be some deployments where KISS packets are generated by a firewall without copying data from the inbound packet.

    opened by davidv1992 4
  • Bump clap from 3.1.18 to 3.2.1

    Bump clap from 3.1.18 to 3.2.1

    Bumps clap from 3.1.18 to 3.2.1.

    Release notes

    Sourced from clap's releases.

    v3.2.0

    [3.2.0] - 2022-06-13

    Features

    • Parsed, typed arguments via Arg::value_parser / ArgMatches::{get_one,get_many} (#2683, #3732)
      • Several built-in TypedValueParsers available with an API open for expansion
      • value_parser!(T) macro for selecting a parser for a given type (#3732) and open to expansion via the ValueParserFactory trait (#3755)
      • [&str] is implicitly a value parser for possible values
      • All ArgMatches getters do not assume required arguments (#2505)
      • Add ArgMatches::remove_* variants to transfer ownership
      • Add ArgMatches::try_* variants to avoid panics for developer errors (#3621)
      • Add a get_raw to access the underlying OsStrs
      • PathBuf value parsers imply ValueHint::AnyPath for completions (#3732)
    • Explicit control over parsing via Arg::action (#3774)
      • ArgAction::StoreValue: existing takes_value(true) behavior
      • ArgAction::IncOccurrences: existing takes_value(false) behavior
      • ArgAction::Help: existing --help behavior
      • ArgAction::Version: existing --version behavior
      • ArgAction::Set: Overwrite existing values (like Arg::multiple_occurrences mixed with Command::args_override_self) (#3777)
      • ArgAction::Append: like Arg::multiple_occurrences (#3777)
      • ArgAction::SetTrue: Treat --flag as --flag=true (#3775)
        • Implies Arg::default_value("false") (#3786)
        • Parses Arg::env via Arg::value_parser
      • ArgAction::SetFalse: Treat --flag as --flag=false (#3775)
        • Implies Arg::default_value("true") (#3786)
        • Parses Arg::env via Arg::value_parser
      • ArgAction::Count: Treat --flag --flag --flag as --flag=1 --flag=2 --flag=3 (#3775)
        • Implies Arg::default_value("0") (#3786)
        • Parses Arg::env via Arg::value_parser
    • (derive) Opt-in to new Arg::value_parser / Arg::action with either #[clap(value_parser)] (#3589, #3742) / #[clap(action)] attributes (#3794)
      • Default ValueParser is determined by value_parser! (#3199, #3496)
      • Default ArgAction is determine by a hard-coded lookup on the type (#3794)
    • Command::multicall is now stable for busybox-like programs and REPLs (#2861, #3684)
    • ArgMatches::{try_,}contains_id for checking if there are values for an argument that mirrors the new get_{one,many} API

    Fixes

    parser

    • Set ArgMatches::value_source and ArgMatches::occurrences_of for external subcommands (#3732)
    • Use value delimiter for Arg::default_missing_values (#3761, #3765)
    • SplitArg::default_value / Arg::env on value delimiters independent of whether -- was used (#3765)
    • Allow applying defaults to flags (#3294, 3775)
    • Defaults no longer satisfy required and its variants (#3793)

    Compatibility

    MSRV is now 1.56.0 (#3732)

    Behavior

    ... (truncated)

    Changelog

    Sourced from clap's changelog.

    [3.2.1] - 2022-06-13

    [3.2.0] - 2022-06-13

    Features

    • Parsed, typed arguments via Arg::value_parser / ArgMatches::{get_one,get_many} (#2683, #3732)
      • Several built-in TypedValueParsers available with an API open for expansion
      • value_parser!(T) macro for selecting a parser for a given type (#3732) and open to expansion via the ValueParserFactory trait (#3755)
      • [&str] is implicitly a value parser for possible values
      • All ArgMatches getters do not assume required arguments (#2505)
      • Add ArgMatches::remove_* variants to transfer ownership
      • Add ArgMatches::try_* variants to avoid panics for developer errors (#3621)
      • Add a get_raw to access the underlying OsStrs
      • PathBuf value parsers imply ValueHint::AnyPath for completions (#3732)
    • Explicit control over parsing via Arg::action (#3774)
      • ArgAction::StoreValue: existing takes_value(true) behavior
      • ArgAction::IncOccurrences: existing takes_value(false) behavior
      • ArgAction::Help: existing --help behavior
      • ArgAction::Version: existing --version behavior
      • ArgAction::Set: Overwrite existing values (like Arg::multiple_occurrences mixed with Command::args_override_self) (#3777)
      • ArgAction::Append: like Arg::multiple_occurrences (#3777)
      • ArgAction::SetTrue: Treat --flag as --flag=true (#3775)
        • Implies Arg::default_value("false") (#3786)
        • Parses Arg::env via Arg::value_parser
      • ArgAction::SetFalse: Treat --flag as --flag=false (#3775)
        • Implies Arg::default_value("true") (#3786)
        • Parses Arg::env via Arg::value_parser
      • ArgAction::Count: Treat --flag --flag --flag as --flag=1 --flag=2 --flag=3 (#3775)
        • Implies Arg::default_value("0") (#3786)
        • Parses Arg::env via Arg::value_parser
    • (derive) Opt-in to new Arg::value_parser / Arg::action with either #[clap(value_parser)] (#3589, #3742) / #[clap(action)] attributes (#3794)
      • Default ValueParser is determined by value_parser! (#3199, #3496)
      • Default ArgAction is determine by a hard-coded lookup on the type (#3794)
    • Command::multicall is now stable for busybox-like programs and REPLs (#2861, #3684)
    • ArgMatches::{try_,}contains_id for checking if there are values for an argument that mirrors the new get_{one,many} API

    Fixes

    parser

    • Set ArgMatches::value_source and ArgMatches::occurrences_of for external subcommands (#3732)
    • Use value delimiter for Arg::default_missing_values (#3761, #3765)
    • SplitArg::default_value / Arg::env on value delimiters independent of whether -- was used (#3765)
    • Allow applying defaults to flags (#3294, 3775)
    • Defaults no longer satisfy required and its variants (#3793)

    Compatibility

    MSRV is now 1.56.0 (#3732)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 4
  • Bump tokio from 1.18.2 to 1.19.2

    Bump tokio from 1.18.2 to 1.19.2

    Bumps tokio from 1.18.2 to 1.19.2.

    Release notes

    Sourced from tokio's releases.

    Tokio v1.19.1

    1.19.1 (June 5, 2022)

    This release fixes a bug in Notified::enable. (#4747)

    #4747: tokio-rs/tokio#4747

    Tokio v1.19.0

    1.19.0 (June 3, 2022)

    Added

    • runtime: add is_finished method for JoinHandle and AbortHandle (#4709)
    • runtime: make global queue and event polling intervals configurable (#4671)
    • sync: add Notified::enable (#4705)
    • sync: add watch::Sender::send_if_modified (#4591)
    • sync: add resubscribe method to broadcast::Receiver (#4607)
    • net: add take_error to TcpSocket and TcpStream (#4739)

    Changed

    • io: refactor out usage of Weak in the io handle (#4656)

    Fixed

    • macros: avoid starvation in join! and try_join! (#4624)

    Documented

    • runtime: clarify semantics of tasks outliving block_on (#4729)
    • time: fix example for MissedTickBehavior::Burst (#4713)

    Unstable

    • metrics: correctly update atomics in IoDriverMetrics (#4725)
    • metrics: fix compilation with unstable, process, and rt, but without net (#4682)
    • task: add #[track_caller] to JoinSet/JoinMap (#4697)
    • task: add Builder::{spawn_on, spawn_local_on, spawn_blocking_on} (#4683)
    • task: add consume_budget for cooperative scheduling (#4498)
    • task: add join_set::Builder for configuring JoinSet tasks (#4687)
    • task: update return value of JoinSet::join_one (#4726)

    #4498: tokio-rs/tokio#4498 #4591: tokio-rs/tokio#4591 #4607: tokio-rs/tokio#4607 #4624: tokio-rs/tokio#4624 #4656: tokio-rs/tokio#4656 #4671: tokio-rs/tokio#4671 #4682: tokio-rs/tokio#4682 #4683: tokio-rs/tokio#4683 #4687: tokio-rs/tokio#4687 #4697: tokio-rs/tokio#4697 #4705: tokio-rs/tokio#4705 #4709: tokio-rs/tokio#4709 #4713: tokio-rs/tokio#4713 #4725: tokio-rs/tokio#4725 #4726: tokio-rs/tokio#4726 #4729: tokio-rs/tokio#4729

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 4
  • Bump libc from 0.2.135 to 0.2.136

    Bump libc from 0.2.135 to 0.2.136

    Bumps libc from 0.2.135 to 0.2.136.

    Release notes

    Sourced from libc's releases.

    0.2.136

    What's Changed

    Full Changelog: https://github.com/rust-lang/libc/compare/0.2.135...0.2.136

    Commits
    • 09ad0b3 Auto merge of #2975 - JohnTitor:release-0.2.136, r=JohnTitor
    • 5e3c708 Prepare 0.2.136 release
    • 71b864d Auto merge of #2969 - pfmooney:illumos-aout, r=JohnTitor
    • cc19b6f Auto merge of #2973 - asomers:MNT_bsd, r=JohnTitor
    • 8acaac5 Add new definitions to libc-test/semver
    • a59c842 Auto merge of #2963 - devnexen:recvmsg_linux_fix, r=JohnTitor
    • cfa3116 Style fixes, and filter out duplicate definitions
    • 138202d Add more MNT_ flags on {Dragonfly,Net,Open}BSD
    • 00204b0 warns that in the near future the MSG_* constants will have
    • 0488a83 Auto merge of #2968 - name1e5s:macos_clocks, r=JohnTitor
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 3
  • [StepSecurity] ci: Harden GitHub Actions

    [StepSecurity] ci: Harden GitHub Actions

    Summary

    This is an automated pull request generated by Secure Workflows at the request of @jauderho. Please merge the Pull Request to incorporate the requested changes. Please tag @jauderho on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

    Security Fixes

    Pinned Dependencies

    A pinned dependency is a dependency that is explicitly set to a specific hashed version instead of a mutable version. Pinned dependencis ensure that development and deployment are done with the same software versions which reduces deployment risks, and enables reproducibility. It can help mitigate compromised dependencies from undermining the security of the project in certain scenarios. The dependencies were pinned using Secure WorkFlows

    Feedback

    For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-workflows or contact us via our website.

    Signed-off-by: StepSecurity Bot [email protected]

    opened by step-security-bot 3
  • Bump prometheus-client from 0.18.1 to 0.19.0

    Bump prometheus-client from 0.18.1 to 0.19.0

    Bumps prometheus-client from 0.18.1 to 0.19.0.

    Release notes

    Sourced from prometheus-client's releases.

    v0.19.0

    See changelog for details.

    v0.19.0-alpha.2

    See changelog for details.

    v0.19.0-alpha

    See changelog for details.

    Changelog

    Sourced from prometheus-client's changelog.

    [0.19.0]

    This is a large release including multiple breaking changes. Major user-facing improvement of this release is support for the OpenMetrics Protobuf format.

    Upgrade guide:

    • Don't box before registering.

        registry.register(
            "my_metric",
            "This is my metric",
      -      Box::new(my_metric.clone()),
      +      my_metric.clone(),
        );
      
    • Gauge uses i64 instead of u64.

        my_gauge
      -     .set(42u64);
      +     .set(42i64);
      
    • Derive EncodeLabelSet for struct and EncodeLabelValue for enum instead of just Encode for all and require Debug.

      - #[derive(Clone, Hash, PartialEq, Eq, Encode)]
      + #[derive(Clone, Hash, PartialEq, Eq, EncodeLabelSet, Debug)]
        struct Labels {
            path: String,
            method: Method,
            some_number: u64,
        }
      
      • #[derive(Clone, Hash, PartialEq, Eq, Encode)]
      • #[derive(Clone, Hash, PartialEq, Eq, EncodeLabelValue, Debug)] enum Method { Get, #[allow(dead_code)] Put, }
  • Encode as utf-8 and not as [u8].

    - let mut buffer = vec![];
    

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependencies rust 
opened by dependabot[bot] 0
  • Make server recv truncations a debug-level warning instead of warn

    Make server recv truncations a debug-level warning instead of warn

    Turns out the internet loves sending larger packets to ntp servers (not sure exactly why though, perhaps the nts uid ef?), which is spamming logs a bit.

    opened by davidv1992 0
  • Releases(v0.2.1)
    Owner
    Prossimo (ISRG)
    Let's replace software written in languages that aren't memory safe.
    Prossimo (ISRG)
    Library for Unix users and groups in Rust.

    uzers-rs Adoption and continuation of the unmaintained ogham/rust-users crate. Big shout-out to its creator Benjamin Sago. This is a library for acces

    null 8 Aug 25, 2023
    Library for Unix users and groups in Rust.

    uzers-rs Adoption and continuation of the unmaintained ogham/rust-users crate. Big shout-out to its creator Benjamin Sago. This is a library for acces

    null 8 Sep 18, 2023
    Reviving the Research Edition Unix speak command

    This repository contains the source code of Unix speak program that appeared in the Third (1973) to Sixth (1975) Research Unix editions, slightly adjusted to run on a modern computer. Details on the code's provenance and the methods employed for reviving it can be found in this blog post.

    Diomidis Spinellis 31 Jul 27, 2022
    A shell for research papers

    Reason: A Shell for Research Papers Did I ever read this paper? Which OSDI 2021 papers did I read? Which ones have the word 'Distributed' in their tit

    Jae-Won Chung 121 Nov 27, 2022
    DeFiChain octopus is a codename research & development for DFIP 2111-B: VOC: Ethereum Virtual Machine (EVM) Support.

    DeFiCh/octopus DeFiChain octopus is a codename research & development for DFIP 2111-B: VOC: Ethereum Virtual Machine (EVM) Support . Proposed as a DFI

    DeFi Meta Chain 6 Apr 18, 2022
    command line tools for coprolite research (paleontology and archaeology): estimate the producer's body mass based on coprolite diameter by the use of regression models

    OVERVIEW OF COPROSIZE coprosize employs power, exponential and cubic regression models allowing to estimate the producer's body mass based on coprolit

    Piotr Bajdek 7 Nov 25, 2022
    A free and open-source DNA Sequencing/Visualization software for bioinformatics research.

    DNArchery ?? A free and open-source cross-platform DNA Sequencing/Visualization Software for bioinformatics research. A toolkit for instantly performi

    null 21 Mar 26, 2023
    ⌚ A command-line tool (and library) for the rusty Swatch Internet Time.

    ⌚ A command-line tool (and library) for the rusty Swatch Internet Time. Comes with XBar/Swiftbar support.

    Gil Desmarais 4 Jul 18, 2022
    SKYULL is a command-line interface (CLI) in development that creates REST API project structure templates with the aim of making it easy and fast to start a new project.

    SKYULL is a command-line interface (CLI) in development that creates REST API project structure templates with the aim of making it easy and fast to start a new project. With just a few primary configurations, such as project name, you can get started quickly.

    Gabriel Michaliszen 4 May 9, 2023
    Curated list of awesome projects and resources related to Rust and computer security

    Awesome Rust Security Curated list of awesome projects and resources related to Rust and computer security Table of Contents Tools Web and Cloud Secur

    Alan 131 Jan 1, 2023
    Build some cyber security tools in Rust :crab: :rocket:

    here we're trying to write some tools for cyber security in Rust because we don't have enough community for Rust in the cyber security field soo this

    Khaled Nassar 42 Nov 29, 2022
    Rust Offensive Security Library for making you .EXE go GHOST 🥷🏾

    Ghost Ghost is a rust library that allows you to delete your executable while it's running. Usage // With a default placeholder value on windows (`svc

    Mohammed Maali 7 Apr 17, 2023
    zk-rollup in rust for the advanced security and privacy course

    Efficient zk-Rollup Implementation in Rust This repository contains a simple, single transaction, zero-knowledge rollup made in Rust. We have combined

    Stern Brouwer 3 Nov 3, 2023
    Minimal server (with maximal security) for turning off an X10-controlled fan over HTTP

    "Fan Remote" A self-contained Rust binary to expose a single X10 command (turn off that fan) as an HTML form button. In its current form, it's highly

    Stephan Sokolow 2 Oct 23, 2022
    Baby's first Rust CLI project. Basic implementation of grep. Written in about 100 SLOC.

    minigrep Coding project from Chapter 12 of the The Rust Programming Language book. Usage Compile and run as so minigrep QUERY FILENAME QUERY being the

    Anis 2 Oct 2, 2021
    rpm (Rust project manager) is a tool that helps you to manage your rust projects

    rpm rpm (Rust project manager) is a open source tool for managing your rust project in an organized way Installation # make sure you have rust install

    Dilshad 4 May 4, 2023
    auto-rust is an experimental project that aims to automatically generate Rust code with LLM (Large Language Models) during compilation, utilizing procedural macros.

    Auto Rust auto-rust is an experimental project that aims to automatically generate Rust code with LLM (Large Language Models) during compilation, util

    Minsky 6 May 14, 2023
    A SIMD implementation of Keccak256 for aarch64, forked from Remco Bloeman's Goldilocks K12 implementation.

    keccak256-aarch64 Warning This crate was forked from real cryptographers (Goldilocks by Remco Bloeman), by not a real cryptographer. Do not use this k

    null 6 Oct 24, 2023
    A CLI tool that allow you to create a temporary new rust project using cargo with already installed dependencies

    cargo-temp A CLI tool that allow you to create a new rust project in a temporary directory with already installed dependencies. Install Requires Rust

    Yohan Boogaert 61 Oct 31, 2022