deps(v4): consolidate Cargo bumps + API migrations + ubuntu 26.04 docs#306
Merged
Conversation
Bumps [pkcs8](https://github.com/RustCrypto/formats) from 0.10.2 to 0.11.0. - [Commits](RustCrypto/formats@pkcs8/v0.10.2...pkcs8/v0.11.0) --- updated-dependencies: - dependency-name: pkcs8 dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rand_core](https://github.com/rust-random/rand_core) from 0.6.4 to 0.9.5. - [Release notes](https://github.com/rust-random/rand_core/releases) - [Changelog](https://github.com/rust-random/rand_core/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-random/rand_core/commits) --- updated-dependencies: - dependency-name: rand_core dependency-version: 0.9.5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the tokio-ecosystem group in /v4 with 1 update: [tokio](https://github.com/tokio-rs/tokio). Updates `tokio` from 1.52.1 to 1.52.2 - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](tokio-rs/tokio@tokio-1.52.1...tokio-1.52.2) --- updated-dependencies: - dependency-name: tokio dependency-version: 1.52.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: tokio-ecosystem ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jsonschema](https://github.com/Stranger6667/jsonschema) from 0.46.3 to 0.46.4. - [Release notes](https://github.com/Stranger6667/jsonschema/releases) - [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md) - [Commits](Stranger6667/jsonschema@ruby-v0.46.3...ruby-v0.46.4) --- updated-dependencies: - dependency-name: jsonschema dependency-version: 0.46.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [rand](https://github.com/rust-random/rand) from 0.9.4 to 0.10.1. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md) - [Commits](rust-random/rand@0.9.4...0.10.1) --- updated-dependencies: - dependency-name: rand dependency-version: 0.10.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ntu docs
pkcs8 0.11 / der 0.8 migration:
- keyless.rs: replace pkcs8::der::{Decode,Encode} with x509_cert::der::{Decode,Encode}
to resolve der 0.7/0.8 version split (x509-cert uses der 0.7, pkcs8 0.11 uses der 0.8)
rand 0.10 migration:
- file.rs: remove rand::RngCore import (no longer re-exported); replace
rng().fill_bytes() with rand::random::<[u8;12]>() (idiomatic rand 0.10)
rand_core compatibility:
- sindri-registry/Cargo.toml: keep rand_core at "0.6" (p256/ecdsa 0.16/0.13
still require rand_core 0.6 OsRng; coordinated upgrade requires p256 bump)
ubuntu consistency (docs):
- TARGETS.md: ubuntu:24.04 → ubuntu:26.04 in example target config
- ADR-009: ubuntu-24.04-arm → ubuntu-26.04-arm in CI matrix table
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
paths.rs:
- Add ENV_LOCK mutex to home_dir_* tests that mutate SINDRI_HOME; prevents
concurrent test runs from racing on the global env var (flaky on ubuntu-latest)
registry/mod.rs:
- detect_source_kind: replace starts_with('/') with Path::is_absolute() so
Windows drive-letter paths (C:\...) are accepted as absolute paths
(was failing detect_source_kind_absolute_path_* on windows-latest CI)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HOME env var is ignored by dirs_next on Windows (uses Win32 API instead).
SINDRI_HOME is the portable override designed for exactly this: tests that
redirect the binary's home dir to a tempdir.
Fixes: init_policy_with_global_flag_writes_to_home,
policy_use_global_flag_writes_to_home on windows-latest CI
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
On Windows, pick_variant falls back to the .sh file when no .ps1 exists. Previously build_command keyed on OS alone and would invoke such a .sh script with pwsh, which is wrong — .sh files must run under bash. Switch to extension-based dispatch: - .ps1 → pwsh -NonInteractive -File - .sh (or anything else) → bash Bash is available on all GitHub-hosted Windows runners via Git for Windows. Fixes: hooks::tests::install_phase_invokes_bash_with_argv on windows-latest Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Background: Windows CI runs intermittently fail with env-var race tests (platform::current_env_override_*, home_dir_honours_sindri_home_env, etc.). The race is between concurrent test threads mutating the global environ table — std::env::set_var is not thread-safe. Pattern: per-crate `pub(crate) static ENV_LOCK: Mutex<()>` shared across all tests in that crate's test binary. Any test calling env::set_var or env::remove_var first acquires the lock. Mirrors the existing convention in sindri-targets::well_known::ENV_LOCK. Changes: - sindri-core: ENV_LOCK promoted from paths.rs::tests-local to file-level pub(crate). platform.rs now uses it across all three env-override tests (fixes flaky `current_env_override_macos_aarch64`). - sindri-extensions: new ENV_LOCK in lib.rs; applied to 5 env-mutating tests in redeemer.rs. - sindri-secrets: new ENV_LOCK in lib.rs; applied to 2 async env tests in backends/env.rs with #[allow(clippy::await_holding_lock)] since the serialisation is intentional. - sindri (binary): new ENV_LOCK in commands/mod.rs; applied to 1 test in rollback.rs and 3 tests in commands/secrets.rs. Also picks up rustfmt's normalisation of build_command in sindri-extensions/src/hooks.rs. These fixes are pure test infrastructure — no runtime user impact. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The earlier ENV_LOCK consolidation covered the home_dir_* tests but missed the three sindri_subpath_* tests in the same module, which mutate SINDRI_HOME_ENV the same way. Under concurrent test execution, those unlocked mutations race with the locked home_dir_* tests and intermittently fail (observed on windows-latest CI). Add the lock acquisition to all three sindri_subpath_* tests. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates PRs #266, #269, #294, #295, #296 with API migrations for breaking changes.
Cargo bumps applied:
pkcs8: 0.10.2 → 0.11.0 (deps(v4)(deps): bump pkcs8 from 0.10.2 to 0.11.0 in /v4 #266)rand_core: 0.6.4 → 0.9.5 (deps(v4)(deps): bump rand_core from 0.6.4 to 0.9.5 in /v4 #269)tokio: 1.52.1 → 1.52.2 (tokio-ecosystem group) (deps(v4)(deps): bump tokio from 1.52.2 to 1.52.3 in /v4 in the tokio-ecosystem group across 1 directory #294)jsonschema: 0.46.3 → 0.46.4 (deps(v4)(deps): bump jsonschema from 0.46.3 to 0.46.4 in /v4 #295)rand: 0.9.4 → 0.10.1 (deps(v4)(deps): bump rand from 0.9.4 to 0.10.1 in /v4 #296)API migrations:
keyless.rs:pkcs8::der::{Decode,Encode}→x509_cert::der::{Decode,Encode}— fixes der 0.7/0.8 version split (pkcs8 0.11 uses der 0.8; x509-cert 0.2.5 uses der 0.7)file.rs: removedrand::RngCoreimport (no longer re-exported in rand 0.10); replacedrng().fill_bytes()withrand::random::<[u8;12]>()rand_core note:
sindri-registry/Cargo.tomlkept atrand_core = "0.6"becausep256 0.13 / ecdsa 0.16still userand_core::OsRngfrom 0.6 in test helpers. A full rand_core 0.9 migration requires coordinatingp256 0.14+ / ecdsa 0.17+upgrades.Ubuntu 26.04 consistency (docs):
TARGETS.md:ubuntu:24.04→ubuntu:26.04in example docker target configADR-009:ubuntu-24.04-arm→ubuntu-26.04-armin CI matrix tableTest plan
cargo fmt --all --check— passescargo clippy --workspace --all-targets -- -D warnings— passes (0 errors)cargo test --workspace— all tests passcargo run -p schema-gen -- --check— all 5 schemas up to datecargo run -p target-doc-gen -- --check— docs up to dateCloses: #266, #294, #295, #296
Partially closes: #269 (rand_core 0.9 in registry requires p256/ecdsa upgrade)
🤖 Generated with Claude Code