generated from eblume/project-template
Erich Blume
6ba94119e4
Some checks failed
Build / validate (pull_request) Failing after 45s
keyring 4's `keyring` meta-crate has no feature gating and compiles every platform credential backend for the target. On Linux that dragged in the zbus async stack, a redundant libdbus secret-service, the keyutils store, a sqlite/zstd db-keystore, and OpenSSL (~290 crates in its subtree) — a real cost on the RAM/CPU-constrained CI runner building with CARGO_BUILD_JOBS=1. Depend on keyring-core (the API) + exactly one store crate per OS instead: - macOS -> apple-native-keyring-store (keychain feature) - Linux -> dbus-secret-service-keyring-store (crypto-rust; libdbus, no openssl) oauth.rs registers the per-target store as the keyring-core default itself (replacing keyring::use_native_store). Runtime behavior is unchanged (tokens still go to the macOS Keychain / Linux Secret Service). hephd's Linux dependency graph: 401 -> 235 crates (-166), dropping the zbus ecosystem and two C builds (zstd-sys, plus the redundant secret-service path). macOS builds + the full suite are green here (228 tests, clippy -D warnings, fmt, prek); the Linux store path is CI-verified (API confirmed from source). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
49 lines
1.3 KiB
TOML
49 lines
1.3 KiB
TOML
[package]
|
|
name = "hephd"
|
|
description = "Hephaestus per-device daemon: owns the local store and serves surfaces over a unix socket."
|
|
edition.workspace = true
|
|
version.workspace = true
|
|
license.workspace = true
|
|
publish.workspace = true
|
|
authors.workspace = true
|
|
rust-version.workspace = true
|
|
|
|
[lib]
|
|
name = "hephd"
|
|
path = "src/lib.rs"
|
|
|
|
[[bin]]
|
|
name = "hephd"
|
|
path = "src/main.rs"
|
|
|
|
[dependencies]
|
|
heph-core = { path = "../heph-core" }
|
|
chrono.workspace = true
|
|
tokio.workspace = true
|
|
serde.workspace = true
|
|
serde_json.workspace = true
|
|
anyhow.workspace = true
|
|
thiserror.workspace = true
|
|
tracing.workspace = true
|
|
tracing-subscriber.workspace = true
|
|
clap.workspace = true
|
|
axum.workspace = true
|
|
jsonwebtoken.workspace = true
|
|
keyring-core.workspace = true
|
|
reqwest.workspace = true
|
|
ureq.workspace = true
|
|
|
|
# The OS credential backend that `oauth.rs` registers as the keyring-core
|
|
# default store — exactly one per platform, not the whole keyring meta-crate.
|
|
[target.'cfg(target_os = "macos")'.dependencies]
|
|
apple-native-keyring-store.workspace = true
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
dbus-secret-service-keyring-store.workspace = true
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3"
|
|
# Auth tests generate a throwaway RSA key + JWKS at runtime (no key in the repo).
|
|
rsa = "0.9"
|
|
rand = "0.8"
|
|
base64 = "0.22"
|