994426d18c
Add a couple of "pub use" to make nightly rustdoc pass.
2022-05-20 12:12:23 -04:00
6a00b74b0b
Clarify which releases get advisories.
2022-05-20 11:57:03 -04:00
a42a6467a1
SupportPolicy: Add tiers, clarify what "support" means.
2022-05-20 11:52:22 -04:00
9d26a91886
Remove dbg!()s in tor-config
...
This should satisfy our CI and turn it green again.
2022-05-20 10:34:32 -04:00
b4e9e42278
Merge branch 'cert_dl_recovery_v3' into 'main'
...
DirMgr: Revise error handling to better tolerate reset-able failures
Closes #412 and #439
See merge request tpo/core/arti!511
2022-05-19 12:32:31 +00:00
5b5b4bbbea
Simplify advance and reset functions with mem::replace.
2022-05-19 08:09:05 -04:00
eab0046d0e
Explain why we call update_status unconditionally.
2022-05-19 08:04:57 -04:00
6aebb18e64
Remove BootstrapAction::Impossible
...
It does nothing that Fatal does not. Suggested by @eta in review.
2022-05-19 08:00:41 -04:00
8406cc3b7f
Initial draft policy on supported platforms and dependencies
2022-05-18 09:24:46 -04:00
c70916c0d9
Fix compilation with Rust 1.56.
2022-05-17 14:58:36 -04:00
5de1b93195
DirMgr: Remove blocking_error return path.
2022-05-17 12:25:32 -04:00
53ed5f40cf
DirMgr: Unify error return paths
...
We no longer have separate return paths for recoverable and fatal
errors; instead, they are merged, and distinguished based on
recovery actions.
Since it is now possible for download() to give an error that should
_not_ destroy the previous state, it takes `&mut Box<dyn DirState>`.
This change unfortunately means that we can no longer call `state =
state.advance()`, but instead have to do some mem::swap junk with
poisoned values. Any better solution would be a good thing.
Additionally, the reset() and advance() methods can no longer fail.
There is still a separate return path for reset-triggering errors;
I'm about to fix that.
2022-05-17 12:25:32 -04:00
6450a4113f
Merge branch 'backtrace' into 'main'
...
Do backtrace string matching test only on some platforms.
See merge request tpo/core/arti!512
2022-05-17 15:10:09 +00:00
d7a3fd2c17
DirMgr: Remove special handling of "changed" boolean
2022-05-17 10:16:15 -04:00
273879cb14
Placate rustfmt
...
I found the previous layout *much* better. Ah well.
2022-05-17 15:04:10 +01:00
298b2421f0
Do backtrace string matching test only on some platforms.
...
"Fixes" #455 by suppressing the test.
This is !509 redux.
2022-05-17 15:03:46 +01:00
6bacf3b303
DirMgr: Start refactoring error handling.
...
This commit adds a couple of new error types that we will soon want
to distinguish, and a new way of classifying errors. These are not
yet all used.
2022-05-17 09:52:44 -04:00
f83146bef4
Fix a portability issue with Rust 1.56
2022-05-16 15:02:28 -04:00
e37e37a31c
Give an error if the cache violates If-Modified-Since.
...
This should be sufficient to detect several kinds of nefariousness
that we'd previously overlooked.
2022-05-16 12:49:49 -04:00
37f6730077
Add missing extend_tolerance to add_consensus_text.
...
This should have gone in when we fixed #412
2022-05-16 12:49:49 -04:00
ffc864015a
DirMgr: Blame the correct cache for consensus validation failure
2022-05-16 12:49:49 -04:00
c55738e745
Move consensus signature verification to add-document code.
...
Previously, we did this in `advance()`, but that wasn't so great: it
meant that we could fail in the advance() code, whereas the calls to
`advance()` treated errors as fatal.
This treats failed verification as a blocking error that requires a
reset.
Fixes one aspect of #439 .
2022-05-16 12:49:49 -04:00
d1af40e638
On a blocking error, blame the appropriate directory cache
...
Fortunately, the only error type that we need to handle blocking
errors with actually has a DirSource in it already.
2022-05-16 12:49:49 -04:00
40539cb25e
DirMgr: Add a way for a state to report a blocking error.
...
(A blocking error is one that means that the current bootstrap
attempt has failed, and must be restarted.)
2022-05-16 12:42:25 -04:00
b94f56d6f5
Implement nonfatal errors in add_from_*
2022-05-16 12:42:25 -04:00
d8bd862f2b
DirMgr: Let add_from_* distinguish non-fatal errors
...
Previously all errors were treated as non-fatal.
The add_from_* implementations don't yet behave properly;
I'll fix them in subsequent commits.
2022-05-16 12:42:25 -04:00
f70ad60e65
DirMgr: Improve display for DocSource
...
(Also, implement Display for tor_dirclient::SourceInfo).
2022-05-16 12:42:25 -04:00
ef2640acfa
DirMgr: make DocSource useful by having it include dirserver info.
...
Previously DocSource would tell you whether the document was from
a local store or a cache server, but it wouldn't tell you _which_
server it came from.
This change required adding DocSource as an argument to
DirState::add_from_download.
2022-05-16 12:42:25 -04:00
18d7ece7dd
Merge branch 'ticket_466' into 'main'
...
Reject directory circuits early if they are too skewed.
Closes #412 , #467 , and #466
See merge request tpo/core/arti!501
2022-05-16 15:47:02 +00:00
fb432924a3
Merge branch 'main' into 'ticket_466'
...
# Conflicts:
# doc/semver_status.md
2022-05-16 15:10:00 +00:00
9d8ce43298
Revert "Merge branch 'backtrace' into 'main'"
...
This reverts merge request !509
2022-05-16 15:01:02 +00:00
d69fc2faf9
Merge branch 'backtrace' into 'main'
...
Do backtrace string matching test only on Linux
See merge request tpo/core/arti!509
2022-05-16 15:00:43 +00:00
777b2c123f
Do backtrace string matching test only on Linux
...
"Fixes" #455 by suppressing the test.
2022-05-16 15:00:43 +00:00
34b49422c7
Merge branch 'typos' into 'main'
...
Fix typo
See merge request tpo/core/arti!510
2022-05-14 21:41:04 +00:00
58dc576887
Fix typo
2022-05-14 20:02:53 +03:00
934de16098
Merge branch 'arti-config-2' into 'main'
...
Abolish arti-config, replacing with tombstone crate
See merge request tpo/core/arti!508
2022-05-13 12:30:24 +00:00
f482a5bdd5
Merge branch 'builder-default-3' into 'main'
...
impl_standard_builder: Test the Deserialize impl and have it generate ::builder
See merge request tpo/core/arti!507
2022-05-13 12:14:30 +00:00
4b86818b30
Document semver changes
2022-05-13 12:47:38 +01:00
4e2bd6c798
Abolish arti-config, replacing with tombstone crate
2022-05-13 12:42:30 +01:00
ef36882807
arti-config abolition: Change references to use tor_config
...
Generally, change the paths that mention the crate name to go via a
module-level "use".
This involves adding tor-config as a direct dependency for a few
crates.
2022-05-13 12:42:30 +01:00
b6b5d05e1b
tor-config: Provide useful documentation for sources module
2022-05-13 12:42:30 +01:00
44d2f5ccfd
arti-config abolition: Move functionality to tor-config
...
This crate no longer has any reason to exist. All its remaining
functionality is generic enough to go into tor-config.
In this commit, we move the contents of lib.rs into a new file in
tor-config. It contains:
* Code motion
* The minimal "mod" and "use" changes
* The minimal doc comment
* A new a compat alias for ConfigurationSources.
The compat alias is there because various crates currently speak of
arti_config::ConfigurationSources and it is most convenient to fix
them up after the type is available in tor_config.
2022-05-13 12:42:30 +01:00
9a3205aeba
arti-config abolition: Add deps to tor-config
...
These are needed to support the code which is moving.
2022-05-13 12:41:27 +01:00
cdde87846c
arti-config: Move default config file test to arti-client
...
That's where this definitions is now. This test ought to have been
moved in
Move default_config_file() into arti-client
2022-05-13 12:41:27 +01:00
4115ce50c0
Merge branch 'mistrust-load' into 'main'
...
config load: Move mistrust checking to load()
See merge request tpo/core/arti!504
2022-05-13 10:53:56 +00:00
bdb7cb7a6d
Fix comment location
2022-05-13 10:58:29 +01:00
d7f84b92ab
config load: Move mistrust checking to load()
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/issues/472
Experimentation convinced me the Mistrust should be within the
ConfigurationSources.
2022-05-13 10:58:29 +01:00
58c753429f
arti-bench: Disable all fs permissions (fs-mistrust) checks
...
This is a benchmarking tool, and fs-mistrust doesn't like the
permissions in our CI. The env var ARTI_FS_DISABLE_PERMISSION_CHECKS
is (of course) specific to arti. Maybe it should be honoured here,
or this should be done via the config files.
But disabling this is fine for now.
2022-05-13 10:56:56 +01:00
8f724ad767
impl_standard_builder: Better comments explaining the parser
2022-05-13 10:46:31 +01:00
be5bc04c02
impl_standard_builder: Have it generate FooConfig::builder
...
This deletes many handcoded impls. It also generates lots of impls
that we previously didn't have.
2022-05-12 18:50:26 +01:00
Nick Mathewson
eta
Ian Jackson
Ian Jackson
Dimitris Apostolou