enricobuehler
b4a85a8610
ci / web (push) Successful in 26s
ci / docs-site (push) Successful in 30s
apple / swift (push) Successful in 1m15s
ci / bench (push) Successful in 1m35s
deb / build-publish (push) Successful in 4m31s
ci / rust (push) Successful in 7m2s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 6s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 6s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 5s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 3s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 5m30s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Successful in 5m37s
docker / deploy-docs (push) Successful in 19s
Phase 1 of moving the library off a manual mgmt token: the management API now serves over HTTPS with the host's persistent identity (the cert clients already pin) and OPTIONAL client-cert auth. A request is authorized if EITHER the peer presented a client certificate whose SHA-256 is in the punktfunk/1 paired store (the same trust the QUIC data plane uses — so a paired native client needs no token), OR it carries the bearer token (the web console / admin). `/health` stays open. axum-server can't surface the peer cert to a handler, so `serve_https` runs the rustls handshake itself (tokio-rustls), reads the verified peer certificate, and serves the axum Router over hyper with the fingerprint attached to each request; `require_auth` checks it against `NativePairing::is_paired`. The verifier reuses the GameStream AcceptAnyClientCert, parameterized to make client auth optional (a browser with no cert still completes the handshake and falls back to the token). Validated live: paired cert → 200, unpaired cert / no creds / bad token → 401, bearer → 200, /health open. (Note: the API is now HTTPS with a self-signed cert — a browser shows a one-time trust prompt; native clients pin by fingerprint.) Next: Apple client presents its identity over mTLS (drops the token field); embed the web console; enable HTTPS mgmt by default. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
104 lines
5.2 KiB
TOML
104 lines
5.2 KiB
TOML
[package]
|
|
name = "punktfunk-host"
|
|
description = "punktfunk Linux streaming host: virtual display, capture, encode, input injection"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
rust-version.workspace = true
|
|
license.workspace = true
|
|
authors.workspace = true
|
|
repository.workspace = true
|
|
|
|
[dependencies]
|
|
punktfunk-core = { path = "../punktfunk-core", features = ["quic"] }
|
|
# M3 native control plane (the `punktfunk/1` QUIC handshake; data plane stays native-thread UDP).
|
|
quinn = "0.11"
|
|
anyhow = "1"
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
|
axum = "0.8"
|
|
mdns-sd = "0.20"
|
|
tokio = { version = "1", features = ["full"] }
|
|
rsa = "0.9"
|
|
sha2 = { version = "0.10", features = ["oid"] }
|
|
aes = "0.8"
|
|
aes-gcm = "0.10"
|
|
cbc = { version = "0.1", features = ["alloc"] }
|
|
rand = "0.8"
|
|
hex = "0.4"
|
|
rcgen = { version = "0.13", default-features = false, features = ["aws_lc_rs", "pem"] }
|
|
x509-parser = "0.16"
|
|
axum-server = { version = "0.7", features = ["tls-rustls"] }
|
|
rustls = "0.23"
|
|
rustls-pemfile = "2"
|
|
# Manual HTTPS+mTLS serve loop for the mgmt API (axum-server can't surface the peer cert): a
|
|
# tokio-rustls handshake exposes the client cert, then hyper serves the axum Router with the
|
|
# verified fingerprint injected as a request extension. Versions match the workspace lock.
|
|
tokio-rustls = "0.26"
|
|
hyper = { version = "1", features = ["server", "http1", "http2"] }
|
|
hyper-util = { version = "0.1", features = ["server", "server-auto", "tokio", "service"] }
|
|
tower = { version = "0.5", features = ["util"] }
|
|
rusty_enet = "0.4"
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
# Management/control-plane REST API + OpenAPI (control pane, M2). `axum_extras` wires
|
|
# utoipa into axum 0.8 extractors; utoipa-axum collects `#[utoipa::path]` routes into the
|
|
# spec; utoipa-scalar serves the interactive docs. Codegen-friendly: the spec is emitted
|
|
# verbatim by the `openapi` subcommand. Control plane only — never the per-frame path.
|
|
utoipa = { version = "5", features = ["axum_extras"] }
|
|
utoipa-axum = "0.2"
|
|
utoipa-scalar = { version = "0.3", features = ["axum"] }
|
|
|
|
[dev-dependencies]
|
|
# Drive the management API router in-process (no socket) in the handler tests.
|
|
tower = { version = "0.5", features = ["util"] }
|
|
http-body-util = "0.1"
|
|
|
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
# `screencast` gates the ScreenCast portal module; `remote_desktop` adds the RemoteDesktop
|
|
# portal we use for libei input on KWin/GNOME; `tokio` is the default runtime.
|
|
# `open_pipe_wire_remote` is unconditional, so ashpd's own `pipewire` feature is not
|
|
# needed — we drive PipeWire with the `pipewire` crate below.
|
|
ashpd = { version = "0.13", features = ["screencast", "remote_desktop"] }
|
|
ffmpeg-next = "8"
|
|
libc = "0.2"
|
|
# Must match the pipewire crate ashpd 0.13 links (libspa/pipewire-sys `links` key is
|
|
# unique per build), i.e. 0.9 — NOT the 0.10 the setup doc mentions.
|
|
pipewire = "0.9"
|
|
# ashpd 0.13 uses the tokio runtime; a current-thread runtime drives the one-time
|
|
# portal handshake (control plane — never the per-frame path).
|
|
tokio = { version = "1", features = ["rt", "rt-multi-thread", "net", "time"] }
|
|
# Input injection into headless Sway via the wlroots virtual-input Wayland protocols
|
|
# (uinput won't reach a compositor running with WLR_LIBINPUT_NO_DEVICES=1).
|
|
wayland-client = "0.31"
|
|
wayland-protocols-wlr = { version = "0.3", features = ["client"] }
|
|
wayland-protocols-misc = { version = "0.3", features = ["client"] }
|
|
# Codegen for KDE's `zkde_screencast_unstable_v1` (vendored in `protocols/`): create a KWin
|
|
# virtual output sized to the client's resolution and get its PipeWire node (KRdp's path).
|
|
# `wayland-backend` is referenced by the generated interface tables.
|
|
wayland-scanner = "0.31"
|
|
wayland-backend = "0.3"
|
|
# Parse `pw-dump` JSON to find gamescope's PipeWire node (gamescope backend).
|
|
serde_json = "1"
|
|
# Builds/validates the xkb keymap uploaded to the virtual keyboard + tracks modifier state.
|
|
xkbcommon = "0.8"
|
|
# Opus encode for the GameStream audio stream (links system libopus).
|
|
opus = "0.3"
|
|
# The safe `opus` crate is stereo-only; surround (5.1/7.1) needs the libopus *multistream*
|
|
# encoder (`opus_multistream_encoder_*`). `audiopus_sys` is the sys layer `opus` already
|
|
# vendors (same libopus link), so this adds bindings, not a second copy of the library.
|
|
audiopus_sys = "0.2"
|
|
# libei (EI sender) for the portable input path on KWin/GNOME (RemoteDesktop portal).
|
|
# The `tokio` feature wires reis's event stream into tokio's reactor.
|
|
reis = { version = "0.6.1", features = ["tokio"] }
|
|
# `StreamExt::next` on reis's tokio event stream in the libei worker loop.
|
|
futures-util = "0.3"
|
|
# Zero-copy capture (plan §9): EGL imports the PipeWire dmabuf, CUDA maps it, NVENC encodes
|
|
# it with no CPU roundtrip. `khronos-egl` (dynamic = load the NVIDIA libEGL at runtime) gives
|
|
# eglCreateImage + the dma_buf import; the CUDA driver API (EGL interop) and libgbm are linked
|
|
# via hand-rolled FFI in `src/zerocopy/` (no Rust crate exposes the EGL-interop driver calls).
|
|
khronos-egl = { version = "6", features = ["dynamic"] }
|
|
# Vulkan bridge for LINEAR dmabufs (gamescope): import via VK_EXT_external_memory_dma_buf,
|
|
# GPU-copy into an exportable allocation, export OPAQUE_FD → cuImportExternalMemory (the
|
|
# officially-supported CUDA pairing; raw dmabuf fds are rejected by the desktop driver).
|
|
ash = "0.38"
|