From 4774364c72c9f0058a5c9a03e66c4559c2b4adb3 Mon Sep 17 00:00:00 2001 From: "glm-5.2" Date: Tue, 23 Jun 2026 15:31:42 +0000 Subject: [PATCH] fix(core): gate RawKey TLS helpers on quinn+iroh for clean iroh-only builds (task: core/review-core) The RawKeyCertResolver, Ed25519SigningKey, and std::path::Path imports were gated on #[cfg(feature = "iroh")] but are only used in the quinn TLS server-config path (build_rustls_server_config RawKey arm). With iroh-only builds (--no-default-features --features iroh), these became dead code and triggered clippy -D warnings failures. Re-gated to #[cfg(all(feature = "quinn", feature = "iroh"))] so they only compile when both features are active (the combination that actually uses raw-key TLS via quinn). std::path::Path is now #[cfg(feature = "quinn")] since it is only used by quinn's load_cert_chain/load_private_key helpers. Verified: cargo clippy passes with -D warnings across all four feature combinations (none, quinn, iroh, quinn+iroh). cargo test --all-features passes 55 tests. cargo fmt --check clean. --- crates/alknet-core/src/endpoint.rs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/crates/alknet-core/src/endpoint.rs b/crates/alknet-core/src/endpoint.rs index 3dc3a40..0f0aa02 100644 --- a/crates/alknet-core/src/endpoint.rs +++ b/crates/alknet-core/src/endpoint.rs @@ -6,7 +6,7 @@ use std::collections::HashMap; use std::io; #[cfg(any(feature = "quinn", feature = "iroh"))] use std::net::SocketAddr; -#[cfg(any(feature = "quinn", feature = "iroh"))] +#[cfg(feature = "quinn")] use std::path::Path; use std::sync::Arc; #[cfg(any(feature = "quinn", feature = "iroh"))] @@ -562,12 +562,12 @@ fn generate_self_signed_cert() -> Result { }) } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] struct RawKeyCertResolver { key: Arc, } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl RawKeyCertResolver { fn new(secret_key: &iroh::SecretKey) -> Self { let signing_key = Arc::new(Ed25519SigningKey::new(secret_key.clone())); @@ -580,7 +580,7 @@ impl RawKeyCertResolver { } } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl rustls::server::ResolvesServerCert for RawKeyCertResolver { fn resolve( &self, @@ -594,27 +594,27 @@ impl rustls::server::ResolvesServerCert for RawKeyCertResolver { } } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl std::fmt::Debug for RawKeyCertResolver { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { f.debug_struct("RawKeyCertResolver").finish() } } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] #[derive(Clone)] struct Ed25519SigningKey { key: iroh::SecretKey, } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl std::fmt::Debug for Ed25519SigningKey { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { f.debug_struct("Ed25519SigningKey").finish() } } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl Ed25519SigningKey { fn new(key: iroh::SecretKey) -> Self { Self { key } @@ -628,7 +628,7 @@ impl Ed25519SigningKey { } } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl rustls::sign::SigningKey for Ed25519SigningKey { fn choose_scheme( &self, @@ -650,7 +650,7 @@ impl rustls::sign::SigningKey for Ed25519SigningKey { } } -#[cfg(feature = "iroh")] +#[cfg(all(feature = "quinn", feature = "iroh"))] impl rustls::sign::Signer for Ed25519SigningKey { fn sign(&self, message: &[u8]) -> Result, rustls::Error> { Ok(self.key.sign(message).to_bytes().to_vec()) @@ -823,7 +823,7 @@ mod tests { assert!(auth.tls_client_fingerprint.is_some()); } - #[cfg(feature = "iroh")] + #[cfg(all(feature = "quinn", feature = "iroh"))] #[test] fn raw_key_cert_resolver_only_raw_public_keys() { use rustls::server::ResolvesServerCert;