lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/core/archipelago/Cargo.toml
Dorian 30a7f73ead feat(fips): integrate jmcorgan/fips as preferred non-Tor transport + v1.4.0 
Bakes the FIPS (Free Internetworking Peering System) mesh daemon into
the node stack, supervised by archipelago alongside Tor. Runs as a
system service, identity derives from the same BIP-39 master seed, and
user-triggered updates track upstream main.

Identity
  seed.rs: new HKDF label archipelago/fips/secp256k1/v1 → dedicated
  secp256k1 key, distinct from the Nostr-node key for crypto isolation
  but still seed-recoverable
  identity.rs: writes fips_key[.pub] to /data/identity on onboarding,
  chmod 0600; fips_key_exists / load_fips_keys / fips_npub accessors

Transport
  TransportKind::Fips=3 inserted between LAN and Tor (Tor bumps to 4)
  → router prefers FIPS over Tor for all peer traffic
  PeerRecord gains fips_npub + last_fips fields (serde(default) for
  backward-compat with older nodes)
  transport/fips.rs: NodeTransport stub, reports unavailable until the
  daemon is live so router falls through to Tor cleanly

Federation invites
  FederatedNode and FederationInvite carry optional fips_npub
  create_invite / accept_invite / peer-joined callback thread it end
  to end; signature domain deliberately unchanged — FIPS Noise does
  its own session auth, so the unsigned hint only affects path
  selection

crate::fips
  config.rs: renders /etc/fips/fips.yaml and sudo-installs key material
  service.rs: systemctl status/activate/restart/mask wrappers
  update.rs: GitHub API check against upstream main; apply stubbed
  until per-commit .deb artefact source is decided

RPC + dashboard
  fips.status / fips.check-update / fips.apply-update / fips.install /
  fips.restart registered in dispatcher
  HomeNetworkCard.vue shipped standalone (unmounted — place in Home.vue
  when ready); shows state pill, version, FIPS npub, update button,
  activate button when key is present but service is down

ISO + systemd
  archipelago-fips.service: conditional on key presence, masked by
  default — backend unmasks after onboarding writes the key
  build-auto-installer-iso.sh: multi-stage Dockerfile builds the FIPS
  .deb from jmcorgan/fips main (fail-loud), COPYs it into rootfs, apt
  installs it so trixie resolves deps; unit copied + masked

Version bump: 1.3.5 → 1.4.0

Tests: 33 new/updated passing (seed, identity, transport, federation,
fips module, transport::fips).

Known gaps: fips.apply-update returns a clear stub error until
upstream publishes per-commit .deb artefacts; HomeNetworkCard is not
mounted in Home.vue by default.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-18 22:57:51 -04:00

109 lines
2.9 KiB
TOML
Raw Blame History

[package]
name = "archipelago"
version = "1.4.0"
edition = "2021"
description = "Archipelago Bitcoin Node OS - Native backend"
authors = ["Archipelago Team"]
[[bin]]
name = "archipelago"
path = "src/main.rs"
[dependencies]
# Core dependencies
tokio = { version = "1", features = ["full"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
anyhow = "1.0"
thiserror = "1.0"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
# HTTP and WebSocket
hyper = { version = "0.14", features = ["full", "http1"] }
hyper-util = { version = "0.1", features = ["full", "http1"] }
http-body-util = "0.1"
http-body = "1.0"
tower = "0.5"
tower-http = { version = "0.6", features = ["cors", "trace"] }
hyper-ws-listener = "0.3.0"
tokio-tungstenite = "0.20"
futures-util = "0.3"
# Our modules
archipelago-container = { path = "../container" }
archipelago-security = { path = "../security" }
archipelago-performance = { path = "../performance" }
# Database (optional for now - can use SQLite or skip)
# sqlx = { version = "0.7", features = ["sqlite", "runtime-tokio-rustls"] }
# Authentication
bcrypt = "0.15"
sha2 = "0.10.9"
hmac = "0.12.1"
uuid = { version = "1.0", features = ["v4"] }
regex = "1.10"
# Node identity (Ed25519 + X25519 key agreement)
ed25519-dalek = { version = "2.2.0", features = ["rand_core"] }
curve25519-dalek = "4.1.3"
rand = "0.8.5"
hex = "0.4"
bs58 = "0.5"
chrono = "0.4"
# BIP-39 mnemonic seed generation + BIP-32 HD key derivation
bip39 = { version = "=2.1.0", features = ["rand"] }
bitcoin = { version = "=0.32.5", features = ["rand-std"] }
# Configuration
toml = "0.8"
serde_yaml = "0.9"
# HTTP client (for LND REST proxy, Tor SOCKS for peer messaging)
# Uses rustls-tls for cross-compilation (no OpenSSL dependency)
reqwest = { version = "0.11", default-features = false, features = ["json", "socks", "rustls-tls"] }
# Nostr (node discovery + NIP-44 encrypted peer handshake)
nostr-sdk = { version = "0.44", features = ["nip04", "nip44"] }
# Backup encryption (DID identity export) + TOTP 2FA encryption
argon2 = "0.5.3"
chacha20poly1305 = "0.10.1"
base64 = "0.21"
# Full system backup (tar archive + gzip compression)
tar = "0.4"
flate2 = "1.0"
# TOTP 2FA
totp-rs = { version = "5.7", features = ["otpauth", "gen_secret"] }
qrcode = "0.14"
data-encoding = "2.6"
zeroize = { version = "1.8.2", features = ["derive"] }
# Mainline DHT (did:dht — BitTorrent DHT for decentralized identity)
mainline = "2"
zbase32 = "0.1"
bytes = "1"
# Mesh networking (Meshcore serial protocol over USB LoRa radios)
serial2-tokio = "0.1"
# Double Ratchet key derivation (Phase 3: encrypted mesh messaging)
hkdf = "0.12.4"
# Transport abstraction (Phase 2: mesh as federation transport)
ciborium = "0.2.2"
reed-solomon-erasure = "6.0"
mdns-sd = "0.18"
# Systemd watchdog notification
sd-notify = "0.4"
[dev-dependencies]
tokio-test = "0.4"
tempfile = "3.10"
Reference in New Issue View Git Blame Copy Permalink