node: Use `gix_packetline` — heartwood

gix-packetline already is in the dependency closure of radicle-node. Use the well-tested and -used reader instead of ours.

cargo: Add feature for Tor support

node: Explicit default for AddressConfig

The intent to drop outgoing connections is modeled as Option::None which is brittle and easy to miss.

Extend enum AddressConfig with a variant that is more explicit.

Use development version of cyphernet

node: Introduce Announcers

node/test: Add timeouts to functions that wait

The two functions connect and converge used in tests potentially loop forever. Add timeout mechanisms to both.

node/reactor: Rewrite Runtime::run

Make this function clearer, and also have it log in case the service becomes too slow.

hooks: Enable typos, fix reported errors

I2P Support

Co-authored-by: ps

mega

cli-test: Refactor Path Handling

In the previous refactoring in commit 4894657b, the order of entries in $PATH was changed unintentionally. Revisit the order and use nicer APIs to handle paths.

 [codespell]
 skip = .git*,*.lock,.codespellrc
 skip = .git*,*.lock,.codespellrc,target,.jj
 check-hidden = true
 ignore-words-list = ser,noes
 ignore-words-list = set,noes

 [default]
 extend-ignore-re = [
     "[0-9a-f]{7}\\.\\.\\.?[0-9a-f]{7}", # Git range between two short commit IDs
     "[0-9a-f]{7}\\[\\.\\.\\]", # Shortened commit IDs as written in tests
     "did:key:z6Mk[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{44}",
     "rad://z[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{28}",
     "rad:z[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{28}",
     "z6Mk[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{44}",
 ]
 [default.extend-identifiers]
 "typ" = "typ" # We may write "typ" instead of "type". The latter is a Rust keyword.
 [type.codespell]
 check-file = false
 extend-glob = [".codespellrc"]

 [[package]]
 name = "cypheraddr"
 version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba5c54d2ad4ab9941383519471b75d12abc1a7b4779265e233168f2703a730d9"
 source = "git+https://github.com/lorenzleutgeb/cyphernet.rs.git?branch=push-ooltwtzkpvlk#ca0fedcac9f1075d516ce1f0129f4aa9b73ee81e"
 dependencies = [
  "amplify",
  "base32",

 [[package]]
 name = "cyphergraphy"
 version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b67c16c8ef5ddcdab57aab83fd8e770540ea3682ccdae09642c63575b0da2184"
 source = "git+https://github.com/lorenzleutgeb/cyphernet.rs.git?branch=push-ooltwtzkpvlk#ca0fedcac9f1075d516ce1f0129f4aa9b73ee81e"
 dependencies = [
  "amplify",
  "ec25519",

 [[package]]
 name = "cyphernet"
 version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac949369884a7a1d802cc669821269c707be8cec4d65043382e253733d2e62e1"
 source = "git+https://github.com/lorenzleutgeb/cyphernet.rs.git?branch=push-ooltwtzkpvlk#ca0fedcac9f1075d516ce1f0129f4aa9b73ee81e"
 dependencies = [
  "cypheraddr",
  "cyphergraphy",

  "crossbeam-channel",
  "cyphernet",
  "fastrand",
  "gix-packetline",
  "lexopt",
  "log",
  "mio 1.0.4",

 fastrand = { version = "2.0.0", default-features = false }
 git2 = { version = "0.19.0", default-features = false, features = ["vendored-libgit2"] }
 gix-hash = { version = "0.22.1", default-features = false, features = ["sha1"] }
 gix-packetline = { version = "0.21.1", default-features = false }
 human-panic = "2.0.6"
 itertools = "0.14"
 lexopt = "0.3.0"

 inherits = "release"
 debug = true
 incremental = false
 [patch.crates-io]
 cyphernet = { git = "https://github.com/lorenzleutgeb/cyphernet.rs.git", branch = "push-ooltwtzkpvlk" }
 cypheraddr = { git = "https://github.com/lorenzleutgeb/cyphernet.rs.git", branch = "push-ooltwtzkpvlk" }

         // x.y.z, with efe10f95be being a unique prefix of the OID of
         // `HEAD`, and the working directory was dirty.
         // If this is a build pointing to a commit that has release tag, this
         // will just return the tag name itelf, e.g. `releases/x.y.z`.
         // will just return the tag name itself, e.g. `releases/x.y.z`.
         // If all fails, we just use `hash`, which, in the worst case is
         // still "unknown" (see above) but in most cases will just be
         // the short OID of `HEAD`.

 use std::path::{Path, PathBuf};
 use std::str::FromStr;
 use std::sync;
 use std::{env, ffi, fs, io, mem};
 use std::{env, fs, io, mem};
 use snapbox::cmd::{Command, OutputAssert};
 use snapbox::{Assert, Substitutions};
 use thiserror::Error;
 #[cfg(windows)]
 const PATH_SEPARATOR: char = ';';
 #[cfg(not(windows))]
 const PATH_SEPARATOR: char = ':';
 /// Used to ensure the build task is only run once.
 static BUILD: sync::Once = sync::Once::new();

                     vec![]
                 };
                 let bins = bins(self.cwd.clone())
                     .iter()
                     .map(|p| p.as_os_str())
                     .collect::<Vec<_>>()
                     .join(ffi::OsStr::new(&PATH_SEPARATOR.to_string()));
                 let bins = std::env::join_paths(bins(self.cwd.clone())).unwrap();
                 let command = Command::new(cmd.clone())
                     .env_clear()

     }
 }
 /// Get the list of binary paths to use as `PATH` for the tests,
 /// Get the list of binary paths to use as `$PATH` for the tests,
 /// starting with the current working directory.
 fn bins(cwd: PathBuf) -> Vec<PathBuf> {
     let mut bins: Vec<PathBuf> = env::var("PATH")
         .map(|env_path| env_path.split(PATH_SEPARATOR).map(PathBuf::from).collect())
         .unwrap_or_default();
     let mut bins: Vec<PathBuf> = Vec::new();
     // Add current working directory to `$PATH`,
     // this makes it more convenient to execute scripts during testing.
     bins.push(cwd);
     // If we're running in a cargo build environment, add the target
     // directory to `$PATH` as well.
     if let Ok(manifest_dir) = env::var("CARGO_MANIFEST_DIR") {
         let profile = cfg!(debug_assertions)
             .then_some("debug")

         )
     }
     // Add the "real" `$PATH`.
     if let Ok(path) = env::var("PATH") {
         bins.extend(env::split_paths(&path));
     }
     #[cfg(windows)]
     {
         // Radicle CLI tests rely on various Unix coreutils

 name = "rad"
 path = "src/main.rs"
 [features]
 default = ["i2p", "tor"]
 i2p = ["radicle/i2p"]
 tor = ["radicle/tor"]
 [dependencies]
 anyhow = "1"
 chrono = { workspace = true, features = ["clock", "std"] }

     let host = match address.host() {
         HostName::Ip(ip) => ip.to_string(),
         HostName::Dns(dns) => dns.clone(),
         #[cfg(feature = "tor")]
         HostName::Tor(onion) => {
             let onion = onion.to_string();
             let start = onion.chars().take(8).collect::<String>();

                 .collect::<String>();
             format!("{start}…{end}")
         }
         #[cfg(feature = "i2p")]
         HostName::I2p(i2p) => {
             // TODO: Base32 addresses can be shortened like onion addresses.
             i2p.to_string()
         }
         _ => unreachable!(),
     };

         ]),
     ),
 )]
 pub struct PublicKey(pub ed25519::PublicKey);
 pub struct PublicKey(pub amplify::Bytes32);
 impl PublicKey {
     /// Verify the signature for a given payload.
     pub fn verify(
         &self,
         payload: impl AsRef<[u8]>,
         signature: &ed25519::Signature,
     ) -> Result<(), ed25519::Error> {
         ed25519::PublicKey::new(self.0.to_byte_array()).verify(payload, signature)
     }
 }
 #[cfg(feature = "cyphernet")]
 impl cyphernet::display::MultiDisplay<cyphernet::display::Encoding> for PublicKey {

 #[cfg(feature = "ssh")]
 impl From<PublicKey> for ssh_key::PublicKey {
     fn from(key: PublicKey) -> Self {
         ssh_key::PublicKey::from(ssh_key::public::Ed25519PublicKey(**key))
         ssh_key::PublicKey::from(ssh_key::public::Ed25519PublicKey(
             key.deref().to_byte_array(),
         ))
     }
 }

     const COMPRESSED_LEN: usize = 32;
     const CURVE_NAME: &'static str = "Edwards25519";
     type Compressed = [u8; 32];
     type Compressed = amplify::Bytes32;
     fn base_point() -> Self {
         unimplemented!()
     }
     fn to_pk_compressed(&self) -> Self::Compressed {
         *self.0.deref()
         amplify::Bytes32::from_byte_array(self.deref().to_byte_array())
     }
     fn from_pk_compressed(pk: Self::Compressed) -> Result<Self, cyphernet::EcPkInvalid> {
         Ok(PublicKey::from(pk))
         Ok(PublicKey::from(pk.to_byte_array()))
     }
     fn from_pk_compressed_slice(slice: &[u8]) -> Result<Self, cyphernet::EcPkInvalid> {
         ed25519::PublicKey::from_slice(slice)
             .map_err(|_| cyphernet::EcPkInvalid::default())
             .map(Self)
             .map(Self::from)
     }
 }

     /// Elliptic-curve Diffie-Hellman.
     pub fn ecdh(&self, pk: &PublicKey) -> Result<[u8; 32], ed25519::Error> {
         let scalar = self.seed().scalar();
         let ge = edwards25519::GeP3::from_bytes_vartime(pk).ok_or(Error::InvalidPublicKey)?;
         let ge = edwards25519::GeP3::from_bytes_vartime(&pk.deref().to_byte_array())
             .ok_or(Error::InvalidPublicKey)?;
         Ok(edwards25519::ge_scalarmult(&scalar, &ge).to_bytes())
     }

 impl From<ed25519::PublicKey> for PublicKey {
     fn from(other: ed25519::PublicKey) -> Self {
         Self(other)
         Self(amplify::Bytes32::from_byte_array(*other.deref()))
     }
 }
 impl From<PublicKey> for ed25519::PublicKey {
     fn from(val: PublicKey) -> Self {
         ed25519::PublicKey::new(val.0.to_byte_array())
     }
 }
 impl From<[u8; 32]> for PublicKey {
     fn from(other: [u8; 32]) -> Self {
         Self(ed25519::PublicKey::new(other))
         Self(amplify::Bytes32::from_byte_array(other))
     }
 }

     type Error = ed25519::Error;
     fn try_from(other: &[u8]) -> Result<Self, Self::Error> {
         ed25519::PublicKey::from_slice(other).map(Self)
         ed25519::PublicKey::from_slice(other).map(Self::from)
     }
 }

     pub fn to_human(&self) -> String {
         let mut buf = [0; 2 + ed25519::PublicKey::BYTES];
         buf[..2].copy_from_slice(&Self::MULTICODEC_TYPE);
         buf[2..].copy_from_slice(self.0.deref());
         buf[2..].copy_from_slice(self.0.to_byte_array().as_slice());
         multibase::encode(multibase::Base::Base58Btc, buf)
     }

         if let Some(bytes) = bytes.strip_prefix(&Self::MULTICODEC_TYPE) {
             let key = ed25519::PublicKey::from_slice(bytes)?;
             Ok(Self(key))
             Ok(key.into())
         } else {
             Err(PublicKeyError::Multicodec(Self::MULTICODEC_TYPE))
         }

 }
 impl Deref for PublicKey {
     type Target = ed25519::PublicKey;
     type Target = amplify::Bytes32;
     fn deref(&self) -> &Self::Target {
         &self.0

     /// Convert to OpenSSH standard PEM format.
     pub fn to_pem(&self) -> Result<String, ExtendedSignatureError> {
         ssh_key::SshSig::new(
             ssh_key::public::KeyData::from(ssh_key::public::Ed25519PublicKey(**self.key)),
             ssh_key::public::KeyData::from(ssh_key::public::Ed25519PublicKey(
                 (*self.key).to_byte_array(),
             )),
             String::from("radicle"),
             ssh_key::HashAlg::Sha256,
             ssh_key::Signature::new(ssh_key::Algorithm::Ed25519, **self.sig)?,

             .ok_or_else(|| MemorySignerError::NotFound(public_path.to_path_buf()))?;
         secret
             .validate_public_key(&public)
             .validate_public_key(&public.into())
             .map_err(|_| MemorySignerError::KeyMismatch {
                 secret: keystore.secret_key_path().to_path_buf(),
                 public: public_path.to_path_buf(),

     /// the public key from the secret key.
     pub fn from_secret(secret: Zeroizing<SecretKey>) -> Self {
         Self {
             public: PublicKey(secret.public_key()),
             public: PublicKey((*secret.public_key()).into()),
             secret,
         }
     }

         let seed = Seed::new(bytes);
         let keypair = KeyPair::from_seed(seed);
         PublicKey(keypair.pk)
         keypair.pk.into()
     }
 }

 rust-version.workspace = true
 [features]
 default = ["backtrace", "systemd", "structured-logger", "socket2"]
 default = ["backtrace", "i2p", "systemd", "structured-logger", "socket2", "tor"]
 i2p = ["cyphernet/i2p", "radicle/i2p", "radicle-protocol/i2p"]
 systemd = ["dep:radicle-systemd"]
 test = ["radicle/test", "radicle-crypto/test", "radicle-crypto/cyphernet", "radicle-protocol/test", "qcheck", "snapbox"]
 tor = ["cyphernet/tor", "radicle/tor", "radicle-protocol/tor"]
 [dependencies]
 backtrace = { version = "0.3.75", optional = true }

 chrono = { workspace = true, features = ["clock"] }
 colored = { workspace = true }
 crossbeam-channel = { workspace = true }
 cyphernet = { workspace = true, features = ["tor", "dns", "ed25519", "p2p-ed25519", "noise-framework", "noise_sha2"] }
 cyphernet = { workspace = true, features = ["dns", "ed25519", "p2p-ed25519", "noise-framework", "noise_sha2"] }
 fastrand = { workspace = true }
 gix-packetline = { workspace = true, features = ["blocking-io"] }
 lexopt = { workspace = true }
 log = { workspace = true, features = ["kv", "std"] }
 mio = { version = "1", features = ["net", "os-poll"] }

         home: &Home,
         secret_key: &impl std::ops::Deref<Target = crypto::SecretKey>,
     ) -> Result<(), Error> {
         let public_key = crypto::PublicKey(secret_key.deref().public_key());
         let public_key = secret_key.deref().public_key().into();
         let mut file = std::fs::OpenOptions::new()
             .create_new(true)
             .write(true)

 /// Maximum amount of time to wait for I/O.
 const WAIT_TIMEOUT: Duration = Duration::from_secs(SECONDS_IN_AN_HOUR);
 /// Maximum duration we accept the service to spend handling events (and errors,
 /// ticking, etc.) without warning. We set this to be warned whenever the
 /// service becomes so slow that we would not be able to handle at least 100
 /// "requests" per second, i.e. `1s / 100 = 10ms`.
 const LAG_TIMEOUT: Duration = Duration::from_millis(10);
 /// A resource which can be managed by the reactor.
 pub trait EventHandler {
     /// The type of reactions which this resource may generate upon receiving

     fn run(mut self) {
         loop {
             let before_poll = Instant::now();
             let timeout = self
                 .timeouts
                 .next_expiring_from(before_poll)
                 .next_expiring_from(Instant::now())
                 .unwrap_or(WAIT_TIMEOUT);
             self.register_interests()

             let mut events = Events::with_capacity(1024);
             // Blocking
             // Block and wait for I/O events or timeout.
             let res = self.poll.poll(&mut events, Some(timeout));
             self.service.tick();
             // This instant allows us to measure the time spent by the service
             // to handle the result of polling.
             let tick = Instant::now();
             // The way this is currently used basically ignores which keys have
             // timed out. So as long as *something* timed out, we wake the service.
             let timers_fired = self.timeouts.remove_expired_by(tick);
             if timers_fired > 0 {
                 log::trace!(target: "reactor", "Timer has fired");
                 self.service.timer_reacted();
             }
             // We inform the service that time has advanced.
             self.service.tick();
             // We inform the service about errors during polling.
             if let Err(err) = res {
                 log::warn!(target: "reactor", "Failure during polling: {err}");
                 self.service.handle_error(Error::Poll(err));
             }
             let awoken = self.handle_events(tick, events);
             // We inform the service that some timers have reacted.
             // The way this is currently used basically ignores which
             // timers have expired. As long as *something* timed out,
             // we inform the service.
             let timers_fired = self.timeouts.remove_expired_by(tick);
             if timers_fired > 0 {
                 log::trace!(target: "reactor", "Timer has fired");
                 self.service.timer_reacted();
             }
             log::trace!(target: "reactor", "Duration between tick and events handled: {:?}", Instant::now().duration_since(tick));
             // Process the commands only if we awoken by the waker.
             if awoken {
             if events.is_empty() {
                 log::trace!(target: "reactor", "Woke up from poll without events");
             } else if self.handle_events(tick, events) {
                 loop {
                     match self.receiver.try_recv() {
                         Err(TryRecvError::Empty) => break,