4 Commits

Author SHA1 Message Date
Pierre Warnier ed578748e9 chore: gitignore AI review artifacts under docs/ (#169) 2026-06-08 13:34:05 +02:00
Pierre Warnier 19af7be38d ci: commit Cargo.lock so cargo audit can run (#167) (#168)
The Security audit workflow runs `cargo audit --file ./Cargo.lock`, but
Cargo.lock was gitignored, so the file was absent in CI and every run
failed with "Couldn't load ./Cargo.lock" — including the daily scheduled
run on main. No advisory scan was ever performed.

Commit the lockfile and drop it from .gitignore. shadow-rs ships binaries
(the setuid-root tools), and committing the lockfile is the convention for
binary crates: it gives reproducible builds and a stable input for the
audit. The fuzz crate's lockfile stays ignored as throwaway tooling.

Closes #167.
2026-06-08 12:59:48 +02:00
Pierre Warnier fd91365e90 gitignore: exclude fuzz corpus, artifacts, and target dirs 2026-03-23 16:08:01 +01:00
Pierre Warnier 97130fea20 scaffold: workspace, shadow-core, passwd tool, Docker test matrix
Cargo workspace with three-layer architecture mirroring uutils conventions:
- shadow-core: /etc/passwd and /etc/shadow parsers, atomic file writes,
  username validation, error types, feature-gated module stubs (PAM,
  SELinux, group, gshadow, login.defs, subid, nscd, lock, uid_alloc)
- uu_passwd: tool skeleton with clap CLI, uumain/uu_app pattern
- multicall binary: argv[0] dispatch with --list support

Docker test matrix (Debian Trixie, Alpine musl, Fedora SELinux):
all three pass clippy -D warnings, 21 tests, and cargo fmt --check.

21 unit tests covering:
- passwd/shadow file parsing and roundtrip serialization
- atomic file write with fsync + rename + failure rollback
- username validation rules (length, charset, edge cases)
- clap command definition
2026-03-23 11:57:10 +01:00