(iggy) branch master updated: fix(cli): disable keyring on musl targets (#2478)

Fri, 12 Dec 2025 03:24:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

hgruszecki pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iggy.git


The following commit(s) were added to refs/heads/master by this push:
     new b34e737e0 fix(cli): disable keyring on musl targets (#2478)
b34e737e0 is described below

commit b34e737e088cd46385eb052de4f5cf46850ce49c
Author: Hubert Gruszecki <[email protected]>
AuthorDate: Fri Dec 12 12:24:48 2025 +0100

    fix(cli): disable keyring on musl targets (#2478)
    
    Musl builds (containers/static binaries) don't have D-Bus or
    secret service available. Use conditional compilation to
    disable keyring functionality and provide clear error
    messages when session storage is attempted.
---
 core/binary_protocol/Cargo.toml                    |  4 ++-
 .../create_personal_access_token.rs                | 20 +++++++++++----
 .../delete_personal_access_tokens.rs               | 18 ++++++++------
 .../src/cli/binary_system/session.rs               | 29 ++++++++++++++++++++++
 core/integration/Cargo.toml                        |  4 ++-
 5 files changed, 61 insertions(+), 14 deletions(-)

diff --git a/core/binary_protocol/Cargo.toml b/core/binary_protocol/Cargo.toml
index aeff9c2a9..e4b41913b 100644
--- a/core/binary_protocol/Cargo.toml
+++ b/core/binary_protocol/Cargo.toml
@@ -37,10 +37,12 @@ chrono = { workspace = true }
 comfy-table = { workspace = true, optional = false }
 dirs = { workspace = true }
 iggy_common = { workspace = true }
-keyring = { workspace = true, optional = false }
 passterm = { workspace = true, optional = false }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true }
 toml = { workspace = true }
 tracing = { workspace = true }
+
+[target.'cfg(not(target_env = "musl"))'.dependencies]
+keyring = { workspace = true }
diff --git 
a/core/binary_protocol/src/cli/binary_personal_access_tokens/create_personal_access_token.rs
 
b/core/binary_protocol/src/cli/binary_personal_access_tokens/create_personal_access_token.rs
index e6ff07ea5..6bce163ea 100644
--- 
a/core/binary_protocol/src/cli/binary_personal_access_tokens/create_personal_access_token.rs
+++ 
b/core/binary_protocol/src/cli/binary_personal_access_tokens/create_personal_access_token.rs
@@ -22,6 +22,7 @@ use anyhow::Context;
 use async_trait::async_trait;
 use iggy_common::PersonalAccessTokenExpiry;
 use iggy_common::create_personal_access_token::CreatePersonalAccessToken;
+#[cfg(not(target_env = "musl"))]
 use keyring::Entry;
 use tracing::{Level, event};
 
@@ -82,11 +83,20 @@ impl CliCommand for CreatePersonalAccessTokenCmd {
             })?;
 
         if self.store_token {
-            let server_address = format!("iggy:{}", self.server_address);
-            let entry = Entry::new(&server_address, &self.create_token.name)?;
-            entry.set_password(&token.token)?;
-            event!(target: PRINT_TARGET, Level::DEBUG,"Stored token under 
service: {} and name: {}", server_address,
-                    self.create_token.name);
+            #[cfg(not(target_env = "musl"))]
+            {
+                let server_address = format!("iggy:{}", self.server_address);
+                let entry = Entry::new(&server_address, 
&self.create_token.name)?;
+                entry.set_password(&token.token)?;
+                event!(target: PRINT_TARGET, Level::DEBUG,"Stored token under 
service: {} and name: {}", server_address,
+                        self.create_token.name);
+            }
+            #[cfg(target_env = "musl")]
+            {
+                anyhow::bail!(
+                    "Token storage is not available on musl targets. Use 
--quiet to print the token instead."
+                );
+            }
             event!(target: PRINT_TARGET, Level::INFO,
                 "Personal access token with name: {} and {} created",
                 self.create_token.name,
diff --git 
a/core/binary_protocol/src/cli/binary_personal_access_tokens/delete_personal_access_tokens.rs
 
b/core/binary_protocol/src/cli/binary_personal_access_tokens/delete_personal_access_tokens.rs
index d8ca5ce46..9eb749e35 100644
--- 
a/core/binary_protocol/src/cli/binary_personal_access_tokens/delete_personal_access_tokens.rs
+++ 
b/core/binary_protocol/src/cli/binary_personal_access_tokens/delete_personal_access_tokens.rs
@@ -21,6 +21,7 @@ use crate::cli::cli_command::{CliCommand, PRINT_TARGET};
 use anyhow::Context;
 use async_trait::async_trait;
 use iggy_common::delete_personal_access_token::DeletePersonalAccessToken;
+#[cfg(not(target_env = "musl"))]
 use keyring::Entry;
 use tracing::{Level, event};
 
@@ -58,13 +59,16 @@ impl CliCommand for DeletePersonalAccessTokenCmd {
                 )
             })?;
 
-        let server_address = format!("iggy:{}", self.server_address);
-        let entry = Entry::new(&server_address, &self.delete_token.name)?;
-        event!(target: PRINT_TARGET, Level::DEBUG,"Checking token presence 
under service: {} and name: {}",
-                server_address, self.delete_token.name);
-        if let Err(e) = entry.delete_credential() {
-            event!(target: PRINT_TARGET, Level::DEBUG, "{}", e);
-        };
+        #[cfg(not(target_env = "musl"))]
+        {
+            let server_address = format!("iggy:{}", self.server_address);
+            let entry = Entry::new(&server_address, &self.delete_token.name)?;
+            event!(target: PRINT_TARGET, Level::DEBUG,"Checking token presence 
under service: {} and name: {}",
+                    server_address, self.delete_token.name);
+            if let Err(e) = entry.delete_credential() {
+                event!(target: PRINT_TARGET, Level::DEBUG, "{}", e);
+            };
+        }
 
         event!(target: PRINT_TARGET, Level::INFO,
             "Personal access token with name: {} deleted", 
self.delete_token.name
diff --git a/core/binary_protocol/src/cli/binary_system/session.rs 
b/core/binary_protocol/src/cli/binary_system/session.rs
index 5e2330dc7..e9c63f871 100644
--- a/core/binary_protocol/src/cli/binary_system/session.rs
+++ b/core/binary_protocol/src/cli/binary_system/session.rs
@@ -16,9 +16,11 @@
  * under the License.
  */
 
+#[cfg(not(target_env = "musl"))]
 use keyring::{Entry, Result};
 
 const SESSION_TOKEN_NAME: &str = "iggy-cli-session";
+#[cfg(not(target_env = "musl"))]
 const SESSION_KEYRING_SERVICE_NAME: &str = "iggy-cli-session";
 
 pub struct ServerSession {
@@ -34,6 +36,7 @@ impl ServerSession {
         &self.server_address
     }
 
+    #[cfg(not(target_env = "musl"))]
     fn get_service_name(&self) -> String {
         format!("{SESSION_KEYRING_SERVICE_NAME}:{}", self.server_address)
     }
@@ -42,6 +45,7 @@ impl ServerSession {
         String::from(SESSION_TOKEN_NAME)
     }
 
+    #[cfg(not(target_env = "musl"))]
     pub fn is_active(&self) -> bool {
         if let Ok(entry) = Entry::new(&self.get_service_name(), 
&self.get_token_name()) {
             return entry.get_password().is_ok();
@@ -50,12 +54,26 @@ impl ServerSession {
         false
     }
 
+    #[cfg(target_env = "musl")]
+    pub fn is_active(&self) -> bool {
+        false
+    }
+
+    #[cfg(not(target_env = "musl"))]
     pub fn store(&self, token: &str) -> Result<()> {
         let entry = Entry::new(&self.get_service_name(), 
&self.get_token_name())?;
         entry.set_password(token)?;
         Ok(())
     }
 
+    #[cfg(target_env = "musl")]
+    pub fn store(&self, _token: &str) -> anyhow::Result<()> {
+        anyhow::bail!(
+            "Session storage is not available on musl targets. Use explicit 
credentials instead."
+        )
+    }
+
+    #[cfg(not(target_env = "musl"))]
     pub fn get_token(&self) -> Option<String> {
         if let Ok(entry) = Entry::new(&self.get_service_name(), 
&self.get_token_name())
             && let Ok(token) = entry.get_password()
@@ -66,8 +84,19 @@ impl ServerSession {
         None
     }
 
+    #[cfg(target_env = "musl")]
+    pub fn get_token(&self) -> Option<String> {
+        None
+    }
+
+    #[cfg(not(target_env = "musl"))]
     pub fn delete(&self) -> Result<()> {
         let entry = Entry::new(&self.get_service_name(), 
&self.get_token_name())?;
         entry.delete_credential()
     }
+
+    #[cfg(target_env = "musl")]
+    pub fn delete(&self) -> anyhow::Result<()> {
+        Ok(())
+    }
 }
diff --git a/core/integration/Cargo.toml b/core/integration/Cargo.toml
index f7e5a1067..c72691d22 100644
--- a/core/integration/Cargo.toml
+++ b/core/integration/Cargo.toml
@@ -41,8 +41,10 @@ humantime = { workspace = true }
 iggy = { workspace = true }
 iggy_binary_protocol = { workspace = true }
 iggy_common = { workspace = true }
-keyring = { workspace = true }
 lazy_static = { workspace = true }
+
+[target.'cfg(not(target_env = "musl"))'.dependencies]
+keyring = { workspace = true }
 libc = "0.2.178"
 log = { workspace = true }
 predicates = { workspace = true }

Reply via email to