use shared libs, enabling openssl in init

Cargo.lock

@@ -76,12 +76,32 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "async-compression"
+version = "0.4.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddb939d66e4ae03cee6091612804ba446b12878410cfa17f785f4dd67d4014e8"
+dependencies = [
+ "futures-core",
+ "memchr",
+ "pin-project-lite",
+ "tokio",
+ "zstd",
+ "zstd-safe",
+]
+
 [[package]]
 name = "atomic-waker"
 version = "1.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 
+[[package]]
+name = "autocfg"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
+
 [[package]]
 name = "backtrace"
 version = "0.3.75"
@@ -97,12 +117,41 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
+[[package]]
+name = "base64"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
+
 [[package]]
 name = "base64"
 version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
+[[package]]
+name = "bindgen"
+version = "0.66.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2b84e06fc203107bfbad243f4aba2af864eb7db3b1cf46ea0a023b0b433d2a7"
+dependencies = [
+ "bitflags",
+ "cexpr",
+ "clang-sys",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "peeking_take_while",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn 2.0.104",
+ "which",
+]
+
 [[package]]
 name = "bitflags"
 version = "2.9.1"
@@ -132,6 +181,15 @@ dependencies = [
  "shlex",
 ]
 
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
 [[package]]
 name = "cfg-if"
 version = "1.0.1"
@@ -144,6 +202,26 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
 
+[[package]]
+name = "chrono"
+version = "0.4.41"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c469d952047f47f91b68d1cba3f10d63c11d73e4636f24f08daf0278abf01c4d"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "clang-sys"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
 [[package]]
 name = "clap"
 version = "4.5.41"
@@ -187,7 +265,7 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -232,26 +310,35 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
 name = "dkl"
-version = "0.1.0"
+version = "1.0.0"
-source = "git+https://novit.tech/direktil/dkl#8648636cfc18d8549fc0183cb246514eb2ab692e"
+source = "git+https://novit.tech/direktil/dkl#7d02d8f93252d7173190180f79715301607257e3"
 dependencies = [
+ "async-compression",
  "bytes",
+ "chrono",
  "clap",
  "clap_complete",
  "env_logger",
  "eyre",
+ "futures",
  "futures-util",
+ "glob",
+ "hex",
  "log",
+ "nix",
+ "openssl",
+ "page_size",
  "reqwest",
+ "rsmount",
  "serde",
  "serde_json",
  "serde_yaml",
- "thiserror",
+ "thiserror 2.0.12",
  "tokio",
 ]
 
@@ -261,6 +348,18 @@ version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
 
+[[package]]
+name = "embed-doc-image"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af36f591236d9d822425cb6896595658fa558fcebf5ee8accac1d4b92c47166e"
+dependencies = [
+ "base64 0.13.1",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "encoding_rs"
 version = "0.8.35"
@@ -270,6 +369,26 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "enum-iterator"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c280b9e6b3ae19e152d8e31cf47f18389781e119d4013a2a2bb0180e5facc635"
+dependencies = [
+ "enum-iterator-derive",
+]
+
+[[package]]
+name = "enum-iterator-derive"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
 [[package]]
 name = "env_filter"
 version = "0.1.3"
@@ -355,6 +474,21 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "futures"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "futures-util",
+]
+
 [[package]]
 name = "futures-channel"
 version = "0.3.31"
@@ -362,6 +496,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
 dependencies = [
  "futures-core",
+ "futures-sink",
 ]
 
 [[package]]
@@ -370,6 +505,17 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
 
+[[package]]
+name = "futures-executor"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+]
+
 [[package]]
 name = "futures-io"
 version = "0.3.31"
@@ -384,7 +530,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -405,6 +551,7 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
 dependencies = [
+ "futures-channel",
  "futures-core",
  "futures-io",
  "futures-macro",
@@ -445,6 +592,12 @@ version = "0.31.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
 
+[[package]]
+name = "glob"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
+
 [[package]]
 name = "h2"
 version = "0.4.11"
@@ -476,6 +629,21 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
 
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "home"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "http"
 version = "1.3.1"
@@ -574,7 +742,7 @@ version = "0.1.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f66d5bd4c6f02bf0542fad85d626775bab9258cf795a4256dcaf3161114d1df"
 dependencies = [
- "base64",
+ "base64 0.22.1",
  "bytes",
  "futures-channel",
  "futures-core",
@@ -721,7 +889,7 @@ dependencies = [
 name = "init"
 version = "2.4.1"
 dependencies = [
- "base64",
+ "base64 0.22.1",
  "cpio",
  "dkl",
  "env_logger",
@@ -731,6 +899,7 @@ dependencies = [
  "log",
  "lz4",
  "nix",
+ "openssl",
  "regex",
  "serde",
  "serde_json",
@@ -821,7 +990,7 @@ checksum = "03343451ff899767262ec32146f6d559dd759fdadf42ff0e227c7c48f72594b4"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -844,12 +1013,40 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "lazy_static"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
 [[package]]
 name = "libc"
 version = "0.2.174"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"
 
+[[package]]
+name = "libloading"
+version = "0.8.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
+dependencies = [
+ "cfg-if",
+ "windows-targets 0.53.2",
+]
+
+[[package]]
+name = "linux-raw-sys"
+version = "0.4.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
+
 [[package]]
 name = "linux-raw-sys"
 version = "0.9.4"
@@ -899,6 +1096,12 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
 [[package]]
 name = "miniz_oxide"
 version = "0.8.9"
@@ -948,6 +1151,47 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "num_enum"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a973b4e44ce6cad84ce69d797acf9a044532e4184c4f267913d1b546a0727b7a"
+dependencies = [
+ "num_enum_derive",
+ "rustversion",
+]
+
+[[package]]
+name = "num_enum_derive"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77e878c846a8abae00dd069496dbe8751b16ac1c3d6bd2a7283a938e8228f90d"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
 [[package]]
 name = "object"
 version = "0.36.7"
@@ -992,7 +1236,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -1013,6 +1257,22 @@ dependencies = [
  "vcpkg",
 ]
 
+[[package]]
+name = "page_size"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "30d5b2194ed13191c1999ae0704b7839fb18384fa22e49b57eeaa97d79ce40da"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "peeking_take_while"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
+
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -1061,6 +1321,25 @@ dependencies = [
  "zerovec",
 ]
 
+[[package]]
+name = "prettyplease"
+version = "0.2.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a"
+dependencies = [
+ "proc-macro2",
+ "syn 2.0.104",
+]
+
+[[package]]
+name = "proc-macro-crate"
+version = "3.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "edce586971a4dfaa28950c6f18ed55e0406c1ab88bbce2c6f6293a7aaba73d35"
+dependencies = [
+ "toml_edit",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.95"
@@ -1120,7 +1399,7 @@ version = "0.12.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cbc931937e6ca3a06e3b6c0aa7841849b160a90351d6ab467a8b9b9959767531"
 dependencies = [
- "base64",
+ "base64 0.22.1",
  "bytes",
  "encoding_rs",
  "futures-core",
@@ -1171,12 +1450,89 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "rsblkid"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3e6ea0445a9a0f00fc972ca5cc07fccaa56b1d9ccc5fb91a5cc801cbd8a712d"
+dependencies = [
+ "embed-doc-image",
+ "enum-iterator",
+ "libc",
+ "log",
+ "num_enum",
+ "pkg-config",
+ "rsblkid-sys",
+ "thiserror 1.0.69",
+ "typed-builder 0.20.1",
+]
+
+[[package]]
+name = "rsblkid-sys"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd0b957853ba132af30e120c7cc72a5205626f3fe0b4615ff441c31b9cf753e5"
+dependencies = [
+ "bindgen",
+ "cc",
+ "pkg-config",
+]
+
+[[package]]
+name = "rsmount"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a6bcc658c4d3d1a9f71f5618e07293b48f80fffa2455bb64abcb38dac3903b7"
+dependencies = [
+ "embed-doc-image",
+ "enum-iterator",
+ "libc",
+ "log",
+ "num_enum",
+ "once_cell",
+ "pkg-config",
+ "rsblkid",
+ "rsmount-sys",
+ "thiserror 1.0.69",
+ "typed-builder 0.19.1",
+]
+
+[[package]]
+name = "rsmount-sys"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2fee55bbe785bc64e472dd05637c718e418c94193c63bc7af996ad0be4a171b5"
+dependencies = [
+ "bindgen",
+ "cc",
+ "pkg-config",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "989e6739f80c4ad5b13e0fd7fe89531180375b18520cc8c82080e4dc4035b84f"
 
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
+[[package]]
+name = "rustix"
+version = "0.38.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
+dependencies = [
+ "bitflags",
+ "errno",
+ "libc",
+ "linux-raw-sys 0.4.15",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "rustix"
 version = "1.0.8"
@@ -1186,7 +1542,7 @@ dependencies = [
  "bitflags",
  "errno",
  "libc",
- "linux-raw-sys",
+ "linux-raw-sys 0.9.4",
  "windows-sys 0.60.2",
 ]
 
@@ -1284,7 +1640,7 @@ checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -1385,6 +1741,17 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "syn"
 version = "2.0.104"
@@ -1413,7 +1780,7 @@ checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -1456,7 +1823,7 @@ dependencies = [
  "fastrand",
  "getrandom 0.3.3",
  "once_cell",
- "rustix",
+ "rustix 1.0.8",
  "windows-sys 0.59.0",
 ]
 
@@ -1469,13 +1836,33 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "thiserror"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
+dependencies = [
+ "thiserror-impl 1.0.69",
+]
+
 [[package]]
 name = "thiserror"
 version = "2.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
 dependencies = [
- "thiserror-impl",
+ "thiserror-impl 2.0.12",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -1486,7 +1873,7 @@ checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -1526,7 +1913,7 @@ checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]
@@ -1562,6 +1949,23 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "toml_datetime"
+version = "0.6.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c"
+
+[[package]]
+name = "toml_edit"
+version = "0.22.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
+dependencies = [
+ "indexmap",
+ "toml_datetime",
+ "winnow",
+]
+
 [[package]]
 name = "tower"
 version = "0.5.2"
@@ -1632,6 +2036,46 @@ version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
+[[package]]
+name = "typed-builder"
+version = "0.19.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a06fbd5b8de54c5f7c91f6fe4cebb949be2125d7758e630bb58b1d831dbce600"
+dependencies = [
+ "typed-builder-macro 0.19.1",
+]
+
+[[package]]
+name = "typed-builder"
+version = "0.20.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd9d30e3a08026c78f246b173243cf07b3696d274debd26680773b6773c2afc7"
+dependencies = [
+ "typed-builder-macro 0.20.1",
+]
+
+[[package]]
+name = "typed-builder-macro"
+version = "0.19.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9534daa9fd3ed0bd911d462a37f172228077e7abf18c18a5f67199d959205f8"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
+[[package]]
+name = "typed-builder-macro"
+version = "0.20.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c36781cc0e46a83726d9879608e4cf6c2505237e263a8eb8c24502989cfdb28"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.18"
@@ -1731,7 +2175,7 @@ dependencies = [
  "log",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
  "wasm-bindgen-shared",
 ]
 
@@ -1766,7 +2210,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -1803,6 +2247,18 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix 0.38.44",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.9"
@@ -2015,6 +2471,15 @@ version = "0.53.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
 
+[[package]]
+name = "winnow"
+version = "0.7.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3edebf492c8125044983378ecb5766203ad3b4c2f7a922bd7dd207f6d443e95"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "wit-bindgen-rt"
 version = "0.39.0"
@@ -2050,7 +2515,7 @@ checksum = "38da3c9736e16c5d3c8c597a9aaa5d1fa565d0532ae05e27c24aa62fb32c0ab6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
  "synstructure",
 ]
 
@@ -2071,7 +2536,7 @@ checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
  "synstructure",
 ]
 
@@ -2111,7 +2576,7 @@ checksum = "5b96237efa0c878c64bd89c436f661be4e46b2f3eff1ebb976f7ef2321d2f58f"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.104",
 ]
 
 [[package]]

Cargo.toml

@@ -13,7 +13,7 @@ codegen-units = 1
 [dependencies]
 libc = { version = "0.2", default-features = false }
 env_logger = "0.11.3"
-eyre = "0.6.12"
+eyre = { version = "0.6.12" }
 itertools = "0.14.0"
 log = "0.4.21"
 nix = { version = "0.30.1", features = ["feature", "mount", "process", "reboot", "signal"] }
@@ -30,4 +30,5 @@ cpio = "0.4.1"
 lz4 = "1.28.1"
 base64 = "0.22.1"
 sys-info = "0.9.1"
-dkl = { git = "https://novit.tech/direktil/dkl", version = "0.1.0" }
+dkl = { git = "https://novit.tech/direktil/dkl", version = "1.0.0" }
+openssl = "0.10.73"

Dockerfile

@@ -1,12 +1,12 @@
 from rust:1.88.0-alpine as rust
 
-run apk add --no-cache git musl-dev libudev-zero-dev # pkgconfig cryptsetup-dev lvm2-dev clang-dev clang-static
+run apk add --no-cache git musl-dev libudev-zero-dev openssl-dev cryptsetup-dev lvm2-dev clang-libs clang-dev
 
 workdir /src
 copy . .
 run --mount=type=cache,id=novit-rs,target=/usr/local/cargo/registry \
     --mount=type=cache,id=novit-rs-target,sharing=private,target=/src/target \
-    cargo build --release && cp target/release/init /
+    RUSTFLAGS="-C target-feature=-crt-static" cargo install --path . --root /dist
 
 # ------------------------------------------------------------------------
 from alpine:3.22.0 as initrd
@@ -17,24 +17,25 @@ workdir /system
 run . /etc/os-release \
  && wget -O- https://dl-cdn.alpinelinux.org/alpine/v${VERSION_ID%.*}/releases/x86_64/alpine-minirootfs-${VERSION_ID}-x86_64.tar.gz |tar zxv
 
-run apk add --no-cache --update -p . musl coreutils \
+run apk add --no-cache --update -p . musl libgcc coreutils \
  lvm2 lvm2-extra lvm2-dmeventd udev cryptsetup \
  e2fsprogs lsblk openssl openssh-server wireguard-tools-wg-quick \
  && rm -rf usr/share/apk var/cache/apk etc/motd
 
 copy etc/sshd_config etc/ssh/sshd_config
 
-run mkdir /layer \
+copy --from=rust /dist/bin/init /system/init
- && mv dev /layer \
+
-# && find |cpio -H newc -o |lz4 >/layer/system.alz4
+run mv dev /layer \
+ && chroot . ldd /init |sed -e 's,.*>\s,,' -e 's,^\s*,,' -e 's,\s.*,,' -e 's,^/,,' |sort |uniq >/required_libs \
+ && tar c init -T /required_libs | tar xv -C /layer |xargs rm -v \
  && find |cpio -H newc -o |zstd -19 >/layer/system.azstd
 
 workdir /layer
-copy --from=rust /init init
 run mkdir -p bin run var/log; cd bin && for cmd in init-version init-connect bootstrap; do ln -s ../init $cmd; done
 
 # check viability
-run chroot . init-version
+run ldd bin/init-version; chroot . init-version
 
 run find * |cpio -H newc -oF /initrd
 

src/cmd/init.rs

@@ -1,4 +1,4 @@
-use eyre::{Result, format_err};
+use eyre::{format_err, Result};
 use log::{error, info, warn};
 use std::collections::BTreeSet as Set;
 use std::os::unix::fs::symlink;
@@ -220,6 +220,8 @@ async fn extract_cpio_entry<R: std::io::Read>(
         fs::create_dir_all(parent).await?;
     }
 
+    let _ = fs::remove_file(path).await;
+
     let mode = entry.mode();
     let uid = entry.uid();
     let gid = entry.gid();
@@ -259,30 +261,26 @@ async fn mount(src: Option<&str>, dst: &str, fstype: &str, opts: Option<&str>) {
         error!("failed to create dir {dst}: {e}");
     }
 
-    let mut is_file = false;
+    retry_or_ignore(async || {
+        let mut is_file = false;
 
-    if let Some(src) = src {
+        if let Some(src) = src {
-        retry_or_ignore(async || {
             is_file = (fs::metadata(src).await)
                 .map_err(|e| format_err!("stat {src} failed: {e}"))?
                 .is_file();
-            Ok(())
+            match fstype {
-        })
+                "ext4" => {
-        .await;
+                    exec("fsck.ext4", &["-p", src]).await;
-        match fstype {
+                }
-            "ext4" => {
+                _ => {}
-                exec("fsck.ext4", &["-p", src]).await;
             }
-            _ => {}
         }
-    }
 
-    let mut args = vec![src.unwrap_or("none"), dst, "-t", fstype];
+        let mut args = vec![src.unwrap_or("none"), dst, "-t", fstype];
-    if let Some(opts) = opts {
+        if let Some(opts) = opts {
-        args.extend(["-o", opts]);
+            args.extend(["-o", opts]);
-    }
+        }
 
-    retry_or_ignore(async || {
         // if it's a file, we need to use a loopdev
         if is_file {
             // loopdev crate has annoying dependencies, just use the normal mount program
@@ -392,9 +390,9 @@ fn cmd_str(prog: &str, args: &[&str]) -> (String, Command) {
 
 #[allow(unused)]
 async fn child_reaper() {
-    use nix::sys::wait::{WaitPidFlag, waitpid};
+    use nix::sys::wait::{waitpid, WaitPidFlag};
     use nix::unistd::Pid;
-    use tokio::signal::unix::{SignalKind, signal};
+    use tokio::signal::unix::{signal, SignalKind};
 
     let Ok(mut sigs) =
         signal(SignalKind::child()).inspect_err(|e| warn!("failed to setup SIGCHLD handler: {e}"))
@@ -418,7 +416,7 @@ async fn switch_root(root: &str) -> Result<()> {
     info!("killing all processes and switching root");
     dklog::LOG.close().await;
 
-    use nix::sys::signal::{SIGKILL, kill};
+    use nix::sys::signal::{kill, SIGKILL};
     use nix::unistd::Pid;
 
     if let Err(e) = kill(Pid::from_raw(-1), SIGKILL) {

src/cmd/init/bootstrap.rs

@@ -1,8 +1,8 @@
-use eyre::{Result, format_err};
+use eyre::{format_err, Result};
 use log::{info, warn};
 use tokio::{
     fs,
-    io::{AsyncBufReadExt, BufReader},
+    io::{AsyncBufReadExt, AsyncWriteExt, BufReader},
 };
 
 use dkl::{
@@ -77,42 +77,36 @@ impl Verifier {
             return Ok(Self { pubkey: None });
         };
 
-        use base64::{Engine, prelude::BASE64_STANDARD};
+        use base64::{prelude::BASE64_STANDARD, Engine};
         let pubkey = BASE64_STANDARD.decode(pubkey)?;
         let pubkey = Some(pubkey);
 
         return Ok(Self { pubkey });
     }
 
-    async fn verify_path(&self, path: &str) -> Result<()> {
+    async fn verify_path(&self, path: &str) -> Result<Vec<u8>> {
+        let data = (fs::read(path).await).map_err(|e| format_err!("failed to read {path}: {e}"))?;
+
         let Some(ref pubkey) = self.pubkey else {
-            return Ok(());
+            return Ok(data);
         };
 
         info!("verifying {path}");
 
-        let mut pubkey = std::io::Cursor::new(pubkey);
+        let sig = &format!("{path}.sig");
+        let sig = (fs::read(sig).await).map_err(|e| format_err!("failed to read {sig}: {e}"))?;
 
-        let sig = format!("{path}.sig");
+        use openssl::{hash::MessageDigest, pkey::PKey, sign::Verifier};
+        let pubkey = PKey::public_key_from_der(pubkey)?;
 
-        use std::process::Stdio;
+        let sig_ok = Verifier::new(MessageDigest::sha512(), &pubkey)?
-        use tokio::process::Command;
+            .verify_oneshot(&sig, &data)
+            .map_err(|e| format_err!("verify failed: {e}"))?;
 
-        let mut openssl = Command::new("openssl")
+        if sig_ok {
-            .stdin(Stdio::piped())
+            Ok(data)
-            .args(&["dgst", "-sha512", "-verify", "/dev/stdin"])
-            .args(&["-signature", &sig, path])
-            .spawn()?;
-
-        tokio::io::copy(&mut pubkey, openssl.stdin.as_mut().unwrap()).await?;
-
-        let status = openssl.wait().await?;
-        if status.success() {
-            Ok(())
         } else {
-            Err(format_err!(
+            Err(format_err!("signature verification failed for {path}"))
-                "signature verification failed for {path}: {status}"
-            ))
         }
     }
 }
@@ -145,9 +139,7 @@ async fn seed_config(
         return Err(format_err!("{cfg_path} does not exist after seeding"));
     }
 
-    verifier.verify_path(&cfg_path).await?;
+    verifier.verify_path(&cfg_path).await
-
-    Ok(fs::read(cfg_path).await?)
 }
 
 async fn fetch_bootstrap(seed_url: &str, output_file: &str) -> Result<()> {
@@ -186,19 +178,24 @@ async fn mount_system(cfg: &dkl::Config, bs_dir: &str, verifier: &Verifier) {
     let mut lower_dir = String::new();
 
     for layer in &cfg.layers {
-        let src = if layer == "modules" {
+        let src = retry(async || {
-            "/modules.sqfs".to_string()
+            if layer == "modules" {
-        } else {
+                (fs::read("/modules.sqfs").await)
-            let p = format!("{bs_dir}/{layer}.fs");
+                    .map_err(|e| format_err!("read /modules.sqfs failed: {e}"))
-            retry(async || verifier.verify_path(&p).await).await;
+            } else {
-            p
+                verifier.verify_path(&format!("{bs_dir}/{layer}.fs")).await
-        };
+            }
+        })
+        .await;
 
         let tgt = &format!("{mem_dir}/{layer}.fs");
         retry(async || {
-            info!("copying layer {layer} from {src}");
+            info!("copying layer {layer}");
-            fs::copy(&src, tgt).await?;
+
-            Ok(())
+            let mut out = (fs::File::create(tgt).await)
+                .map_err(|e| format_err!("create {tgt} failed: {e}"))?;
+            (out.write_all(&src).await).map_err(|e| format_err!("write failed: {e}"))?;
+            (out.flush().await).map_err(|e| format_err!("write failed: {e}"))
         })
         .await;