Update Clap to 4.4

This commit updates Clap from 3.2 to 4.4. This change is needed because
old Clap has a dependency on crate `atty` which is unmaintained: https://rustsec.org/advisories/RUSTSEC-2024-0375
This commit updates the dependency version and the code.

Signed-off-by: Mark Kirichenko <[email protected]>

Author: atanzu

Cargo.toml

@@ -9,7 +9,7 @@ rust-version = "1.71"
 [dependencies]
 serde = { version = ">=1.0", features = ["derive"] }
 chrono = "0.4"
-clap = "3.2"
+clap = "~4.4"
 inotify = "0.10"
 serde_json = "1.0"
 nix = "0.26"

enclave_build/Cargo.toml

@@ -9,7 +9,7 @@ rust-version = "1.71"
 
 [dependencies]
 bollard = "0.16.0"
-clap = "3.2"
+clap = "~4.4"
 serde = { version = "1.0", features = ["derive"] }
 serde_yaml = "0.8"
 serde_json = "1.0"

enclave_build/src/main.rs

@@ -1,144 +1,127 @@
 // Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use clap::{App, AppSettings, Arg};
+use clap::{Arg, ArgAction, Command};
 use std::fs::OpenOptions;
 
 use aws_nitro_enclaves_image_format::generate_build_info;
 use enclave_build::Docker2Eif;
 
 fn main() {
-    let matches = App::new("Docker2Eif builder")
+    let matches = Command::new("Docker2Eif builder")
         .about("Generate consistent EIF image from a Docker image")
-        .setting(AppSettings::DisableVersion)
         .arg(
-            Arg::with_name("docker_image")
+            Arg::new("docker_image")
                 .short('t')
                 .long("tag")
                 .help("Docker image tag")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("init_path")
+            Arg::new("init_path")
                 .short('i')
                 .long("init")
                 .help("Path to a binary representing the init process for the enclave")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("nsm_path")
+            Arg::new("nsm_path")
                 .short('n')
                 .long("nsm")
                 .help("Path to the NitroSecureModule Kernel Driver")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("kernel_img_path")
+            Arg::new("kernel_img_path")
                 .short('k')
                 .long("kernel")
                 .help("Path to a bzImage/Image file for x86_64/aarch64 linux kernel")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("kernel_cfg_path")
+            Arg::new("kernel_cfg_path")
                 .long("kernel_config")
                 .help("Path to a bzImage.config/Image.config file for x86_64/aarch64 linux kernel config")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("cmdline")
+            Arg::new("cmdline")
                 .short('c')
                 .long("cmdline")
                 .help("Cmdline for kernel")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("linuxkit_path")
+            Arg::new("linuxkit_path")
                 .short('l')
                 .long("linuxkit")
                 .help("Linuxkit executable path")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("output")
+            Arg::new("output")
                 .short('o')
                 .long("output")
                 .help("Output file for EIF image")
-                .takes_value(true)
                 .required(true),
         )
         .arg(
-            Arg::with_name("signing-certificate")
+            Arg::new("signing-certificate")
                 .long("signing-certificate")
-                .help("Specify the path to the signing certificate")
-                .takes_value(true),
+                .help("Specify the path to the signing certificate"),
         )
         .arg(
-            Arg::with_name("private-key")
+            Arg::new("private-key")
                 .long("private-key")
-                .help("Specify the path to the private-key")
-                .takes_value(true),
+                .help("Specify the path to the private-key"),
         )
         .arg(
-            Arg::with_name("build")
+            Arg::new("build")
                 .short('b')
                 .long("build")
                 .help("Build image from Dockerfile")
-                .takes_value(true)
-                .required(false),
+                .conflicts_with("pull"),
         )
         .arg(
-            Arg::with_name("pull")
+            Arg::new("pull")
                 .short('p')
                 .long("pull")
                 .help("Pull the Docker image before generating EIF")
-                .required(false)
+                .action(ArgAction::SetTrue)
                 .conflicts_with("build"),
         )
         .arg(
-            Arg::with_name("image_name")
+            Arg::new("image_name")
                 .long("name")
-                .help("Name for enclave image")
-                .takes_value(true),
+                .help("Name for enclave image"),
         )
         .arg(
-            Arg::with_name("image_version")
+            Arg::new("image_version")
                 .long("version")
-                .help("Version of the enclave image")
-                .takes_value(true),
+                .help("Version of the enclave image"),
         )
         .arg(
-            Arg::with_name("metadata")
+            Arg::new("metadata")
                 .long("metadata")
-                .help("Path to JSON containing the custom metadata provided by the user.")
-                .takes_value(true),
+                .help("Path to JSON containing the custom metadata provided by the user"),
         )
         .get_matches();
 
-    let docker_image = matches.value_of("docker_image").unwrap();
-    let init_path = matches.value_of("init_path").unwrap();
-    let nsm_path = matches.value_of("nsm_path").unwrap();
-    let kernel_img_path = matches.value_of("kernel_img_path").unwrap();
-    let kernel_cfg_path = matches.value_of("kernel_cfg_path").unwrap();
-    let cmdline = matches.value_of("cmdline").unwrap();
-    let linuxkit_path = matches.value_of("linuxkit_path").unwrap();
-    let output = matches.value_of("output").unwrap();
+    let docker_image = matches.get_one::<String>("docker_image").unwrap();
+    let init_path = matches.get_one::<String>("init_path").unwrap();
+    let nsm_path = matches.get_one::<String>("nsm_path").unwrap();
+    let kernel_img_path = matches.get_one::<String>("kernel_img_path").unwrap();
+    let kernel_cfg_path = matches.get_one::<String>("kernel_cfg_path").unwrap();
+    let cmdline = matches.get_one::<String>("cmdline").unwrap();
+    let linuxkit_path = matches.get_one::<String>("linuxkit_path").unwrap();
+    let output = matches.get_one::<String>("output").unwrap();
     let signing_certificate = matches
-        .value_of("signing_certificate")
-        .map(|val| val.to_string());
-    let private_key = matches
-        .value_of("private_certificate")
-        .map(|val| val.to_string());
-    let img_name = matches.value_of("image_name").map(|val| val.to_string());
-    let img_version = matches.value_of("image_version").map(|val| val.to_string());
-    let metadata = matches.value_of("metadata").map(|val| val.to_string());
+        .get_one::<String>("signing-certificate")
+        .map(String::from);
+    let private_key = matches.get_one::<String>("private-key").map(String::from);
+    let img_name = matches.get_one::<String>("image_name").map(String::from);
+    let img_version = matches.get_one::<String>("image_version").map(String::from);
+    let metadata = matches.get_one::<String>("metadata").map(String::from);
 
     let mut output = OpenOptions::new()
         .read(true)
@@ -166,10 +149,9 @@ fn main() {
     )
     .unwrap();
 
-    if matches.is_present("build") {
-        let dockerfile_dir = matches.value_of("build").unwrap();
+    if let Some(dockerfile_dir) = matches.get_one::<String>("build") {
         img.build_docker_image(dockerfile_dir.to_string()).unwrap();
-    } else if matches.is_present("pull") {
+    } else if matches.get_flag("pull") {
         img.pull_docker_image().unwrap();
     }
 

samples/command_executer/Cargo.toml

@@ -8,7 +8,7 @@ rust-version = "1.71"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-clap = "3.2"
+clap = "~4.4"
 log = "0.4"
 nix = "0.26"
 serde = { version = ">=1.0", features = ["derive"] }

samples/command_executer/src/command_parser.rs

@@ -80,40 +80,37 @@ impl CommandOutput {
 }
 
 fn parse_cid(args: &ArgMatches) -> Result<u32, String> {
-    let port = args.value_of("cid").ok_or("Could not find cid argument")?;
-    port.parse()
+    args.get_one::<String>("cid")
+        .ok_or("Could not find cid argument")?
+        .parse()
         .map_err(|_err| "cid is not a number".to_string())
 }
 
 fn parse_port(args: &ArgMatches) -> Result<u32, String> {
-    let port = args
-        .value_of("port")
-        .ok_or("Could not find port argument")?;
-    port.parse()
+    args.get_one::<String>("port")
+        .ok_or("Could not find port argument")?
+        .parse()
         .map_err(|_err| "port is not a number".to_string())
 }
 
 fn parse_command(args: &ArgMatches) -> Result<String, String> {
-    let command = args
-        .value_of("command")
-        .ok_or("Could not find command argument")?;
-    Ok(String::from(command))
+    args.get_one::<String>("command")
+        .map(String::from)
+        .ok_or_else(|| "Could not find command argument".to_string())
 }
 
 fn parse_no_wait(args: &ArgMatches) -> bool {
-    args.is_present("no-wait")
+    args.get_flag("no-wait")
 }
 
 fn parse_localfile(args: &ArgMatches) -> Result<String, String> {
-    let output = args
-        .value_of("localpath")
-        .ok_or("Could not find localpath")?;
-    Ok(String::from(output))
+    args.get_one::<String>("localpath")
+        .map(String::from)
+        .ok_or_else(|| "Could not find localpath".to_string())
 }
 
 fn parse_remotefile(args: &ArgMatches) -> Result<String, String> {
-    let output = args
-        .value_of("remotepath")
-        .ok_or("Could not find remotepath")?;
-    Ok(String::from(output))
+    args.get_one::<String>("remotepath")
+        .map(String::from)
+        .ok_or_else(|| "Could not find remotepath".to_string())
 }

samples/command_executer/src/main.rs

@@ -1,4 +1,4 @@
-use clap::{App, AppSettings, Arg, SubCommand};
+use clap::{Arg, ArgAction, Command};
 
 use command_executer::command_parser::{FileArgs, ListenArgs, RunArgs};
 use command_executer::create_app;