Improve coding style

.github/workflows/rust.yml

@@ -25,7 +25,7 @@ jobs:
         components: clippy, rustfmt
 
     - name: Run Clippy
-      run: cargo clippy -- -D warnings --allow unused_variables
+      run: cargo clippy -- -D warnings -D clippy::expect_used -D clippy::unwrap_used --allow unused_variables
 
     - name: Cargo fmt check
       run: cargo fmt --check --all

Cargo.toml

@@ -86,6 +86,7 @@ size-parser = { path = "size-parser" }
 
 # Core dependencies
 anyhow = { version = "1.0.97", default-features = false }
+or-panic = { version = "1.0", default-features = false }
 chrono = "0.4.40"
 clap = { version = "4.5.32", features = ["derive", "string"] }
 dashmap = "6.1.0"

certbot/cli/Cargo.toml

@@ -24,3 +24,4 @@ tokio = { workspace = true, features = ["full"] }
 toml_edit.workspace = true
 tracing-subscriber.workspace = true
 rustls.workspace = true
+or-panic.workspace = true

certbot/cli/src/main.rs

@@ -10,6 +10,7 @@ use certbot::{CertBotConfig, WorkDir};
 use clap::Parser;
 use documented::DocumentedFields;
 use fs_err as fs;
+use or_panic::ResultOrPanic;
 use serde::{Deserialize, Serialize};
 use toml_edit::ser::to_document;
 
@@ -166,7 +167,7 @@ async fn main() -> Result<()> {
     }
     rustls::crypto::ring::default_provider()
         .install_default()
-        .expect("Failed to install default crypto provider");
+        .or_panic("Failed to install default crypto provider");
 
     let args = Args::parse();
     match args.command {

ct_monitor/src/main.rs

@@ -140,7 +140,8 @@ impl Monitor {
 
 fn validate_domain(domain: &str) -> Result<()> {
     let domain_regex =
-        Regex::new(r"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$").unwrap();
+        Regex::new(r"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$")
+            .context("invalid regex")?;
     if !domain_regex.is_match(domain) {
         bail!("invalid domain name");
     }

dstack-mr/Cargo.toml

@@ -24,3 +24,10 @@ hex-literal.workspace = true
 fs-err.workspace = true
 bon.workspace = true
 log.workspace = true
+scale.workspace = true
+
+[dev-dependencies]
+dstack-types.workspace = true
+reqwest = { version = "0.12", default-features = false, features = ["blocking", "rustls-tls"] }
+flate2 = "1.0"
+tar = "0.4"

dstack-mr/cli/src/main.rs

@@ -118,7 +118,7 @@ fn main() -> Result<()> {
                 .context("Failed to measure machine configuration")?;
 
             if config.json {
-                println!("{}", serde_json::to_string_pretty(&measurements).unwrap());
+                println!("{}", serde_json::to_string_pretty(&measurements)?);
             } else {
                 println!("Machine measurements:");
                 println!("MRTD: {}", hex::encode(measurements.mrtd));

dstack-mr/src/acpi.rs

@@ -7,6 +7,7 @@
 
 use anyhow::{bail, Context, Result};
 use log::debug;
+use scale::Decode;
 
 use crate::Machine;
 
@@ -392,6 +393,13 @@ fn qemu_loader_append(data: &mut Vec<u8>, cmd: LoaderCmd) {
     }
 }
 
+/// ACPI table header (first 8 bytes of every ACPI table)
+#[derive(Debug, Decode)]
+struct AcpiTableHeader {
+    signature: [u8; 4],
+    length: u32,
+}
+
 /// Searches for an ACPI table with the given signature and returns its offset,
 /// checksum offset, and length.
 fn find_acpi_table(tables: &[u8], signature: &str) -> Result<(u32, u32, u32)> {
@@ -407,22 +415,21 @@ fn find_acpi_table(tables: &[u8], signature: &str) -> Result<(u32, u32, u32)> {
             bail!("Table not found: {signature}");
         }
 
-        let tbl_sig = &tables[offset..offset + 4];
-        let tbl_len_bytes: [u8; 4] = tables[offset + 4..offset + 8].try_into().unwrap();
-        let tbl_len = u32::from_le_bytes(tbl_len_bytes) as usize;
+        let header = AcpiTableHeader::decode(&mut &tables[offset..])
+            .context("failed to decode ACPI table header")?;
 
-        if tbl_sig == sig_bytes {
+        if header.signature == sig_bytes {
             // Found the table
-            return Ok((offset as u32, (offset + 9) as u32, tbl_len as u32));
+            return Ok((offset as u32, (offset + 9) as u32, header.length));
         }
 
-        if tbl_len == 0 {
+        if header.length == 0 {
             // Invalid table length, stop searching
-            bail!("Found table with zero length at offset {offset}");
+            bail!("found table with zero length at offset {offset}");
         }
         // Move to the next table
-        offset += tbl_len;
+        offset += header.length as usize;
     }
 
-    bail!("Table not found: {signature}");
+    bail!("table not found: {signature}");
 }

dstack-mr/src/kernel.rs

@@ -129,7 +129,7 @@ fn patch_kernel(
 
     let mut kd = kernel_data.to_vec();
 
-    let protocol = u16::from_le_bytes(kd[0x206..0x208].try_into().unwrap());
+    let protocol = u16::from_le_bytes(kd[0x206..0x208].try_into().context("impossible failure")?);
 
     let (real_addr, cmdline_addr) = if protocol < 0x200 || (kd[0x211] & 0x01) == 0 {
         (0x90000_u32, 0x9a000_u32)
@@ -158,14 +158,16 @@ fn patch_kernel(
             bail!("the kernel image is too old for ramdisk");
         }
         let mut initrd_max = if protocol >= 0x20c {
-            let xlf = u16::from_le_bytes(kd[0x236..0x238].try_into().unwrap());
+            let xlf =
+                u16::from_le_bytes(kd[0x236..0x238].try_into().context("impossible failure")?);
             if (xlf & 0x40) != 0 {
                 u32::MAX
             } else {
                 0x37ffffff
             }
         } else if protocol >= 0x203 {
-            let max = u32::from_le_bytes(kd[0x22c..0x230].try_into().unwrap());
+            let max =
+                u32::from_le_bytes(kd[0x22c..0x230].try_into().context("impossible failure")?);
             if max == 0 {
                 0x37ffffff
             } else {