buf-toolchain 1.70.0-rc.3

Installer for official Buf CLI binaries pinned by crate semver.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

//! Installed as `validate-cargo-buf-toolchain` alongside `cargo install buf-toolchain`.
//! Cargo requires a `[[bin]]`; this tool sanity-checks local installs and optionally GitHub.

use std::env;
use std::io::Read;
use std::path::{Path, PathBuf};
use std::process::{Command, Stdio};

use buf_toolchain::targets::from_rust_triple;
use buf_toolchain::upstream::{
    extract_installed_buf_core, report_newer_and_crates_io, verify_binaries_against_github_release,
};

fn main() -> std::process::ExitCode {
    let pkg = env!("CARGO_PKG_VERSION");
    let bin_dir = resolve_canonical_bin_dir();

    println!("validate-cargo-buf-toolchain (buf-toolchain crate {pkg})");
    println!();
    println!(
        "This program ships only because `cargo install` must install an executable. \
         The real payloads — buf and protoc-gen-buf-* — are written by this crate’s \
         build.rs (verified upstream via minisign + sha256.txt at install time)."
    );
    println!();
    println!("Canonical bin directory (same rules as install):");
    println!("  {}", bin_dir.display());
    println!();
    println!("Local checks (crate semver pin) …");
    println!();

    let mut ok = true;
    let mut buf_stdout: Option<String> = None;

    let buf_path = bin_dir.join(if cfg!(windows) { "buf.exe" } else { "buf" });
    match buf_version_output(&buf_path) {
        Some(stdout) => {
            buf_stdout = Some(stdout.clone());
            if buf_stdout_matches_expect(&stdout, pkg) {
                println!("  buf                     OK   {}", stdout.trim());
            } else {
                ok = false;
                println!("  buf                     FAIL reports: {}", stdout.trim());
                println!(
                    "           expected stdout to contain pin `{pkg}` (or semver core if pre-release)."
                );
            }
        }
        None => {
            if buf_path.is_file() {
                ok = false;
                println!(
                    "  buf                     FAIL exists at {} but `buf --version` failed",
                    buf_path.display()
                );
            } else {
                ok = false;
                println!(
                    "  buf                     FAIL missing — expected {}",
                    buf_path.display()
                );
            }
        }
    }

    for (label, name) in [
        ("protoc-gen-buf-breaking", protoc_breaking_name()),
        ("protoc-gen-buf-lint", protoc_lint_name()),
    ] {
        let p = bin_dir.join(name);
        if p.is_file() {
            let len = std::fs::metadata(&p).map(|m| m.len()).unwrap_or(0);
            if len > 256 {
                println!("  {label:24}OK   present ({len} bytes)");
            } else {
                ok = false;
                println!("  {label:24}FAIL present but unexpectedly small ({len} bytes)");
            }
        } else {
            ok = false;
            println!("  {label:24}FAIL missing — expected {}", p.display());
        }
    }

    let offline = env::var("BUF_RS_VALIDATE_OFFLINE")
        .map(|v| v == "1")
        .unwrap_or(false);

    if offline {
        println!();
        println!("Network checks skipped (BUF_RS_VALIDATE_OFFLINE=1).");
    } else if let Some(rt) = host_triple().as_deref().and_then(from_rust_triple) {
        if let Some(ref stdout) = buf_stdout {
            if let Some(core) = extract_installed_buf_core(stdout) {
                println!();
                println!(
                    "Upstream GitHub release v{core} (download sha256.txt + minisign, verify files) …"
                );
                match verify_binaries_against_github_release(&bin_dir, &rt, &core) {
                    Ok(()) => {}
                    Err(e) => {
                        ok = false;
                        eprintln!("  FAIL {e}");
                    }
                }
                println!();
                println!("GitHub latest tag & crates.io buf-toolchain …");
                report_newer_and_crates_io(&core);
            } else {
                println!();
                println!(
                    "Upstream verification skipped (could not parse X.Y.Z from buf --version output)."
                );
            }
        } else {
            println!();
            println!("Upstream verification skipped (buf --version unavailable).");
        }
    } else {
        println!();
        println!(
            "Upstream verification skipped (unsupported TARGET `{}` for asset mapping).",
            host_triple().as_deref().unwrap_or("unknown")
        );
    }

    println!();
    if ok {
        println!("All checks passed.");
        std::process::ExitCode::SUCCESS
    } else {
        eprintln!("One or more checks failed.");
        std::process::ExitCode::from(1)
    }
}

fn protoc_breaking_name() -> &'static str {
    if cfg!(windows) {
        "protoc-gen-buf-breaking.exe"
    } else {
        "protoc-gen-buf-breaking"
    }
}

fn protoc_lint_name() -> &'static str {
    if cfg!(windows) {
        "protoc-gen-buf-lint.exe"
    } else {
        "protoc-gen-buf-lint"
    }
}

fn buf_version_output(buf_exe: &Path) -> Option<String> {
    let mut child = Command::new(buf_exe)
        .arg("--version")
        .stdin(Stdio::null())
        .stdout(Stdio::piped())
        .stderr(Stdio::null())
        .spawn()
        .ok()?;
    let mut stdout = String::new();
    let mut pipe = child.stdout.take()?;
    pipe.read_to_string(&mut stdout).ok()?;
    let status = child.wait().ok()?;
    status.success().then_some(stdout)
}

/// Aligns with [`buf_tools::tests::buf_stdout_matches_expect`] / buf `--version` smoke tests.
fn buf_stdout_matches_expect(stdout: &str, expect_pkg_version: &str) -> bool {
    let stdout = stdout.trim();
    let expect = expect_pkg_version.trim();
    if stdout.contains(expect) {
        return true;
    }
    if let Some((core, rest)) = expect.split_once('-')
        && !rest.is_empty()
        && stdout.contains(core)
    {
        return true;
    }
    false
}

fn resolve_canonical_bin_dir() -> PathBuf {
    if let Ok(dir) = env::var("BUF_RS_TOOLCHAIN_BIN_DIR") {
        let d = dir.trim();
        if !d.is_empty() {
            return PathBuf::from(d);
        }
    }
    cargo_home_bin()
}

fn cargo_home_bin() -> PathBuf {
    if let Ok(home) = env::var("CARGO_HOME") {
        return PathBuf::from(home).join("bin");
    }
    match dirs::home_dir() {
        Some(h) => h.join(".cargo").join("bin"),
        None => PathBuf::from(".cargo").join("bin"),
    }
}

/// Rust host triple for mapping to Buf asset suffixes (matches nested integration tests).
fn host_triple() -> Option<String> {
    if let Some(t) = option_env!("TARGET") {
        return Some(t.to_string());
    }
    let out = Command::new("rustc").args(["-vV"]).output().ok()?;
    if !out.status.success() {
        return None;
    }
    let text = String::from_utf8(out.stdout).ok()?;
    for line in text.lines() {
        if let Some(h) = line.strip_prefix("host: ") {
            return Some(h.trim().to_string());
        }
    }
    None
}