forjar 1.4.2

Rust-native Infrastructure as Code — bare-metal first, BLAKE3 state, provenance tracing
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323

//! FJ-1348: Conda package reader — .conda (ZIP) and .tar.bz2 formats.
//!
//! Reads conda packages, extracts files, and parses `index.json` metadata.

use super::chunker::{chunk_directory, tree_hash};
use super::far::{encode_far, FarManifest, FarProvenance};
use crate::tripwire::eventlog::now_iso8601;
use crate::tripwire::hasher::hash_directory;
use std::io::Read;
use std::path::Path;

/// Parsed conda package metadata from `index.json`.
#[derive(Debug, Clone, PartialEq)]
pub struct CondaPackageInfo {
    /// Package name.
    pub name: String,
    /// Package version.
    pub version: String,
    /// Build string identifier.
    pub build: String,
    /// Target architecture (e.g., "x86_64", "noarch").
    pub arch: String,
    /// Conda subdirectory (e.g., "linux-64", "noarch").
    pub subdir: String,
    /// Extracted file entries.
    pub files: Vec<CondaFileEntry>,
}

/// A file entry extracted from a conda package.
#[derive(Debug, Clone, PartialEq)]
pub struct CondaFileEntry {
    /// Relative file path within the package.
    pub path: String,
    /// File size in bytes.
    pub size: u64,
}

/// Auto-detect format by extension and extract to `output_dir`.
pub fn read_conda(path: &Path, output_dir: &Path) -> Result<CondaPackageInfo, String> {
    let ext = path.to_string_lossy().to_string();

    if ext.ends_with(".conda") {
        read_conda_zip(path, output_dir)
    } else if ext.ends_with(".tar.bz2") {
        read_conda_bz2(path, output_dir)
    } else {
        Err(format!(
            "unknown conda format: {} (expected .conda or .tar.bz2)",
            path.display()
        ))
    }
}

/// Decompress a zip entry by name and return the raw tar bytes.
fn decompress_zst_entry(
    archive: &mut zip::ZipArchive<std::fs::File>,
    name: &str,
) -> Result<Vec<u8>, String> {
    let mut entry = archive
        .by_name(name)
        .map_err(|e| format!("zip entry {name}: {e}"))?;
    let mut compressed = Vec::new();
    entry
        .read_to_end(&mut compressed)
        .map_err(|e| format!("read {name}: {e}"))?;
    zstd::decode_all(compressed.as_slice()).map_err(|e| format!("zstd {name}: {e}"))
}

/// Read a modern `.conda` file (ZIP containing tar.zst members).
pub fn read_conda_zip(path: &Path, output_dir: &Path) -> Result<CondaPackageInfo, String> {
    let file = std::fs::File::open(path).map_err(|e| format!("open {}: {e}", path.display()))?;
    let mut archive =
        zip::ZipArchive::new(file).map_err(|e| format!("zip read {}: {e}", path.display()))?;

    std::fs::create_dir_all(output_dir)
        .map_err(|e| format!("mkdir {}: {e}", output_dir.display()))?;

    let mut info: Option<CondaPackageInfo> = None;
    let mut all_files: Vec<CondaFileEntry> = Vec::new();

    let names: Vec<String> = (0..archive.len())
        .filter_map(|i| archive.by_index(i).ok().map(|f| f.name().to_string()))
        .collect();

    for name in &names {
        if name.starts_with("pkg-") && name.ends_with(".tar.zst") {
            let decompressed = decompress_zst_entry(&mut archive, name)?;
            all_files.extend(extract_tar_bytes(&decompressed, output_dir)?);
        } else if name.starts_with("info-") && name.ends_with(".tar.zst") {
            let decompressed = decompress_zst_entry(&mut archive, name)?;
            info = find_index_in_tar(&decompressed)?;
            all_files.extend(extract_tar_bytes(&decompressed, output_dir)?);
        }
    }

    let mut pkg = info.ok_or_else(|| "no index.json in conda package".to_string())?;
    pkg.files = all_files;
    Ok(pkg)
}

/// Process a single bz2 tar entry: extract to output_dir and optionally parse index.json.
fn process_bz2_entry<R: std::io::Read>(
    entry: &mut tar::Entry<R>,
    output_dir: &Path,
) -> Result<Option<(CondaFileEntry, Option<CondaPackageInfo>)>, String> {
    let path_buf = entry
        .path()
        .map_err(|e| format!("entry path: {e}"))?
        .to_path_buf();
    let rel = path_buf.to_string_lossy().to_string();
    let size = entry.size();

    let dest = output_dir.join(&rel);
    if let Some(parent) = dest.parent() {
        std::fs::create_dir_all(parent).map_err(|e| format!("mkdir {}: {e}", parent.display()))?;
    }
    if !entry.header().entry_type().is_file() {
        return Ok(None);
    }

    let mut buf = Vec::with_capacity(size as usize);
    entry
        .read_to_end(&mut buf)
        .map_err(|e| format!("read {rel}: {e}"))?;

    let index_info = if rel == "info/index.json" {
        Some(parse_conda_index(&String::from_utf8_lossy(&buf))?)
    } else {
        None
    };

    std::fs::write(&dest, &buf).map_err(|e| format!("write {}: {e}", dest.display()))?;
    Ok(Some((CondaFileEntry { path: rel, size }, index_info)))
}

/// Read a legacy `.tar.bz2` conda package.
pub fn read_conda_bz2(path: &Path, output_dir: &Path) -> Result<CondaPackageInfo, String> {
    let file = std::fs::File::open(path).map_err(|e| format!("open {}: {e}", path.display()))?;
    let decoder = bzip2::read::BzDecoder::new(file);
    let mut archive = tar::Archive::new(decoder);

    std::fs::create_dir_all(output_dir)
        .map_err(|e| format!("mkdir {}: {e}", output_dir.display()))?;

    let mut info: Option<CondaPackageInfo> = None;
    let mut files: Vec<CondaFileEntry> = Vec::new();

    for entry in archive.entries().map_err(|e| format!("tar entries: {e}"))? {
        let mut entry = entry.map_err(|e| format!("tar entry: {e}"))?;
        if let Some((file_entry, index_info)) = process_bz2_entry(&mut entry, output_dir)? {
            if let Some(pkg_info) = index_info {
                info = Some(pkg_info);
            }
            files.push(file_entry);
        }
    }

    let mut pkg = info.ok_or_else(|| "no info/index.json in tar.bz2".to_string())?;
    pkg.files = files;
    Ok(pkg)
}

/// Parse conda `index.json` into `CondaPackageInfo`.
pub fn parse_conda_index(json: &str) -> Result<CondaPackageInfo, String> {
    let val: serde_json::Value =
        serde_json::from_str(json).map_err(|e| format!("parse index.json: {e}"))?;

    let name = val["name"]
        .as_str()
        .ok_or("index.json missing 'name'")?
        .to_string();
    let version = val["version"]
        .as_str()
        .ok_or("index.json missing 'version'")?
        .to_string();
    let build = val
        .get("build")
        .and_then(|v| v.as_str())
        .unwrap_or("")
        .to_string();
    let arch = val
        .get("arch")
        .and_then(|v| v.as_str())
        .unwrap_or("noarch")
        .to_string();
    let subdir = val
        .get("subdir")
        .and_then(|v| v.as_str())
        .unwrap_or("noarch")
        .to_string();

    Ok(CondaPackageInfo {
        name,
        version,
        build,
        arch,
        subdir,
        files: Vec::new(),
    })
}

/// Convert a conda package to FAR format.
///
/// 1. Extract conda package to temp dir
/// 2. Hash the extracted directory (store_hash)
/// 3. Chunk the directory (chunks + file entries)
/// 4. Compute tree hash for verified streaming
/// 5. Build FarManifest with conda provenance
/// 6. Encode FAR to output file
pub fn conda_to_far(conda_path: &Path, far_output: &Path) -> Result<FarManifest, String> {
    use std::sync::atomic::{AtomicU64, Ordering};
    static COUNTER: AtomicU64 = AtomicU64::new(0);
    let id = COUNTER.fetch_add(1, Ordering::Relaxed);
    let tmp = std::env::temp_dir().join(format!("forjar-conda-{}-{id}", std::process::id()));
    let extract_dir = tmp.join("extracted");
    let _ = std::fs::remove_dir_all(&tmp);
    std::fs::create_dir_all(&extract_dir).map_err(|e| format!("create temp dir: {e}"))?;

    // 1. Extract
    let info = read_conda(conda_path, &extract_dir)?;

    // 2. Store hash
    let store_hash = hash_directory(&extract_dir)?;

    // 3. Chunk
    let (chunks, file_entries) = chunk_directory(&extract_dir)?;

    // 4. Tree hash
    let th = tree_hash(&chunks);
    let tree_hash_str = format!(
        "blake3:{}",
        th.iter().map(|b| format!("{b:02x}")).collect::<String>()
    );

    // 5. Build manifest
    let total_size: u64 = file_entries.iter().map(|f| f.size).sum();
    let manifest = FarManifest {
        name: info.name,
        version: info.version,
        arch: info.arch,
        store_hash,
        tree_hash: tree_hash_str,
        file_count: file_entries.len() as u64,
        total_size,
        files: file_entries,
        provenance: FarProvenance {
            origin_provider: "conda".to_string(),
            origin_ref: Some(format!(
                "{}:{}",
                info.subdir,
                conda_path.file_name().unwrap_or_default().to_string_lossy()
            )),
            origin_hash: None,
            created_at: now_iso8601(),
            generator: format!("forjar {}", env!("CARGO_PKG_VERSION")),
        },
        kernel_contracts: None,
    };

    // 6. Encode
    let chunk_pairs: Vec<([u8; 32], Vec<u8>)> =
        chunks.into_iter().map(|c| (c.hash, c.data)).collect();
    let file = std::fs::File::create(far_output)
        .map_err(|e| format!("create {}: {e}", far_output.display()))?;
    let writer = std::io::BufWriter::new(file);
    encode_far(&manifest, &chunk_pairs, writer)?;

    // Remove the extraction staging directory
    let _ = std::fs::remove_dir_all(&tmp);

    Ok(manifest)
}

// --- internal helpers ---

fn extract_tar_bytes(tar_data: &[u8], output_dir: &Path) -> Result<Vec<CondaFileEntry>, String> {
    let mut archive = tar::Archive::new(tar_data);
    let mut files = Vec::new();

    for entry in archive.entries().map_err(|e| format!("tar entries: {e}"))? {
        let mut entry = entry.map_err(|e| format!("tar entry: {e}"))?;
        let path_buf = entry
            .path()
            .map_err(|e| format!("path: {e}"))?
            .to_path_buf();
        let rel = path_buf.to_string_lossy().to_string();
        let size = entry.size();

        let dest = output_dir.join(&rel);
        if let Some(parent) = dest.parent() {
            std::fs::create_dir_all(parent)
                .map_err(|e| format!("mkdir {}: {e}", parent.display()))?;
        }
        if entry.header().entry_type().is_file() {
            let mut out = std::fs::File::create(&dest)
                .map_err(|e| format!("create {}: {e}", dest.display()))?;
            std::io::copy(&mut entry, &mut out)
                .map_err(|e| format!("write {}: {e}", dest.display()))?;
            files.push(CondaFileEntry { path: rel, size });
        }
    }
    Ok(files)
}

fn find_index_in_tar(tar_data: &[u8]) -> Result<Option<CondaPackageInfo>, String> {
    let mut archive = tar::Archive::new(tar_data);
    for entry in archive.entries().map_err(|e| format!("tar entries: {e}"))? {
        let mut entry = entry.map_err(|e| format!("tar entry: {e}"))?;
        let path_buf = entry
            .path()
            .map_err(|e| format!("path: {e}"))?
            .to_path_buf();
        let rel = path_buf.to_string_lossy().to_string();
        if rel == "index.json" || rel.ends_with("/index.json") {
            let mut content = String::new();
            entry
                .read_to_string(&mut content)
                .map_err(|e| format!("read index.json: {e}"))?;
            return Ok(Some(parse_conda_index(&content)?));
        }
    }
    Ok(None)
}