greentic-pack-dev 1.1.26495471727

Greentic pack builder CLI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

#![forbid(unsafe_code)]

use std::ffi::OsStr;
use std::fs;
use std::path::{Component, Path};

use anyhow::{Context, Result, anyhow};
use ignore::WalkBuilder;
use sha2::{Digest, Sha256};

use crate::manifest;

/// Canonical representation of a pack directory used for signing.
pub struct CanonicalizedPack {
    /// Concatenated canonical bytes over which the signature is produced.
    pub bytes: Vec<u8>,
    /// Hex encoded SHA-256 digest of the canonical bytes.
    pub digest_hex: String,
}

/// Computes the canonical byte stream of the provided pack directory.
pub fn canonicalize_pack_dir(pack_dir: &Path) -> Result<CanonicalizedPack> {
    let pack_dir = pack_dir
        .canonicalize()
        .with_context(|| format!("failed to resolve pack directory {}", pack_dir.display()))?;

    let mut entries = Vec::new();

    let mut builder = WalkBuilder::new(&pack_dir);
    builder
        .standard_filters(false)
        .git_ignore(false)
        .git_exclude(false)
        .git_global(false)
        .hidden(false)
        .follow_links(true);

    builder.add_custom_ignore_filename(".packignore");

    let walker = builder.build();

    for entry in walker {
        let entry = entry.with_context(|| "failed to walk pack directory")?;

        if entry.depth() == 0 {
            continue;
        }

        let file_type = match entry.file_type() {
            Some(ft) => ft,
            None => continue,
        };

        if file_type.is_dir() {
            continue;
        }

        let abs_path = entry.path();
        let rel_path = abs_path
            .strip_prefix(&pack_dir)
            .with_context(|| format!("failed to strip prefix for {}", abs_path.display()))?;

        if should_skip(rel_path) {
            continue;
        }

        let rel_path_str = normalize_path(rel_path)
            .ok_or_else(|| anyhow!("path {} is not valid UTF-8", rel_path.display()))?;

        let contents = if manifest::is_pack_manifest_path(rel_path) {
            manifest::read_manifest_without_signature(abs_path)?
        } else {
            fs::read(abs_path).with_context(|| format!("failed to read {}", abs_path.display()))?
        };

        entries.push(CanonicalEntry {
            rel_path: rel_path_str,
            contents,
        });
    }

    entries.sort_by(|a, b| a.rel_path.cmp(&b.rel_path));

    let mut buffer = Vec::new();
    for entry in &entries {
        let header = format!("PATH\0{}\nLEN\0{}\n", entry.rel_path, entry.contents.len());
        buffer.extend_from_slice(header.as_bytes());
        buffer.extend_from_slice(&entry.contents);
    }

    let digest = Sha256::digest(&buffer);
    let digest_hex = hex::encode(digest);

    Ok(CanonicalizedPack {
        bytes: buffer,
        digest_hex,
    })
}

struct CanonicalEntry {
    rel_path: String,
    contents: Vec<u8>,
}

fn should_skip(path: &Path) -> bool {
    if path.components().any(|component| match component {
        Component::Normal(name) => matches!(name.to_str(), Some(".git") | Some("target")),
        _ => false,
    }) {
        return true;
    }

    matches!(path.file_name().and_then(OsStr::to_str), Some(".DS_Store"))
}

fn normalize_path(path: &Path) -> Option<String> {
    let mut segments = Vec::new();
    for component in path.components() {
        match component {
            Component::Normal(seg) => segments.push(seg.to_str()?.to_string()),
            Component::CurDir => {}
            Component::ParentDir => segments.push("..".to_string()),
            Component::Prefix(_) | Component::RootDir => return None,
        }
    }

    Some(segments.join("/"))
}