greentic_dev/
pack_verify.rs1use std::path::Path;
2
3use anyhow::Result;
4use greentic_pack::reader::{PackVerifyResult, SigningPolicy, open_pack};
5use serde_json::json;
6
7#[derive(Debug, Clone, Copy)]
8pub enum VerifyPolicy {
9 Strict,
10 DevOk,
11}
12
13impl From<VerifyPolicy> for SigningPolicy {
14 fn from(policy: VerifyPolicy) -> Self {
15 match policy {
16 VerifyPolicy::Strict => SigningPolicy::Strict,
17 VerifyPolicy::DevOk => SigningPolicy::DevOk,
18 }
19 }
20}
21
22pub fn run(pack_path: &Path, policy: VerifyPolicy, emit_json: bool) -> Result<()> {
23 let load = open_pack(pack_path, policy.into()).map_err(|err: PackVerifyResult| {
24 anyhow::anyhow!("pack verification failed: {}", err.message)
25 })?;
26
27 if emit_json {
28 let doc = json!({
29 "manifest": load.manifest,
30 "report": {
31 "signature_ok": load.report.signature_ok,
32 "sbom_ok": load.report.sbom_ok,
33 "warnings": load.report.warnings,
34 },
35 "sbom": load.sbom,
36 });
37 println!("{}", serde_json::to_string_pretty(&doc)?);
38 } else {
39 println!("✓ Pack verified: {}", pack_path.display());
40 if !load.report.warnings.is_empty() {
41 println!("Warnings:");
42 for warning in &load.report.warnings {
43 println!("- {warning}");
44 }
45 }
46 }
47
48 Ok(())
49}