From 8fa1d25b67e91e651f2382e0cb3b76cf493a8347 Mon Sep 17 00:00:00 2001 From: Matthew Suozzo Date: Fri, 25 Oct 2024 11:26:55 -0400 Subject: [PATCH] Rebrand canonical to stable for artifacts --- internal/api/apiservice/rebuild.go | 4 ++-- internal/verifier/attestation.go | 2 +- internal/verifier/attestation_test.go | 12 ++++++------ internal/verifier/summary.go | 14 +++++++------- internal/verifier/summary_test.go | 14 +++++++------- pkg/archive/archive.go | 12 ++++++------ pkg/archive/tar.go | 10 +++++----- pkg/archive/tar_test.go | 10 +++++----- pkg/archive/zip.go | 4 ++-- pkg/archive/zip_test.go | 10 +++++----- pkg/rebuild/rebuild/compare.go | 16 ++++++++-------- pkg/rebuild/rebuild/rebuildone.go | 2 +- 12 files changed, 55 insertions(+), 55 deletions(-) diff --git a/internal/api/apiservice/rebuild.go b/internal/api/apiservice/rebuild.go index 79a57772..661d664a 100644 --- a/internal/api/apiservice/rebuild.go +++ b/internal/api/apiservice/rebuild.go @@ -222,8 +222,8 @@ func buildAndAttest(ctx context.Context, deps *RebuildPackageDeps, mux rebuild.R return errors.Wrap(err, "comparing artifacts") } exactMatch := bytes.Equal(rb.Hash.Sum(nil), up.Hash.Sum(nil)) - canonicalizedMatch := bytes.Equal(rb.CanonicalHash.Sum(nil), up.CanonicalHash.Sum(nil)) - if !exactMatch && !canonicalizedMatch { + stabilizedMatch := bytes.Equal(rb.StabilizedHash.Sum(nil), up.StabilizedHash.Sum(nil)) + if !exactMatch && !stabilizedMatch { return api.AsStatus(codes.FailedPrecondition, errors.New("rebuild content mismatch")) } input := rebuild.Input{Target: t} diff --git a/internal/verifier/attestation.go b/internal/verifier/attestation.go index f122d504..7f880fae 100644 --- a/internal/verifier/attestation.go +++ b/internal/verifier/attestation.go @@ -96,7 +96,7 @@ func CreateAttestations(ctx context.Context, input rebuild.Input, finalStrategy InvocationID: id, }, Byproducts: []slsa1.ResourceDescriptor{ - {Name: publicNormalizedURI, Digest: makeDigestSet(up.CanonicalHash...)}, + {Name: publicNormalizedURI, Digest: makeDigestSet(up.StabilizedHash...)}, }, }, }, diff --git a/internal/verifier/attestation_test.go b/internal/verifier/attestation_test.go index a7cb041a..a289426e 100644 --- a/internal/verifier/attestation_test.go +++ b/internal/verifier/attestation_test.go @@ -33,14 +33,14 @@ func TestCreateAttestations(t *testing.T) { ctx := context.Background() target := rebuild.Target{Ecosystem: rebuild.CratesIO, Package: "bytes", Version: "1.0.0", Artifact: "bytes-1.0.0.crate"} rbSummary := ArtifactSummary{ - URI: "gs://rebuild.bucket/bytes-1.0.0.crate", - Hash: hashext.NewMultiHash(crypto.SHA256), - CanonicalHash: hashext.NewMultiHash(crypto.SHA256), + URI: "gs://rebuild.bucket/bytes-1.0.0.crate", + Hash: hashext.NewMultiHash(crypto.SHA256), + StabilizedHash: hashext.NewMultiHash(crypto.SHA256), } upSummary := ArtifactSummary{ - URI: "https://up.stream/bytes-1.0.0.crate", - Hash: hashext.NewMultiHash(crypto.SHA256), - CanonicalHash: hashext.NewMultiHash(crypto.SHA256), + URI: "https://up.stream/bytes-1.0.0.crate", + Hash: hashext.NewMultiHash(crypto.SHA256), + StabilizedHash: hashext.NewMultiHash(crypto.SHA256), } buildInfo := &rebuild.BuildInfo{ Target: target, diff --git a/internal/verifier/summary.go b/internal/verifier/summary.go index 77e8f006..c9b2c5e9 100644 --- a/internal/verifier/summary.go +++ b/internal/verifier/summary.go @@ -29,15 +29,15 @@ import ( // ArtifactSummary is a summary of an artifact for the purposes of verification. type ArtifactSummary struct { - URI string - Hash hashext.MultiHash - CanonicalHash hashext.MultiHash + URI string + Hash hashext.MultiHash + StabilizedHash hashext.MultiHash } // SummarizeArtifacts fetches and summarizes the rebuild and upstream artifacts. func SummarizeArtifacts(ctx context.Context, metadata rebuild.LocatableAssetStore, t rebuild.Target, upstreamURI string, hashes []crypto.Hash) (rb, up ArtifactSummary, err error) { - rb = ArtifactSummary{Hash: hashext.NewMultiHash(hashes...), CanonicalHash: hashext.NewMultiHash(hashes...)} - up = ArtifactSummary{Hash: hashext.NewMultiHash(hashes...), CanonicalHash: hashext.NewMultiHash(hashes...), URI: upstreamURI} + rb = ArtifactSummary{Hash: hashext.NewMultiHash(hashes...), StabilizedHash: hashext.NewMultiHash(hashes...)} + up = ArtifactSummary{Hash: hashext.NewMultiHash(hashes...), StabilizedHash: hashext.NewMultiHash(hashes...), URI: upstreamURI} // Fetch and process rebuild. var r io.ReadCloser rbAsset := rebuild.Asset{Target: t, Type: rebuild.RebuildAsset} @@ -48,7 +48,7 @@ func SummarizeArtifacts(ctx context.Context, metadata rebuild.LocatableAssetStor return } defer checkClose(r) - err = archive.Canonicalize(rb.CanonicalHash, io.TeeReader(r, rb.Hash), t.ArchiveType()) + err = archive.Stabilize(rb.StabilizedHash, io.TeeReader(r, rb.Hash), t.ArchiveType()) if err != nil { err = errors.Wrap(err, "fingerprinting rebuild") return @@ -64,7 +64,7 @@ func SummarizeArtifacts(ctx context.Context, metadata rebuild.LocatableAssetStor err = errors.Errorf("non-OK status fetching upstream artifact") return } - err = archive.Canonicalize(up.CanonicalHash, io.TeeReader(resp.Body, up.Hash), t.ArchiveType()) + err = archive.Stabilize(up.StabilizedHash, io.TeeReader(resp.Body, up.Hash), t.ArchiveType()) checkClose(resp.Body) if err != nil { err = errors.Wrap(err, "fingerprinting upstream") diff --git a/internal/verifier/summary_test.go b/internal/verifier/summary_test.go index 54517d00..e3182d37 100644 --- a/internal/verifier/summary_test.go +++ b/internal/verifier/summary_test.go @@ -68,11 +68,11 @@ func TestSummarizeArtifacts(t *testing.T) { } }, }) - canonicalizedHash := hashext.NewMultiHash(crypto.SHA256) - canonicalizedZip := must(archivetest.ZipFile([]archive.ZipEntry{ + stabilizedHash := hashext.NewMultiHash(crypto.SHA256) + stabilizedZip := must(archivetest.ZipFile([]archive.ZipEntry{ {FileHeader: &zip.FileHeader{Name: "foo-0.0.1.dist-info/WHEEL", Modified: time.UnixMilli(0)}, Body: []byte("data")}, })) - must(canonicalizedHash.Write(canonicalizedZip.Bytes())) + must(stabilizedHash.Write(stabilizedZip.Bytes())) rb, up, err := SummarizeArtifacts(ctx, metadata, target, upstreamURI, []crypto.Hash{crypto.SHA256}) if err != nil { t.Fatalf("SummarizeArtifacts() returned error: %v", err) @@ -83,8 +83,8 @@ func TestSummarizeArtifacts(t *testing.T) { if diff := cmp.Diff(origHash.Sum(nil), rb.Hash.Sum(nil)); diff != "" { t.Errorf("SummarizeArtifacts() returned diff for rb.Hash (-want +got):\n%s", diff) } - if diff := cmp.Diff(canonicalizedHash.Sum(nil), rb.CanonicalHash.Sum(nil)); diff != "" { - t.Errorf("SummarizeArtifacts() returned diff for rb.CanonicalHash (-want +got):\n%s", diff) + if diff := cmp.Diff(stabilizedHash.Sum(nil), rb.StabilizedHash.Sum(nil)); diff != "" { + t.Errorf("SummarizeArtifacts() returned diff for rb.StabilizedHash (-want +got):\n%s", diff) } if up.URI != upstreamURI { t.Errorf("SummarizeArtifacts() returned diff for up.URI: want %q, got %q", upstreamURI, up.URI) @@ -92,8 +92,8 @@ func TestSummarizeArtifacts(t *testing.T) { if diff := cmp.Diff(origHash.Sum(nil), up.Hash.Sum(nil)); diff != "" { t.Errorf("SummarizeArtifacts() returned diff for up.Hash (-want +got):\n%s", diff) } - if diff := cmp.Diff(canonicalizedHash.Sum(nil), up.CanonicalHash.Sum(nil)); diff != "" { - t.Errorf("SummarizeArtifacts() returned diff for up.CanonicalHash (-want +got):\n%s", diff) + if diff := cmp.Diff(stabilizedHash.Sum(nil), up.StabilizedHash.Sum(nil)); diff != "" { + t.Errorf("SummarizeArtifacts() returned diff for up.StabilizedHash (-want +got):\n%s", diff) } }) } diff --git a/pkg/archive/archive.go b/pkg/archive/archive.go index 2ed6efbd..b9239a6d 100644 --- a/pkg/archive/archive.go +++ b/pkg/archive/archive.go @@ -23,8 +23,8 @@ import ( "github.com/pkg/errors" ) -// Canonicalize selects and applies the canonicalization routine for the given archive format. -func Canonicalize(dst io.Writer, src io.Reader, f Format) error { +// Stabilize selects and applies the stabilization routine for the given archive format. +func Stabilize(dst io.Writer, src io.Reader, f Format) error { switch f { case ZipFormat: srcReader, size, err := toZipCompatibleReader(src) @@ -37,9 +37,9 @@ func Canonicalize(dst io.Writer, src io.Reader, f Format) error { } zw := zip.NewWriter(dst) defer zw.Close() - err = CanonicalizeZip(zr, zw) + err = StabilizeZip(zr, zw) if err != nil { - return errors.Wrap(err, "canonicalizing zip") + return errors.Wrap(err, "stabilizing zip") } case TarGzFormat: gzr, err := gzip.NewReader(src) @@ -49,9 +49,9 @@ func Canonicalize(dst io.Writer, src io.Reader, f Format) error { defer gzr.Close() gzw := gzip.NewWriter(dst) defer gzw.Close() - err = CanonicalizeTar(tar.NewReader(gzr), tar.NewWriter(gzw)) + err = StabilizeTar(tar.NewReader(gzr), tar.NewWriter(gzw)) if err != nil { - return errors.Wrap(err, "canonicalizing tar") + return errors.Wrap(err, "stabilizing tar") } default: return errors.New("unsupported archive type") diff --git a/pkg/archive/tar.go b/pkg/archive/tar.go index 34e7642a..d0b76bc0 100644 --- a/pkg/archive/tar.go +++ b/pkg/archive/tar.go @@ -35,7 +35,7 @@ import ( // Source: https://github.com/npm/pacote/blob/main/lib/util/tar-create-options.js#L28 var arbitraryTime = time.Date(1985, time.October, 26, 8, 15, 0, 0, time.UTC) -func canonicalizeTarHeader(h *tar.Header) (*tar.Header, error) { +func stabilizeTarHeader(h *tar.Header) (*tar.Header, error) { switch h.Typeflag { case tar.TypeGNUSparse, tar.TypeGNULongName, tar.TypeGNULongLink: // NOTE: Non-PAX header type support can be added, if necessary. @@ -76,8 +76,8 @@ func (e TarEntry) WriteTo(tw *tar.Writer) error { return nil } -// CanonicalizeTar strips volatile metadata and re-writes the provided archive in a canonical form. -func CanonicalizeTar(tr *tar.Reader, tw *tar.Writer) error { +// StabilizeTar strips volatile metadata and re-writes the provided archive in a standard form. +func StabilizeTar(tr *tar.Reader, tw *tar.Writer) error { defer tw.Close() var ents []TarEntry for { @@ -88,7 +88,7 @@ func CanonicalizeTar(tr *tar.Reader, tw *tar.Writer) error { } return err } - canonicalized, err := canonicalizeTarHeader(header) + stabilized, err := stabilizeTarHeader(header) if err != nil { return err } @@ -98,7 +98,7 @@ func CanonicalizeTar(tr *tar.Reader, tw *tar.Writer) error { } // TODO: Memory-intensive. We're buffering the full file in memory (again). // One option would be to do two passes and only buffer what's necessary. - ents = append(ents, TarEntry{canonicalized, buf[:]}) + ents = append(ents, TarEntry{stabilized, buf[:]}) } sort.Slice(ents, func(i, j int) bool { return ents[i].Header.Name < ents[j].Header.Name diff --git a/pkg/archive/tar_test.go b/pkg/archive/tar_test.go index c077a740..e4610b8f 100644 --- a/pkg/archive/tar_test.go +++ b/pkg/archive/tar_test.go @@ -24,7 +24,7 @@ import ( "github.com/google/go-cmp/cmp" ) -func TestCanonicalizeTar(t *testing.T) { +func TestStabilizeTar(t *testing.T) { testCases := []struct { test string input []*TarEntry @@ -77,9 +77,9 @@ func TestCanonicalizeTar(t *testing.T) { } var output bytes.Buffer zr := tar.NewReader(bytes.NewReader(input.Bytes())) - err := CanonicalizeTar(zr, tar.NewWriter(&output)) + err := StabilizeTar(zr, tar.NewWriter(&output)) if err != nil { - t.Fatalf("CanonicalizeTar(%v) = %v, want nil", tc.test, err) + t.Fatalf("StabilizeTar(%v) = %v, want nil", tc.test, err) } var got []*TarEntry { @@ -94,10 +94,10 @@ func TestCanonicalizeTar(t *testing.T) { } } if len(got) != len(tc.expected) { - t.Fatalf("CanonicalizeTar(%v) = %v, want %v", tc.test, got, tc.expected) + t.Fatalf("StabilizeTar(%v) = %v, want %v", tc.test, got, tc.expected) } if !cmp.Equal(got, tc.expected) { - t.Fatalf("CanonicalizeTar(%v) = %v, want %v\nDiff:\n%s", tc.test, got, tc.expected, cmp.Diff(got, tc.expected)) + t.Fatalf("StabilizeTar(%v) = %v, want %v\nDiff:\n%s", tc.test, got, tc.expected, cmp.Diff(got, tc.expected)) } }) } diff --git a/pkg/archive/zip.go b/pkg/archive/zip.go index 8649b1f7..7b9c5cf9 100644 --- a/pkg/archive/zip.go +++ b/pkg/archive/zip.go @@ -68,8 +68,8 @@ func (e ZipEntry) WriteTo(zw *zip.Writer) error { return nil } -// CanonicalizeZip strips volatile metadata and rewrites the provided archive in a canonical form. -func CanonicalizeZip(zr *zip.Reader, zw *zip.Writer) error { +// StabilizeZip strips volatile metadata and rewrites the provided archive in a standard form. +func StabilizeZip(zr *zip.Reader, zw *zip.Writer) error { defer zw.Close() var ents []ZipEntry for _, f := range zr.File { diff --git a/pkg/archive/zip_test.go b/pkg/archive/zip_test.go index 9e70e338..f24c8c2e 100644 --- a/pkg/archive/zip_test.go +++ b/pkg/archive/zip_test.go @@ -22,7 +22,7 @@ import ( "time" ) -func TestCanonicalizeZip(t *testing.T) { +func TestStabilizeZip(t *testing.T) { testCases := []struct { test string input []*ZipEntry @@ -83,9 +83,9 @@ func TestCanonicalizeZip(t *testing.T) { } var output bytes.Buffer zr := must(zip.NewReader(bytes.NewReader(input.Bytes()), int64(input.Len()))) - err := CanonicalizeZip(zr, zip.NewWriter(&output)) + err := StabilizeZip(zr, zip.NewWriter(&output)) if err != nil { - t.Fatalf("CanonicalizeZip(%v) = %v, want nil", tc.test, err) + t.Fatalf("StabilizeZip(%v) = %v, want nil", tc.test, err) } var got []ZipEntry { @@ -95,7 +95,7 @@ func TestCanonicalizeZip(t *testing.T) { } } if len(got) != len(tc.expected) { - t.Fatalf("CanonicalizeZip(%v) = %v, want %v", tc.test, got, tc.expected) + t.Fatalf("StabilizeZip(%v) = %v, want %v", tc.test, got, tc.expected) } for i := range got { if !all( @@ -104,7 +104,7 @@ func TestCanonicalizeZip(t *testing.T) { got[i].FileHeader.Modified.Equal(tc.expected[i].FileHeader.Modified), got[i].FileHeader.Comment == tc.expected[i].FileHeader.Comment, ) { - t.Fatalf("CanonicalizeZip(%v) = %v, want %v", tc.test, got, tc.expected) + t.Fatalf("StabilizeZip(%v) = %v, want %v", tc.test, got, tc.expected) } } }) diff --git a/pkg/rebuild/rebuild/compare.go b/pkg/rebuild/rebuild/compare.go index 4ad95af5..d731f1f6 100644 --- a/pkg/rebuild/rebuild/compare.go +++ b/pkg/rebuild/rebuild/compare.go @@ -38,9 +38,9 @@ func artifactReader(ctx context.Context, t Target, mux RegistryMux) (io.ReadClos } } -// Canonicalize canonicalizes the upstream and rebuilt artifacts. -func Canonicalize(ctx context.Context, t Target, mux RegistryMux, rbPath string, fs billy.Filesystem, assets AssetStore) (rb, up Asset, err error) { - { // Canonicalize rebuild +// Stabilize the upstream and rebuilt artifacts. +func Stabilize(ctx context.Context, t Target, mux RegistryMux, rbPath string, fs billy.Filesystem, assets AssetStore) (rb, up Asset, err error) { + { // Stabilize rebuild rb = Asset{Type: DebugRebuildAsset, Target: t} w, err := assets.Writer(ctx, rb) if err != nil { @@ -52,11 +52,11 @@ func Canonicalize(ctx context.Context, t Target, mux RegistryMux, rbPath string, return rb, up, errors.Wrapf(err, "[INTERNAL] Failed to find rebuilt artifact") } defer f.Close() - if err := archive.Canonicalize(w, f, t.ArchiveType()); err != nil { - return rb, up, errors.Wrapf(err, "[INTERNAL] Canonicalizing rebuild failed") + if err := archive.Stabilize(w, f, t.ArchiveType()); err != nil { + return rb, up, errors.Wrapf(err, "[INTERNAL] Stabilize rebuild failed") } } - { // Canonicalize upstream + { // Stabilize upstream up = Asset{Type: DebugUpstreamAsset, Target: t} w, err := assets.Writer(ctx, up) if err != nil { @@ -68,8 +68,8 @@ func Canonicalize(ctx context.Context, t Target, mux RegistryMux, rbPath string, return rb, up, errors.Wrapf(err, "[INTERNAL] Failed to fetch upstream artifact") } defer r.Close() - if err := archive.Canonicalize(w, r, t.ArchiveType()); err != nil { - return rb, up, errors.Wrapf(err, "[INTERNAL] Canonicalizing upstream failed") + if err := archive.Stabilize(w, r, t.ArchiveType()); err != nil { + return rb, up, errors.Wrapf(err, "[INTERNAL] Stabilize upstream failed") } } return rb, up, nil diff --git a/pkg/rebuild/rebuild/rebuildone.go b/pkg/rebuild/rebuild/rebuildone.go index f04c0094..01cc172b 100644 --- a/pkg/rebuild/rebuild/rebuildone.go +++ b/pkg/rebuild/rebuild/rebuildone.go @@ -122,7 +122,7 @@ func RebuildOne(ctx context.Context, r Rebuilder, input Input, mux RegistryMux, } return nil, nil, errors.Wrapf(err, "failed to stat artifact") } - rb, up, err := Canonicalize(ctx, t, mux, rbPath, fs, assets) + rb, up, err := Stabilize(ctx, t, mux, rbPath, fs, assets) if err != nil { return nil, nil, err }