185 lines
7.6 KiB
Bash
Executable File
185 lines
7.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# make-manifest.sh — regenerate larry-anywhere's MANIFEST with authoritative
|
|
# sha256 hashes for every shipped file.
|
|
#
|
|
# WHY (v0.8.11 — manifest-hashing speedup, Clover #14):
|
|
# The auto-updater (larry.sh sync_from_manifest) used to re-download ALL ~48
|
|
# manifest files over authenticated HTTPS every relaunch, then `cmp` locally
|
|
# to find the few that changed and discard the rest — ~3 min for a 3-file
|
|
# update. By publishing each file's expected sha256 IN the MANIFEST, the
|
|
# client fetches MANIFEST ONCE, hashes its local copies, and downloads only
|
|
# the files whose hash differs (or are missing). N round-trips -> 1 + a local
|
|
# hash pass + N real downloads.
|
|
#
|
|
# For that to be correct, the published hashes MUST be authoritative: this
|
|
# script recomputes them at release time. The MANIFEST hash always wins —
|
|
# local != manifest => download. A stale/missing/malformed hash can therefore
|
|
# never SKIP a real update (the client falls back to downloading on any doubt;
|
|
# see sync_from_manifest's fail-safe matrix), but it CAN cause a needless
|
|
# re-download — so we keep the hashes correct by regenerating here.
|
|
#
|
|
# FORMAT it emits (one entry per line, after the comment header):
|
|
# <path><TAB><sha256>
|
|
# Comment (#...) and blank lines are preserved verbatim from the source list so
|
|
# the human-readable section structure survives. Only path lines gain a hash.
|
|
#
|
|
# USAGE:
|
|
# scripts/make-manifest.sh # rewrite ./MANIFEST in place
|
|
# scripts/make-manifest.sh --check # verify MANIFEST is up to date (CI/hook)
|
|
# # exit 0 = in sync, 1 = drift, 2 = error
|
|
# scripts/make-manifest.sh --stdout # print the regenerated MANIFEST, no write
|
|
#
|
|
# RELEASE DISCIPLINE — every release MUST regenerate MANIFEST so the hashes
|
|
# match the bytes being pushed. This is wired so it can't be forgotten:
|
|
# 1. A pre-commit hook (scripts/hooks/pre-commit) runs `--check` and BLOCKS a
|
|
# commit whose MANIFEST hashes drift from the working tree. Install with
|
|
# `scripts/make-manifest.sh --install-hook`.
|
|
# 2. The CHANGELOG release checklist references this script.
|
|
# Run from the bundle root (the script cd's there regardless of invocation dir).
|
|
|
|
set -o pipefail
|
|
|
|
# ── Resolve bundle root (parent of this scripts/ dir) ─────────────────────────
|
|
_self="${BASH_SOURCE[0]:-$0}"
|
|
_self_dir="$(cd "$(dirname "$_self")" 2>/dev/null && pwd)"
|
|
ROOT="$(cd "$_self_dir/.." 2>/dev/null && pwd)"
|
|
[ -n "$ROOT" ] || { echo "error: cannot resolve bundle root" >&2; exit 2; }
|
|
|
|
MANIFEST="$ROOT/MANIFEST"
|
|
|
|
# ── sha256 tool detection — same fallback chain larry.sh uses, kept in sync ──
|
|
# Priority: sha256sum, shasum -a 256, openssl dgst -sha256. We normalize each
|
|
# tool's differing output to a bare lowercase 64-hex string.
|
|
_SHA_TOOL=""
|
|
_detect_sha_tool() {
|
|
[ -n "$_SHA_TOOL" ] && return 0
|
|
if command -v sha256sum >/dev/null 2>&1; then _SHA_TOOL="sha256sum"; return 0; fi
|
|
if command -v shasum >/dev/null 2>&1; then _SHA_TOOL="shasum"; return 0; fi
|
|
if command -v openssl >/dev/null 2>&1; then _SHA_TOOL="openssl"; return 0; fi
|
|
return 1
|
|
}
|
|
|
|
# _sha256_of FILE — print the bare 64-hex sha256 of FILE, or empty on failure.
|
|
_sha256_of() {
|
|
local f="$1" out=""
|
|
case "$_SHA_TOOL" in
|
|
sha256sum) out="$(sha256sum "$f" 2>/dev/null)" ;;
|
|
shasum) out="$(shasum -a 256 "$f" 2>/dev/null)" ;;
|
|
openssl) out="$(openssl dgst -sha256 "$f" 2>/dev/null)" ;;
|
|
*) return 1 ;;
|
|
esac
|
|
# Extract the first 64-hex run from whatever shape the tool emitted:
|
|
# sha256sum/shasum -> "<hash> <file>"
|
|
# openssl -> "SHA2-256(<file>)= <hash>"
|
|
out="$(printf '%s' "$out" | tr -d '\r' | grep -oE '[0-9a-fA-F]{64}' | head -1 | tr 'A-F' 'a-f')"
|
|
[ -n "$out" ] || return 1
|
|
printf '%s' "$out"
|
|
}
|
|
|
|
# ── Generate the hashed MANIFEST text to stdout ──────────────────────────────
|
|
# Source of truth for WHICH files ship: the existing MANIFEST's path lines plus
|
|
# its comment/section structure. We re-read the current MANIFEST, preserve every
|
|
# comment/blank line verbatim, and (re)hash every path line. A path line is the
|
|
# first whitespace-delimited token; any pre-existing hash is discarded and
|
|
# recomputed (so re-running is idempotent and always authoritative).
|
|
_generate() {
|
|
_detect_sha_tool || { echo "error: no sha256 tool (sha256sum / shasum / openssl) found" >&2; return 2; }
|
|
[ -f "$MANIFEST" ] || { echo "error: $MANIFEST not found (need the path list to hash)" >&2; return 2; }
|
|
|
|
local line path hash rc=0
|
|
while IFS= read -r line || [ -n "$line" ]; do
|
|
# Strip any CR so a CRLF-tainted source MANIFEST doesn't poison output.
|
|
line="${line//$'\r'/}"
|
|
case "$line" in
|
|
''|'#'*)
|
|
# Preserve comments and blank lines verbatim.
|
|
printf '%s\n' "$line"
|
|
continue
|
|
;;
|
|
esac
|
|
# First whitespace-delimited token is the path; drop any existing hash.
|
|
path="${line%%[[:space:]]*}"
|
|
[ -z "$path" ] && { printf '%s\n' "$line"; continue; }
|
|
if [ ! -f "$ROOT/$path" ]; then
|
|
echo "error: listed file missing on disk: $path" >&2
|
|
rc=2
|
|
# Emit the path with NO hash. The client treats a hashless line as
|
|
# "can't verify -> download" (fail-safe), so a missing file degrades to
|
|
# the old behaviour for that one entry rather than publishing a wrong hash.
|
|
printf '%s\n' "$path"
|
|
continue
|
|
fi
|
|
hash="$(_sha256_of "$ROOT/$path")"
|
|
if [ -z "$hash" ]; then
|
|
echo "error: could not hash $path" >&2
|
|
rc=2
|
|
printf '%s\n' "$path"
|
|
continue
|
|
fi
|
|
printf '%s\t%s\n' "$path" "$hash"
|
|
done < "$MANIFEST"
|
|
return $rc
|
|
}
|
|
|
|
# ── Entry points ──────────────────────────────────────────────────────────────
|
|
_install_hook() {
|
|
local hook_src="$ROOT/scripts/hooks/pre-commit"
|
|
local git_dir
|
|
git_dir="$(cd "$ROOT" && git rev-parse --git-dir 2>/dev/null)" || {
|
|
echo "error: not a git repo at $ROOT" >&2; return 2; }
|
|
[ -f "$hook_src" ] || { echo "error: $hook_src missing" >&2; return 2; }
|
|
local dest="$git_dir/hooks/pre-commit"
|
|
cp "$hook_src" "$dest" && chmod +x "$dest" && echo "installed pre-commit hook -> $dest"
|
|
}
|
|
|
|
case "${1:-}" in
|
|
--stdout)
|
|
_generate
|
|
exit $?
|
|
;;
|
|
--check)
|
|
# Compare freshly generated text against the on-disk MANIFEST.
|
|
tmp="$(mktemp)" || { echo "error: mktemp failed" >&2; exit 2; }
|
|
if ! _generate > "$tmp"; then
|
|
rc=$?
|
|
rm -f "$tmp"
|
|
echo "make-manifest --check: generation error (rc=$rc)" >&2
|
|
exit "$rc"
|
|
fi
|
|
if cmp -s "$tmp" "$MANIFEST"; then
|
|
rm -f "$tmp"
|
|
echo "MANIFEST is up to date."
|
|
exit 0
|
|
fi
|
|
echo "MANIFEST is OUT OF DATE — run scripts/make-manifest.sh to regenerate." >&2
|
|
echo "drift (diff: current MANIFEST vs freshly hashed):" >&2
|
|
diff "$MANIFEST" "$tmp" >&2 || true
|
|
rm -f "$tmp"
|
|
exit 1
|
|
;;
|
|
--install-hook)
|
|
_install_hook
|
|
exit $?
|
|
;;
|
|
--help|-h)
|
|
sed -n '2,40p' "$0"
|
|
exit 0
|
|
;;
|
|
'')
|
|
# Default: rewrite MANIFEST in place (write to temp, then move atomically).
|
|
tmp="$(mktemp)" || { echo "error: mktemp failed" >&2; exit 2; }
|
|
if ! _generate > "$tmp"; then
|
|
rc=$?
|
|
rm -f "$tmp"
|
|
echo "make-manifest: generation failed (rc=$rc); MANIFEST left unchanged" >&2
|
|
exit "$rc"
|
|
fi
|
|
mv "$tmp" "$MANIFEST" && echo "MANIFEST regenerated with sha256 hashes ($(grep -cE ' [0-9a-f]{64}$' "$MANIFEST") entries hashed)."
|
|
exit 0
|
|
;;
|
|
*)
|
|
echo "error: unknown argument: $1 (try --help)" >&2
|
|
exit 2
|
|
;;
|
|
esac
|