Make transparency logs optional, allow use as standalone rebuilder client

Cargo.toml

@@ -16,18 +16,18 @@ members = ["pacman-bintrans-sign",
 
 [dependencies]
 clap = { version = "4.0.26", features = ["derive"] }
-env_logger = "0.9"
+env_logger = "0.11"
 futures-util = "0.3.5"
 hex = "0.4.3"
-indicatif = "0.16.2"
+indicatif = "0.17"
 minisign = "0.7"
 pacman-bintrans-common = { version = "0.4", path = "pacman-bintrans-common" }
-rebuilderd-common = "0.19"
+rebuilderd-common = "0.20"
 serde = "1.0.115"
 serde_json = "1.0.73"
 sha2 = "0.10"
 tar = "0.4.38"
 tempfile = "3.2.0"
 tokio = { version = "1", features = ["process", "macros", "rt-multi-thread", "time"] }
-toml = "0.5.6"
+toml = "0.8"
 url = "2.2.2"

pacman-bintrans-common/src/decompress.rs

@@ -24,6 +24,7 @@ pub fn detect_compression(bytes: &[u8]) -> CompressedWith {
     match mime {
         "application/gzip" => CompressedWith::Gzip,
         "application/x-bzip" => CompressedWith::Bzip2,
+        "application/x-bzip2" => CompressedWith::Bzip2,
         "application/x-xz" => CompressedWith::Xz,
         "application/zstd" => CompressedWith::Zstd,
         _ => CompressedWith::Unknown,

pacman-bintrans-monitor/Cargo.toml

@@ -12,6 +12,6 @@ edition = "2018"
 
 [dependencies]
 clap = { version = "4.0.26", features = ["derive"] }
-env_logger = "0.9.0"
+env_logger = "0.11"
 pacman-bintrans-common = { version = "0.4", path = "../pacman-bintrans-common" }
 tokio = { version = "1.10.0", features = ["process", "macros", "rt-multi-thread"] }

pacman-bintrans-sign/Cargo.toml

@@ -14,7 +14,7 @@ edition = "2018"
 clap = { version = "4.0.26", features = ["derive"] }
 diesel = { version = "1.4", features = ["sqlite"] }
 diesel_migrations = { version = "1.4", features = ["sqlite"] }
-env_logger = "0.9.0"
+env_logger = "0.11"
 minisign = "0.7"
 pacman-bintrans-common = { version = "0.4", path = "../pacman-bintrans-common" }
 tar = "0.4.37"

pacman-bintrans-sign/src/archlinux.rs

@@ -83,37 +83,37 @@ impl TryInto<Pkg> for NewPkg {
         Ok(Pkg {
             name: self
                 .name
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing pkg name field"))?
                 .to_string(),
             base: self
                 .base
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing pkg base field"))?
                 .to_string(),
             filename: self
                 .filename
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing filename field"))?
                 .to_string(),
             version: self
                 .version
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing version field"))?
                 .to_string(),
             sha256sum: self
                 .sha256sum
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing sha256sum field"))?
                 .to_string(),
             architecture: self
                 .architecture
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing architecture field"))?
                 .to_string(),
             packager: self
                 .packager
-                .get(0)
+                .first()
                 .ok_or_else(|| anyhow!("Missing packager field"))?
                 .to_string(),
         })

pacman-bintrans-sign/src/main.rs

@@ -107,7 +107,7 @@ fn write_sig_to_dir(dir: &Path, filename: &str, signature: &str) -> Result<()> {
     if filename.starts_with('.') {
         bail!("Filename is not allowed to start with `.`");
     }
-    let path = dir.join(&format!("{}.t", filename));
+    let path = dir.join(format!("{filename}.t"));
     info!("Writing signature to folder: {:?}", path);
     fs::write(path, signature)?;
     Ok(())

src/args.rs

@@ -13,7 +13,7 @@ pub struct Args {
     #[arg(long)]
     pub transparency_url: Option<Url>,
     #[arg(long)]
-    pub pubkey: String,
+    pub pubkey: Option<String>,
     /// Example: socks5://127.0.0.1:9050
     #[arg(long)]
     pub proxy: Option<Proxy>,

src/main.rs

@@ -50,9 +50,14 @@ async fn main() -> Result<()> {
         env_logger::init_from_env(Env::default().default_filter_or(log));
     }
 
-    let pubkey = PublicKey::from_base64(&args.pubkey)
-        .context("Failed to load transparency public key")?
-        .to_box()?;
+    let pubkey = if let Some(pubkey) = &args.pubkey {
+        let pubkey = PublicKey::from_base64(pubkey)
+            .context("Failed to load transparency public key")?
+            .to_box()?;
+        Some(pubkey)
+    } else {
+        None
+    };
 
     if args.url.scheme() == "file" {
         let path = args
@@ -111,13 +116,14 @@ async fn main() -> Result<()> {
             println!("\x1b[2K\r\x1b[1m[\x1b[34m%\x1b[0;1m]\x1b[0m Checking transparency log...");
         }
 
-        // security critical code happens here
-        proof::fetch_and_verify(&client, &pubkey, &url, &pkg, &args.proxy)
-            .await
-            .context("Failed to check transparency log")?;
+        if let Some(pubkey) = &pubkey {
+            proof::fetch_and_verify(&client, pubkey, &url, &pkg, &args.proxy)
+                .await
+                .context("Failed to check transparency log")?;
 
-        if log.is_none() {
-            println!("\x1b[1A\x1b[2K\r\x1b[1m[\x1b[32m+\x1b[0;1m]\x1b[0m Package is present in transparency log");
+            if log.is_none() {
+                println!("\x1b[1A\x1b[2K\r\x1b[1m[\x1b[32m+\x1b[0;1m]\x1b[0m Package is present in transparency log");
+            }
         }
 
         if !args.rebuilders.is_empty() || args.required_rebuild_confirms > 0 {
@@ -133,6 +139,8 @@ async fn main() -> Result<()> {
                     args.required_rebuild_confirms
                 );
             }
+        } else if pubkey.is_none() {
+            warn!("There is no configured authentication method, pacman-bintrans is used as a simple downloader!");
         }
 
         info!("Writing pkg to {:?}", args.output);