Merge pull request #575 from amazonlinux/canary-update

Repo canary updates

extras/repo-canary/Cargo.toml → extras/canaries/repo-canary/Cargo.toml

@@ -4,12 +4,18 @@ version = "0.1.0"
 authors = ["Erikson Tung <[email protected]>"]
 edition = "2018"
 publish = false
+build = "build.rs"
 
 [dependencies]
+chrono = "0.4"
+signal-hook = "0.1.12"
 log = "0.4"
 rand = "0.7.0"
 reqwest = { version = "0.9.17", default-features = false, features = ["rustls-tls"] }
 simplelog = "0.7"
 snafu = "0.5.0"
 tempfile = "3.1.0"
-tough = { version = "0.1.0", features = ["http"] }
+tough = { version = "0.2.0", features = ["http"] }
+
+[build-dependencies]
+cargo-readme = "3.1"

extras/canaries/repo-canary/Dockerfile

@@ -0,0 +1,13 @@
+FROM rust:1.38.0 as builder
+WORKDIR /opt/build
+COPY . .
+RUN cargo install --path .
+
+FROM amazonlinux:2
+RUN yum -y update && yum clean all
+RUN mkdir -p /usr/share/repo-canary
+
+COPY root.json /usr/share/repo-canary/
+COPY --from=builder /opt/build/target/release/repo-canary /usr/bin/
+
+ENTRYPOINT ["/usr/bin/repo-canary"]

extras/canaries/repo-canary/README.md

@@ -0,0 +1,38 @@
+# repo-canary
+
+Current version: 0.1.0
+
+## Introduction
+
+`repo-canary` is a TUF repository canary that validates a specified TUF repository using [tough](https://crates.io/crates/tough).
+
+It validates by loading the repository, checking the metadata files and attempting retrieval of its listed targets.
+
+If any `tough` library error is encountered at any step of the validation process, a non-zero exit code is returned.
+Exit codes are mapped to specific `tough` library errors as follows:
+
+| `tough` error             | exit code |
+| -------------             |-------    |
+| `VerifyTrustedMetadata`   | 64        |
+| `VerifyMetadata`          | 65        |
+| `VersionMismatch`         | 66        |
+| `Transport`               | 67        |
+| `ExpiredMetadata`         | 68        |
+| `MetaMissing`             | 69        |
+| `OlderMetadata`           | 70        |
+
+
+Other exit code to errors mappings:
+
+| Other errors              | exit code |
+| -------------             |-------    |
+| Missing target in repo    | 71        |
+| Failed to download target | 72        |
+| *Metadata about to expire | 73        |
+
+(*: see `--check-upcoming-expiration-days` option in usage info)
+
+
+## Colophon
+
+This text was generated from `README.tpl` using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`.

extras/canaries/repo-canary/README.tpl

@@ -0,0 +1,9 @@
+# {{crate}}
+
+Current version: {{version}}
+
+{{readme}}
+
+## Colophon
+
+This text was generated from `README.tpl` using [cargo-readme](https://crates.io/crates/cargo-readme), and includes the rustdoc from `src/main.rs`.

extras/canaries/repo-canary/build.rs

@@ -0,0 +1,32 @@
+// Automatically generate README.md from rustdoc.
+
+use std::env;
+use std::fs::File;
+use std::io::Write;
+use std::path::PathBuf;
+
+fn main() {
+    // Check for environment variable "SKIP_README". If it is set,
+    // skip README generation
+    if env::var_os("SKIP_README").is_some() {
+        return;
+    }
+
+    let mut source = File::open("src/main.rs").unwrap();
+    let mut template = File::open("README.tpl").unwrap();
+
+    let content = cargo_readme::generate_readme(
+        &PathBuf::from("."), // root
+        &mut source,         // source
+        Some(&mut template), // template
+        // The "add x" arguments don't apply when using a template.
+        true,  // add title
+        false, // add badges
+        false, // add license
+        true,  // indent headings
+    )
+    .unwrap();
+
+    let mut readme = File::create("README.md").unwrap();
+    readme.write_all(content.as_bytes()).unwrap();
+}