commit 1378f1d22179da2242ffef4699c9c147aa93e831 Author: sneak Date: Thu May 8 13:26:05 2025 -0700 initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..13db3b3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +attrsum diff --git a/attrsum.go b/attrsum.go new file mode 100644 index 0000000..bfdc47e --- /dev/null +++ b/attrsum.go @@ -0,0 +1,238 @@ +package main + +import ( + "bytes" + "crypto/sha256" + "errors" + "fmt" + "io" + "log" + "os" + "path/filepath" + "time" + + base58 "github.com/mr-tron/base58/base58" + "github.com/multiformats/go-multihash" + "github.com/pkg/xattr" + "github.com/spf13/cobra" +) + +const ( + // Extended-attribute keys + checksumKey = "berlin.sneak.app.attrsum.checksum" + sumTimeKey = "berlin.sneak.app.attrsum.sumtime" +) + +var verbose bool + +func main() { + rootCmd := &cobra.Command{ + Use: "attrsum", + Short: "Compute and verify file checksums via xattrs", + } + + rootCmd.PersistentFlags().BoolVarP( + &verbose, "verbose", "v", false, "enable verbose output", + ) + + rootCmd.AddCommand(newSumCmd()) + rootCmd.AddCommand(newCheckCmd()) + + if err := rootCmd.Execute(); err != nil { + log.Fatal(err) + } +} + +/////////////////////////////////////////////////////////////////////////////// +// Sum operations +/////////////////////////////////////////////////////////////////////////////// + +func newSumCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "sum", + Short: "Checksum maintenance operations", + } + + addCmd := &cobra.Command{ + Use: "add ", + Short: "Write checksums for files missing them", + Args: cobra.ExactArgs(1), + RunE: func(_ *cobra.Command, args []string) error { + return ProcessSumAdd(args[0]) + }, + } + + updateCmd := &cobra.Command{ + Use: "update ", + Short: "Refresh checksums when file modified", + Args: cobra.ExactArgs(1), + RunE: func(_ *cobra.Command, args []string) error { + return ProcessSumUpdate(args[0]) + }, + } + + cmd.AddCommand(addCmd, updateCmd) + return cmd +} + +// ProcessSumAdd writes checksum & sumtime only when checksum is absent. +func ProcessSumAdd(dir string) error { + return walkAndProcess(dir, func(path string, info os.FileInfo) error { + if hasXattr(path, checksumKey) { + if verbose { + log.Printf("skip existing %s", path) + } + return nil + } + return writeChecksumAndTime(path) + }) +} + +// ProcessSumUpdate recalculates checksum when file mtime exceeds stored +// sumtime (or when attributes are missing / malformed). +func ProcessSumUpdate(dir string) error { + return walkAndProcess(dir, func(path string, info os.FileInfo) error { + needUpdate := false + t, err := readSumTime(path) + if err != nil || info.ModTime().After(t) { + needUpdate = true + } + if needUpdate { + if verbose { + log.Printf("update %s", path) + } + return writeChecksumAndTime(path) + } + return nil + }) +} + +func writeChecksumAndTime(path string) error { + hash, err := fileMultihash(path) + if err != nil { + return err + } + if err := xattr.Set(path, checksumKey, hash); err != nil { + return fmt.Errorf("set checksum attr: %w", err) + } + nowStr := time.Now().UTC().Format(time.RFC3339Nano) + if err := xattr.Set(path, sumTimeKey, []byte(nowStr)); err != nil { + return fmt.Errorf("set sumtime attr: %w", err) + } + return nil +} + +func readSumTime(path string) (time.Time, error) { + b, err := xattr.Get(path, sumTimeKey) + if err != nil { + return time.Time{}, err + } + return time.Parse(time.RFC3339Nano, string(b)) +} + +/////////////////////////////////////////////////////////////////////////////// +// Check operation +/////////////////////////////////////////////////////////////////////////////// + +func newCheckCmd() *cobra.Command { + var cont bool + + cmd := &cobra.Command{ + Use: "check ", + Short: "Verify stored checksums against file contents", + Args: cobra.ExactArgs(1), + RunE: func(_ *cobra.Command, args []string) error { + return ProcessCheck(args[0], cont) + }, + } + + cmd.Flags().BoolVar(&cont, "continue", false, + "continue after errors and report each file") + return cmd +} + +// ProcessCheck verifies checksums and exits non-zero on first error unless +// --continue is supplied. +func ProcessCheck(dir string, cont bool) error { + exitErr := errors.New("verification failed") + + err := walkAndProcess(dir, func(path string, info os.FileInfo) error { + exp, err := xattr.Get(path, checksumKey) + if err != nil { + if errors.Is(err, xattr.ENOATTR) { + log.Printf("ERROR missing xattr %s", path) + if cont { + return nil + } + return exitErr + } + return err + } + + act, err := fileMultihash(path) + if err != nil { + return err + } + + if !bytes.Equal(exp, act) { + log.Printf("ERROR checksum mismatch %s", path) + if cont { + return nil + } + return exitErr + } + if cont { + fmt.Printf("OK %s\n", path) + } + return nil + }) + + if err != nil { + if errors.Is(err, exitErr) { + return exitErr + } + return err + } + return nil +} + +/////////////////////////////////////////////////////////////////////////////// +// Helpers +/////////////////////////////////////////////////////////////////////////////// + +func walkAndProcess(root string, fn func(string, os.FileInfo) error) error { + return filepath.Walk(root, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + return fn(path, info) + }) +} + +func hasXattr(path, key string) bool { + _, err := xattr.Get(path, key) + return err == nil +} + +// fileMultihash returns the base58-encoded SHA-2-256 multihash of the file. +func fileMultihash(path string) ([]byte, error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + + h := sha256.New() + if _, err := io.Copy(h, f); err != nil { + return nil, err + } + + mh, err := multihash.Encode(h.Sum(nil), multihash.SHA2_256) + if err != nil { + return nil, err + } + return []byte(base58.Encode(mh)), nil +} diff --git a/attrsum_test.go b/attrsum_test.go new file mode 100644 index 0000000..cc75c0c --- /dev/null +++ b/attrsum_test.go @@ -0,0 +1,112 @@ +package main + +import ( + "os" + "path/filepath" + "strings" + "testing" + "time" + + "github.com/pkg/xattr" +) + +// skipIfNoXattr skips tests when the underlying FS lacks xattr support. +func skipIfNoXattr(t *testing.T, path string) { + if err := xattr.Set(path, "user.test", []byte("1")); err != nil { + t.Skipf("skipping: xattr not supported: %v", err) + } else { + _ = xattr.Remove(path, "user.test") + } +} + +func writeFile(t *testing.T, root, name, content string) string { + t.Helper() + path := filepath.Join(root, name) + if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil { + t.Fatalf("mkdir: %v", err) + } + if err := os.WriteFile(path, []byte(content), 0o644); err != nil { + t.Fatalf("write: %v", err) + } + return path +} + +func TestSumAddAndUpdate(t *testing.T) { + dir := t.TempDir() + skipIfNoXattr(t, dir) + + f := writeFile(t, dir, "a.txt", "hello") + + // Add: write missing checksum. + if err := ProcessSumAdd(dir); err != nil { + t.Fatalf("add: %v", err) + } + + // Attributes should exist. + if _, err := xattr.Get(f, checksumKey); err != nil { + t.Fatalf("checksum missing: %v", err) + } + tsb, err := xattr.Get(f, sumTimeKey) + if err != nil { + t.Fatalf("sumtime missing: %v", err) + } + origTime, _ := time.Parse(time.RFC3339Nano, string(tsb)) + + // Modify file and bump mtime. + if err := os.WriteFile(f, []byte(strings.ToUpper("hello")), 0o644); err != nil { + t.Fatalf("rewrite: %v", err) + } + now := time.Now().Add(2 * time.Second) + os.Chtimes(f, now, now) + + // Update should refresh checksum and time. + if err := ProcessSumUpdate(dir); err != nil { + t.Fatalf("update: %v", err) + } + tsb2, _ := xattr.Get(f, sumTimeKey) + newTime, _ := time.Parse(time.RFC3339Nano, string(tsb2)) + if !newTime.After(origTime) { + t.Fatalf("sumtime not updated") + } +} + +func TestProcessCheckIntegration(t *testing.T) { + dir := t.TempDir() + skipIfNoXattr(t, dir) + + writeFile(t, dir, "b.txt", "world") + if err := ProcessSumAdd(dir); err != nil { + t.Fatalf("add: %v", err) + } + + if err := ProcessCheck(dir, false); err != nil { + t.Fatalf("check ok: %v", err) + } + + // Corrupt file contents should produce an error. + f := filepath.Join(dir, "b.txt") + os.WriteFile(f, []byte("corrupt"), 0o644) + + if err := ProcessCheck(dir, false); err == nil { + t.Fatalf("expected mismatch error, got nil") + } +} + +func TestPermissionErrors(t *testing.T) { + dir := t.TempDir() + skipIfNoXattr(t, dir) + + secret := writeFile(t, dir, "secret.txt", "data") + os.Chmod(secret, 0o000) + defer os.Chmod(secret, 0o644) + + if err := ProcessSumAdd(dir); err == nil { + t.Fatalf("expected permission error, got nil") + } + if err := ProcessSumUpdate(dir); err == nil { + t.Fatalf("expected permission error on update, got nil") + } + if err := ProcessCheck(dir, false); err == nil { + t.Fatalf("expected permission error on check, got nil") + } +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..864a668 --- /dev/null +++ b/go.mod @@ -0,0 +1,22 @@ +module git.eeqj.de/sneak/attrsum + +go 1.24.1 + +require ( + github.com/multiformats/go-multihash v0.2.3 + github.com/pkg/xattr v0.4.10 + github.com/spf13/cobra v1.9.1 +) + +require ( + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/klauspost/cpuid/v2 v2.0.9 // indirect + github.com/minio/sha256-simd v1.0.0 // indirect + github.com/mr-tron/base58 v1.2.0 // indirect + github.com/multiformats/go-varint v0.0.6 // indirect + github.com/spaolacci/murmur3 v1.1.0 // indirect + github.com/spf13/pflag v1.0.6 // indirect + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect + golang.org/x/sys v0.1.0 // indirect + lukechampine.com/blake3 v1.1.6 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..3e126fc --- /dev/null +++ b/go.sum @@ -0,0 +1,32 @@ +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g= +github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= +github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= +github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc= +github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U= +github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM= +github.com/multiformats/go-varint v0.0.6 h1:gk85QWKxh3TazbLxED/NlDVv8+q+ReFJk7Y2W/KhfNY= +github.com/multiformats/go-varint v0.0.6/go.mod h1:3Ls8CIEsrijN6+B7PbrXRPxHRPuXSrVKRY101jdMZYE= +github.com/pkg/xattr v0.4.10 h1:Qe0mtiNFHQZ296vRgUjRCoPHPqH7VdTOrZx3g0T+pGA= +github.com/pkg/xattr v0.4.10/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= +github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= +github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= +github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +lukechampine.com/blake3 v1.1.6 h1:H3cROdztr7RCfoaTpGZFQsrqvweFLrqS73j7L7cmR5c= +lukechampine.com/blake3 v1.1.6/go.mod h1:tkKEOtDkNtklkXtLNEOGNq5tcV90tJiA1vAA12R78LA=