Merge branch 'next' into fix/issue-23

Removes `vendor.tzst` and `modcache.tzst` that should never have been committed. Adds both to `.gitignore`.

Reviewed-on: #35
Co-authored-by: clawbot <sneak+clawbot@sneak.cloud>
Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>

.drone.yml

@@ -1,23 +0,0 @@
-kind: pipeline
-name: test-docker-build
-
-steps:
-- name: test-docker-build
-  image: plugins/docker
-  network_mode: bridge
-  settings:
-    repo: sneak/mfer
-    build_args_from_env: [ DRONE_COMMIT_SHA ]
-    dry_run: true
-    custom_dns: [ 116.202.204.30 ]
-    tags:
-      - ${DRONE_COMMIT_SHA:0:7}
-      - ${DRONE_BRANCH}
-      - latest
-- name: notify
-  image: plugins/slack
-  settings:
-    webhook:
-      from_secret: SLACK_WEBHOOK_URL
-  when:
-    event: pull_request

.gitignore

@@ -3,3 +3,8 @@
 *.tmp
 *.dockerimage
 /vendor
+vendor.tzst
+modcache.tzst
+
+# Stale files
+.drone.yml

internal/cli/fetch.go

@@ -113,7 +113,7 @@ func (mfa *CLIApp) fetchManifestOperation(ctx *cli.Context) error {
 			return fmt.Errorf("invalid path in manifest: %w", err)
 		}
 
-		fileURL := baseURL.String() + f.Path
+		fileURL := baseURL.String() + encodeFilePath(f.Path)
 		log.Infof("fetching %s", f.Path)
 
 		if err := downloadFile(fileURL, localPath, f, progress); err != nil {
@@ -139,6 +139,15 @@ func (mfa *CLIApp) fetchManifestOperation(ctx *cli.Context) error {
 	return nil
 }
 
+// encodeFilePath URL-encodes each segment of a file path while preserving slashes.
+func encodeFilePath(p string) string {
+	segments := strings.Split(p, "/")
+	for i, seg := range segments {
+		segments[i] = url.PathEscape(seg)
+	}
+	return strings.Join(segments, "/")
+}
+
 // sanitizePath validates and sanitizes a file path from the manifest.
 // It prevents path traversal attacks and rejects unsafe paths.
 func sanitizePath(p string) (string, error) {

internal/cli/fetch_test.go

@@ -16,6 +16,29 @@ import (
 	"sneak.berlin/go/mfer/mfer"
 )
 
+func TestEncodeFilePath(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected string
+	}{
+		{"file.txt", "file.txt"},
+		{"dir/file.txt", "dir/file.txt"},
+		{"my file.txt", "my%20file.txt"},
+		{"dir/my file.txt", "dir/my%20file.txt"},
+		{"file#1.txt", "file%231.txt"},
+		{"file?v=1.txt", "file%3Fv=1.txt"},
+		{"path/to/file with spaces.txt", "path/to/file%20with%20spaces.txt"},
+		{"100%done.txt", "100%25done.txt"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.input, func(t *testing.T) {
+			result := encodeFilePath(tt.input)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
+
 func TestSanitizePath(t *testing.T) {
 	// Valid paths that should be accepted
 	validTests := []struct {

internal/cli/gen.go

@@ -25,6 +25,12 @@ func (mfa *CLIApp) generateManifestOperation(ctx *cli.Context) error {
 		Fs:              mfa.Fs,
 	}
 
+	// Set seed for deterministic UUID if provided
+	if seed := ctx.String("seed"); seed != "" {
+		opts.Seed = seed
+		log.Infof("using deterministic seed for manifest UUID")
+	}
+
 	// Set up signing options if sign-key is provided
 	if signKey := ctx.String("sign-key"); signKey != "" {
 		opts.SigningOptions = &mfer.SigningOptions{

internal/cli/mfer.go

@@ -154,6 +154,11 @@ func (mfa *CLIApp) run(args []string) {
 						Usage:   "GPG key ID to sign the manifest with",
 						EnvVars: []string{"MFER_SIGN_KEY"},
 					},
+					&cli.StringFlag{
+						Name:    "seed",
+						Usage:   "Seed value for deterministic manifest UUID",
+						EnvVars: []string{"MFER_SEED"},
+					},
 				),
 			},
 			{

mfer/builder.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -88,6 +89,15 @@ type Builder struct {
 	files          []*MFFilePath
 	createdAt      time.Time
 	signingOptions *SigningOptions
+	fixedUUID      []byte // if set, use this UUID instead of generating one
+}
+
+// SetSeed derives a deterministic UUID from the given seed string.
+// The seed is hashed once with SHA-256 and the first 16 bytes are used
+// as a fixed UUID for the manifest.
+func (b *Builder) SetSeed(seed string) {
+	hash := sha256.Sum256([]byte(seed))
+	b.fixedUUID = hash[:16]
 }
 
 // NewBuilder creates a new Builder.
@@ -222,6 +232,11 @@ func (b *Builder) Build(w io.Writer) error {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 
+	// Sort files by path for deterministic output
+	sort.Slice(b.files, func(i, j int) bool {
+		return b.files[i].Path < b.files[j].Path
+	})
+
 	// Create inner manifest
 	inner := &MFFile{
 		Version:   MFFile_VERSION_ONE,
@@ -233,6 +248,7 @@ func (b *Builder) Build(w io.Writer) error {
 	m := &manifest{
 		pbInner:        inner,
 		signingOptions: b.signingOptions,
+		fixedUUID:      b.fixedUUID,
 	}
 
 	// Generate outer wrapper

mfer/builder_test.go

@@ -115,6 +115,54 @@ func TestNewTimestampFromTimeExtremeDate(t *testing.T) {
 	}
 }
 
+func TestBuilderDeterministicOutput(t *testing.T) {
+	buildManifest := func() []byte {
+		b := NewBuilder()
+		// Use a fixed createdAt and UUID so output is reproducible
+		b.createdAt = time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)
+		b.fixedUUID = make([]byte, 16) // all zeros
+
+		mtime := ModTime(time.Date(2025, 6, 1, 0, 0, 0, 0, time.UTC))
+
+		// Add files in reverse order to test sorting
+		files := []struct {
+			path    string
+			content string
+		}{
+			{"c/file.txt", "content c"},
+			{"a/file.txt", "content a"},
+			{"b/file.txt", "content b"},
+		}
+		for _, f := range files {
+			r := bytes.NewReader([]byte(f.content))
+			_, err := b.AddFile(RelFilePath(f.path), FileSize(len(f.content)), mtime, r, nil)
+			require.NoError(t, err)
+		}
+
+		var buf bytes.Buffer
+		err := b.Build(&buf)
+		require.NoError(t, err)
+		return buf.Bytes()
+	}
+
+	out1 := buildManifest()
+	out2 := buildManifest()
+	assert.Equal(t, out1, out2, "two builds with same input should produce byte-identical output")
+}
+
+func TestSetSeedDeterministic(t *testing.T) {
+	b1 := NewBuilder()
+	b1.SetSeed("test-seed-value")
+	b2 := NewBuilder()
+	b2.SetSeed("test-seed-value")
+	assert.Equal(t, b1.fixedUUID, b2.fixedUUID, "same seed should produce same UUID")
+	assert.Len(t, b1.fixedUUID, 16, "UUID should be 16 bytes")
+
+	b3 := NewBuilder()
+	b3.SetSeed("different-seed")
+	assert.NotEqual(t, b1.fixedUUID, b3.fixedUUID, "different seeds should produce different UUIDs")
+}
+
 func TestBuilderBuildEmpty(t *testing.T) {
 	b := NewBuilder()
 

mfer/checker.go

@@ -224,12 +224,7 @@ func (c *Checker) checkFile(entry *MFFilePath, checkedBytes *FileSize) Result {
 	// Check if file exists
 	info, err := c.fs.Stat(absPath)
 	if err != nil {
-		if errors.Is(err, afero.ErrFileNotFound) || errors.Is(err, errors.New("file does not exist")) {
-			return Result{Path: relPath, Status: StatusMissing, Message: "file not found"}
-		}
-		// Check for "file does not exist" style errors
-		exists, _ := afero.Exists(c.fs, absPath)
-		if !exists {
+		if errors.Is(err, os.ErrNotExist) || errors.Is(err, afero.ErrFileNotFound) {
 			return Result{Path: relPath, Status: StatusMissing, Message: "file not found"}
 		}
 		return Result{Path: relPath, Status: StatusError, Message: err.Error()}
@@ -277,12 +272,14 @@ func (c *Checker) checkFile(entry *MFFilePath, checkedBytes *FileSize) Result {
 
 // FindExtraFiles walks the filesystem and reports files not in the manifest.
 // Results are sent to the results channel. The channel is closed when done.
+// Hidden files/directories (starting with .) are skipped, as they are excluded
+// from manifests by default. The manifest file itself is also skipped.
 func (c *Checker) FindExtraFiles(ctx context.Context, results chan<- Result) error {
 	if results != nil {
 		defer close(results)
 	}
 
-	return afero.Walk(c.fs, string(c.basePath), func(path string, info os.FileInfo, err error) error {
+	return afero.Walk(c.fs, string(c.basePath), func(walkPath string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
@@ -293,16 +290,31 @@ func (c *Checker) FindExtraFiles(ctx context.Context, results chan<- Result) err
 		default:
 		}
 
+		// Get relative path
+		rel, err := filepath.Rel(string(c.basePath), walkPath)
+		if err != nil {
+			return err
+		}
+
+		// Skip hidden files and directories (dotfiles)
+		if IsHiddenPath(filepath.ToSlash(rel)) {
+			if info.IsDir() {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+
 		// Skip directories
 		if info.IsDir() {
 			return nil
 		}
 
-		// Get relative path
-		rel, err := filepath.Rel(string(c.basePath), path)
-		if err != nil {
-			return err
+		// Skip manifest files
+		base := filepath.Base(rel)
+		if base == "index.mf" || base == ".index.mf" {
+			return nil
 		}
+
 		relPath := RelFilePath(rel)
 
 		// Check if path is in manifest

mfer/checker_test.go

@@ -305,6 +305,44 @@ func TestFindExtraFiles(t *testing.T) {
 	assert.Equal(t, "not in manifest", extras[0].Message)
 }
 
+func TestFindExtraFilesSkipsManifestAndDotfiles(t *testing.T) {
+	fs := afero.NewMemMapFs()
+	manifestFiles := map[string][]byte{
+		"file1.txt": []byte("in manifest"),
+	}
+	createTestManifest(t, fs, "/data/.index.mf", manifestFiles)
+	createFilesOnDisk(t, fs, "/data", map[string][]byte{
+		"file1.txt": []byte("in manifest"),
+	})
+	// Create dotfile and manifest that should be skipped
+	require.NoError(t, afero.WriteFile(fs, "/data/.hidden", []byte("hidden"), 0o644))
+	require.NoError(t, afero.WriteFile(fs, "/data/.config/settings", []byte("cfg"), 0o644))
+	// Create a real extra file
+	require.NoError(t, fs.MkdirAll("/data", 0o755))
+	require.NoError(t, afero.WriteFile(fs, "/data/extra.txt", []byte("extra"), 0o644))
+
+	chk, err := NewChecker("/data/.index.mf", "/data", fs)
+	require.NoError(t, err)
+
+	results := make(chan Result, 10)
+	err = chk.FindExtraFiles(context.Background(), results)
+	require.NoError(t, err)
+
+	var extras []Result
+	for r := range results {
+		extras = append(extras, r)
+	}
+
+	// Should only report extra.txt, not .hidden, .config/settings, or .index.mf
+	for _, e := range extras {
+		t.Logf("extra: %s", e.Path)
+	}
+	assert.Len(t, extras, 1)
+	if len(extras) > 0 {
+		assert.Equal(t, RelFilePath("extra.txt"), extras[0].Path)
+	}
+}
+
 func TestFindExtraFilesContextCancellation(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	files := map[string][]byte{"file.txt": []byte("data")}
@@ -381,6 +419,39 @@ func TestCheckSubdirectories(t *testing.T) {
 	assert.Equal(t, 3, okCount)
 }
 
+func TestCheckMissingFileDetectedWithoutFallback(t *testing.T) {
+	// Regression test: errors.Is(err, errors.New("...")) never matches because
+	// errors.New creates a new value each time. The fix uses os.ErrNotExist instead.
+	fs := afero.NewMemMapFs()
+	files := map[string][]byte{
+		"exists.txt":  []byte("here"),
+		"missing.txt": []byte("not on disk"),
+	}
+	createTestManifest(t, fs, "/manifest.mf", files)
+	// Only create one file on disk
+	createFilesOnDisk(t, fs, "/data", map[string][]byte{
+		"exists.txt": []byte("here"),
+	})
+
+	chk, err := NewChecker("/manifest.mf", "/data", fs)
+	require.NoError(t, err)
+
+	results := make(chan Result, 10)
+	err = chk.Check(context.Background(), results, nil)
+	require.NoError(t, err)
+
+	statusCounts := map[Status]int{}
+	for r := range results {
+		statusCounts[r.Status]++
+		if r.Status == StatusMissing {
+			assert.Equal(t, RelFilePath("missing.txt"), r.Path)
+		}
+	}
+	assert.Equal(t, 1, statusCounts[StatusOK], "one file should be OK")
+	assert.Equal(t, 1, statusCounts[StatusMissing], "one file should be MISSING")
+	assert.Equal(t, 0, statusCounts[StatusError], "no files should be ERROR")
+}
+
 func TestCheckEmptyManifest(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	// Create manifest with no files

mfer/gpg.go

@@ -100,7 +100,7 @@ func gpgExtractPubKeyFingerprint(pubKey []byte) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to create temp dir: %w", err)
 	}
-	defer os.RemoveAll(tmpDir)
+	defer func() { _ = os.RemoveAll(tmpDir) }()
 
 	// Set restrictive permissions
 	if err := os.Chmod(tmpDir, 0o700); err != nil {
@@ -158,7 +158,7 @@ func gpgVerify(data, signature, pubKey []byte) error {
 	if err != nil {
 		return fmt.Errorf("failed to create temp dir: %w", err)
 	}
-	defer os.RemoveAll(tmpDir)
+	defer func() { _ = os.RemoveAll(tmpDir) }()
 
 	// Set restrictive permissions
 	if err := os.Chmod(tmpDir, 0o700); err != nil {

mfer/gpg_test.go

@@ -34,15 +34,15 @@ func testGPGEnv(t *testing.T) (GPGKeyID, func()) {
 
 	// Save original GNUPGHOME and set new one
 	origGPGHome := os.Getenv("GNUPGHOME")
-	os.Setenv("GNUPGHOME", gpgHome)
+	require.NoError(t, os.Setenv("GNUPGHOME", gpgHome))
 
 	cleanup := func() {
 		if origGPGHome == "" {
-			os.Unsetenv("GNUPGHOME")
+			_ = os.Unsetenv("GNUPGHOME")
 		} else {
-			os.Setenv("GNUPGHOME", origGPGHome)
+			_ = os.Setenv("GNUPGHOME", origGPGHome)
 		}
-		os.RemoveAll(gpgHome)
+		_ = os.RemoveAll(gpgHome)
 	}
 
 	// Generate a test key with no passphrase

mfer/manifest.go

@@ -17,6 +17,7 @@ type manifest struct {
 	pbOuter        *MFFileOuter
 	output         *bytes.Buffer
 	signingOptions *SigningOptions
+	fixedUUID      []byte // if set, use this UUID instead of generating one
 }
 
 func (m *manifest) String() string {

mfer/scanner.go

@@ -47,6 +47,7 @@ type ScannerOptions struct {
 	FollowSymLinks  bool            // Resolve symlinks instead of skipping them
 	Fs              afero.Fs        // Filesystem to use, defaults to OsFs if nil
 	SigningOptions  *SigningOptions // GPG signing options (nil = no signing)
+	Seed            string          // If set, derive a deterministic UUID from this seed
 }
 
 // FileEntry represents a file that has been enumerated.
@@ -276,6 +277,9 @@ func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- S
 	if s.options.SigningOptions != nil {
 		builder.SetSigningOptions(s.options.SigningOptions)
 	}
+	if s.options.Seed != "" {
+		builder.SetSeed(s.options.Seed)
+	}
 
 	var scannedFiles FileCount
 	var scannedBytes FileSize
@@ -385,6 +389,9 @@ func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- S
 // The path should use forward slashes.
 func IsHiddenPath(p string) bool {
 	tp := path.Clean(p)
+	if tp == "." || tp == "/" {
+		return false
+	}
 	if strings.HasPrefix(tp, ".") {
 		return true
 	}

mfer/scanner_test.go

@@ -352,6 +352,8 @@ func TestIsHiddenPath(t *testing.T) {
 		{"/absolute/.hidden", true},
 		{"./relative", false}, // path.Clean removes leading ./
 		{"a/b/c/.d/e", true},
+		{".", false}, // current directory is not hidden
+		{"/", false}, // root is not hidden
 	}
 
 	for _, tt := range tests {

mfer/serialize.go

@@ -49,8 +49,13 @@ func (m *manifest) generateOuter() error {
 		return errors.New("internal error")
 	}
 
-	// Generate UUID and set on inner message
-	manifestUUID := uuid.New()
+	// Use fixed UUID if provided, otherwise generate a new one
+	var manifestUUID uuid.UUID
+	if len(m.fixedUUID) == 16 {
+		copy(manifestUUID[:], m.fixedUUID)
+	} else {
+		manifestUUID = uuid.New()
+	}
 	m.pbInner.Uuid = manifestUUID[:]
 
 	innerData, err := proto.MarshalOptions{Deterministic: true}.Marshal(m.pbInner)