diff --git a/internal/cli/gen.go b/internal/cli/gen.go index 6908c0f..ac04427 100644 --- a/internal/cli/gen.go +++ b/internal/cli/gen.go @@ -25,6 +25,12 @@ func (mfa *CLIApp) generateManifestOperation(ctx *cli.Context) error { Fs: mfa.Fs, } + // Set seed for deterministic UUID if provided + if seed := ctx.String("seed"); seed != "" { + opts.Seed = seed + log.Infof("using deterministic seed for manifest UUID") + } + // Set up signing options if sign-key is provided if signKey := ctx.String("sign-key"); signKey != "" { opts.SigningOptions = &mfer.SigningOptions{ diff --git a/internal/cli/mfer.go b/internal/cli/mfer.go index e99dd7e..2277e8c 100644 --- a/internal/cli/mfer.go +++ b/internal/cli/mfer.go @@ -154,6 +154,11 @@ func (mfa *CLIApp) run(args []string) { Usage: "GPG key ID to sign the manifest with", EnvVars: []string{"MFER_SIGN_KEY"}, }, + &cli.StringFlag{ + Name: "seed", + Usage: "Seed value for deterministic manifest UUID (hashed 150M times with SHA-256, ~5-10s)", + EnvVars: []string{"MFER_SEED"}, + }, ), }, { diff --git a/mfer/builder.go b/mfer/builder.go index 7864897..2696744 100644 --- a/mfer/builder.go +++ b/mfer/builder.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "io" + "sort" "strings" "sync" "time" @@ -88,6 +89,28 @@ type Builder struct { files []*MFFilePath createdAt time.Time signingOptions *SigningOptions + fixedUUID []byte // if set, use this UUID instead of generating one +} + +// seedIterations is the number of SHA-256 rounds used to derive a UUID from a seed. +// Tuned to take approximately 5-10 seconds on modern hardware. +const seedIterations = 150_000_000 + +// SetSeed derives a deterministic UUID from the given seed string. +// The seed is hashed 150,000,000 times with SHA-256 to produce +// 16 bytes used as a fixed UUID for the manifest (~5-10s on modern hardware). +func (b *Builder) SetSeed(seed string) { + b.fixedUUID = deriveSeedUUID(seed, seedIterations) +} + +// deriveSeedUUID hashes the seed string n times with SHA-256 +// and returns the first 16 bytes as a UUID. +func deriveSeedUUID(seed string, iterations int) []byte { + hash := sha256.Sum256([]byte(seed)) + for i := 1; i < iterations; i++ { + hash = sha256.Sum256(hash[:]) + } + return hash[:16] } // NewBuilder creates a new Builder. @@ -222,6 +245,11 @@ func (b *Builder) Build(w io.Writer) error { b.mu.Lock() defer b.mu.Unlock() + // Sort files by path for deterministic output + sort.Slice(b.files, func(i, j int) bool { + return b.files[i].Path < b.files[j].Path + }) + // Create inner manifest inner := &MFFile{ Version: MFFile_VERSION_ONE, @@ -233,6 +261,7 @@ func (b *Builder) Build(w io.Writer) error { m := &manifest{ pbInner: inner, signingOptions: b.signingOptions, + fixedUUID: b.fixedUUID, } // Generate outer wrapper diff --git a/mfer/builder_test.go b/mfer/builder_test.go index 761b2d5..5c1fb11 100644 --- a/mfer/builder_test.go +++ b/mfer/builder_test.go @@ -115,6 +115,52 @@ func TestNewTimestampFromTimeExtremeDate(t *testing.T) { } } +func TestBuilderDeterministicOutput(t *testing.T) { + buildManifest := func() []byte { + b := NewBuilder() + // Use a fixed createdAt and UUID so output is reproducible + b.createdAt = time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC) + b.fixedUUID = make([]byte, 16) // all zeros + + mtime := ModTime(time.Date(2025, 6, 1, 0, 0, 0, 0, time.UTC)) + + // Add files in reverse order to test sorting + files := []struct { + path string + content string + }{ + {"c/file.txt", "content c"}, + {"a/file.txt", "content a"}, + {"b/file.txt", "content b"}, + } + for _, f := range files { + r := bytes.NewReader([]byte(f.content)) + _, err := b.AddFile(RelFilePath(f.path), FileSize(len(f.content)), mtime, r, nil) + require.NoError(t, err) + } + + var buf bytes.Buffer + err := b.Build(&buf) + require.NoError(t, err) + return buf.Bytes() + } + + out1 := buildManifest() + out2 := buildManifest() + assert.Equal(t, out1, out2, "two builds with same input should produce byte-identical output") +} + +func TestDeriveSeedUUID(t *testing.T) { + // Use a small iteration count for testing (production uses 1B) + uuid1 := deriveSeedUUID("test-seed-value", 1000) + uuid2 := deriveSeedUUID("test-seed-value", 1000) + assert.Equal(t, uuid1, uuid2, "same seed should produce same UUID") + assert.Len(t, uuid1, 16, "UUID should be 16 bytes") + + uuid3 := deriveSeedUUID("different-seed", 1000) + assert.NotEqual(t, uuid1, uuid3, "different seeds should produce different UUIDs") +} + func TestBuilderBuildEmpty(t *testing.T) { b := NewBuilder() diff --git a/mfer/manifest.go b/mfer/manifest.go index 203c79c..bea4fa1 100644 --- a/mfer/manifest.go +++ b/mfer/manifest.go @@ -17,6 +17,7 @@ type manifest struct { pbOuter *MFFileOuter output *bytes.Buffer signingOptions *SigningOptions + fixedUUID []byte // if set, use this UUID instead of generating one } func (m *manifest) String() string { diff --git a/mfer/scanner.go b/mfer/scanner.go index df0df11..84eeabd 100644 --- a/mfer/scanner.go +++ b/mfer/scanner.go @@ -47,6 +47,7 @@ type ScannerOptions struct { FollowSymLinks bool // Resolve symlinks instead of skipping them Fs afero.Fs // Filesystem to use, defaults to OsFs if nil SigningOptions *SigningOptions // GPG signing options (nil = no signing) + Seed string // If set, derive a deterministic UUID from this seed } // FileEntry represents a file that has been enumerated. @@ -276,6 +277,9 @@ func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- S if s.options.SigningOptions != nil { builder.SetSigningOptions(s.options.SigningOptions) } + if s.options.Seed != "" { + builder.SetSeed(s.options.Seed) + } var scannedFiles FileCount var scannedBytes FileSize diff --git a/mfer/serialize.go b/mfer/serialize.go index 4804901..3d712a6 100644 --- a/mfer/serialize.go +++ b/mfer/serialize.go @@ -49,8 +49,13 @@ func (m *manifest) generateOuter() error { return errors.New("internal error") } - // Generate UUID and set on inner message - manifestUUID := uuid.New() + // Use fixed UUID if provided, otherwise generate a new one + var manifestUUID uuid.UUID + if len(m.fixedUUID) == 16 { + copy(manifestUUID[:], m.fixedUUID) + } else { + manifestUUID = uuid.New() + } m.pbInner.Uuid = manifestUUID[:] innerData, err := proto.MarshalOptions{Deterministic: true}.Marshal(m.pbInner)