2 unstable releases
0.7.0 | Sep 26, 2024 |
---|---|
0.6.0 | Mar 8, 2024 |
#919 in Cryptography
135KB
2.5K
SLoC
omnibor-cli
Reproducible identifiers & fine-grained build dependency tracking for software artifacts.
This package defines an OmniBOR Command Line Interface, intended to enable easier generation and handling of OmniBOR identifiers and manifests.
[!NOTE] This is currently a work-in-progress. Today, the
omnibor
CLI only supports working with identifiers, not manifests.
This command is intended to enable integration with shell scripts and other
programs where the overhead of integrating directly with the omnibor
crate
through the C-language Foreign Function Interface (FFI) may not be worthwhile,
and where the cost of running a shell to execute this CLI isn't problematic.
Installation
Install from Release (recommended)
The OmniBOR CLI provides pre-built binaries for the following platforms:
- Apple Silicon macOS
- Intel macOS
- x64 Windows
- x64 Linux
- x64 MUSL Linux
For shell (Linux and macOS; requires tar
, unzip
, and either curl
or wget
):
$ curl --proto '=https' --tlsv1.2 -LsSf "https://github.com/omnibor/omnibor-rs/releases/download/omnibor-cli-v0.6.0/omnibor-cli-installer.sh" | sh
For Powershell (Windows; requires tar
, Expand-Archive
, and Net.Webclient
):
> powershell -c "irm https://github.com/omnibor/omnibor-rs/releases/download/omnibor-cli-v0.6.0/omnibor-cli-installer.ps1 | iex"
[!NOTE] Huge shoutout to the folks at Axo for making
cargo-dist
, which makes producing these binaries extremely easy.
Install with cargo-binstall
You can also use cargo-binstall
to install the OmniBOR CLI. This requires
both cargo
and cargo-binstall
to be installed.
$ cargo binstall omnibor-cli
Build from source (stable)
You can build from source using Cargo, which requires a recent-enough Rust toolchain. We do not commit to a Minimum Supported Rust Version, and generally track stable currently.
$ cargo install omnibor-cli
Build from source (unstable)
Finally, you can build from the latest source in the repository itself. While we run continuous integration testing and try not to break the build in the repository, this runs a higher risk of brokenness or incompleteness of features relative to versions published to Crates.io.
This requires git
to check out the repository, plus a recent-enough
version of Rust. We do not commit to a Minimum Support Rust Version,
and generally track stable currently.
# Run the following from the root of the repository after checking
# the repository out with `git clone`.
$ cargo install --path omnibor-cli
Examples
id
with Plain Format
$ omnibor id Cargo.toml
# Cargo.toml => gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f
id
with JSON Format
$ omnibor id Cargo.toml -f json
# {"id":"gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f","path":"Cargo.toml"}
id
with Short Format
$ omnibor id Cargo.toml -f short
# gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f
find
with Plain Format
$ omnibor find gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f .
# gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f => ./Cargo.toml
find
with JSON Format
$ omnibor find gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f . -f json
# {"id":"gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f","path":"./Cargo.toml"}
find
with Short Format
$ omnibor find gitoid:blob:sha256:c54d66281dea2bf213083f9bd3345d89dc6657fa554b1c9ef14cfe4bab14893f . -f short
# ./Cargo.toml
Usage
omnibor --help
Usage: omnibor [OPTIONS] <COMMAND>
Commands:
id For files, prints their Artifact ID. For directories, recursively prints IDs for all files under it
find Find file matching an Artifact ID
help Print this message or the help of the given subcommand(s)
Options:
-b, --buffer <BUFFER> How many print messages to buffer at one time, tunes printing perf
-h, --help Print help
-V, --version Print version
omnibor id --help
For files, prints their Artifact ID. For directories, recursively prints IDs for all files under it
Usage: omnibor id [OPTIONS] <PATH>
Arguments:
<PATH> Path to identify
Options:
-f, --format <FORMAT> Output format (can be "plain", "short", or "json") [default: plain]
-H, --hash <HASH> Hash algorithm (can be "sha256") [default: sha256]
-h, --help Print help
omnibor find --help
Find file matching an Artifact ID
Usage: omnibor find [OPTIONS] <URL> <PATH>
Arguments:
<URL> `gitoid` URL to match
<PATH> The root path to search under
Options:
-f, --format <FORMAT> Output format (can be "plain", "short", or "json") [default: plain]
-h, --help Print help
Output Formats
Both the id
and find
subcommand support a -f
/--format
flag which can be
any of the following:
plain
(default): A simple human-readable format which maps between paths and identifiers, separated by a fat arrow (=>
).short
: Just prints the thing being searched for (for theid
command, an Artifact Identifier, for thefind
command, a filesystem path).json
: Prints a JSON object withpath
andid
string-type fields.
The short
format is recommended for piping or redirecting into other commands.
The json
format is recommended for more structured contexts, and can be
passed to jq
to manipulate.
License
The OmniBOR CLI source code is licensed under the Apache-2.0 license.
Dependencies
~13–26MB
~370K SLoC