opentdf · jakedoublev · Nov 15, 2024 · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024
@@ -2,32 +2,60 @@
 
 # Check if the required arguments are provided
 if [ $# -ne 2 ]; then
-    echo "Usage: $0 <outputDir> <checksumFile>"
+    echo "Usage: $0 <output_directory> <checksum_file>"
     exit 1
 fi
 
-echo "Verifying checksums..."
-# Location of the checksum file
-checksumFile=$1/$2
-outputDir=$1
+# Assign arguments to variables
+output_dir="$1"
+checksum_file="$2"
+checksum_path="${output_dir}/${checksum_file}"  # Full path to the checksum file
+lock_file="${checksum_path}.lock"  # Append .lock to the full path of the checksum file
+
+# Ensure the checksum file exists
+if [ ! -f "$checksum_path" ]; then
+    echo "ERROR: Checksum file $checksum_path does not exist."
+    exit 1
+fi
 
-echo "Looking for checksum file: $checksumFile"
-test -f "$checksumFile" || { echo "ERROR: Checksum file not found!"; exit 1; }
+# Wait for the lock file to be available for reading
+exec 200<"$lock_file"  # Open lock file descriptor for reading
+flock -s 200           # Acquire shared lock (will wait if exclusive lock is held)
+
+echo "Verifying checksums..."
+echo "Looking for checksum file: $checksum_path"
 
 # Iterate over each line in the checksum file
 while read -r line; do
-  # Extract the expected checksum and filename from each line
-  read -ra ADDR <<< "$line" # Read the line into an array
-  expectedChecksum="${ADDR[0]}"
-  fileName="${ADDR[2]}"
-
-  # Calculate the actual checksum of the file
-  actualChecksum=$(shasum -a 256 "$outputDir/$fileName" | awk '{print $1}')
-
-  # Compare the expected checksum with the actual checksum
-  if [ "$expectedChecksum" == "$actualChecksum" ]; then
-    echo "SUCCESS: Checksum for $fileName is valid."
-  else
-    echo "ERROR: Checksum for $fileName does not match."
-  fi
-done < "$checksumFile"
+    # Extract checksum and filename from the line
+    expected_checksum=$(echo "$line" | awk '{print $1}')
+    filename=$(echo "$line" | awk '{print $2}')
+
+    # Construct the full path to the file
+    file_path="$output_dir/$filename"
+
+    # Check if the file exists
+    if [ ! -f "$file_path" ]; then
+        echo "ERROR: File $filename not found in $output_dir"
+        continue
+    fi
+
+    # Calculate the actual checksum of the file
+    actual_checksum=$(shasum -a 256 "$file_path" | awk '{print $1}')
+
+    # Compare the expected and actual checksums
+    if [ "$expected_checksum" != "$actual_checksum" ]; then
+        echo "ERROR: Checksum for $filename does not match."
+    else
+        echo "Checksum for $filename is correct."
+    fi
+done < "$checksum_path"
+
+# Release the lock and close the lock file descriptor
+flock -u 200
+exec 200>&-
+
+# Clean up the lock file
+rm -f "$lock_file"
+
+echo "Checksum verification completed."
@@ -16,23 +16,41 @@ mkdir -p "$output_dir"
 
 # Create a checksums file
 checksums_file="$output_dir/${build_semver}_checksums.txt"
-touch $checksums_file
+touch "$checksums_file"
+
+# Define a lock file for parallel-safe writing to checksums
+checksums_lockfile="${checksums_file}.lock"
 
 # Iterate over each binary file
 for binary_file in "$binary_dir"/*; do
-    compressed=""
-    if [[ $binary_file == *.exe ]]; then
-        # If the file is a Windows binary, zip it
-        filename=$(basename "$binary_file")
-        compressed="${filename%.exe}.zip"
-        zip -j "$output_dir/$compressed" "$binary_file"
-    else
-        # For other binaries, tar and gzip them
-        filename=$(basename "$binary_file")
-        compressed="${filename}.tar.gz"
-        tar -czf "$output_dir/$compressed" "$binary_file"
-    fi
-
-    # Append checksums to the file
-    echo "$(cat "$output_dir/$compressed" | shasum -a 256) $compressed" >> $checksums_file
-done
+    (
+        compressed=""
+        if [[ $binary_file == *.exe ]]; then
+            # If the file is a Windows binary, zip it
+            filename=$(basename "$binary_file")
+            compressed="${filename%.exe}.zip"
+            zip -j "$output_dir/$compressed" "$binary_file"
+        else
+            # For other binaries, tar and gzip them
+            filename=$(basename "$binary_file")
+            compressed="${filename}.tar.gz"
+            tar -czf "$output_dir/$compressed" "$binary_file"
+        fi
+
+        # Compute checksum and append it to the checksums file using a lock
+        checksum="$(shasum -a 256 "$output_dir/$compressed" | awk '{print $1}')"
+        (
+            flock -x 200
+            echo "$checksum $compressed" >> "$checksums_file"
+        ) 200>"$checksums_lockfile"
+
+    ) &
+done
+
+# Echo message indicating background tasks are running
+echo "All zip and tar processes started. Waiting for them to finish..."
+
+# Wait for all background processes to complete
+wait
+
+echo "All compression and checksum operations completed."
@@ -58,10 +58,10 @@ build-%:
 	go build $(GO_BUILD_FLAGS) \
 		-o $(GO_BUILD_PREFIX)-$(word 1,$(subst -, ,$*))-$(word 2,$(subst -, ,$*))$(word 3,$(subst -, ,$*))
 
-zip-builds:
+zip-builds: $(addprefix build-,$(PLATFORMS))
 	./.github/scripts/zip-builds.sh $(BINARY_NAME)-$(CURR_VERSION) $(TARGET_DIR) $(OUTPUT_DIR)
 
-verify-checksums:
+verify-checksums: zip-builds
 	./.github/scripts/verify-checksums.sh $(OUTPUT_DIR) $(BINARY_NAME)-$(CURR_VERSION)_checksums.txt 
 
 # Target for running the project (adjust as necessary for your project)
@@ -93,3 +93,4 @@ test-bats: build-test
 .PHONY: clean
 clean:
 	rm -rf $(TARGET_DIR)
+	rm -rf $(OUTPUT_DIR)
@@ -13,11 +13,16 @@ func auth_codeLogin(cmd *cobra.Command, args []string) {
 	_, cp := InitProfile(c, false)
 
 	c.Print("Initiating login...")
+
+	// Use profile values as defaults, with command-line overrides
+	tlsNoVerify := c.FlagHelper.GetOptionalBoolWithDefault("tls-no-verify", cp.GetTLSNoVerify())
+	clientId := c.FlagHelper.GetOptionalStringWithDefault("client-id", cp.GetAuthCredentials().ClientId)
+
 	tok, publicClientID, err := auth.LoginWithPKCE(
 		cmd.Context(),
 		cp.GetEndpoint(),
-		c.FlagHelper.GetOptionalString("client-id"),
-		c.FlagHelper.GetOptionalBool("tls-no-verify"),
+		clientId,
+		tlsNoVerify,
 	)
 	if err != nil {
 		c.Println("failed")

@@ -279,5 +279,11 @@ func init() {
 		rootCmd.GetDocFlag("with-access-token").Default,
 		rootCmd.GetDocFlag("with-access-token").Description,
 	)
+
+	RootCmd.PersistentFlags().String(
+		rootCmd.GetDocFlag("profile-driver").Name,
+		rootCmd.GetDocFlag("profile-driver").Default,
+		rootCmd.GetDocFlag("profile-driver").Description,
+	)
 	RootCmd.AddGroup(&cobra.Group{ID: TDF})
 }
@@ -39,4 +39,11 @@ command:
     - name: debug
       description: enable debug output
       default: false
+    - name: profile-driver
+      description: storage driver for managing profiles [keyring, in-memory, file]
+      enum:
+        - keyring
+        - in-memory
+        - file
+      default: file
 ---
@@ -214,7 +214,7 @@ const (
 
 // Facilitates an auth code PKCE flow to obtain OIDC tokens.
 // Spawns a local server to handle the callback and opens a browser window in each respective OS.
-func Login(ctx context.Context, platformEndpoint, tokenURL, authURL, publicClientID string) (*oauth2.Token, error) {
+func Login(ctx context.Context, platformEndpoint, tokenURL, authURL, publicClientID string, tlsNoVerify bool) (*oauth2.Token, error) {
 	// Generate random hash and encryption keys for cookie handling
 	hashKey := make([]byte, keyLength)
 	encryptKey := make([]byte, keyLength)
@@ -239,9 +239,18 @@ func Login(ctx context.Context, platformEndpoint, tokenURL, authURL, publicClien
 		},
 	}
 
-	cookiehandler := httphelper.NewCookieHandler(hashKey, encryptKey)
+	cookiehandler := httphelper.NewCookieHandler(hashKey, encryptKey,
+		func() httphelper.CookieHandlerOpt {
+			if tlsNoVerify {
+				return httphelper.WithUnsecure()
+			}
+			return func(c *httphelper.CookieHandler) {} // No-op function if tlsNoVerify is false
+		}(),
+	)
 
 	relyingParty, err := oidcrp.NewRelyingPartyOAuth(conf,
+		// respect tlsNoVerify
+		oidcrp.WithHTTPClient(utils.NewHttpClient(tlsNoVerify)),
 		// allow cookie handling for PKCE
 		oidcrp.WithCookieHandler(cookiehandler),
 		// use PKCE
@@ -271,7 +280,7 @@ func LoginWithPKCE(ctx context.Context, host, publicClientID string, tlsNoVerify
 		return nil, "", fmt.Errorf("failed to get platform configuration: %w", err)
 	}
 
-	tok, err := Login(ctx, host, pc.tokenEndpoint, pc.authzEndpoint, pc.publicClientID)
+	tok, err := Login(ctx, host, pc.tokenEndpoint, pc.authzEndpoint, pc.publicClientID, tlsNoVerify)
 	if err != nil {
 		return nil, "", fmt.Errorf("failed to login: %w", err)
 	}

@@ -52,11 +52,18 @@ func (f flagHelper) GetOptionalID(idFlag string) string {
 }
 
 func (f flagHelper) GetOptionalString(flag string) string {
-	p := f.cmd.Flag(flag)
-	if p == nil {
-		return ""
+	return f.GetOptionalStringWithDefault(flag, "")
+}
+
+// GetOptionalStringWithDefault retrieves a string flag, or returns the default value if the flag is not set
+func (f flagHelper) GetOptionalStringWithDefault(flagName string, defaultValue string) string {
+	if f.cmd.Flags().Changed(flagName) {
+		value, err := f.cmd.Flags().GetString(flagName)
+		if err == nil {
+			return value
+		}
 	}
-	return p.Value.String()
+	return defaultValue
 }
 
 func (f flagHelper) GetStringSlice(flag string, v []string, opts FlagsStringSliceOptions) []string {
@@ -82,8 +89,18 @@ func (f flagHelper) GetRequiredInt32(flag string) int32 {
 }
 
 func (f flagHelper) GetOptionalBool(flag string) bool {
-	v, _ := f.cmd.Flags().GetBool(flag)
-	return v
+	return f.GetOptionalBoolWithDefault(flag, false)
+}
+
+// GetOptionalBoolWithDefault retrieves a boolean flag, or returns the default value if the flag is not set
+func (f flagHelper) GetOptionalBoolWithDefault(flagName string, defaultValue bool) bool {
+	if f.cmd.Flags().Changed(flagName) {
+		value, err := f.cmd.Flags().GetBool(flagName)
+		if err == nil {
+			return value
+		}
+	}
+	return defaultValue
 }
 
 func (f flagHelper) GetRequiredBool(flag string) bool {