### Configure Git for voa Project Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/CONTRIBUTING.md This shell command configures git for the voa project, including signing commits with OpenPGP, installing pre-commit and pre-push hooks, and setting up the prepare-commit-msg hook for automatic signoff sections. ```shell just configure-git ``` -------------------------------- ### Bash: Import OpenPGP Verifier to VOA Hierarchy Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa/README.md Imports an OpenPGP verifier into a VOA hierarchy using the `voa import` command. This example assumes OpenPGP certificate and VOA directory paths are set via environment variables. It demonstrates creating a temporary key, exporting a certificate, setting environment variables, and then performing the import. ```bash # Create a temporary directory for example files and create an OpenPGP certificate for import. tempdir="$(mktemp --directory --suffix '.voa-test')" # Create an OpenPGP TSK/cert and expose the cert path in the OPENPGP_CERT environment variable. rsop generate-key --signing-only "John Doe " > "$tempdir/key.tsk" rsop extract-cert < "$tempdir/key.tsk" > "$tempdir/cert.cert" export OPENPGP_CERT="$tempdir/cert.cert" # Create a directory for the use as VOA directory and expose the path in the VOA_DIR environment variable. mkdir --parents "$tempdir/voa" export VOA_DIR="$tempdir/voa/" rpgp show "$OPENPGP_CERT" voa import os packages openpgp --input "$OPENPGP_CERT" --base-path "$VOA_DIR" # 🔐 EdDSA/Curve25519 v4 f992bda338ded64fe062302b5bd40d64577b8ea2 # ⏱ Created 2025-09-20 06:13:33 UTC # # 🪪 ID "John Doe " # 🖋 CertGeneric 2025-09-20 06:13:33 UTC, by 5bd40d64577b8ea2 [EdDSALegacy, SHA256, V4] # tree "$VOA_DIR" # . # └── os # └── packages # └── default # └── openpgp # └── f992bda338ded64fe062302b5bd40d64577b8ea2.openpgp rpgp show "$VOA_DIR"/os/packages/default/openpgp/*.openpgp # 🔐 EdDSA/Curve25519 v4 f992bda338ded64fe062302b5bd40d64577b8ea2 # ⏱ Created 2025-09-20 06:13:33 UTC # # 🪪 ID "John Doe " # 🖋 CertGeneric 2025-09-20 06:13:33 UTC, by 5bd40d64577b8ea2 [EdDSALegacy, SHA256, V4] # ``` -------------------------------- ### Bash: List Verifiers in VOA Hierarchy Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa/README.md Demonstrates listing verifiers within a VOA hierarchy using the `voa list` subcommand. Examples show listing with a default output format and then with JSON output format. ```bash voa list os packages # /home/user/.config/voa/os/packages/default/openpgp/f992bda338ded64fe062302b5bd40d64577b8ea2.openpgp voa list os packages --output-format json ``` -------------------------------- ### Example Commit Message for voa Project Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/CONTRIBUTING.md An example of a well-formatted commit message following conventional commits standards for the voa project. It includes a capitalized subject line, imperative mood body, and a Signed-off-by line. ```git feat(parser): Enhance error handling in parser Improve error handling by adding specific error codes and messages to make debugging easier and more informative. This update enhances parsing accuracy and provides more context for handling parsing errors. Signed-off-by: John Doe ``` -------------------------------- ### Remove Temporary Directory using Bash Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa/README.md This snippet demonstrates how to remove a temporary directory using the `rm` command in Bash. It utilizes the `-r` flag for recursive deletion and the `--` option to handle directory names that might start with a dash. This is a common operation for cleaning up temporary files during script execution. ```bash rm -r -- "$tempdir" ``` -------------------------------- ### Rust: Load and Write Verifier to VOA Hierarchy Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa/README.md Demonstrates loading an OpenPGP verifier from a file and writing it into a VOA hierarchy. Requires the `voa` and `tempfile` crates. Handles temporary file and directory creation, verifier loading, and hierarchical writing. ```rust use std::io::Write; use tempfile::{NamedTempFile, tempdir}; use voa::commands::{load_verifier, search_verifiers, write_verifier_to_hierarchy}; # fn main() -> testresult::TestResult { // Write a generic OpenPGP certificate to a temporary file. let cert = r#"-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEaNBDAhYJKwYBBAHaRw8BAQdAzjzrpQ/AEteCmzjd1xTdXGaHV0VKSm4HLy6l HVcmWT3NH0pvaG4gRG9lIDxqb2huLmRvZUBleGFtcGxlLm9yZz7CmgQQFggAQgUC ``` -------------------------------- ### Lookup OpenPGP Verifiers with VOA Core in Rust Source: https://github.com/archlinux/alpm/voa/blob/main/voa-core/README.md Demonstrates how to use the `voa-core` crate to look up OpenPGP verifiers for a specific operating system and purpose. It initializes a VOA instance and performs a lookup based on OS, Purpose, Context, and Technology identifiers. ```rust use voa_core::{ Voa, identifiers::{Context, Mode, Os, Purpose, Role, Technology}, }; # fn main() -> Result<(), voa_core::Error> { // Create a new VOA instance. // Its load paths are automatically set up based on the user id of the running process. let voa = Voa::new(); // Look up OpenPGP verifiers for the Os `arch` to validate signatures on `packages`. let verifiers = voa.lookup( Os::new("arch".parse()?, None, None, None, None), Purpose::new(Role::Packages, Mode::ArtifactVerifier), Context::Default, Technology::Openpgp, ); # Ok(()) # } ``` -------------------------------- ### Rust Library: Load, Write, and Search Verifiers Source: https://github.com/archlinux/alpm/voa/blob/main/voa/README.md Demonstrates loading an OpenPGP verifier from a file, writing it to a VOA hierarchy in a temporary directory, and then searching for verifiers within that hierarchy. This requires the `voa` and `tempfile` crates. It takes a file path and a verifier type as input and outputs a list of found verifiers. ```rust use std::io::Write; use tempfile::{NamedTempFile, tempdir}; use voa::commands::{load_verifier, search_verifiers, write_verifier_to_hierarchy}; # fn main() -> testresult::TestResult { // Write a generic OpenPGP certificate to a temporary file. let cert = r#"-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEaNBDAhYJKwYBBAHaRw8BAQdAzjzrpQ/AEteCmzjd1xTdXGaHV0VKSm4HLy6l HVcmWT3NH0pvaG4gRG9lIDxqb2huLmRvZUBleGFtcGxlLm9yZz7CmgQQFggAQgUC aNBDAhYhBEauMg3lOimFWKbyoPtSEBy0DfYKAhsDAh4BBAsJCAcGFQ4KCQwIARYN JwkCCAIHAgkBCAEHAQIZAQAKCRD7UhActA32CkhIAP9bhoLJeZRCAc+q1kFEkstT uXBPlzHagF6ghuUfToMmVQD+KaakONKSekglKR4rJxzhleQJ4qsptt1gjXX13QgF Xwo= =Pkv9 -----END PGP PUBLIC KEY BLOCK----- "#; let mut temp_file = NamedTempFile::new()?; write!(temp_file, "{cert}")?; let input_path = temp_file.path(); // Load OpenPGP verifier from file. let verifier = load_verifier(Some(input_path.try_into()?), "openpgp".parse()?) ; // Prepare a temporary output directory. let temp_dir = tempdir()?; // Write a verifier to a location in a temporary VOA hierarchy. write_verifier_to_hierarchy(verifier, temp_dir, "os".parse()?, "packages".parse()?, None)?; // Search for verifiers by relevant identifier information. let verifiers = search_verifiers("os".parse()?, "packages".parse()?, None, None)?; for verifier in verifiers.keys() { println!("{verifier:?}"); } # Ok(()) # } ``` -------------------------------- ### Bash CLI: Import OpenPGP Verifier Source: https://github.com/archlinux/alpm/voa/blob/main/voa/README.md This bash script demonstrates how to import an OpenPGP verifier into a VOA hierarchy using the `voa import` subcommand. It first generates a temporary directory and an OpenPGP certificate, then sets environment variables for the certificate path and the VOA directory. Finally, it imports the certificate into the specified VOA path and displays the directory structure. ```bash tempdir="$(mktemp --directory --suffix '.voa-test')" # Create an OpenPGP TSK/cert and expose the cert path in the OPENPGP_CERT environment variable. rsop generate-key --signing-only "John Doe " > "$tempdir/key.tsk" rsop extract-cert < "$tempdir/key.tsk" > "$tempdir/cert.cert" export OPENPGP_CERT="$tempdir/cert.cert" # Create a directory for the use as VOA directory and expose the path in the VOA_DIR environment variable. mkdir --parents "$tempdir/voa" export VOA_DIR="$tempdir/voa/" rpgp show "$OPENPGP_CERT" voa import os packages openpgp --input "$OPENPGP_CERT" --base-path "$VOA_DIR" # 🔐 EdDSA/Curve25519 v4 f992bda338ded64fe062302b5bd40d64577b8ea2 # ⏱ Created 2025-09-20 06:13:33 UTC # # 🪪 ID "John Doe " # 🖋 CertGeneric 2025-09-20 06:13:33 UTC, by 5bd40d64577b8ea2 [EdDSALegacy, SHA256, V4] # tree "$VOA_DIR" # . # └── os # └── packages # └── default # └── openpgp # └── f992bda338ded64fe062302b5bd40d64577b8ea2.openpgp rpgp show "$VOA_DIR"/os/packages/default/openpgp/*.openpgp # 🔐 EdDSA/Curve25519 v4 f992bda338ded64fe062302b5bd40d64577b8ea2 # ⏱ Created 2025-09-20 06:13:33 UTC # # 🪪 ID "John Doe " # 🖋 CertGeneric 2025-09-20 06:13:33 UTC, by 5bd40d64577b8ea2 [EdDSALegacy, SHA256, V4] # ``` -------------------------------- ### Verify Artifacts with OpenPGP Signatures using VOA in Rust Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa-openpgp/README.md Demonstrates how to verify artifacts using OpenPGP signatures within the VOA framework. It involves initializing `VoaOpenpgp`, looking up certificates based on VOA path components, and then calling `verify_from_file` with the artifact, its signature, and the retrieved certificates. Note that this verification mechanism is experimental. Dependencies include `voa_openpgp`. Input is the artifact path, signature path, and VOA path components; output indicates verification success or failure. ```rust use std::path::PathBuf; use voa_openpgp::{verify_from_file, OpenpgpCert, OpenpgpSignature, VoaOpenpgp}; # fn main() -> testresult::TestResult { let voa = VoaOpenpgp::new(); let certs = voa.lookup("os".parse()?, "purpose".parse()?, "context".parse()?); let cert_refs: Vec<&OpenpgpCert> = certs.iter().collect(); verify_from_file( &PathBuf::from("/path/to/a/file.tar.zst"), &cert_refs, &[&OpenpgpSignature::from_file(&PathBuf::from("/path/to/a/file.tar.zst.sig"))?], )?; # Ok(()) # } ``` -------------------------------- ### Run All Tests in voa Project Source: https://github.com/archlinux/alpm/voa/blob/main/CONTRIBUTING.md Executes all unit, integration, and documentation tests for the voa project using 'just test' which internally calls 'cargo nextest' and 'just test-docs'. ```shell just test ``` -------------------------------- ### Prepare Release for a Package in voa Project Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/CONTRIBUTING.md This command prepares a release for a specific package within the voa project's workspace. It is part of the release process managed by release-plz. ```shell just prepare-release ``` -------------------------------- ### Rust: Verify Artifacts (Experimental) Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa/README.md An experimental function for verifying artifacts using VOA. This function is not recommended for production use due to its early development stage. It takes OS, purpose, context, verifier type, the artifact file, and a set of associated files as input. ```rust use std::collections::HashSet; use std::str::FromStr; use voa::{commands::verify, utils::RegularFile}; # fn main() -> testresult::TestResult { verify( "os".parse()?, "purpose".parse()?, "context".parse()?, "openpgp".parse()?, &RegularFile::from_str("/some/path/to/an/file.tar.zst")?, HashSet::from([&RegularFile::from_str("/some/path/to/an/file.tar.zst")?]), )?; # Ok(()) # } ``` -------------------------------- ### Rust Library: Verify Artifact Source: https://github.com/archlinux/alpm/voa/blob/main/voa/README.md This Rust code snippet demonstrates the `verify` command from the `voa` library, which is used for artifact verification. It's important to note that this feature is experimental and not recommended for production use. The function takes OS, purpose, context, verifier type, the artifact file, and a set of associated files as input. ```rust use std::collections::HashSet; use std::str::FromStr; use voa::{commands::verify, utils::RegularFile}; # fn main() -> testresult::TestResult { verify( "os".parse()?, "purpose".parse()?, "context".parse()?, "openpgp".parse()?, &RegularFile::from_str("/some/path/to/an/file.tar.zst")?, HashSet::from([&RegularFile::from_str("/some/path/to/an/file.tar.zst")?]), )?; # Ok(()) # } ``` -------------------------------- ### Verify Artifacts with OpenPGP Signatures using VOA (Rust) Source: https://github.com/archlinux/alpm/voa/blob/main/voa-openpgp/README.md Shows how to verify artifacts using OpenPGP signatures within the VOA framework. It involves looking up OpenPGP certificates from the VOA hierarchy and then using `verify_from_file` to check the artifact against its signature. This feature is experimental. ```rust use std::path::PathBuf; use voa_openpgp::{verify_from_file, OpenpgpCert, OpenpgpSignature, VoaOpenpgp}; # fn main() -> testresult::TestResult { let voa = VoaOpenpgp::new(); let certs = voa.lookup("os".parse()?, "purpose".parse()?, "context".parse()?); let cert_refs: Vec<&OpenpgpCert> = certs.iter().collect(); verify_from_file( &PathBuf::from("/path/to/a/file.tar.zst"), &cert_refs, &[&OpenpgpSignature::from_file(&PathBuf::from("/path/to/a/file.tar.zst.sig"))?], )?; # Ok(()) # } ``` -------------------------------- ### Verify OS Artifacts with VOA CLI (Bash) Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa/README.md This code snippet shows how to use the `voa verify` command-line interface (CLI) to verify OS artifacts. It supports OpenPGP verification and can output results in plain text or JSON format. The command takes the artifact type, image, context, the artifact file, and its signature file as arguments. This is useful for ensuring the integrity and authenticity of OS images. ```bash voa verify os image default /path/to/an/image-1.2.3.tar.zst /path/to/an/image-1.2.3.tar.zst.sig # ✅ /path/to/an/image-1.2.3.tar.zst.sig 1734644649 f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 e242ed3bffccdf271b7fbaf34ed72d089537b42f voa verify os image default /path/to/an/image-1.2.3.tar.zst /path/to/an/image-1.2.3.tar.zst.sig --output-format json # [{"signature":"/path/to/an/image-1.2.3.tar.zst.sig","result":{"valid":{"signature_creation_time":1734644649,"primary_key_fingerprint":"f1d2d2f924e986ac86fdf7b36c94bcdf32beec15","verifying_component_key_fingerprint":"e242ed3bffccdf271b7fbaf34ed72d089537b42f"}}}] ``` -------------------------------- ### Generate Cobertura and HTML Code Coverage Reports Source: https://github.com/archlinux/alpm/voa/blob/main/CONTRIBUTING.md Creates code coverage reports in Cobertura and HTML formats for the voa project, writing them to the 'target/llvm-cov/' directory. This process utilizes the 'llvm-tools-preview' component. ```shell just test-coverage ``` ```shell just test-coverage doc ``` -------------------------------- ### Import OpenPGP Certificate to VOA Hierarchy (Rust) Source: https://github.com/archlinux/alpm/voa/blob/main/voa-openpgp/README.md Demonstrates how to import an OpenPGP certificate from a file into a VOA hierarchy. It uses `OpenPgpImport` to read the certificate and `write_to_hierarchy` to save it in the specified VOA structure. Dependencies include `voa_core`, `voa_openpgp`, and `tempfile`. ```rust use voa_core::VerifierWriter; use voa_openpgp::OpenPgpImport; # use pgp::composed::SignedPublicKey; # use tempfile::{NamedTempFile, tempdir}; # # fn openpgp_cert() -> testresult::TestResult { # // Placeholder for a function that returns an OpenPGP certificate # unimplemented!() # } # fn main() -> testresult::TestResult { // Write a generic OpenPGP certificate to a temporary file. let mut temp_file = NamedTempFile::new()?; openpgp_cert()?.to_writer(&mut temp_file)?; let input_path = temp_file.path(); // Import the OpenPGP certificate. let import = OpenPgpImport::from_file(input_path)?; // Prepare a temporary output directory. let temp_dir = tempdir()?; let output_dir = temp_dir.path(); // Write the OpenPGP verifier to a VOA hierarchy in the temporary output directory. // // There, the verifier is written to the configured directory, e.g. // `os/purpose/context/openpgp/f1d2d2f924e986ac86fdf7b36c94bcdf32beec15.openpgp` import.write_to_hierarchy( output_dir, "os".parse()?, "purpose".parse()?, Some("context".parse()?), )?; assert!( output_dir .join("os") .join("purpose") .join("context") .join("openpgp") .join(import.file_name()) .exists() ); # Ok(()) # } ``` -------------------------------- ### Import OpenPGP Certificate to VOA Hierarchy in Rust Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/voa-openpgp/README.md Demonstrates how to import an OpenPGP certificate into a VOA hierarchy using the `voa_openpgp` crate. It takes a file path to a certificate, creates a `OpenPgpImport` object, and writes it to a specified VOA directory structure. Dependencies include `voa_core` and `voa_openpgp`. Input is a file path and VOA path components; output is the certificate written to the VOA hierarchy. ```rust use voa_core::VerifierWriter; use voa_openpgp::OpenPgpImport; use pgp::composed::SignedPublicKey; use tempfile::{NamedTempFile, tempdir}; # fn openpgp_cert() -> testresult::TestResult { # // Placeholder for a function that generates an OpenPGP certificate # unimplemented!("This is a placeholder for actual OpenPGP certificate generation.") # } # fn main() -> testresult::TestResult { // Write a generic OpenPGP certificate to a temporary file. let mut temp_file = NamedTempFile::new()?; openpgp_cert()?.to_writer(&mut temp_file)?; let input_path = temp_file.path(); // Import the OpenPGP certificate. let import = OpenPgpImport::from_file(input_path)?; // Prepare a temporary output directory. let temp_dir = tempdir()?; let output_dir = temp_dir.path(); // Write the OpenPGP verifier to a VOA hierarchy in the temporary output directory. // // There, the verifier is written to the configured directory, e.g. // `os/purpose/context/openpgp/f1d2d2f924e986ac86fdf7b36c94bcdf32beec15.openpgp` import.write_to_hierarchy( output_dir, "os".parse()?, "purpose".parse()?, Some("context".parse()?), )?; assert!( output_dir .join("os") .join("purpose") .join("context") .join("openpgp") .join(import.file_name()) .exists() ); Ok(()) } ``` -------------------------------- ### Create and Release a Package in voa Project Source: https://github.com/archlinux/alpm/voa/blob/main/resources/docs/src/CONTRIBUTING.md This command creates a release tag and pushes it for a specified package in the voa project. This is typically followed by an automated publishing process to crates.io. ```shell just release ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.