feat: bump bindle to v0.9.0-rc.1

Signed-off-by: Frank Yang <[email protected]>

Author: FrankYang0529

Cargo.lock

@@ -8,7 +8,7 @@ authors = [ "Fermyon Engineering <[email protected]>" ]
 anyhow = "1.0"
 async-trait = "0.1"
 atty = "0.2"
-bindle = { git = "https://github.com/fermyon/bindle", tag = "v0.8.1", default-features = false, features = ["client"] }
+bindle = { git = "https://github.com/fermyon/bindle", tag = "v0.9.0-rc.1", default-features = false, features = ["client"] }
 bytes = "1.1"
 clap = { version = "3.1.15", features = ["derive", "env"] }
 comfy-table = "5.0"

Cargo.toml

@@ -7,8 +7,9 @@ authors = [ "Fermyon Engineering <[email protected]>" ]
 [dependencies]
 anyhow = "1"
 async-trait = "0.1.52"
-bindle = { git = "https://github.com/fermyon/bindle", tag = "v0.8.1", default-features = false, features = ["client"] }
+bindle = { git = "https://github.com/fermyon/bindle", tag = "v0.9.0-rc.1", default-features = false, features = ["client"] }
 bytes = "1.1.0"
+dirs = "4.0.0"
 futures = "0.3.17"
 glob = "0.3.0"
 itertools = "0.10.3"
@@ -23,7 +24,7 @@ spin-config = { path = "../config" }
 spin-manifest = { path = "../manifest" }
 tempfile = "3.3.0"
 tokio = { version = "1.11", features = [ "full" ] }
-tokio-util = "0.6"
+tokio-util = "0.7.4"
 toml = "0.5"
 tracing = { version = "0.1", features = [ "log" ] }
 walkdir = "2.3.2"

crates/loader/Cargo.toml

@@ -1,9 +1,14 @@
-use std::sync::Arc;
+use std::{path::PathBuf, sync::Arc};
 
-use bindle::client::{
-    tokens::{HttpBasic, NoToken, TokenManager},
-    Client, ClientBuilder,
+use anyhow::Result;
+use bindle::{
+    client::{
+        tokens::{HttpBasic, NoToken, TokenManager},
+        Client, ClientBuilder,
+    },
+    invoice::signature::{KeyEntry, KeyRing},
 };
+use tracing::log;
 
 /// BindleConnectionInfo holds the details of a connection to a
 /// Bindle server, including url, insecure configuration and an
@@ -13,38 +18,83 @@ pub struct BindleConnectionInfo {
     base_url: String,
     allow_insecure: bool,
     token_manager: AnyAuth,
+    keyring_path: PathBuf,
 }
 
 impl BindleConnectionInfo {
     /// Generates a new BindleConnectionInfo instance using the provided
     /// base_url, allow_insecure setting and optional username and password
     /// for basic http auth
-    pub fn new<I: Into<String>>(
+    pub async fn new<I: Into<String>>(
         base_url: I,
         allow_insecure: bool,
         username: Option<String>,
         password: Option<String>,
-    ) -> Self {
+        keyring_file: Option<PathBuf>,
+    ) -> Result<Self> {
         let token_manager: Box<dyn TokenManager + Send + Sync> = match (username, password) {
             (Some(u), Some(p)) => Box::new(HttpBasic::new(&u, &p)),
             _ => Box::new(NoToken::default()),
         };
 
-        Self {
+        let keyring_path = match keyring_file {
+            Some(dir) => dir,
+            None => {
+                let dir = ensure_config_dir().await?;
+                dir.join("keyring.toml")
+            }
+        };
+
+        Ok(Self {
             base_url: base_url.into(),
             allow_insecure,
             token_manager: AnyAuth {
                 token_manager: Arc::new(token_manager),
             },
-        }
+            keyring_path,
+        })
     }
 
     /// Returns a client based on this instance's configuration
-    pub fn client(&self) -> bindle::client::Result<Client<AnyAuth>> {
-        let builder = ClientBuilder::default()
+    pub async fn client(&self) -> bindle::client::Result<Client<AnyAuth>> {
+        let mut keyring = read_bindle_keyring(&self.keyring_path)
+            .await
+            .unwrap_or_else(|e| {
+                log::error!(
+                    "can't read bindle keyring file {:?}, err: {:?}",
+                    &self.keyring_path,
+                    e
+                );
+                KeyRing::default()
+            });
+
+        let tmp_client = ClientBuilder::default()
+            .http2_prior_knowledge(false)
+            .danger_accept_invalid_certs(self.allow_insecure)
+            .build(
+                &self.base_url,
+                self.token_manager.clone(),
+                Arc::new(keyring.clone()),
+            )?;
+
+        log::trace!("Fetching host keys from bindle server");
+        let host_keys = tmp_client.get_host_keys().await?;
+        let filtered_keys: Vec<KeyEntry> = host_keys
+            .key
+            .into_iter()
+            .filter(|k| !keyring.key.iter().any(|current| current.key == k.key))
+            .collect();
+        keyring.key.extend(filtered_keys);
+        log::info!("keyring: {:?}", &keyring);
+
+        ClientBuilder::default()
             .http2_prior_knowledge(false)
-            .danger_accept_invalid_certs(self.allow_insecure);
-        builder.build(&self.base_url, self.token_manager.clone())
+            .danger_accept_invalid_certs(self.allow_insecure)
+            .build(
+                &self.base_url,
+                self.token_manager.clone(),
+                Arc::new(keyring),
+            )
     }
 }
 
@@ -64,3 +114,17 @@ impl TokenManager for AnyAuth {
         self.token_manager.apply_auth_header(builder).await
     }
 }
+
+async fn read_bindle_keyring(keyring_path: &PathBuf) -> bindle::client::Result<KeyRing> {
+    let raw_data = tokio::fs::read(keyring_path).await?;
+    let res: KeyRing = toml::from_slice(&raw_data)?;
+    Ok(res)
+}
+
+async fn ensure_config_dir() -> Result<PathBuf> {
+    let dir = dirs::config_dir()
+        .map(|v| v.join("bindle/"))
+        .unwrap_or_else(|| "./bindle".into());
+    tokio::fs::create_dir_all(&dir).await?;
+    Ok(dir)
+}