asherah 0.3.0-arm64-darwin → 0.4.1-arm64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a43b4d34ccce682cf20e8e0154704be1e88f43fd83243143b1eb29cb184e5e1
-  data.tar.gz: 4e1f4ba3d4f67096204bc126eea95e2dcc50666ecf1dc4d3e4f2dac2108b19e4
+  metadata.gz: efa2ad977b1b285cf1bcaf6b9cc4955cff8a10ada3b2fe95defef432e8226836
+  data.tar.gz: 7526c84667c9f42b27eeb34f2c7db449dd1a3c5b229ed6377732309529fe94b4
 SHA512:
-  metadata.gz: 5ff13c55e0d1eee27ed301a854e353fe0edc7acdbe99f9da41a1e215ee64f7311353bc45f89f1ad652508545e74e9f1949e92e50e9dd6d41ebe8c2bea47ef1c6
-  data.tar.gz: 63dab48dfb85fe4e794dc5a5431cf1a7e5abc2f27ff62a90d9e7cec7939e85e24e04ccdd14107274a341f9f7b1020867bcae41b93ef0ce8d4064d48bf544bc3e
+  metadata.gz: dd4e99affde2cf8dcf54fb80766464199cbb4c64f14d214fc216a1cf90e922677eb14d486e650fe1fd48532e0a6c5532891278b578c0d7c18542d334857f79a9
+  data.tar.gz: 7df0a5794af380b58272f38eadb17095a1f19de8156748b2530e56e4ce58b46e84e55984324e42b857e2c24ae74690f7ec8460ffe8515c48990bd82d201d25e4

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 ## [Unreleased]
 
+## [0.4.1] - 2022-03-25
+
+- Build and release platform gems
+
+## [0.4.0] - 2022-03-25
+
+- Download native file during gem install and verify checksum
+- Upgrade to use asherah-cobhan v0.4.11
+
 ## [0.3.0] - 2022-03-22
 
 - Free up cobhan buffers after encrypt/decrypt to prevent growing heap memory

data/README.md

@@ -1,8 +1,8 @@
 # Asherah
 
-Asherah is a Ruby wrapper around [Asherah Go](https://github.com/godaddy/asherah) application-layer encryption SDK that provides advanced encryption features and defense in depth against compromise. It uses a technique known as "envelope encryption" and supports cloud-agnostic data storage and key management.
+Asherah is a Ruby FFI wrapper around Go version of [Asherah](https://github.com/godaddy/asherah) application-layer encryption SDK. Asherah provides advanced encryption features and defense in depth against compromise. It uses a technique known as "envelope encryption" and supports cloud-agnostic data storage and key management.
 
-Check out the following documentation to get more familiar with its concepts:
+Check out the following documentation to get more familiar with the concepts and configuration options:
 
 - [Design and Architecture](https://github.com/godaddy/asherah/blob/master/docs/DesignAndArchitecture.md)
 - [Key Caching](https://github.com/godaddy/asherah/blob/master/docs/KeyCaching.md)
@@ -10,6 +10,10 @@ Check out the following documentation to get more familiar with its concepts:
 - [Metastore](https://github.com/godaddy/asherah/blob/master/docs/Metastore.md)
 - [System Requirements](https://github.com/godaddy/asherah/blob/master/docs/SystemRequirements.md)
 
+## Supported Platforms
+
+Currently supported platforms are Linux and Darwin operating systems for x64 and arm64 CPU architectures.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -45,7 +49,7 @@ Encrypt some data for a `partition_id`
 
 ```ruby
 partition_id = 'user_1'
-data = 'Some PII data'
+data = 'PII data'
 data_row_record_json = Asherah.encrypt(partition_id, data)
 puts data_row_record_json
 ```
@@ -61,23 +65,22 @@ puts decrypted_data
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+To install this gem onto your local machine, run `rake install`.
 
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/godaddy/asherah-ruby.
-
-## Releasing new gem version
+To release a new version, update the version number in `version.rb`, create and push a version tag:
 
 ```
-# Create and push a version tag
 git tag -a v$(rake version) -m "Version $(rake version)"
 git push origin v$(rake version)
-
-# Create a release in Github to trigger .github/workflows/publish.yml workflow
-echo "Version $(rake version)"
 ```
 
+And then create a release in Github with title `echo "Version $(rake version)"` that will trigger `.github/workflows/publish.yml` workflow and push the `.gem` file to [rubygems.org](https://rubygems.org):
+
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/godaddy/asherah-ruby.
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](LICENSE.txt).

data/Rakefile

@@ -2,7 +2,6 @@
 
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
-require 'rubygems/package'
 
 RSpec::Core::RakeTask.new(:spec)
 
@@ -10,112 +9,21 @@ require 'rubocop/rake_task'
 
 RuboCop::RakeTask.new
 
-task default: %i[spec rubocop]
-
-ASHERAH_BIN = 'bin/download-asherah.sh'
-DISTRIBUTIONS = {
-  'x86_64-linux' => ['libasherah-x64.so'],
-  'x86_64-darwin' => ['libasherah-x64.dylib'],
-  'aarch64-linux' => ['libasherah-arm64.so'],
-  'arm64-darwin' => ['libasherah-arm64.dylib']
-}.freeze
-
-def current_filename
-  @current_filename ||=
-    begin
-      require 'cobhan'
-      Class.new.extend(Cobhan).library_file_name('libasherah')
-    end
-end
-
-def current_platform
-  @distribution ||= DISTRIBUTIONS.detect { |_k, v| v.include?(current_filename) }
-  @distribution.first
-end
-
-def native_build(platform, native_files)
-  puts "Building gem for #{platform}"
-
-  pkg_dir = File.join(__dir__, 'pkg')
-  FileUtils.mkdir_p(pkg_dir)
-
-  tmp_gem_dir = File.join(__dir__, 'tmp', platform)
-  FileUtils.rm_rf(tmp_gem_dir, verbose: true)
-  FileUtils.mkdir_p(tmp_gem_dir, verbose: true)
-
-  # Copy files to tmp gem dir
-  gemspec = Bundler.load_gemspec('asherah.gemspec')
-  (gemspec.files + [ASHERAH_BIN]).each do |file|
-    dir = File.dirname(file)
-    filename = File.basename(file)
-    FileUtils.mkdir_p(File.join(tmp_gem_dir, dir))
-    FileUtils.copy_file(file, File.join(tmp_gem_dir, dir, filename))
-  end
-
-  # Set platform for native gem build
-  gemspec.platform = Gem::Platform.new(platform)
-
-  native_dir = 'lib/asherah/native'
-  FileUtils.cd(tmp_gem_dir, verbose: true) do
-    FileUtils.mkdir_p(native_dir)
-    native_files.each do |native_file|
-      native_file_path = File.join(native_dir, native_file)
-
-      # Download native file
-      download_asherah_path = File.join(tmp_gem_dir, ASHERAH_BIN)
-      system("#{download_asherah_path} #{native_file}")
-
-      # Add native file in gemspec
-      gemspec.files << native_file_path
-    end
-
-    package = Gem::Package.build(gemspec)
-    FileUtils.mv package, File.join(pkg_dir, package)
+desc 'Download the binary for the current platform'
+task :download do
+  tmp_dir = 'tmp'
+  FileUtils.mkdir_p(tmp_dir)
+  FileUtils.cd(tmp_dir, verbose: true) do
+    system('ruby ../ext/asherah/extconf.rb')
   end
 end
 
-namespace :native do
-  desc 'Build all native gems'
-  task :build do
-    DISTRIBUTIONS.each do |platform, native_files|
-      native_build(platform, native_files)
-    end
-  end
-
-  namespace :build do
-    DISTRIBUTIONS.each do |platform, native_files|
-      desc "Build native gem for #{platform}"
-      task :"#{platform}" do
-        native_build(platform, native_files)
-      end
-    end
-  end
-
-  namespace :current do
-    desc 'Download asherah binary for current platform'
-    task :download do
-      download_asherah_path = File.join(__dir__, ASHERAH_BIN)
-      system("#{download_asherah_path} #{current_filename}")
-    end
-
-    desc 'Build native gem for current platform'
-    task :build do
-      native_build(current_platform, DISTRIBUTIONS[current_platform])
-    end
-
-    desc 'Smoke test native gem for current platform'
-    task smoke: :build do
-      platform = current_platform
-      gemspec = Bundler.load_gemspec('asherah.gemspec')
-      gemspec.platform = Gem::Platform.new(platform)
-
-      sh('gem uninstall asherah')
-      sh("gem install pkg/#{gemspec.file_name}")
-      sh('ruby spec/smoke_test.rb')
-    end
-  end
-end
+task default: %i[spec rubocop]
+task spec: :download
 
+desc 'Print current version'
 task :version do
   puts Asherah::VERSION
 end
+
+Rake.add_rakelib 'tasks'

data/asherah.gemspec

@@ -27,12 +27,13 @@ Gem::Specification.new do |spec|
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject do |f|
-      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features|tasks)/|\.(?:git|travis|circleci)|appveyor)})
     end
   end
   spec.bindir = 'exe'
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.extensions = ['ext/asherah/extconf.rb']
 
   spec.add_dependency 'cobhan', '~> 0.2.0'
   spec.add_development_dependency 'dotenv', '~> 2.7.6'

data/ext/asherah/checksums.yml

@@ -0,0 +1,5 @@
+version:                v0.4.11
+libasherah-arm64.so:    bc044b74453fc8fceca564fb127c9f2748aeac107791bd24c680ced1fcb7b816
+libasherah-x64.so:      82f10505ef11fba2c8e027668d9b5c89584f73eb1e53a9f5ff21d5705ecffb3a
+libasherah-arm64.dylib: 0b843d002212722c442c990d84e6ceac73c78e1663260be8c3f759a9a283b14a
+libasherah-x64.dylib:   fd0592ed4cdfbc7b3a2534b540c22301a9669c6c37dfb3d28f600ccc9ba975f8

data/ext/asherah/extconf.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'mkmf'
+create_makefile('asherah/asherah')
+
+require_relative 'native_file'
+NativeFile.download

data/ext/asherah/native_file.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'open-uri'
+require 'fileutils'
+require 'digest'
+require 'yaml'
+require 'cobhan'
+
+# Downloads native file and verifies checksum
+class NativeFile
+  LIB_NAME = 'libasherah'
+  ROOT_DIR = File.expand_path('../../', __dir__)
+  CHECKSUMS_FILE = File.expand_path('checksums.yml', __dir__)
+  CHECKSUMS = YAML.load_file(CHECKSUMS_FILE)
+  VERSION = CHECKSUMS.fetch('version')
+  RETRIES = 3
+  RETRY_DELAY = 1
+
+  class << self
+    def download(
+      file_name: Class.new.extend(Cobhan).library_file_name(LIB_NAME),
+      dir: File.join(ROOT_DIR, 'lib/asherah/native')
+    )
+      file_path = File.join(dir, file_name)
+      if File.exist?(file_path)
+        puts "#{file_path} already exists ... skipping download"
+        return
+      end
+
+      checksum = CHECKSUMS.fetch(file_name) do
+        abort "Unsupported platform #{RUBY_PLATFORM}"
+      end
+
+      content = download_content(file_name)
+
+      sha256 = Digest::SHA256.hexdigest(content)
+      abort "Could not verify checksum of #{file_name}" if sha256 != checksum
+
+      FileUtils.mkdir_p(dir)
+      File.binwrite(file_path, content)
+    end
+
+    private
+
+    def download_content(file_name)
+      tries = 0
+
+      begin
+        tries += 1
+        url = "https://github.com/godaddy/asherah-cobhan/releases/download/#{VERSION}/#{file_name}"
+        puts "Downloading #{url}"
+        URI.parse(url).open.read
+      rescue Net::OpenTimeout, Net::ReadTimeout => e
+        if tries <= RETRIES
+          puts "Got #{e.class}... retrying in #{RETRY_DELAY} seconds"
+          sleep RETRY_DELAY
+          retry
+        else
+          raise e
+        end
+      end
+    end
+  end
+end

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.3.0'
+  VERSION = '0.4.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.1
 platform: arm64-darwin
 authors:
 - GoDaddy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-22 00:00:00.000000000 Z
+date: 2022-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan
@@ -100,7 +100,8 @@ description: |
 email:
 - oss@godaddy.com
 executables: []
-extensions: []
+extensions:
+- ext/asherah/extconf.rb
 extra_rdoc_files: []
 files:
 - ".rspec"
@@ -115,6 +116,9 @@ files:
 - Rakefile
 - SECURITY.md
 - asherah.gemspec
+- ext/asherah/checksums.yml
+- ext/asherah/extconf.rb
+- ext/asherah/native_file.rb
 - lib/asherah.rb
 - lib/asherah/config.rb
 - lib/asherah/error.rb