@lazycatcloud/lzc-cli 1.3.17 → 2.0.0-pre.1

package/lib/migrate/index.js

@@ -0,0 +1,52 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import logger from 'loglevel';
+import { LpkBuild } from '../app/lpk_build.js';
+import { dumpToYaml, loadFromYaml } from '../utils.js';
+import { PACKAGE_FILE_NAME, splitManifestAndPackageInfo } from '../package_info.js';
+
+async function migrateHandler({ context, file }) {
+	const cwd = context ? path.resolve(context) : process.cwd();
+	const build = new LpkBuild(cwd, file || 'lzc-build.yml');
+	const manifestPath = build.manifestFilePath;
+	const packageFilePath = build.packageFilePath;
+
+	if (fs.existsSync(packageFilePath)) {
+		logger.info(`package metadata already exists at ${packageFilePath}`);
+		return;
+	}
+
+	let manifest;
+	try {
+		manifest = loadFromYaml(manifestPath) ?? {};
+	} catch {
+		throw new Error(`Cannot auto-migrate templated manifest: ${manifestPath}`);
+	}
+
+	const split = splitManifestAndPackageInfo(manifest);
+	if (Object.keys(split.packageInfo).length === 0) {
+		throw new Error(`No static package fields found in ${manifestPath}`);
+	}
+
+	dumpToYaml(split.packageInfo, packageFilePath);
+	dumpToYaml(split.manifest, manifestPath);
+
+	logger.info(`wrote ${PACKAGE_FILE_NAME}: ${packageFilePath}`);
+	logger.info(`updated manifest: ${manifestPath}`);
+}
+
+export function migrateCommand(program) {
+	program.command({
+		command: 'migrate [context]',
+		desc: 'Migrate manifest package metadata to package.yml',
+		builder: (args) => {
+			args.option('f', {
+				alias: 'file',
+				describe: 'Build config file',
+				type: 'string',
+				default: 'lzc-build.yml',
+			});
+		},
+		handler: migrateHandler,
+	});
+}

package/lib/package_info.js

@@ -0,0 +1,135 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import yaml from 'js-yaml';
+import { fakeLoadManifestText, fakeLoadManifestYml, loadFromYaml } from './utils.js';
+
+export const PACKAGE_FILE_NAME = 'package.yml';
+export const STATIC_PACKAGE_FIELDS = [
+	'package',
+	'version',
+	'name',
+	'description',
+	'author',
+	'license',
+	'homepage',
+	'min_os_version',
+	'unsupported_platforms',
+	'locales',
+];
+
+function hasOwn(obj, key) {
+	return Object.prototype.hasOwnProperty.call(obj ?? {}, key);
+}
+
+function readYamlIfExists(filePath) {
+	if (!filePath || !fs.existsSync(filePath)) {
+		return null;
+	}
+	return yaml.load(fs.readFileSync(filePath, 'utf-8')) ?? {};
+}
+
+function tryLoadManifestText(manifestText) {
+	const text = String(manifestText ?? '');
+	const hasGoTemplate = text.includes('{{') && text.includes('}}');
+	try {
+		return {
+			data: yaml.load(text) ?? {},
+			excp: hasGoTemplate,
+		};
+	} catch {
+		return {
+			data: fakeLoadManifestText(text) ?? {},
+			excp: true,
+		};
+	}
+}
+
+export function loadManifestFile(manifestPath) {
+	try {
+		return loadFromYaml(manifestPath) ?? {};
+	} catch {
+		return fakeLoadManifestYml(manifestPath) ?? {};
+	}
+}
+
+export function loadManifestText(manifestText) {
+	return tryLoadManifestText(manifestText).data;
+}
+
+export function loadPackageFile(packageFilePath) {
+	return readYamlIfExists(packageFilePath);
+}
+
+export function defaultPackageFilePath(manifestPath) {
+	return path.join(path.dirname(manifestPath), PACKAGE_FILE_NAME);
+}
+
+export function findManifestStaticFields(manifest) {
+	return STATIC_PACKAGE_FIELDS.filter((field) => hasOwn(manifest, field));
+}
+
+export function ensureManifestStaticFieldsAbsent(manifest, manifestPath) {
+	const invalidFields = findManifestStaticFields(manifest);
+	if (invalidFields.length === 0) {
+		return;
+	}
+	throw new Error(`Static package fields must be moved from ${manifestPath} to ${PACKAGE_FILE_NAME}: ${invalidFields.join(', ')}`);
+}
+
+export function applyPackageFileToManifest(manifest, packageInfo) {
+	const nextManifest = { ...(manifest ?? {}) };
+	for (const field of STATIC_PACKAGE_FIELDS) {
+		delete nextManifest[field];
+	}
+	if (!packageInfo) {
+		return nextManifest;
+	}
+	for (const field of STATIC_PACKAGE_FIELDS) {
+		if (hasOwn(packageInfo, field)) {
+			nextManifest[field] = packageInfo[field];
+		}
+	}
+	return nextManifest;
+}
+
+export function splitManifestAndPackageInfo(manifest, basePackageInfo = null) {
+	const manifestOnly = { ...(manifest ?? {}) };
+	const packageInfo = { ...(basePackageInfo ?? {}) };
+	for (const field of STATIC_PACKAGE_FIELDS) {
+		if (hasOwn(manifestOnly, field)) {
+			packageInfo[field] = manifestOnly[field];
+			delete manifestOnly[field];
+		}
+	}
+	return {
+		manifest: manifestOnly,
+		packageInfo,
+	};
+}
+
+export function loadEffectiveManifest(manifestPath, options = {}) {
+	const hasInlineManifestText = Object.prototype.hasOwnProperty.call(options, 'manifestText');
+	const loadedManifest = hasInlineManifestText
+		? tryLoadManifestText(options.manifestText)
+		: { data: loadManifestFile(manifestPath), excp: false };
+	const sourceManifest = loadedManifest.data;
+	const packageFilePath = options.packageFilePath || defaultPackageFilePath(manifestPath);
+	const hasPackageFile = fs.existsSync(packageFilePath);
+	const packageInfo = hasPackageFile ? loadPackageFile(packageFilePath) ?? {} : null;
+	if (hasPackageFile && options.strictStaticFields) {
+		ensureManifestStaticFieldsAbsent(sourceManifest, manifestPath);
+	}
+	const manifest = hasPackageFile ? applyPackageFileToManifest(sourceManifest, packageInfo) : sourceManifest;
+	return {
+		manifest,
+		sourceManifest,
+		packageInfo,
+		hasPackageFile,
+		packageFilePath,
+		excpManifest: loadedManifest.excp,
+	};
+}
+
+export function loadEffectiveManifestFromFiles(manifestPath, options = {}) {
+	return loadEffectiveManifest(manifestPath, options);
+}

package/lib/shellapi.js

@@ -23,7 +23,9 @@ function getShellAPIConfigDir() {
 }
 
 class ShellApi {
-	constructor() { }
+	constructor() {
+		this.clientId = '';
+	}
 
 	async init() {
 		// 检查当前 shell 环境上下文是否配置 HTTP_PROXY
@@ -109,6 +111,38 @@ NOTE：在指定环境变量的模式下，有些接口依旧不能访问，为
 		});
 	}
 
+	async queryShellCoreInfo() {
+		if (!this.client) {
+			return {};
+		}
+		return new Promise((resolve, reject) => {
+			this.client.queryShellCoreInfo({}, this.metadata, function (err, response) {
+				if (err) {
+					reject(err);
+					return;
+				}
+				resolve(response);
+			});
+		});
+	}
+
+	async resolveClientId() {
+		const cached = String(this.clientId ?? '').trim();
+		if (cached) {
+			return cached;
+		}
+		if (!this.client) {
+			return '';
+		}
+		const info = await this.queryShellCoreInfo();
+		const clientId = String(info?.id ?? '').trim();
+		if (!clientId) {
+			throw new Error('resolve client id failed: empty shell core id');
+		}
+		this.clientId = clientId;
+		return clientId;
+	}
+
 	async initBoxInfo() {
 		try {
 			const boxes = await this.boxList();

package/lib/sig/core.js

@@ -0,0 +1,254 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import archiver from 'archiver';
+import AdmZip from 'adm-zip';
+import * as tar from 'tar';
+import { loadEffectiveManifestFromFiles } from '../package_info.js';
+import { t } from '../i18n/index.js';
+
+function toPosixPath(filePath) {
+	return filePath.split(path.sep).join('/');
+}
+
+function detectPackageFormat(pkgPath) {
+	const ext = path.basename(pkgPath).toLowerCase();
+	if (ext.endsWith('.lpk.tar') || ext.endsWith('.tar')) {
+		return 'tar';
+	}
+	const fd = fs.openSync(pkgPath, 'r');
+	try {
+		const header = Buffer.alloc(4);
+		fs.readSync(fd, header, 0, 4, 0);
+		if (header[0] === 0x50 && header[1] === 0x4b) {
+			return 'zip';
+		}
+	} finally {
+		fs.closeSync(fd);
+	}
+	return 'tar';
+}
+
+async function extractPackage(pkgPath, format, destDir) {
+	if (format === 'zip') {
+		const zip = new AdmZip(pkgPath);
+		zip.extractAllTo(destDir, true);
+		return;
+	}
+	await tar.x({
+		file: pkgPath,
+		cwd: destDir,
+	});
+}
+
+async function packAsZip(srcDir, outPath) {
+	return new Promise((resolve, reject) => {
+		const output = fs.createWriteStream(outPath);
+		const archive = archiver('zip');
+		archive.on('error', reject);
+		output.on('error', reject);
+		output.on('close', resolve);
+		archive.pipe(output);
+		archive.directory(srcDir, false);
+		archive.finalize();
+	});
+}
+
+async function packAsTar(srcDir, outPath) {
+	const entries = fs.readdirSync(srcDir).sort();
+	await tar.c(
+		{
+			cwd: srcDir,
+			file: outPath,
+			portable: true,
+		},
+		entries,
+	);
+}
+
+async function packPackage(srcDir, format, outPath) {
+	if (format === 'zip') {
+		return packAsZip(srcDir, outPath);
+	}
+	return packAsTar(srcDir, outPath);
+}
+
+function walkFilesRecursive(dir, baseDir = dir) {
+	const result = [];
+	if (!fs.existsSync(dir)) {
+		return result;
+	}
+	for (const entry of fs.readdirSync(dir)) {
+		const absPath = path.join(dir, entry);
+		const stat = fs.statSync(absPath);
+		if (stat.isDirectory()) {
+			result.push(...walkFilesRecursive(absPath, baseDir));
+			continue;
+		}
+		if (stat.isFile()) {
+			result.push(toPosixPath(path.relative(baseDir, absPath)));
+		}
+	}
+	return result;
+}
+
+async function sha256File(filePath) {
+	return new Promise((resolve, reject) => {
+		const hash = crypto.createHash('sha256');
+		let size = 0;
+		const stream = fs.createReadStream(filePath);
+		stream.on('data', (chunk) => {
+			size += chunk.length;
+			hash.update(chunk);
+		});
+		stream.on('error', reject);
+		stream.on('end', () => {
+			resolve({
+				digest: hash.digest('hex'),
+				size,
+			});
+		});
+	});
+}
+
+function loadManifestInfo(workDir) {
+	const manifestPath = path.join(workDir, 'manifest.yml');
+	if (!fs.existsSync(manifestPath)) {
+		return { appid: '', version: '' };
+	}
+	try {
+		const manifest = loadEffectiveManifestFromFiles(manifestPath).manifest;
+		return {
+			appid: manifest?.package ?? '',
+			version: manifest?.version ? String(manifest.version) : '',
+		};
+	} catch {
+		return { appid: '', version: '' };
+	}
+}
+
+function hasMetaSignData(workDir) {
+	const releaseLock = path.join(workDir, 'META', 'release.lock');
+	const sigDir = path.join(workDir, 'META', 'signatures');
+	if (fs.existsSync(releaseLock)) {
+		return true;
+	}
+	if (!fs.existsSync(sigDir) || !fs.statSync(sigDir).isDirectory()) {
+		return false;
+	}
+	return fs.readdirSync(sigDir).some((f) => f.endsWith('.sig'));
+}
+
+async function writeMetaSignatureFiles(workDir, privateKeyPath, publicKeyPath, keyId) {
+	const filePaths = walkFilesRecursive(workDir)
+		.filter((p) => !p.startsWith('META/'))
+		.sort();
+	const objects = [];
+	for (const relPath of filePaths) {
+		const absPath = path.join(workDir, relPath);
+		const { digest, size } = await sha256File(absPath);
+		objects.push({
+			path: relPath,
+			digest: `sha256:${digest}`,
+			size,
+		});
+	}
+
+	const manifestInfo = loadManifestInfo(workDir);
+	const releaseLock = {
+		schema: 'lazycat.lpk.release-lock/v1',
+		appid: manifestInfo.appid,
+		version: manifestInfo.version,
+		objects,
+	};
+	const releaseLockContent = Buffer.from(JSON.stringify(releaseLock, null, 2));
+
+	const privateKeyPem = fs.readFileSync(privateKeyPath, 'utf-8');
+	const publicKeyPem = fs.readFileSync(publicKeyPath, 'utf-8');
+	const privateKey = crypto.createPrivateKey(privateKeyPem);
+	const signature = crypto.sign(null, releaseLockContent, privateKey).toString('base64');
+
+	const metaDir = path.join(workDir, 'META');
+	const keyDir = path.join(metaDir, 'keys');
+	const sigDir = path.join(metaDir, 'signatures');
+	fs.mkdirSync(keyDir, { recursive: true });
+	fs.mkdirSync(sigDir, { recursive: true });
+	fs.writeFileSync(path.join(metaDir, 'release.lock'), releaseLockContent);
+	fs.writeFileSync(path.join(keyDir, `${keyId}.pub`), publicKeyPem);
+	fs.writeFileSync(
+		path.join(sigDir, `${keyId}.sig`),
+		JSON.stringify(
+			{
+				schema: 'lazycat.lpk.signature/v1',
+				algorithm: 'ed25519',
+				key_id: keyId,
+				signed_file: 'META/release.lock',
+				signature,
+			},
+			null,
+			2,
+		),
+	);
+}
+
+export async function signPackageFile(pkgPath, options = {}) {
+	const { privateKey, publicKey, keyId = 'dev', output, resign = false } = options;
+
+	if (!pkgPath || !fs.existsSync(pkgPath)) {
+		throw new Error(t('lzc_cli.lib.sig.index.pkg_not_found_fail', `Package not found: ${pkgPath}`));
+	}
+
+	const resolvedPrivateKey = privateKey ? path.resolve(privateKey) : path.resolve('.sig', `${keyId}.ed25519.private.pem`);
+	const resolvedPublicKey = publicKey ? path.resolve(publicKey) : path.resolve('.sig', `${keyId}.ed25519.public.pem`);
+	if (!fs.existsSync(resolvedPrivateKey)) {
+		throw new Error(t('lzc_cli.lib.sig.index.private_key_not_found_fail', `Private key not found: ${resolvedPrivateKey}`));
+	}
+	if (!fs.existsSync(resolvedPublicKey)) {
+		throw new Error(t('lzc_cli.lib.sig.index.public_key_not_found_fail', `Public key not found: ${resolvedPublicKey}`));
+	}
+
+	const format = detectPackageFormat(pkgPath);
+	const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'lzc-cli-sign-'));
+	const outTemp = path.join(tempDir, format === 'zip' ? 'signed.lpk' : 'signed.lpk.tar');
+	const workDir = path.join(tempDir, 'work');
+	fs.mkdirSync(workDir, { recursive: true });
+	try {
+		await extractPackage(pkgPath, format, workDir);
+		if (resign) {
+			fs.rmSync(path.join(workDir, 'META'), { recursive: true, force: true });
+		} else if (hasMetaSignData(workDir)) {
+			throw new Error(t('lzc_cli.lib.sig.index.package_already_signed_fail', 'Package already signed, use `lzc-cli lpk sign --resign`'));
+		}
+
+		await writeMetaSignatureFiles(workDir, resolvedPrivateKey, resolvedPublicKey, keyId);
+		await packPackage(workDir, format, outTemp);
+
+		const finalPath = output ? path.resolve(output) : path.resolve(pkgPath);
+		fs.mkdirSync(path.dirname(finalPath), { recursive: true });
+		fs.copyFileSync(outTemp, finalPath);
+		return finalPath;
+	} finally {
+		fs.rmSync(tempDir, { recursive: true, force: true });
+	}
+}
+
+export function generateKeyPair(outputDir, name, force = false) {
+	const targetDir = path.resolve(outputDir || process.cwd());
+	fs.mkdirSync(targetDir, { recursive: true });
+
+	const privateKeyPath = path.join(targetDir, `${name}.ed25519.private.pem`);
+	const publicKeyPath = path.join(targetDir, `${name}.ed25519.public.pem`);
+	if (!force && (fs.existsSync(privateKeyPath) || fs.existsSync(publicKeyPath))) {
+		throw new Error(t('lzc_cli.lib.sig.index.key_exists_fail', `Key files already exist: ${privateKeyPath}, ${publicKeyPath}`));
+	}
+
+	const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519');
+	const privateKeyPem = privateKey.export({ type: 'pkcs8', format: 'pem' });
+	const publicKeyPem = publicKey.export({ type: 'spki', format: 'pem' });
+
+	fs.writeFileSync(privateKeyPath, privateKeyPem);
+	fs.chmodSync(privateKeyPath, 0o600);
+	fs.writeFileSync(publicKeyPath, publicKeyPem);
+	return { privateKeyPath, publicKeyPath };
+}

package/lib/sig/index.js

@@ -0,0 +1,88 @@
+import logger from 'loglevel';
+import { t } from '../i18n/index.js';
+import { generateKeyPair, signPackageFile } from './core.js';
+
+function signBuilder(args) {
+	args.option('private-key', {
+		alias: 'k',
+		describe: t('lzc_cli.lib.sig.index.sign_private_key_desc', 'Private key path'),
+		type: 'string',
+	});
+	args.option('public-key', {
+		alias: 'p',
+		describe: t('lzc_cli.lib.sig.index.sign_public_key_desc', 'Public key path'),
+		type: 'string',
+	});
+	args.option('key-id', {
+		describe: t('lzc_cli.lib.sig.index.sign_key_id_desc', 'Signature key id'),
+		type: 'string',
+		default: 'dev',
+	});
+	args.option('o', {
+		alias: 'output',
+		describe: t('lzc_cli.lib.sig.index.sign_output_desc', 'Output package path'),
+		type: 'string',
+	});
+	args.option('resign', {
+		describe: t('lzc_cli.lib.sig.index.sign_resign_desc', 'Force replace existing META signature'),
+		type: 'boolean',
+		default: false,
+	});
+}
+
+async function signHandler({ pkgPath, privateKey, publicKey, keyId, output, resign }) {
+	const out = await signPackageFile(pkgPath, {
+		privateKey,
+		publicKey,
+		keyId,
+		output,
+		resign: !!resign,
+	});
+	logger.info(`${resign ? 're-signed' : 'signed'} package: ${out}`);
+}
+
+export function sigCommand(program) {
+	const subCommands = [
+		{
+			command: '$0 <pkgPath>',
+			desc: t('lzc_cli.lib.sig.index.sign_desc', 'Sign lpk package'),
+			builder: signBuilder,
+			handler: signHandler,
+		},
+		{
+			command: 'gen-key [outputDir]',
+			desc: t('lzc_cli.lib.sig.index.gen_key_desc', 'Generate developer key pair'),
+			builder: (args) => {
+				args.option('name', {
+					describe: t('lzc_cli.lib.sig.index.gen_key_name_desc', 'Key name'),
+					type: 'string',
+					default: 'dev',
+				});
+				args.option('force', {
+					describe: t('lzc_cli.lib.sig.index.gen_key_force_desc', 'Overwrite existing key files'),
+					type: 'boolean',
+					default: false,
+				});
+			},
+			handler: async ({ outputDir, name, force }) => {
+				const { privateKeyPath, publicKeyPath } = generateKeyPair(outputDir || '.sig', name, force);
+				logger.info(`private key: ${privateKeyPath}`);
+				logger.info(`public key: ${publicKeyPath}`);
+			},
+		},
+		{
+			command: 'sign <pkgPath>',
+			desc: t('lzc_cli.lib.sig.index.sign_desc', 'Sign lpk package'),
+			builder: signBuilder,
+			handler: signHandler,
+		},
+	];
+
+	program.command({
+		command: 'sig',
+		desc: t('lzc_cli.lib.sig.index.sig_cmd_desc', 'LPK signature tools'),
+		builder: (args) => {
+			args.command(subCommands);
+		},
+	});
+}