fix: Bring claim_v2 branch up to date with main branch (#809)

* Fix Make release script & update readme (contentauth/c2patool#55) * Updates publish workflow to upload binaries to github (contentauth/c2patool#58) Co-authored-by: Jack Farzan <[email protected]> Co-authored-by: Eric Scouten <[email protected]> * chore: Update README.md (contentauth/c2patool#54) * Update README.md Co-authored-by: Rand McKinney <[email protected]> * Add --info option (contentauth/c2patool#65) * reduce release binary size * Add -info option, improve error handling * improve error reporting * chore: Fix publish CI workflow (contentauth/c2patool#67) * chore: Fix a couple more spots where step renaming was missed * chore: Also, we need an admin token to later push back to the repo * chore: Move GitHub release step into repo-prep workflow * chore: Fix tagging step * Prepare 0.3.1 release * chore: Publish from the newly-created commit * Upgrade cpufeatures to non-yanked version (contentauth/c2patool#68) * Prepare 0.3.2 release * Fix name mismatch that caused binary publish to fail * Prepare 0.3.3 release * Put the binary outputs in the correct release * Prepare 0.3.4 release * Fix reference to previous version tag * Prepare 0.3.5 release * chore: Remove changelog history for partial releases * Update Cargo.lock to 0.3.5 * chore: update readme --info (contentauth/c2patool#70) * Update Cargo.lock when publishing crate (contentauth/c2patool#71) * Prepare 0.3.6 release * Fetch remote manifests for --info (contentauth/c2patool#75) * Better message when fail to fetch remote manifest * Add info integration tests * Update sdk to get remote manifest data * info not found integration test * fix manifest size report for remote * Treat a source asset with a manifest store as a default parent (contentauth/c2patool#76) * treat source with claim as default parent ingredient * Prepare 0.3.7 release * Readme updates (contentauth/c2patool#62) authored-by: Rand McKinney <[email protected]> * Fix new Clippy warning in Rust 1.65 (contentauth/c2patool#84) * Build infrastructure improvements (contentauth/c2patool#85) Adapted from https://github.com/adobe/xmp-toolkit-rs * Build crate 3x/week and alert on error * Include recommended fix for CodeCov flakiness * Add notes about warnings in publish workflow * Bump c2pa from 0.13.2 to 0.15.0 (contentauth/c2patool#87) * Prepare 0.3.8 release * allows clients to output manifest report to specified directory (contentauth/c2patool#91) * allows clients to output manifest report to specified directory * appeases clippy * implements feedback * supports `detailed` flag when writing * organizes thumbnails in a directory named for the manifest in which it appears * updates manifest extension to `.json` * accounts for thumbnail title having different extension from thumbnail data * simplifies add extension to ingredient thumbnail file name Co-authored-by: Dylan Ross <[email protected]> * update to c2pa-rs 0.16.0 * Prepare 0.3.9 release * Update for Clippy in Rust 1.67 (contentauth/c2patool#101) * update to cp2pa 0.17.0 (contentauth/c2patool#105) * feat: Add --certs and --tree options (contentauth/c2patool#106) --certs extracts the certificate chain --tree displays a graphic tree view of manifest store structure * Prepare 0.4.0 release * chore: Fix a warning flagged by Clippy in Rust 1.68 (contentauth/c2patool#110) * Leverage new Manifest & Ingredient, add Ingredient creation. (contentauth/c2patool#107) * integration with resource_stores in c2pa_rs 0.17.0 * Add --ingredient option to generate ingredients * Add SignConfig, remove ManifestConfig * struct-op to clap conversion * feat: New ingredient support and c2pa file formats (contentauth/c2patool#111) Update to c2pa-rs 0.19 Adds support for many new formats add ingredient_paths to support ingredients as files or JSON Updates to README and schema Add simple ingredient report injects c2patool claim_generator * Prepare 0.5.0 release * Update expired sample certs (contentauth/c2patool#113) * Update expired sample certs * Remove root cert * chore: Change relative links to absolute to fix doc build (contentauth/c2patool#115) * Update README.md (contentauth/c2patool#118) * chore: Update README.md (contentauth/c2patool#119) * Prepare 0.5.1 release * Ingredient thumbnails, extension cleanup, toolkit update (contentauth/c2patool#120) Thumb and extension fixes fix ingredient thumbnail loading remove manifest preview feature test for similar extensions update c2pa-rs Add svg support * Prepare 0.5.2 release * Parent Ingredient JSON (contentauth/c2patool#123) * Ingredient improvements and fixes * fix bug where ingredient thumbnails were not generated * an ingredient.json file or folder can now be passed on the command line --parent option. * if a folder is passed as an ingredient, the tool will look for an ingredient.json fle in that folder. * fix --parent is no longer relative to the --manifest path * Set correct base path for ingredient_path json files identifiers are relative to ingredient.json location Update integration test * Prepare 0.5.3 release * Update README.md (contentauth/c2patool#124) Add link to c2pa-service-example * c2pa-rs 23.0 + updated test * integrate c2pa 23.0 bump version (contentauth/c2patool#126) * integrate c2pa 23.1 bump version * Prepare 0.5.4 release * feat: update to c2pa-rs 0.24.0 (contentauth/c2patool#127) * Prepare 0.6.0 release * use compress-archive instead of tar (contentauth/c2patool#130) Co-authored-by: Jack Farzan <[email protected]> * Prepare 0.6.1 release * Fix windows release (contentauth/c2patool#132) * Fix windows release Switch from tar/compress to 7z for windows release * Added 7zip note * chore: Update README.md (contentauth/c2patool#131) * Update README.md Made header levels consistent, and some minor grammar, spelling, formatting and punctuation corrections. * update cargo crates to get around build block --------- Co-authored-by: Gavin Peacock <[email protected]> * Updates to c2pa-rs 0.25.1 (contentauth/c2patool#128) * update to c2pa-rs 0.25.1 * chore: Split README into several files in new docs dir (contentauth/c2patool#136) * Split README into several files, cread docs dir * Change link to spec 1.3, make doc links absolute * minor wording edits * Add Docusaurus styling so xrefs to other md pages in repo is not displayed on site * Make link relative not absolute * Update release-notes.md * Fix link in CONTRIBUTING.md to CODE_OF_CONDUCT.md, add README TOC * Move TOC to better location in README --------- Co-authored-by: Rand McKinney <[email protected]> * Fix issue with docusaurus styling and fix broken links (contentauth/c2patool#138) Co-authored-by: Rand McKinney <[email protected]> * chore: Add nightly build process (contentauth/c2patool#139) * chore: Update CI/CD actions (contentauth/c2patool#140) * chore: Update chrono dep to 0.4.28, which satisfies latest nightly c2pa-rs requirement (contentauth/c2patool#141) * Upgrade to c2pa-rs 0.26.0 (contentauth/c2patool#143) (Fixes nightly build issues with openssl.) * chore: Fix link to nightly build docs in README.md (contentauth/c2patool#142) * chore: Apply same rustfmt configuration as c2pa-rs (contentauth/c2patool#145) Replaces contentauth/c2patool#45. * Add Do not train example * update to c2pa 0.27.1 (contentauth/c2patool#146) Adds mp3 Adds PDF read only support update Readme * chore: Fix bugs in publish workflow related to change in GH Actions API (contentauth/c2patool#147) * Prepare 0.6.2 release * chore: Doc update for manifest docs (contentauth/c2patool#148) * Make clear that these files etc are in context of c2patool * Clean up example doc file * Clarify tool specific fields * Add tool specific fields to manifest snippet Authored-by: Rand McKinney <[email protected]> * Update to c2pa-rs 0.28.1 * feat: updates to c2pa-rs v0.28.2 (contentauth/c2patool#153) * updates to c2pa-rs v0.28.0 * Bumped to 0.28.1 * Update to c2pa-rs 0.28.2 * Prepare 0.7.0 release * adds version to c2patool artifact names (contentauth/c2patool#158) Co-authored-by: Jack Farzan <[email protected]> * Add trust and verification options to c2pa_tool (contentauth/c2patool#168) * Add trust and verification options to c2pa_tool * fix formatting * Fix typo * Sample files * README clarification and formatting * Make example commands consistent, fix table column width, add xref link, etc --------- Co-authored-by: Rand McKinney <[email protected]> * feat: allow clients to sign with a process outside of c2patool (contentauth/c2patool#169) * allow clients to sign with a process outside of c2patool * builds bins for coverage tests * removes pub key * removes extra println * includes stderr; shows stderr from child process is included in error * adds better docs * improves docs; renames signer-process to signer-path. * adds docs and default value for reserve_size * replaces TODO with proper docs * removes extraneous else --------- Co-authored-by: Dylan Ross <[email protected]> * Prepare 0.8.0 release * use c2pa-rs 0.31.1 for actions.changes support (contentauth/c2patool#170) the actions.changes field will soon be added to the spec, this anticipates that. * Prepare 0.8.1 release * fixed c2patool asset name (contentauth/c2patool#171) Co-authored-by: Jack Farzan <[email protected]> * Prepare 0.8.2 release * feat: Add HTTP source option for trust config (contentauth/c2patool#174) * Add URL support for trust configuration settings * Add file tests * Add URL tests * Integrate with c2pa-rs 0.32.0, various test case fixes. (contentauth/c2patool#175) * Added error message for manifest without output target. Update c2pa-rs and remove xmp_write feature. * Update to c2pa-rs 0.32.0, with various fixes. * Prepare 0.9.0 release * Add better support for cargo-binstall (contentauth/c2patool#177) * Add better support for cargo-binstall * Clarify different installation methods * Update `time` crate so tests pass on latest nightly (1.80) --------- Co-authored-by: Rand McKinney <[email protected]> * Prepare 0.9.1 release * Remove integration tests for now due to extraneous binaries (contentauth/c2patool#178) * Remove integration tests for now due to extraneous binaries * Remove `bin` key * Add comment about defaults * Prepare 0.9.2 release * Remove binary modules (contentauth/c2patool#179) * Prepare 0.9.3 release * Document how to specify an icon (contentauth/c2patool#182) Co-authored-by: Rand McKinney <[email protected]> * Match c2pa-rs minimum toolchain version and test in CI (contentauth/c2patool#188) * Update c2patool (contentauth/c2patool#190) * Prepare 0.9.4 release * added security.md (contentauth/c2patool#196) Co-authored-by: Jack Farzan <[email protected]> * Update to lastest c2pa-rs (contentauth/c2patool#197) * Update c2patool * Update to latest SDK * Prepare 0.9.5 release * chore: Clarify use of test cert/key and general doc edits (contentauth/c2patool#193) * README edits * README edits * Edits per Gavin * Remove example col from table for readability * Add css class to trust options table --------- Co-authored-by: Rand McKinney <[email protected]> * Updates cargo packages and cargo.deny file. (contentauth/c2patool#200) Adds a readme update as well. * chore: Simplify nightly workflow and make it more like the one in c2pa-rs (contentauth/c2patool#144) * chore: Simplify nightly workflow and make it more like the one in c2pa-rs * Restore generation of changelog for nightly builds * Bump env_logger from 0.10.2 to 0.11.4 (contentauth/c2patool#204) * Bump env_logger from 0.10.2 to 0.11.4 Bumps [env_logger](https://github.com/rust-cli/env_logger) from 0.10.2 to 0.11.4. - [Release notes](https://github.com/rust-cli/env_logger/releases) - [Changelog](https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md) - [Commits](rust-cli/env_logger@v0.10.2...v0.11.4) --- updated-dependencies: - dependency-name: env_logger dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update env_logger, clap, predicates and mockall --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gavin Peacock <[email protected]> * only run tests/clippy if labeled (contentauth/c2patool#205) Co-authored-by: Jack Farzan <[email protected]> * Pull latest c2pa-rs bug fixes into c2patool (contentauth/c2patool#212) * Pull latest c2pa-rs bug fixes into c2patool Updated help strings around trust and signing * Update c2pa version * Prepare 0.9.6 release * Update security guidance to link to SECURITY.md (contentauth/c2patool#217) Co-authored-by: Rand McKinney <[email protected]> * Remove rust toolchain version lock (contentauth/c2patool#221) * Remove rust toolchain version lock Forcing due to stuck CI * Update to latest c2pa SDK (contentauth/c2patool#222) * Update c2patool * Update to latest SDK * Update to latest c2pa-rs * Prepare 0.9.7 release * Add warning about accessing a private key directly (contentauth/c2patool#218) * Add warning about accessing a private key directly * Update README.md * Update README.md * Update README.md Reword per discussion w Maurice & Gavin --------- authored-by: Rand McKinney <[email protected]> * Initial fragment support (contentauth/c2patool#230) * Initial fragment support * code review fixes * Prepare 0.9.8 release * Remove no-longer-maintained clippy-check action (contentauth/c2patool#238) Also: Configure Dependabot to suggest new action steps when available * chore: Debug which branch we're pulling  * Bump actions/checkout from 3 to 4 (contentauth/c2patool#243) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Switch back to using `pull_request` instead of `pull_request_target` trigger * chore: Fix current Clippy warnings (contentauth/c2patool#244) * Document fragment subcommand (contentauth/c2patool#236) * Document fragment subcommand * Review comments * add examples * wording * Modify example cmd per Maurice --------- Co-authored-by: Rand McKinney <[email protected]> * Pull in latest bug fixes (contentauth/c2patool#237) * Pull in latest bug fixes * clippy fixes * Test build fix * Clippy fixes. * Try again? --------- Co-authored-by: Eric Scouten <[email protected]> Co-authored-by: Gavin Peacock <[email protected]> * Prepare 0.9.9 release * Update c2ptool to use latest c2pa-rs (contentauth/c2patool#258) * Update c2patool * Update to latest SDK * Update to latest c2pa-rs * update to latest c2pa-rs to get bug fixes * Prepare 0.9.10 release * Merge hardening bug fixes (contentauth/c2patool#260) * Update c2patool * Update to latest SDK * Update to latest c2pa-rs * update to latest c2pa-rs to get bug fixes * Grab hardening bug fixes * Update lock file * Try again --------- Co-authored-by: Eric Scouten <[email protected]> * Prepare 0.9.11 release * chore: Adjust conditions for running CI jobs (contentauth/c2patool#261) * Bump EmbarkStudios/cargo-deny-action from 1 to 2 (contentauth/c2patool#245) Bumps [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) from 1 to 2. - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](EmbarkStudios/cargo-deny-action@v1...v2) --- updated-dependencies: - dependency-name: EmbarkStudios/cargo-deny-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Skip CodeCov upload for non-member PRs (contentauth/c2patool#263) (We don't have access to the CodeCov token, which means the upload will likely be rate-limited and fail.) * chore: Debug action context * chore: Retry debug * chore: Don't skip CI jobs for non-pull-request events * chore: Format for consistency with c2pa-rs CI workflow (contentauth/c2patool#265) * chore: Debug CI again * chore: Run all CI jobs when user is dependabot[bot] * Bump codecov/codecov-action from 3 to 4 (contentauth/c2patool#242) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3...v4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix broken link that was causing os site workflow to fail (contentauth/c2patool#266) * fix: Update c2pa-rs for RegionOfInterest support. (contentauth/c2patool#269) * Prepare 0.9.12 release * enlarged description of c2pa command-line behavior (contentauth/c2patool#285) Signed-off-by: Tim Bray <[email protected]> * chore: uploads sbom as artifact (contentauth/c2patool#293) Co-authored-by: Dylan Ross <[email protected]> * feat: Updates c2patool to use only the new Builder/Reader API (contentauth/c2patool#297) * chore: Update to the 24 Builder API (WIP) * chore: Move tree implementation into tool * Use released c2pa-rs * Adds integration tests for tree and info features. * Add unit test for tree * doc: Update Contributing guide, misc minor edits (contentauth/c2patool#296) * Update CONTRIBUTING.md Add section on PR titles, change headings to sentence case. * Update README.md Remove manual page TOC since GH now provides it automatically. * Consolidate supported formats in c2pa-rs * Update release notes with items from CHANGELOG * Move some content into files in docs dir, add xrefs to manifest info * Missed some xrefs * typo * Reduce set of required PR title prefixes per @gpeacock * clarify conv commits requirements * Retitle cert doc, fix ext links for Docusaurus * chore: ignore warnings for RUSTSEC-2024-0399" (contentauth/c2patool#300) * chore: ignore warnings for RUSTSEC-2024-0399" This does not apply to us. Also ran cargo update. * chore: Adds acceptance of Unicode-3.0 * chore: bump MarcoIeni/release-plz-action from 0.5.83 to 0.5.85 (#700) Bumps [MarcoIeni/release-plz-action](https://github.com/marcoieni/release-plz-action) from 0.5.83 to 0.5.85. - [Release notes](https://github.com/marcoieni/release-plz-action/releases) - [Commits](release-plz/action@v0.5.83...v0.5.85) --- updated-dependencies: - dependency-name: MarcoIeni/release-plz-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * chore: Move SHA-256 hash fn into c2pa-crypto (#708) * chore: Move `parse_ec_der_sig` to `c2pa-crypto` (#710) * chore: To do list for c2pa-crypto migration of cose_validator.rs * chore: Remove `cose_validator` dep on `validation_status` (#712) (Codes are actually located now in `c2pa-status-tracker` crate.) * chore: bump codecov/codecov-action from 4 to 5 (#686) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Move `fn gt_to_datetime` to `cose_validator.rs` (last place that uses it) (#714) * chore: Move `sigTst` handling into `c2pa-crypto` (#715) * fix: Remove `c2pa::Signer` dependency on `c2pa_crypto::TimeStampProvider` (#718) This causes problems with UniFFI bindings that can't be addressed. * chore: Move `ValidationInfo` to `c2pa-crypto` (#721) * Extract ValidationInfo into c2pa-status-tracker * Move ValidationInfo into c2pa-crypto * Format * Start to merge c2patool binary release process into release-plz workflow * Remove redundant .gitignore file To fix (not urgent): Clean up cli unit test that drops content in old target folder * Fix formatting of cli/CHANGELOG.md * Remove code of conduct, etc., which also appear at workspace root * Merge deny.toml settings * Update repository link in cli/Cargo.toml * Fix README links * Rename Unit tests (libraries) back to Unit tests for consistency * Move profile settings to workspace Cargo.toml * Fix path references for nightly publish * Disable nightly binaries publish for the moment * feat: Add `RawSigner` trait to `c2pa-crypto` (derived from `c2pa::Signer`) (#716) * chore: Update Cargo.lock and remove from .gitignore * update: update zip requirement from 0.6.6 to 2.2.1 in /sdk (#698) * update: update zip requirement from 0.6.6 to 2.2.1 in /sdk --- updated-dependencies: - dependency-name: zip dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Update to use zip's new SimpleFileOptions type * Allow PR titles generated by Dependabot * Bump memchr to 2.7.4 * Update Cargo.lock --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * fix: Verbose assertions for `is_none()` (#704) * chore: Fix c2patool CI configuration (#759) * chore: bump MarcoIeni/release-plz-action from 0.5.85 to 0.5.86 (#720) Bumps [MarcoIeni/release-plz-action](https://github.com/marcoieni/release-plz-action) from 0.5.85 to 0.5.86. - [Release notes](https://github.com/marcoieni/release-plz-action/releases) - [Commits](release-plz/action@v0.5.85...v0.5.86) --- updated-dependencies: - dependency-name: MarcoIeni/release-plz-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Adapt for the myriad Dependabot PR title patterns (argh!) * chore: Remove version edit warning in c2patool Cargo.toml * chore: Update cli/CHANGELOG.md preamble * update: bump mockall requirement from 0.11.2 to 0.13.1 in /sdk (#685) update: update mockall requirement from 0.11.2 to 0.13.1 in /sdk Updates the requirements on [mockall](https://github.com/asomers/mockall) to permit the latest version. - [Changelog](https://github.com/asomers/mockall/blob/master/CHANGELOG.md) - [Commits](asomers/mockall@v0.11.2...v0.13.1) --- updated-dependencies: - dependency-name: mockall dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * update: bump asn1-rs from 0.5.2 to 0.6.2 (#724) Bumps [asn1-rs](https://github.com/rusticata/asn1-rs) from 0.5.2 to 0.6.2. - [Release notes](https://github.com/rusticata/asn1-rs/releases) - [Changelog](https://github.com/rusticata/asn1-rs/blob/master/CHANGELOG.md) - [Commits](rusticata/asn1-rs@asn1-rs-0.5.2...asn1-rs-0.6.2) --- updated-dependencies: - dependency-name: asn1-rs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update: bump chrono from 0.4.38 to 0.4.39 (#763) Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.38 to 0.4.39. - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](chronotope/chrono@v0.4.38...v0.4.39) --- updated-dependencies: - dependency-name: chrono dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: release (#761) * chore: Fix release-plz configuration * chore: Inspect release-plz `releases` output * chore: Rebuild c2patool binary release process * feat: Move `validation_codes` from `c2pa-crypto` to `c2pa-status-tracker` (Actually done in #695, but because I marked that PR as a `chore` it isn't triggering a release of `c2pa-status-tracker`, which is required for other crates to build. Fun times!) * chore: Revert previous release attempt * chore: release (#767) * fix: Compile `c2pa-crypto` with `cargo check` (#768) Also: Revert unpublished Cargo.toml and CHANGELOG files * chore: release (#769) * fix: Binary release process for c2patool * chore: Use `cargo check` to preflight `cargo publish` (i.e. default features only) * fix: No-op change to trigger new c2patool release * chore(c2patool): release v0.10.1 (#772) * fix: Update makefile for c2patool's new location in c2pa-rs workspace * fix: No-op change to trigger new c2patool build * chore(c2patool): release v0.10.2 (#773) * chore: Fix broken CI workflow file * update: bump thiserror from 1.0.69 to 2.0.6 (#770) Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.69 to 2.0.6. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](dtolnay/thiserror@1.0.69...2.0.6) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * fix: Resolve new Clippy issues (#776) * fix: Possible overflow for TIFF (#760) fix: Possible overflow for tiff * fix: Add support XMP in SVG (#771) * Add XMP support to SVG. Fix some incorrect XMP implmentations * remove print statement * One more unit test * feat: Bump MSRV to 1.81.0 (#781) Required due to version updates in some dependent crates. * fix: JPEG `write_cai` OOB insertion (#762) * fix: jpeg write_cai OOB insertion Malformed jpeg may lead to insertion of CAI data at invalid index Co-authored-by: Eric Scouten <[email protected]> * doc: Post move cleanup (#778) * post move doc cleanup * Doc cleanup for move to c2pa-rs repo * Scouten comments * Add link from changelog to RNs --------- Co-authored-by: Eric Scouten <[email protected]> * fix: Prevent negative length value for SVG object locations (#766) fix: Prevent negative length value for svg object locations * fix: OOB read attempt in jpeg_io asset handler in get_cai_segments function (#719) * fix: OOB read attempt in jpeg_io asset handler in get_cai_segments function * fix: Additional slice OOB read mitigation. * fix: Improve usage of `#[cfg]` directives (#783) --------- Co-authored-by: Kornel <[email protected]> * feat: Introduce `c2pa_crypto::CertificateAcceptancePolicy` (#779) * update: bump rasn from 0.18.0 to 0.22.0 (#727) * update: bump rasn from 0.18.0 to 0.22.0 Bumps [rasn](https://github.com/librasn/rasn) from 0.18.0 to 0.22.0. - [Release notes](https://github.com/librasn/rasn/releases) - [Changelog](https://github.com/librasn/rasn/blob/main/CHANGELOG.md) - [Commits](librasn/rasn@rasn-v0.18.0...rasn-v0.22.0) --- updated-dependencies: - dependency-name: rasn dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Fix up related deps and update for newer rasn APIs * Update MSRV to 1.81.0 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * update: bump thiserror from 2.0.6 to 2.0.8 (#787) Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.6 to 2.0.8. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](dtolnay/thiserror@2.0.6...2.0.8) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update: bump serde-wasm-bindgen from 0.5.0 to 0.6.5 (#786) Bumps [serde-wasm-bindgen](https://github.com/RReverser/serde-wasm-bindgen) from 0.5.0 to 0.6.5. - [Commits](RReverser/serde-wasm-bindgen@v0.5.0...v0.6.5) --- updated-dependencies: - dependency-name: serde-wasm-bindgen dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * fix: Obscure glob error message for missing files Users were getting an obscure fragment glob message instead of file not found. "Error: glob patterns only allowed when using "fragment" command" * update: bump jfifdump from 0.5.1 to 0.6.0 (#785) Bumps [jfifdump](https://github.com/vstroebel/jfifdump) from 0.5.1 to 0.6.0. - [Commits](https://github.com/vstroebel/jfifdump/commits) --- updated-dependencies: - dependency-name: jfifdump dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Scouten <[email protected]> * feat: Move `verify_trust` into `c2pa_crypto` (#784) * feat: Move COSE OCSP support into c2pa-crypto (#793) * feat: Move `get_cose_sign1` into `c2pa-crypto` crate (#794) * feat: Move `signing_alg_from_sign1` into `c2pa-crypto` (#795) * feat: Consolidate implementations of `cert_chain_from_sign1` in `c2pa_crypto` (#796) * feat: Introduce `c2pa_crypto::cose::Verifier` (#797) * feat: Introduce `c2pa_crypto::Verifier::verify_trust` (#798) * chore: Move `check_ocsp_response` (the one that uses settings) to `claim.rs` (#799) * feat: Make `AsyncRawSignatureValidator` available on all platforms (#800) (When OpenSSL is used, it's just a wrapper around the synchronous code path.) * feat: Move COSE signature verification into `c2pa_crypto` (#801) * feat: Move COSE timestamp generation into `c2pa_crypto` (#803) * feat: Move COSE signing into `c2pa_crypto` crate (#807) * fix: Bring `claim_v2` changes from #707 into `c2pa_crypto` (#811) * Apply changes from merge commit 13889dd * Introduce `cose::TimeStampStorage` enum * Plumb TimeStampStorage through first layers of SDK * Port `sigTst2` changes from `claim_v2` branch. See 6028853 * Port `sigTst2` validation changes from claim_v2 branch. See 6028853 * Move P1363 format check earlier in validation. See 6028853 * Pick up `claim_v2` changes to ContentInfo parsing. See bfdadc1 * feat: Add new function `c2pa_crypto::cose::signing_time_from_sign1` (#812) (Will allow me to make some other things private.) * feat: Review `c2pa-crypto` crate API (#813) * fix: c2patool upgrades to API change in Ingredient.title() * chore: PR comment cleanup * chore: clippy fixes * feat: Add ingredient_url tracking for status. Adds default support for LogItem * feat: Add ingredient tracking for status --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Tim Bray <[email protected]> Co-authored-by: Gavin Peacock <[email protected]> Co-authored-by: Jack Farzan <[email protected]> Co-authored-by: Jack Farzan <[email protected]> Co-authored-by: Rand McKinney <[email protected]> Co-authored-by: scouten-adobe <[email protected]> Co-authored-by: gpeacock <[email protected]> Co-authored-by: Dylan ross <[email protected]> Co-authored-by: Dylan Ross <[email protected]> Co-authored-by: mauricefisher64 <[email protected]> Co-authored-by: jackfarzan <[email protected]> Co-authored-by: Rand McKinney <[email protected]> Co-authored-by: dyro <[email protected]> Co-authored-by: Dave Kozma <[email protected]> Co-authored-by: dkozma <[email protected]> Co-authored-by: nick <[email protected]> Co-authored-by: mauricefisher64 <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: nick <[email protected]> Co-authored-by: Tim Bray <[email protected]> Co-authored-by: Eli Mensch <[email protected]> Co-authored-by: Kornel <[email protected]> Co-authored-by: Colin D Murphy <[email protected]> Co-authored-by: Kornel <[email protected]>
contentauth · Jan 15, 2025 · b13d25b · b13d25b
1 parent adda4c0
commit b13d25b
Show file tree

Hide file tree

Showing 222 changed files with 17,190 additions and 5,593 deletions.
diff --git a/.commitlintrc.yml b/.commitlintrc.yml
@@ -24,6 +24,7 @@ rules:
       - export_schema
       - make_test_images
       - sdk
+      - c2patool
 
   # Scope may be empty
   # (NOTE: Disabled for now while we work around

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,21 +4,7 @@
 version: 2
 updates:
   - package-ecosystem: "cargo"
-    directory: "sdk"
-    schedule:
-      interval: "daily"
-    commit-message:
-      prefix: "update"
-
-  - package-ecosystem: "cargo"
-    directory: "export_schema"
-    schedule:
-      interval: "daily"
-    commit-message:
-      prefix: "update"
-
-  - package-ecosystem: "cargo"
-    directory: "make_test_images"
+    directory: "/"
     schedule:
       interval: "daily"
     commit-message:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -31,7 +31,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [windows-latest, macos-latest, ubuntu-latest]
-        rust_version: [stable, 1.76.0]
+        rust_version: [stable, 1.81.0]
 
     steps:
       - name: Checkout repository
@@ -52,7 +52,7 @@ jobs:
       - name: Generate code coverage
         env:
           RUST_BACKTRACE: "1"
-        run: cargo llvm-cov --workspace --all-features --lcov --output-path lcov.info
+        run: cargo llvm-cov --lib --all-features --lcov --output-path lcov.info
 
       # Tokens aren't available for PRs originating from forks,
       # so we don't attempt to upload code coverage in that case.
@@ -62,7 +62,59 @@ jobs:
           github.event.pull_request.author_association == 'COLLABORATOR' ||
           github.event.pull_request.author_association == 'MEMBER' ||
           github.event.pull_request.user.login == 'dependabot[bot]'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
+          verbose: true
+
+  tests-cli:
+    name: Unit tests (c2patool)
+    if: |
+      github.event_name != 'pull_request' ||
+      github.event.pull_request.author_association == 'COLLABORATOR' ||
+      github.event.pull_request.author_association == 'MEMBER' ||
+      github.event.pull_request.user.login == 'dependabot[bot]' ||
+      contains(github.event.pull_request.labels.*.name, 'safe to test')
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [windows-latest, macos-latest, ubuntu-latest]
+        rust_version: [stable]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust_version }}
+          components: llvm-tools-preview
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Install cargo-llvm-cov
+        uses: taiki-e/install-action@cargo-llvm-cov
+
+      - name: Generate code coverage
+        env:
+          RUST_BACKTRACE: "1"
+        run: cargo llvm-cov --bins --all-features --lcov --output-path lcov.info
+
+      # Tokens aren't available for PRs originating from forks,
+      # so we don't attempt to upload code coverage in that case.
+      - name: Upload code coverage results
+        if: |
+          github.event_name != 'pull_request' ||
+          github.event.pull_request.author_association == 'COLLABORATOR' ||
+          github.event.pull_request.author_association == 'MEMBER' ||
+          github.event.pull_request.user.login == 'dependabot[bot]'
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
@@ -117,12 +169,36 @@ jobs:
           github.event.pull_request.author_association == 'COLLABORATOR' ||
           github.event.pull_request.author_association == 'MEMBER' ||
           github.event.pull_request.user.login == 'dependabot[bot]'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
           verbose: true
 
+  cargo-check:
+    name: Default features build
+    if: |
+      github.event_name != 'pull_request' ||
+      github.event.pull_request.author_association == 'COLLABORATOR' ||
+      github.event.pull_request.author_association == 'MEMBER' ||
+      github.event.pull_request.user.login == 'dependabot[bot]' ||
+      contains(github.event.pull_request.labels.*.name, 'safe to test')
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache Rust dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: "`cargo check` with default features"
+        run: cargo check
+
   tests-cross:
     name: Unit tests
     if: |
@@ -138,7 +214,7 @@ jobs:
       fail-fast: false
       matrix:
         target: [aarch64-unknown-linux-gnu]
-        rust_version: [stable, 1.76.0]
+        rust_version: [stable, 1.81.0]
 
     steps:
       - name: Checkout repository
@@ -292,7 +368,7 @@ jobs:
       - name: Install nightly Rust toolchain
         # Nightly is used here because the docs.rs build
         # uses nightly and we use doc_cfg features that are
-        # not in stable Rust as of this writing (Rust 1.76).
+        # not in stable Rust as of this writing (Rust 1.81).
         uses: dtolnay/rust-toolchain@nightly
 
       - name: Run cargo docs

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -147,9 +147,11 @@ jobs:
         echo Will add nightly suffix $NIGHTLY_SUFFIX
 
         sed -i "s/^version = \"\\(.*\\)\"/version = \"\\1$NIGHTLY_SUFFIX\"/" sdk/Cargo.toml
-
+        sed -i "s/path = \"..\/sdk\", version = \"\\(.*\\)\"/path = \"..\/sdk\", version = \"\\1$NIGHTLY_SUFFIX\"/" cli/Cargo.toml
+        
         cargo update -w
-        git add -f Cargo.lock
+        git add Cargo.lock
+        find . -name 'Cargo.toml' | xargs git add
 
         echo
         echo Proposed changes:
@@ -167,3 +169,50 @@ jobs:
         commit_user_name: Adobe CAI Team
         commit_user_email: [email protected]
         create_branch: true
+
+  # ---- TO DO: Figure out how to run this job but only when nightly-snapshot changes the branch. ----
+  # publish-nightly-binaries:
+  #   name: Publish c2patool nightly binaries
+  #   runs-on: ${{ matrix.os }}
+  #   needs: nightly-snapshot
+
+  #   strategy:
+  #     fail-fast: false
+  #     matrix:
+  #       os: [windows-latest, macos-latest, ubuntu-latest]
+  #       include:
+  #       - os: macos-latest
+  #         artifact_name: c2patool_mac_universal.zip
+  #       - os: ubuntu-latest
+  #         artifact_name: c2patool_linux_intel.tar.gz
+  #       - os: windows-latest
+  #         artifact_name: c2patool_win_intel.zip
+
+  #   steps:
+  #   - name: Checkout repository
+  #     uses: actions/checkout@v4
+  #     with:
+  #       ref: nightly
+
+  #   - name: Install Rust toolchain
+  #     uses: dtolnay/rust-toolchain@stable
+
+  #   - name: Cache Rust dependencies
+  #     uses: Swatinem/rust-cache@v2
+
+  #   - name: Run cargo check
+  #     run: cd cli && cargo check
+
+  #   - name: Run cargo test --all
+  #     run: cd cli && cargo test --all
+
+  #   - name: Build nightly release artifacts
+  #     run: cd cli && make release
+
+  #   - name: Upload build as artifact
+  #     uses: actions/upload-artifact@v3
+  #     with:
+  #       path: target/${{ matrix.artifact_name }}
+  #       name: ${{ matrix.artifact_name }}
+  #       retention-days: 15
+  #       if-no-files-found: error
diff --git a/.github/workflows/pr_title.yml b/.github/workflows/pr_title.yml
@@ -42,6 +42,7 @@ jobs:
           # these exact names:
           #
           #    * sdk (The primary C2PA Rust SDK)
+          #    * c2patool
           #    * export_schema
           #    * make_test_images
           #
@@ -90,6 +91,16 @@ jobs:
             exit 0;
           fi
 
+          if echo "$PR_TITLE" | grep -E '^update: update '; then
+            echo "Exception / OK: Dependabot update pattern"
+            exit 0;
+          fi
+
+          if echo "$PR_TITLE" | grep -E '^update: bump '; then
+            echo "Exception / OK: Dependabot update pattern"
+            exit 0;
+          fi
+
           echo "Installing commitlint-rs. Please wait 30-40 seconds ..."
           cargo install --quiet commitlint-rs
           set -e

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,6 +14,9 @@ jobs:
     name: Release-plz
     runs-on: ubuntu-latest
 
+    outputs:
+      c2patool-release-tag: ${{ steps.sniff-c2patool-release-tag.outputs.tag }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -25,7 +28,8 @@ jobs:
         uses: dtolnay/rust-toolchain@stable
 
       - name: Run release-plz
-        uses: MarcoIeni/[email protected]
+        id: release-plz
+        uses: MarcoIeni/[email protected]
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_PLZ_TOKEN }}
           CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_SECRET }}
@@ -38,3 +42,81 @@ jobs:
             tail -n +2 |\
             sed 's/origin\///' |\
             xargs -I {} git push origin --delete {}
+  
+      - name: Identify c2patool release
+        id: sniff-c2patool-release-tag
+        run: |
+          echo tag=`git tag --contains HEAD | grep '^c2patool-'` >> "$GITHUB_OUTPUT" || true
+    
+  publish-c2patool-binaries:
+    name: Publish c2patool binaries
+    runs-on: ${{ matrix.os }}
+    needs: release-plz
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ macos-latest, ubuntu-latest, windows-latest ]
+        rust_version: [ stable ]
+        experimental: [ false ]
+        include:
+          - os: macos-latest
+            artifact_name: c2patool_mac_universal.zip
+            uploaded_asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-universal-apple-darwin.zip
+          - os: ubuntu-latest
+            artifact_name: c2patool_linux_intel.tar.gz
+            uploaded_asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-x86_64-unknown-linux-gnu.tar.gz
+          - os: windows-latest
+            artifact_name: c2patool_win_intel.zip
+            uploaded_asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-x86_64-pc-windows-msvc.zip
+
+    steps:
+      - name: Checkout repository
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust_version }}
+          components: llvm-tools-preview
+
+      - name: Install cargo-sbom
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: baptiste0928/cargo-install@v3
+        with:
+          crate: cargo-sbom
+          version: '0.9.1'
+
+      - name: Cache Rust dependencies
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: Swatinem/rust-cache@v2
+
+      - name: Run make release
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        run: cd cli && make release
+
+      - name: Upload binary to GitHub
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: svenstaro/upload-release-action@v1-release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: target/${{ matrix.artifact_name }}
+          asset_name: ${{ matrix.uploaded_asset_name }}
+          tag: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+          overwrite: true
+
+      - name: Generate SBOM
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        run: cd cli && cargo sbom > c2patool.${{ matrix.os }}.sbom.json
+
+      - name: Upload SBOM to Github
+        if: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+        uses: svenstaro/upload-release-action@v1-release
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          file: cli/c2patool.${{ matrix.os }}.sbom.json
+          asset_name: c2patool-${{ needs.release-plz.outputs.c2patool-release-tag }}-sbom.json
+          tag: ${{ needs.release-plz.outputs.c2patool-release-tag }}
+          overwrite: true
diff --git a/.gitignore b/.gitignore
@@ -1,7 +1,5 @@
 /target/
 
-Cargo.lock
-
 **/*.rs.bk
 
 .DS_Store
@@ -11,3 +9,6 @@ Cargo.lock
 .vscode
 
 /semver-checks/target/
+
+# Unit test output lands here. TO DO: Fix
+cli/target